Introduction to KYC and Remote Biometric Authentication

What is KYC?

In short – ‘Know Your Customer’. To expand, KYC is an abbreviation synonymous among authentication providers and fintech company executives alike – referring to a golden rule around customer identity authentication.

Remote biometrics authentication is essentially about verifying someone’s identity, comparable to facial recognition – but it is not the same thing.

Essentially, every broker-dealer should use reasonable effort to ensure their contact/client taking action (when opening and maintaining client accounts) is who they say they are. It is a requirement to know and keep records on the essential facts of each customer, as well as identify each person who has authority to act on the customer’s behalf.

Facial Recognition vs Biometric Authentication

Facial recognition is about cross-referencing facial features with a database, while biometric authentication, in the best cases, is about first ensuring the individual is a genuine person, not a spoof attempt.

Testing for ‘genuine liveness’ will be further discussed. Ultimately, it is critical to understand that: Requiring every new user to prove that they’re a genuine human being before they are even asked to present an ID Document during digital onboarding is, in and of itself, a massive deterrent to fraudsters who do not want their real face on camera.

The importance of minimising the risk of identity fraud (impersonation) and money laundering.

“Identity fraud is one of the fastest growing crimes in the world. Experts in the field suggest that an identity is stolen every two seconds. As this is considered a ‘silent crime’, it can often go undetected, which is why financial institutions need to have a comprehensive approach to remote identity authentication.” – Gur Geva

If an onboarding system has a limitation, criminals will exploit it to create as many fake accounts as possible. To prevent this, Certified Liveness Detection during new account onboarding should be required. Once we know that the new account belongs to a real human being, their biometric data (facial-features) can be stored as a trusted reference of their digital identity in the future.

Be warned that all authenticators positioned as ‘secure’ actually test for ‘genuine liveness’. This means that sub-standard solutions may incorrectly answer the question: “Is what the selfie camera is registering actually human?”

Moreover, not all liveness detection software is actually ideal in terms of spoof-resistance or fit for accuracy across the full spectrum of human skin tones.

Consider this:

• Over R106 million was lost to fraudulent activity on other banking apps alone in 2019.
• Identity fraud has cost the South African government over R1 Billion during the Covid-19 pandemic (Cyber Archives – COVER Magazine).
• Furthermore, “United Nations recently estimated that the criminal proceeds laundered annually amount to between 2 and 5 percent of global GDP, or $1.6 to $4 trillion a year” (IMF.org).

Evidently, the addition of biometric facial recognition to mobile banking platforms as an added layer of security is critical.

For the full set of statistics and in-depth, visual insights around best-case biometric authentication, download our eBook using the button below.

Biometric Authentication for Identity Verification

How Remote Biometric Authentication Works

Remote biometric authentication can operate in various ways, some much more secure than others. More about this can be uncovered under the heading, “Motion/gesture presence liveness vs genuine presence liveness” but for now – we’ll leave it as follows:

Remote biometric authentication functions using a nifty piece of software, which will usually integrate with a fintech company’s customer onboarding platform. The ‘authentication’ piece within the process offers some level of assurance that it’s a real person before moving forward with the cross-referencing of facial features with an ID database.

Why use biometric Identity verification software?

Put simply, other measures are not able to compare in terms of security biometrics.

Is biometric authentication that much more secure than other options?

Yes. In general, biometric authentication is the most secure form of authentication, but level of security will depend on the type of biometric measures put in place.

The problem with text and photo CAPTCHAs

As an acronym for “Completely Automated Public Turing test to tell Computers and Humans Apart”, CAPTCHAs are simple challenge–response test. These are remarkably easy for bots to get past. In fact, bots are 66.8% more accurate than humans and got a test right 99.8% of the time. (​ source).​

What about 2D face matching?

Spoof-testers and criminals will first try 2D face matching, by bringing up a high-res picture on a screen, or printing out a cardboard cut-out and wearing it like a mask. Watch this video to see how easy it can be to spoof sub-standard 2D face matching used for authentication.

What about ‘deepfake’ puppets?

‘Deepfake’ puppets are essentially digital, ‘3D’ animations of a still image. Sub-par liveness detection can be spoofed by this method. Watch this video to see how to ‘Create a Deepfake Puppet in 20 Seconds’.

A workable biometric authentication solution firstly has to fulfil four critical service points:​

• It has to prove that the person is alive, therefore enabling strong authentication
• It has to match the selfie of the person with the image on their ID document
• Critical data has to be extracted off the identity document
• All the data is matched with a facial biometric at the Department of Home Affairs

Additionally, a leading remote biometric authentication solution is one that:​

• Offers optimum security against fraud and money laundering
• Plugs in seamlessly with an existing digital/remote customer onboarding process.
• Doesn’t cause additional friction for the customer.
• Minimises admin for the company.
• Is scalable with company growth.
• Includes a test for ‘genuine presence liveness​ ’.​

What is Genuine Presence Liveness?

