News Old

In the digital age, verification of identity is an ongoing battle. Unlike previous eras, the issue of trust – be that of people or documents – is something that has to be checked with every single new contribution or application. Sophisticated hackers and algorithms are a constant threat, meaning that veracity of source material must be proved every time.

The rise of social media also means that memories are short, both for people and devices. For these reasons, verification of online identity is a task which needs updating on a minute by minute basis.

Too Much Information

There is only so much information that a human brain can hold. This is the complete opposite of potential digital storage, which in theory is almost limitless. On a day to day basis, therefore, users of online resources need a series of filters in order to have any hope of dealing sensibly with all the facts and opinions out there.

This situation, of course, has led to the vexed issue of “fake” or “false” news. Lack of the right kind of filters, or verifiers, can lead the unsuspecting internet user down some dangerously dark alleys. Because all internet and media output in many ways looks and feels the same, it’s human nature to trust each one equally.

Real vs. Fake

Because online identity is so important, the fact that so much fakeness exists on the internet leads to a reaction against it. If anything, users and businesses viewing a person’s application for the first time online are likely to be more suspicious than trusting of its authenticity. As bots can create and use thousands of fake IDs every day, security conscious users are perhaps understandably skeptical of every individual applicant for services.

This distrust of online identity is something which younger generations almost take for granted. As Facebook approaches its second decade of existence, many under 25 year olds have grown up with it, plus other social media platforms. This perhaps comes with an inbuilt distrust of things and people presented for the first time; the pendulum has swung the other way.

Middle Ground

Rather than veering between paranoia and blind faith, businesses and individuals who rely on identity verification to function properly need a way of restoring some sort of normality. Provable software and processes which themselves have shown time and again that they work against online fraud can give people the reassurance they need in this uncertain world.

The fact is that businesses which offer protection from online ID fraud can prove their record, for all to see. This is, of course, an ongoing process, and one which needs to improve every minute to keep its reputation. One of the good things about big data, after all, is that it never goes away.

When suppliers and consumers of products and services looking for trustable users want somewhere to go, they will rightly search for providers with the best track record. In a world of understandable paranoia, success in online verification is still a record which should be provable beyond doubt.

Artificial intelligence is widely accepted as being the development which will take online IT systems to the next level, with its massive potential to predict trends and reproduce user activity. Usually mentioned in the same breath or sentence is the term machine learning, or deep learning. These terms refer to the depth of information available in big data, and automated, AI attempts to learn from it.

Sadly, if not unpredictably, there are security concerns associated with deep learning; specifically, the emergence of the Deepfake. Thanks to big data, people’s identity can sometimes be replicated to such an extent that even victims themselves can’t believe it’s not them. Needless to say, deepfake needs to be taken seriously by the online verification industry.

Deepfake and Onboarding

Fraudulent identity creation of the sort represented by deepfake is potentially most likely to be attempted during onboarding. This is when meticulously recreated human behaviour can be generated using CGI, enough (it may be hoped by the fraudsters) to fool electronic know your customer (eKYC) software systems.

As documents themselves become ever harder to fake, hackers may now be hoping to use deep learning to take it to the next stage, having skipped as many of the documentary checks as possible. With the continuing arms race being fought to create unforgeable e-docs, it is at least conceivable that a fake human being may help get through the onboarding process.

For the more paranoid (or, careful) members of the online security community, a fake video of Barack Obama talking about flying saucers will no doubt send shivers down the spine. With CGI and deep learning so highly advanced, surely this could represent a potential threat to onboarding?

Likelihood of Deepfake Succeeding

Fortunately, at least for the moment, security experts do not see deepfake techniques being a threat to online identity verification. As things stand, there are two factors which mitigate against the likelihood of an artificially generated online human presence managing to fool eKYC processes.

Firstly, biometric identification technology is extremely effective. Finely tuned mathematical modelling enables security checking software to detect whether a video stream is the result of real time, real person activity, rather than a pre-recorded file generated by computer. Ironically, the computer doing the detecting knows when it’s watching something created by another computer.

Secondly, the amount of information needed to create deepfake is huge. Hoaxes posted online of politicians and celebrities saying things they didn’t are only possible because those individuals have thousands of hours of high definition video files available for the deepfakers to work with. For the average individual, this amount of video is impossible to find.

