In the constant battle against online fraud, victory is not won by stopping all fraud. The true goal of fraud detection and prevention techniques is to allow as many legitimate users as possible, as easily as possible, with as little fraud as you can. This is why techniques like effective and efficient risk profiling are so important, Intellicheck (an identity validation company) CEO Bryan Lewis tells Biometric Update in an email interview.
“If you introduce too much friction for a particular type of transaction, they risk losing too many good clients who do not want to deal with the steps,” Lewis says. “Our clients tell us they have adopted a layered risk profile, with increasing friction as the transaction risk and generally the size of the transaction increases.”
Authentication, with or without biometrics, confirms that the identity being claimed matches the person presenting it, but assurance that the person does not represent a threat to commit fraud is built through risk profiling. That means analyzing the identity being claimed with the presentation of the ID document, to determine both that the document is genuine and that it has not been tampered with.
Intellicheck performs ID document validation and authentication based on intelligent analysis of security elements, as well as optical character recognition (OCR) and other technology layers, including biometrics.
The company’s roots extend back through 20 years of document validation for secure military and government facilities. A law enforcement agency that relies on Intellicheck’s document analysis tested the technology against more than 1,000 known fakes, and every one of them was caught by the platform.
The first step
A business using face biometrics for authentication can catch fraud attempts and prevent theft with a low amount of friction in sign-up and transaction processes. The business can also fail to catch many different types of attacks, even if the biometric algorithm is highly accurate, Lewis says.
“This is why the first step is critical,” he explains. “Biometrics is only as good as the first step, which must confirm that the government issued ID document is real.”
A new user presenting a forged ID document may, due to the sophistication of forgeries on the market, pass not only a manual visual inspection, but even an automated one with artificial intelligence, if that AI is not looking for the right thing. In this scenario, the criminal presenting the forged ID document bearing their picture as part of a synthetic identity can be authenticated against that document, and the business onboards the fictitious customer.
IDs have become so sophisticated, Lewis says, that Intellicheck’s law enforcement clients have admitted their training and usual methods of inspection are no longer good enough to tell them from the real thing in some cases.
“So, if you can’t be near certain that the document is authentic, some high percentage of the time you will be validating an imposter to a fake.”
Lewis points out that in 2020 alone, 49 million consumers were victims of identity fraud. If properly educated, he maintains, consumers will gladly accept a balance of friction and convenient service access that protects them from fraud.
“One study found 67 percent of U.S. consumers are worried about being victimized by identity theft and are more concerned about it than being the victim of other crimes like burglary and murder,” Lewis observes. “One in three of those surveyed said this was a frequent, ongoing concern. And that data was collected before pandemic-fueled incidents further ignited already climbing rates. This kind of data sends a strong signal. I believe that the pervasive nature of identity theft and the significant time it takes to clear up, in addition to the financial and emotional damage it costs each victim, means customers will understand if the authentication process is explained and as a result, they will be more willing to take the time to go through the process.”
Stopping fake ID
This is why Intellicheck clients use its risk-scoring to establish a baseline of trust and inform the rest of the process.
“They may start with validation of the document, next move to OCR to compare what is printed on the document to what is encoded in the validated barcode, and finally add facial biometrics with liveliness,” Lewis says. “Our clients recognize that ease of use, speed and accuracy are critical factors in maintaining the proper balance while reducing friction.”
The company’s background gives it deep familiarity with the security features and barcodes of the identity documents, according to Lewis. Therefore, he says, “we also validate a document entirely differently than the majority of the companies in this space. Many do OCR of the front of the document, and try to validate based on the layout, holograms, microprint, and the like. The criminals selling these documents have long since acquired the knowledge and the skills to create sophisticated fake IDs that reflect their understanding of all of that.”
OCR enables the document’s text to be read, both from security features and personal information fields.
Digital elements within the ID, like barcodes, should not just be checked by scanning and parsing which Lewis says is “a very common and costly misconception.” Rather, he says, what is key is validating the security elements of the barcode unique to each jurisdiction.
“We can tell you that the barcode matches, inclusive of hidden security features, the exact format of the jurisdiction on the day the document was issued and more,” he explains. “This is why we encourage bake-offs, if you will.”
Getting to that level of specificity is what allows enhanced fraud detection that catches sophisticated attacks.
Biometrics provide the binding to the document, and are valuable, but should be implemented as part of a larger identity verification system, built on solid foundations. The technology must also be deployed in the right place.
“We see from our logs a significant abandonment rate when customers are asked to do facial biometrics for low-risk transactions,” says Lewis. “Having the amount of friction not commensurate to risk or consumer desire will fail. Biometrics does play a critical part in authenticating transactions where the perpetrator has access to the victims authentic ID. This is most often seen in family fraud cases and situations where a roommate commits identity theft.”
Establishing the solid foundation for identity verification, and in most cases identifying fraud, depends on the effectiveness of the document checking stage. This is the basis for onboarding and transacting with customers with strong fraud protection, while retaining positive, convenient customer experiences.