Blog: Identity Verification With Digital Onboarding
November 2019
One of the main challenges when it comes to the digital onboarding of a client is the verification process. Although the exact legislation defining the authentication process varies from country to country, one of the general requirements is comparing the online identity reported by the client with their actual identity. Countries may issue varying implementation rules specifying the permitted methods and the nature of them but, in general, the idea is simple – the obliged entities (i.e. the banks or financial institutions) must ensure that the online onboarding method is in line with real-world client authentication.
Naturally, checking someone’s identity as part of digital onboarding means verifying their documents and checking whether they are actually the person they say they are. If we compare the reliability of people and digital technologies during the authentication process, the quality of today’s mobile phone cameras or PC webcams are the weak link in digital onboarding.
Document security elements are not usually machine readable so rely on validation of the correct data format to the maximum degree. For example, an identity card issued in a specific year for a citizen of a specific gender may only have an identification number within a certain range. The “amateur” forger is often unaware of rules like this so even this form of authentication can detect a certain percentage of forged documents.
A stolen identity card with a photo stuck over it could get through the authentication process, however, and, from what solution providers have said, there is no technology currently available for digital authentication in this sector that would be able to cope significantly better with document verification given the current quality of photographs from mobile phones. This is another reason why, most of the time, personal document numbers are still checked in registers of lost and stolen documents.
In the USA, for example, banks authenticate digitally registered clients with additional checks, hiring specialist companies who have unique information about applicants at their disposal. For example, an applicant is asked, “In which countries have you previously owned any property?” or “Where did you live when you took out your first car loan?” A correct response is considered very strong verification but, in truth, using this method often leads to false alarms. Simply put, people forget.
A “liveness check” is also used as part of a person’s identity check across the banking sector, in other words whether a real “live” person is registering in the system. A scenario is possible where a fraudster uses a found or stolen identity card and when setting up an account or during a digital loan application, uploads a false picture found, for instance, on social networks, instead of their own photograph.
A simple comparison of the photograph on the identity card and photographs from social networks would evaluate the match. To avoid this scenario, when taking a selfie, the user must undergo a “liveness check” where they are asked, for example, to smile at a certain time or follow a randomly moving dot on the monitor. A fraudster with a printed photograph cannot pass this test.
Related to this, we also talk about a “passive liveness check” as a verification method, where the user does not have to actively follow a dot or perform an activity. Instead, the system just follows their facial expressions and voice during registration and based on this can tell whether or not they are a living being. This prevents the use of deceptive software or static photographs.
About the Author
@Lubomír Tomány
Product Manager, BSC
Lubomír Tomány is responsible for the product roadmap of Digital Bank OS, with which BSC has come to dominate both the domestic and international markets, making it a key player in the field of banking sector digitisation.