Genuine presence liveness, at this point in time, is the most spoof-resistant implementation for accessible, remote biometric authentication. The best-case example is a patented solution from iidentifii, which essentially, has not been spoofed and accurately answers the question, “Is this is a real person?”

Motion/Gesture Presence Liveness vs Genuine Presence Liveness

Motion/gesture presence liveness is an implementation that considers things like blinking one’s eyes​ and moving one’s head as means of proving liveness. This method has become an outdated way of authenticating liveness because spoofs using a high-resolution screen with some facial animations can get past it without a hitch.

Genuine presence liveness is included in software that goes above-and-beyond with spoof-resistant​ features and security measures to ensure that it’s a real person with human skin in front of the camera. Inherently, liveness data is not stored, meaning that right now, there’s little to no risk of it being compromised.

Two types of data are required for every Face Authentication: Face Data (for matching) and Liveness
Data (to prove the Face Data was collected from a live person).
Liveness Data must be timestamped, be valid only for a few minutes, and then deleted. Only Face Data should ever be stored and new Liveness Data must be collected for every authentication attempt.

Face photos are just “Face Data” and without the corresponding Liveness Data, they cannot be used to spoof Certified Liveness Detection. In other words, using genuine liveness authentication does not give criminals an easy way to impersonate someone and potentially hack open a backdoor into your database from there.

How is best-case genuine presence liveness and authentication executed remotely?

Using patented light technology along with advanced algorithms, iidentifii’s liveness solution is built into onboarding journeys. Using iidentifii’s best-case solution, the user will be asked to hold their selfie cam in front of their face, which assesses video footage. On screen, they’ll see what looks like various simple colour filters being overlaid on their image, while the patented technology and advanced algorithms take over.

A key-feature of this technology is that it can be easily integrated into any mobile platform by means of a robust Software Development Kit suitable for Android and iOS apps, as well as web-based solutions.

• Under 30 seconds to verify
• 1 in 10 000 false reject rate
• 1 in 250 000 false acceptance rate

Who is iiDENTIFii?

iiDENTIFii is a world leading remote biometric digital authentication and automated onboarding technology partner and platform. We fulfil the needs of customer-focused organisations that are required to authenticate and on-board customers. iidentifii makes use of a proven, automated and non-invasive process that meets customer intelligence, risk and compliance goals, as well as ticking all the boxes from a governance and legislative perspective.

Through our deep learning neural networks and artificial intelligence algorithm, we have been called on to provide services to manage identity fraud both locally and across the globe.

Why Choose iiDENTIFii?

Regardless of location, iiDENTIFii’s implementations have been successful, in fact, one of our main drawcards is that the technology works so well on the diverse spectrum of human skin tones.

iiDENTIFii outperforms competitors in the following areas:

1. Our liveness detection assures the genuine presence of the individual onboarding and this protects​ our clients we serve from identity theft risk, money laundering fraud, regulatory fines as well as negative brand exposure in the press.
2. The identity document capture process is seamless within existing software, frictionless, and​ minimizes client frustration, and in turn, process abandonment.
3. Our face matching algorithm is superior at minimizing both the false acceptance rate and false​ rejection rate.
4. Integration into government databases (​territory dependent) including biometric face data enabling a three-way match between liveness, identity document, and government database.
5. iiDENTIFii’s ​flexibility​ in offering both a native app solution (Android and iOS) as well as a browser-based solution dictates that it will be compatible with your existing ecosystem without unnecessary costs and disruption.
6. The security of iiDENTIFii’s enterprise-grade solution has been extensively tested, including testing​ of encryption protocols by numerous banks and multinational clients.

South African AI company, iiDENTIFii on an upward trajectory – read more

Proven results with iiDENTIFii’s solution

“Having pioneered the golden triangulation, three-way authentication process, we have seen a remarkable reduction in false-accept and false-reject rates.” – Gur Geva, Co-CEO of iiDENTIFii.

An always-on, ability to scale on-demand and regulatory compliant cloud facility made the Microsoft Azure Cloud one of the obvious additions to the hosting environment. Read more about how iiDENTIFii caters for growth with Microsoft.

Companies we work with:

Found out how Standard Bank Sets Benchmark with iiDENTIFii.

If you would like more information on our case studies, please feel free to reach out and we’ll happily send you the professionally-prepared PDFs.

Summary of how iiDENTIFii can help your business

• Complete, frictionless customer on-boarding in under 30 seconds.
• Reduced costs of new client acquisition.
• Robust facial recognition and liveness detection.
• Authentication of identity documents.
• On-boarding fraud detection.
• A stand-alone application or a white labelled SDK.
• Compliance with FICA, KYC, RICA and AML regulations.
• An approach that emphasises security and client data privacy in light of POPI and/or GDPR.