By PYMNTS
With digital use soaring during the pandemic and fraud on the rise, new research shows the best weapon in the war against unwanted transactions might be as simple as taking a selfie.
According to identity verification firm Jumio’s 2020 Holiday Fraud Report, the words “say cheese” are enough to stop most online scammers in their tracks.
“Fraudsters are still very reluctant to provide their real face,” Reinhard Hochrieser, vice president of product management for Jumio, said in a recent interview with PYMNTS. “Just the fact that a selfie is required is already a huge deterrent.”
But alas, even facial biometrics — as the pros call ID selfies — are prone to fraud if companies don’t know what to look for, Hochrieser said, pointing out that regular ID fraud is about 1.5 percent, while selfie fraud averages about 7 percent. To prevent that, Hochrieser said Jumio uses a “liveness check” as a second line of defense to ensure it’s a real person sitting in front of the smartphone or their computer, rather than a fake photo, video or other form of so-called deep fakes.
“Just imagine [a fraudster was] using stolen — but genuine — ID, and we approve them. But in the second stage, when it comes to face-matching (comparing the picture in the selfie with the picture on the ID document) and liveness, we catch them,” Hochrieser said. “When it comes to liveness detection, we see about a 70 to 80 percent decrease in fraud rates in general. As soon as we asked for a selfie, the ID fraud rates dropped significantly.”
In fact, he said one of the big takeaways of Jumio’s latest fraud reports was that in cases of live image capturing, the fraud rates were two to three times lower compared to an application programming interface (API) or file upload. Why? If a fraudster has a chance to upload a photo or a picture of an ID document, it’s an opportunity to manipulate the image (via PhotoShop). That’s not possible with a live picture capture using a webcam or smartphone camera.
Face, finger or file
Thanks to the growing use and comfort with selfies, as well as widespread facial recognition technology that’s currently built into millions of mobile phones, Hochrieser said facial ID is now seen as routine rather than invasive.
“Facial ID is the more reliable technology and consumers are accepting it,” he said. “Apple and Google have paved the way for us so it’s OK to just hold your phone in front of your face and take a selfie. No one is questioning that anymore.”
“So there is no possibility that we can compare that fingerprint with something else which we have on file,” he said, let alone if two users were sharing a device.
Honesty, education, deletion
Whenever possible, Hochrieser said, Jumio recommends that its customers require their end users to do a live capture of the ID document and selfie by smartphone or webcam, which about half do (vs. letting users upload a picture of their ID and face). While discomfort with facial recognition is declining, Hochrieser said there are a few things that clients can do to increase usage and help attain the shared goal of reducing fraud.
“We see reluctance against adding the selfie portion because it’s additional friction. That’s a fact,” he said, noting the additional step and few seconds required to snap a picture. “But what we have explored and what we have recognized in the market is the better you communicate to the end users what’s happening and explain the rationale for requiring a selfie, the higher the acceptance rate.”
In addition to being “absolutely honest and transparent with consumers,” Hochrieser said it’s important to also be transparent about what is going to be done with the image afterward.
All IDs are not created equally
Just as passwords are frowned upon, and personalized reset questions such as your mother’s maiden name are seen as outdated, Hochrieser said there’s also a big difference between different forms of official ID created in different countries.
“If you read our report, you’ll see there’s a huge difference between regions and countries,” he said.
While First World countries or regions like the United States or Europe usually have an extremely low fraud rate, emerging markets have higher rates of fraud, mainly because the documents issued by those countries lack things like holograms or are even still issued on paper in some cases, which makes verification difficult.
“So we see huge differences from a regional perspective, but also from a document type perspective,” he said.
While passports and driver’s licenses tend to have pretty low fraud rates, national ID card fraud rates are two or three times higher.
“What we tell our customers is that we highly recommend doing live capturing selfies, and also focus on passports and driver’s licenses if possible,” he said.