Verification and Authentication Interview with Husayn Kassai
What do you find works in the verification and authentication space? Why do you think these methods work so well?
What if you could take your phone out to prove who you are, quickly, in any day-to-day scenario? That digital identity nirvana doesn’t exist today. But at Onfido we foresee a future where identity will be the key to access to all services.
We strongly believe that machine learning underpins the best methods for identity verification. We’ve built a solution which, using machine learning technology, can validate a user’s identity document and compare it with their facial biometrics, detecting any anomalies automatically. We have been pioneering this multi-factor authentication successfully for clients around the world, and many have noticed a marked improvement in their onboarding capabilities and a reduction in fraudulent activity.
Which methods don’t work? How have they proven to be ineffective for authentication?
Most of the traditional authentication methods we use to prove our legal identities are stuck in an offline world. They rely on an interaction with another human. This can lead to long wait times, and an altogether more laborious customer experience. Even some online verification methods, such as Knowledge-Based Verification (KBV), which asks users to identify themselves by answering personal questions, are no longer fit for use today. They have proven to be too easy to for fraudsters to hack.
In the US, it has become obvious that using Social Security Numbers (SSNs) to prove who you are is outdated. The system is in desperate need of reform. SSNs have been central to the American identity infrastructure for years, operating as both an identifier and authenticator. But after several years of data breaches where millions of people’s SSNs have been stolen, their value has to now be in question.
What do you think can be done to improve the level of security offered in the world of payments?
There are a number of innovations in the payments space today that make it easier for a user to make a payment. However, fraudsters are also constantly trying to outsmart the latest fraud detection technologies. Beating payments fraud has therefore become an ongoing game of cat and mouse. To give a recent example, fraudsters have used machine learning themselves to create synthetic data, combining two or more faces to create an entirely new face. Using machine learning is the only way to address these types of fraud.
In addition, payments providers can introduce biometric ‘liveness’ testing to their authentication processes. Instead of asking a user to take a static selfie – which can be easily spoofed – companies can ask users to provide a short video of themselves. By asking them to read out a set of randomly generated digits or to move their head from side to side, machine learning can verify that there is a real living human behind the camera rather than a synthetic face image or a pre-recorded video.
What impact has biometrics had on the world of payment security?
The common dilemma for the payments industry is how to facilitate a convenient user experience whilst maintaining a high level of security against bad actors. We are seeing a trade-off today between a desire from the consumer for as frictionless as experience as possible (making a payment almost instantaneously from their mobile phone, for instance) but at the cost of making their personal information less secure. Customers have shown that they are willing to input their personal card details and passwords online if it means they can access an online service quickly, regardless of the risk.
Biometrics are playing a crucial role in achieving a balance between these two priorities of convenience and security. Robust biometrics can stop any fraudulent attempts being made at scale when authenticating payments . Fraudsters want to find a way of committing fraud that can be easily repeated all over the world so by introducing additional layers of biometric verification, whether facial, voice, or fingerprint recognition, this becomes a far tougher challenge.
In the face of high-profile information breaches, what can be done to make the payments space more secure for users?
High-profile information breaches this year, which have affected the customer data of companies like Equifax and Macy’s have served as a reminder of just how vulnerable a user’s personal details are to attacks by cyber criminals. Payment providers need to invest in researching and implementing new technology solutions, ones that can complement the use of biometrics in making a payment by adding a further layer to the authentication process.
There have been some encouraging signs already, with biometric data used to authenticate customers through Apple Pay, Samsung Pay, and Mastercard’s “selfie pay”. In an interesting new development, British tech authentication company Sthaler is also now testing a biometric authentication option called “Fingopay”, which maps the veins of a user’s fingerprint and creates a unique, personal key for them, allowing the authentication of a payment using just their finger.
However, there needs to be further collaboration and innovation in the industry. If this happens, we may one day see the use of PINs and passwords overtaken by more convenient and secure methods of making a payment. These will be driven by multi-factor authentication and underpinned by the unique biometrics of an individual user. This will allow payments companies to provide the best possible customer journey for their users, whilst protecting them from fraud.
Husayn Kassai is CEO and co-founder of Onfido, a leading identity verification provider working to prevent identity fraud and help online businesses scale
Onfido’s vision is for everyone to be able to easily and securely prove their legal identity online. Using machine learning technology, Onfido validates a user’s identity document and compares it with their facial biometrics, enabling companies to automate checks on over 600 document types across 192 countries, detecting anomalies automatically, and using human experts to verify outliers.
Onfido has raised over $60 million in funding from prestigious investors including Crane Venture Partners, Microsoft Ventures and Salesforce Ventures. Onfido works with over 1,500 customers, including leading companies across a wealth of industries from fintech and payments (Remitly, Square) to sharing economy (Wag), crowdfunding (Indiegogo) and vehicle hire (Scoot, Zipcar).