Q&A: interview with OneID
ID verification, AI, security and customer experience
The cyber security threat that most of the British public are likely to experience is low sophistication cyber crime. Cyber criminals deploy commodity attacks, such as phishing or malware with the aim of scamming the public and businesses. Therefore, being able to authenticate and verify an individuals ID is of crucial importance. This blog will cover the process of ID verification, the role of AI, how to balance security and customer experience and also what might be in store in the future.
Next generation of Digital Identity verification
Identity and verification, sometimes known as ‘ID&V’ is the process by which an organisation can verify that an individual is the correct person. This process traditionally relied on checking paper documents face-to-face. Then processes moved online via document scanning and selfie checks that could be done remotely. Now, there are also ‘next generation’ digital identity solutions available that are 100% digital, using trusted data as the evidence source to verify the identity.
In short, digital identity is: a secure process that links data to the right legal person. The data that is presented is contextual and depends on the use case, but the legal person behind the data is the same each time.
The secure process typically follows these key steps:
- Collection of evidence
- Validation of evidence
- Verification of person claiming ownership
- Authentication (securely reconnecting to an account)
The role of AI in ID Verification
AI has the potential to be a powerful force for good, enabling improved productivity in writing, music, video, photography, information analysis and problem-solving. Combined with human oversight and control, AI has the potential to enhance our work and increase our leisure time.
However, within the context of identity verification, AI can sometimes also be used for nefarious purposes such as creating fictitious profiles or identities (‘synthetic identities’) in order to perform actions such as opening online accounts. It may even be used to generate harmful content, such as deepfake videos. Synthetic identities are created using a combination of real and fake personal information, to perform actions with the intent of doing harm. Traditionally, this meant merging textual data, for example, a real address with a fictitious name, but increasingly, AI is generating images and videos that make detection harder. This creates a new role for AI:helping to spot synthetic identities.
Better digital identity solutions can help to make an impact in reducing fraud, by creating better customer journeys that enable both parties in a transaction to be securely identified, before any payment is made. Digital identity can reduce impersonation fraud, for example, by verifying that the person is who they say they are. Online platforms should be doing more to verify their users are human, not bots, and not fraudsters, to help reduce fraud that originates on their platforms. Fraud cost the UK £219bn in 2023 (Crowe/University of Portsmouth).
2. How to balance security with customer experience?
Organisations are struggling to balance customer experience and security - '71% of decision makers [say] the better their firms make customer experience for identity verification, the worse security becomes and vice versa' - how do you deal with this challenge?
Behavioural biometrics explained
Bank-based digital identity enables the reuse of established secure practices, such as Strong Customer Authentication (SCA), in any online journey (not just those specified by the payments legislation PSD2). Using layered and dynamic security technology, e.g., behavioural biometrics, to enable both convenience & security. Behavioural biometrics such as mobile phone sensors that show the speed or pressure of a PIN entry, or speed of a mouse movement, can be used to identify outlying usage that flags increased risk of bad transactions, without inconveniencing the customer.
On-device biometrics is now widespread, with most phones supporting fingerprint or face logins. Centralised biometrics (e.g., companies storing a template of your face in the cloud) is emerging. This leads to key questions that customers should be asking of their identity services; where are the biometrics being stored?, what is it being used for?, who is protecting it? Good use cases for centralised biometrics are for account recovery after losing a device, or for step-up authorisation, e.g., asking a user for a video check to prove their identity for a high-value transaction.
Better digital identity services will lead to a higher frequency of usage, and a consequent increase in data and fraud signals that will increase both the speed and volume of catching unusual usage and preventing fraud. The network effect of digital identity protection will displace fraud to those who don’t yet use it.
3. The future of ID Verification: Recap
- Expansion: should ID Verification be used more?
Yes! It will lead to all of the benefits above, and easier and safer access to the services that customers need.
- Innovation: are they any future innovations you could share with us?
We now have a 100% digital identity scheme in the UK that can verify 50 million UK adults. Next steps are to use that as a building block to connect the individuals to legal identities, i.e., organisations. This will enable digital verification that a person has a role in a company, and can leverage other identity infrastructure such as the Legal Entity Identifier (LEI) network.
Connecting identities can then enable use cases such as verified delegated identity, e.g., for Power of Attorney and other mechanisms to support those who are vulnerable or non-digital. Connecting identity schemes cross border, in countries where they exist, will enable secure economic growth of cross-border trade.
DocuSign’s partnership with OneID
Since July 2022, DocuSign has partnered with OneID and tightly-integrated the solution into the DocuSign workflow. As a result, senders with ID Verification enabled on their account are able to send out envelopes requiring signers to, amongst other options, verify their identities by successfully logging into their own bank account before having access to a document to review.