Winning The Arms Race Against Fraudsters — With Selfies

It may seem like ancient history now — about four years ago, the idea that consumers, merchants, financial institutions (FIs) and payment service providers would rely on the selfie (that much maligned form of self-expression in the smartphone age) for digital security seemed silly. Attention-starved celebrities and people showing off on social media used selfies, not serious, reputable companies competing for market share in the digital economy.

Well, get ready for more surprises and progress when it comes to how we prove our real identities online and via mobile channels — how we open the door to daily, efficient participation in the digital economy. That’s the view of Robert Prigge, CEO of authentication services provider Jumio. In a new PYMNTS interview, he discussed with Karen Webster the recent turning points in the history of biometric authentication, and gave a preview of what’s coming down the road.

Golden Time

It’s a golden time for companies that provide identity (ID) and age authentication services.

“The evolution and revolution within the ID space is breathtaking,” Prigge said. Not only has the technology been developed, but real uses cases have emerged, and it’s becoming increasingly clear how important authentication really is for digital commerce and payments — not only for security and trust, but in offering efficient onboarding, transactions and other tasks. “As a company does digital transformation, it is immediately faced with the problem of establishing trust and knowing who [it is] dealing with,” he added.

Trust is important to a variety of areas where significant growth is happening online. That includes sharing economy marketplaces, along with Mobility-as-a-Service (MaaS) and even online dating sites — to say nothing of banking and other financial services. Just as in real life (that is, non-digital life), there stands various levels of knowing someone’s identity — three levels, in fact.

As Prigge told Webster, a company can, with relative ease, figure out that someone is who they claim to be. Take this example: Prigge wanted to give Jumio’s head of technology access to his Android phone, but it turned out that she had already registered her fingerprint with its touch identity tool (something he didn’t seem too bothered with during the PYMNTS interview, by the way). That shows the limits of making sure people are who they say they are, short of the ideal of real authentication. After all, a fraudster can be who they say they are, and still be a fraudster.

True authentication means figuring out who that person really is — that person trying to open a bank account, access credit, rent a vacation home or take that first ride in a ridesharing vehicle. What Jumio does to achieve that goal is use ID data points, biometrics, government-issued ID documents and computer intelligence (via machine learning and artificial intelligence). Jumio’s authentication technology asks for those identity details and requests that the shopper submit a selfie. That provides another layer of proof that the consumer is who they claim to be.

Use Cases

The use cases for such an authentication system are starting to pile up, and include the increasing online sale of such age-restricted products and services as alcohol, eCigarettes and gambling. In addition, such authentication technology can run in the background of various apps (without most people knowing it), and help with such tasks as getting back into a social media platform after all password-recovery efforts fail.

What has changed within the past two years, according to Prigge, is that the use cases are now driving the technology, not the other way around. “It’s shifted,” he said, adding how Jumio clients are coming to him with real and potential use cases, and desiring to know how the authentication tech can work within those parameters. The potential to biometric authentication seems almost endless at this point — that includes hotel room entry, and even buying and picking up orders from convenience stores (with the emerging connected vehicle ecosystem also placing more importance on those stores, and the retail and payments technology they employ).

“They are coming to us with their use cases, and we are trying to catch up with them,” he told Webster.

Biometric Shift

That shift came about, in part, because of fingerprints, he said — specifically, how smartphones, laptops and other devices made a large number of consumers comfortable with using fingerprints to unlock devices and apps, without considering the police and criminal aspect of that particular biometric. Going immediately to selfies — that is, facial recognition — might have proven more difficult if not for the step from fingerprints first. “Anyone who watches ‘CSI’ understands what a fingerprint is,” he said, referring to the long-running TV franchise about crime investigation units.

More change is afoot, Prigge said, especially when it comes to the MaaS sector — not only cars and trucks, but scooters and bicycles. As more such companies go public or seek initial public offerings (IPOs), there is increasing pressure to upgrade security efforts for both consumers and service providers (such as rideshare drivers). That also holds true in the larger sharing economy. This year will bring such efforts (better, more reliable authentication), and, as Prigge told it, people will surely notice.

Arms Race

It’s getting hard to see how digital commerce and payments thrive and grow without stronger authentication tools, and more thought into how to balance higher security with as little friction as possible — without really getting to know the identity of that person on the other end. Such authentication, for instance, could have stopped Wells Fargo from setting up all those fake bank accounts, Prigge said. Due to constant data breaches, the nature of data has changed, making authentication even more vital.

“There is no such thing as private data anymore,” he said. “All data is public, thanks to all those breaches.” That means fraudsters are having an increasingly easy time passing through those gates, those protections that don’t strive to figure out a person’s identity. Nothing offers a sure promise against fraud, of course, and nothing likely will. However, as Prigge said, “this is certainly an arms race” between security providers and criminals, and that puts even more pressure on digital operations to get that third part — a consumer’s identity — right.