The Need for Biometric Verification and Liveness Checks in a Digital Onboarding Journey

With increased demand for remote customer onboarding, there is also a rise in the risk of fraud and identity theft. Technology has addressed it to a great extent and in some cases it is claimed to be better than human decision making. In this post we'll talk about the possible human identity frauds affronted during digital on-boarding and how we have leveraged Machine learning & Artificial intelligence at Digio to solve for it.

Since last year, a substantial percentage of businesses have transitioned into a digital trajectory for engagements with their customers. With the pandemic, remote onboarding and digital authentication practices have become the need of the hour.

Why? 

Why is there a need for Artificial Intelligence in Digital Onboarding?

Understanding the Traditional Onboarding Journey

Let us consider the physical onboarding in bottom up approach, the significance of the identity verification process can be classified into two major checks:

• OVD (Officially Valid Document): It involves establishing the identity of the person with a legally recognized eco-system. The process involves collecting copies of self-attested identity documents (PoI) and verifying possession of the original document.

• IPV (In-Person Verification): The process helps in ensuring whether a person who is performing the transaction is the same as he is claiming to be. IPV checks are generally carried out by a human who matches the photo of the person present in the ID card with the face of person who is performing the transaction.

In most cases, the current proof of address (PoA) is collected to simplify the traceability of the user and forms part of the initial KYC documents.

While it is important to validate the source and legal existence of an identity document, it is equally crucial to ensure whether the possession of the document is with the right person. Thus, In-person Verification (IPV) becomes imperative. Many regulatory guidelines including the SEBI KYC regulations have mandated that the IPV process be carried out to mitigate risks of forgery and to ensure compliance with laws such as the Prevention of Money Laundering Act (PMLA), 2002.

How?

How has technology assisted in replacing the traditional IPV and OVD requirements in a Digital Journey?

• Identity validations: Proof documents (such as PoI and PoA) can be collected and verified digitally with centralized databases recognized by the regulatory bodies. Text extraction is performed on the identity card to validate and match the information with the central database.
• Identity ownership Verification: A realtime biometric verification is executed by comparing the user's face captured via a live photo or video during the process with the photo of user in his/ her identity records.

Digital onboarding, with its numerous benefits, brings along some elements of risks. With rising cyber threats, scammers try to forge the camera or the biometric sensor with a non-living objects that exhibits human traits. This 'non-living' object is called the "Spoof". Examples of spoof include - photos, videos displayed on screen, masks, etc. It becomes imperative to ensure that the face shown in the digital process is a live person and not a fake representation induced by fraudsters.

The spoof attack methods practiced on the internet today are classified into the following types:
1) Two-dimensional: Photographs, flat masks in paper/ plastic and video replay from a device

2) Three-dimensional: Use of face masks/ waxed dolls/ robots to replicate expressions.

Understanding the role of Artificial Intelligence

Artificial intelligence plays a significant role by ensuring whether the source of a biometric feed is a live human being or a fake representation induced by fraudsters.

To prevent attack, to reduce ambiguity and to eliminate stolen identity, AI enabled technologies such as

A. Facial Biometric Authentication can help ensure the person doing the transaction the same as in the identity records.
B. Liveness Detection can help eliminate stolen identity.

Artificial Intelligence helps eliminate these attacks by analysing and detecting the authenticity of the selfie image in real-time.

What?

What have we built using artificial intelligence and machine learning to mitigate risks confronted a digital onboarding journey?

Onboarding journeys on Digio’s platform have incorporated a robust image processing frameworks which imposes strict filters on the images that appear to be suspicious. 

An instant feedback display mechanism with instructions to the user for sharing a valid selfie has been developed in the User Interface. This helps a real human to proceed with a successful re-attempt in case the photo was captured improperly without any mal-intent and restricts any non-human/ injected artefact from proceeding ahead. 

Provided below are a few live cases of suspicious images found on Digio vision.

Understanding Facial Biometrics

Facial biometrics is one of the widely used forms of biometrics across industries for fraud prevention. Biometric Authentication is a simple 4C-step process as follows:

1. Capture: An image of the user is captured through selfie in real time
2. Calculate: The Machine Learning algorithms read and identify the facial markers
3. Collate: Identifiers are plotted into a biometric graph
4. Compare: Matched with the biometric in the user’s identity records or an existing record and returns a match score.

