Blog

Winning the ID document arms race against fraudsters

Published: Monday March 09, 2020

For every advancement in identity document verification, fraudsters will respond with new tactics. It’s something of an arms race that keeps us striving to safeguard people and organisations against criminals. The fight is far from over, but our technology and expertise is giving us the upper hand.

Once, proving your identity was as simple as showing someone your ID document. That was long before the internet age and the devices we use every day.

Today, anyone from Arkansas to Zurich can show that same identity document to someone located anywhere in the world, in real time, by sending a picture by email, tweet or upload. And for a short while, this too was a step in the right direction.

Of course, with this convenience, comes opportunity. Opportunity for fraudsters to bypass the security measures and pass themselves off as someone else and reap the benefits.

We responded in kind by asking the subject to send a photograph of themselves along with their ID document. In a world where front-facing mobile cameras were taking root, this was the perfect solution. When coupled with face-matching algorithms and a bit of common sense, we could clearly see that the person on the ID document matched the selfie.

However, fraudsters were just as connected as us, if not more so. They quickly figured out they could simply look up the owner of the identity document on a photo sharing app we and grab a handful of photos to couple with the ID document and once again trick the system.

Beyond liveness detection

This forced companies like ours to respond again and lead to the creation of what has become known in the industry as Liveness Detection. It attempted to ensure that the fraudster was put off by having to perform a series of actions such as smiling, winking and moving their heads side-to-side, all while remaining in picture, to ensure that they are in fact, present. For a time, it worked. But, as ever, the fraudster struck back.

Realising that most systems look for specific actions in a specific order, fraudsters found they could simply obtain pictures of their victims in each expected position, thereby bypassing the checks once again.

Moreover, they quickly latched on to the fact that proving liveness and matching faces are two distinct processes, meaning that they could stick to their plan of combining a stolen ID with a picture downloaded off the web and still get through the required steps, as long as they proved liveness.

Nothing prevented this as there was no direct comparison between the person presenting the document, the selfie and the person performing the liveness tests.

And so, we built an array of behind-the-scenes checks into IDscan that link these three crucial factors together, forming a far stronger barrier to fraud. We call this an accumulative liveness result, which ensures a user is genuinely present and that they are submitting their own selfie as represented on the document – a triangulation of sorts.

The battle goes on

Of course, this is by no means a silver bullet, and there are many other tricks a fraudster might employ, but when coupled with Digital Tampering Protection, Physical Tampering Protection (protection against image editing, and photo substitution) and a host of well-established authenticity tools, GBG is uniquely positioned to protect customers against bad actors.

This is a battle that will continue on for many years. Each step will be countered and each parry will be defended, but as a GBG customer, you can be sure that you have some of the best defenders in your team, ever-willing and able to protect you against the latest threat and always working on new preventative measures.

Click here to learn more about IDscan, click here


.red { fill: #b0013a; }