Depending on the use case, algorithms are used to distinguish an individual user’s unique biometric features either with the biometrics of the image on the ID proof submitted (1:1 Validation) or from a set of similar faces in a biometric pool (1:N validation).

Facial biometrics are increasingly popular among the institutions that are trying to balance between fraud prevention and providing a high-quality user experience. Biometrics verification establish a means for matching several morphological patterns such as a person's face, voice, iris, fingerprint or palm.

However, if used solely, it is susceptible to impersonations and spoof attacks and fraudsters try to exploit the weaknesses in biometrics by forging a replica of an existing person’s face using a 3D mask. This is where liveness detection plays a key role, it is a security mechanism developed to mitigate the vulnerability of biometric systems to spoofing attacks.

Understanding Liveness Detection

Liveness Detection is Artificial Intelligence that determines the computer is actually interacting with a live human while onboarding and not a spoof or injected video/data. This is accomplished through algorithms that analyze data collected from sensors/cameras to determine whether the source is live or it has been reproduced.

There are two main types of liveness detection:

1. Active Liveness
2. Passive Liveness

Active liveness detection requires the customer to perform some kind of gesture or motion during the onboarding journey to validate that they are a human being. The commonly practiced ways of Active liveness in the marketplace at present include:

Scenario 1- A set of actions such as moving your head, blinking, smiling, touching your nose or ears, following dots, etc need to be performed by the user. A permutation and combination of the order and type of actions is placed to ensure the tasks are unique every time.

Every response of the user is captured and each successful response will take the user to the next step. A generic workflow for a liveness process is as follows:

       

Scenario 2 - The customer is asked to hold out a piece of text through an image. A unique text either numeric or alphabetic or alpha-numeric is generated every time the customer enters the steps.

Scenario 3 - The customer is requested to read out a unique text displayed on a screen or is asked questions in a Video based KYC

   

Passive liveness detection uses internal algorithms to distinguish between a real and live human being and a spoof in the form of printed photographs, cut-out photos, screen displays, videos, and masks without any active participation from a user. It does not require specific movements of the body in order to tell fake from real. With the help of neural networks, a single frame image, such as a selfie that is captured for face and ID matching can be analyzed without any effort on the part of the customer.

Scenario 1- Capturing a selfie image where the user is not posed with any action tasks.

Scenario 2- Capturing a short video without any tasks to the user. The backend works similar to scenario 1. However, a short video may capture frames of the user’s image for validation

            

Scenarios 3- Use of external hardware or software to measure the depth of an image

Scenario 4- This can be combined with Scenario 1 and 2. The user is posed with unnatural props such as high lighting to capture her/his reaction during a selfie or video capture.


Below is a brief summary of the types of Liveness checks available:

Particulars	Active	Passive
User comfort	Effort required to some extent to carry out the “challenges” put forth during the onboarding journey.	Requires no effort from the user.
Technical Specifications	May require a software compatible device to be able to carry out the work.	Does not require any additional software on the capture side.
Time	The process is a tad longer than a passive check. However, it is quick and efficient.	Carried out in real-time within a few seconds.
Image processing	Requires multiple images to detect motion.	Carried out in a single image frame.
Server bandwidth	Might require frequent interactions with the server to for analysing the responses.	No additional / incremental traffic is received.
Types	Video based and selfie based (Multi/ single frame).	Image based - usually a single frame image, incorporating depth measuring techniques.

In order to incorporate robust anti-fraud technologies, both facial biometric verification and Liveness checks need to go hand in hand.

Additionally, multi-modality checks such as speech recognition along with biometrics can be incorporated for advanced security checks by making it difficult for fraudsters to break the biometric systems.

The advantages of Liveness detection and Biometric verification are innumerable. These checks have also been incorporated by regulated entities across domains for combating fraudulent practices. Regulated entities like SEBI also accept liveness checks which are carried out through OTP based identity verification such as the Digilocker authentication. Enterprises complement the liveness detection with Geo-location tagging for validating the place of the user.

For more information or to request a demo, feel free to reach out to us at support@digio.in