The Battle Continues

As with so much else in the world of online identity verification, there is no room for complacency. Fraudsters and hackers continuously strive to find ways to fool checking systems, which in turn become ever more efficient.

At present, hologram technology is just one of the many hidden features which careful security software can employ to verify documents, and streaming of real people in real time for onboarding separates the genuine from the fake. For the moment at least, deepfake is not fooling the online verification industry.

Businesses, no matter how small, need an online presence these days, often making them fair game for cyber confident tricksters.

There is no doubt that e-commerce paves the way for businesses to reach their target market, but on the downside it’s these business that fraudsters find easy to target.

It Comes at a Price

By introducing an efficient e-commerce option on your website, you must be confident that your product or service is viable. Your aim is to increase sales through your online presence. This is all well and good and is likely to reap benefits but be aware that you could be the victim of e-commerce fraud. Experian, the credit reporting company, reported that there was a 30 per cent increase in this type of fraud in a 12-month period between 2016 and 2017. It claims that a reported 11 per cent of the UK’s population were victims of identity fraud over the same period.

It goes without saying that e-commerce is a blessing for any budding business, so don’t let online fraud stand in the way of your business making a healthy profit.

The main e-commerce threats are identity theft and friendly fraud.

Identity Theft

Fraudsters in possession of a credit card’s relevant details are sure to go down the online route. This is because it eliminates any personal contact with the retailer Making authorisation mandatory with each payment can go a long way to protect you from scams.

A standard authenticity test isn’t foolproof though and it won’t necessarily stop any shady transactions unless the card is reported lost or stolen. As long as there’s sufficient funds in the account and the card number and three-digit security code is correct, it will result in a done dodgy deal.

Adding the authenticity layer, however, does mean you won’t be liable for reimbursing the full amount to the genuine cardholder. If you do have to refund the actual cardholder the money this is known as a “chargeback” and you should keep records of these transactions so that you won’t be stung by the same fraudster again.

Friendly Fraud

Watch out for this because it can have an impact on your profits. A friendly fraud means that your customer pays for a product and then claims it was never delivered or that it was damaged in transit. This results in refunds or even replacing and delivering the product again.

This type of fraud is so prevalent it has been categorised into:

• Accidental fraud – when the buyer can’t recall initiating the transaction and demands a chargeback.
• Family fraud – when a member of the family purchases items without the consent of the cardholder. This fraud is often carried out by young children.
• Opportunistic fraud – when a customer makes an online purchase such as a plane ticket, knowing that they can negotiate an upgrade rather than a refund.

It is inevitable these challenges will come your way and it is make or break depending on how you approach them. Don’t forget the backbone of your business is customer loyalty. It will pay in the long run if you see this type of fraud for what it is – friendly.

Government authorities and other major institutions are increasingly looking for means of identity verification online due to the social distance rules applied since the global Covid 19 outbreak. For some, this means playing catchup; and for many others, the processes available are either too slow or too weak to suit their purposes.

Of the many shortcomings exposed by the pandemic, the issue of identity verification is certainly one causing a lot of headaches for professionals and organisations concerned with avoiding fraud and criminal access. It is to be hoped that relevant agencies learn lessons about the importance of robust, trustable and convenient online ID verification.

Widespread Demand for Online Checks

In times of limited face to face contact, the issue of identity is probably more important than ever. That’s certainly true in the opinion of law enforcement and border control agencies, and also for financial institutions in both the public and private sectors. As anyone involved in online security checking knows, it is often far too easy for criminals of various backgrounds to assume the identities of innocent citizens, and use this theft for their own purposes.

Of course, just because there is a global pandemic of a deadly disease, many aspects of society must still function as near to normal as possible; this includes legal action, employee recruitment and, in some cases, processing of travel documents such as visas. Without these essential processes, societies would suffer more than could be reasonably expected, illness notwithstanding.

It is at just these interactions with applicants and services users, however, that the issue of identity verification comes to the fore. Many societies still rely on face to face document checking, which has now suddenly become impossible. Slightly too late in the day for some, relevant agencies and businesses are suddenly looking for remote, online checking procedures.

Mismatch of Supply and Demand

For those new to the world of online ID verification, its differences from the face to face version can be something of a wake up call. The fact is that physical documents such as passports can come with many tens of inbuilt, sometimes hidden, security features. This ranges from the look, feel and weight of the material the document is made from, to more modern artefacts like contactless chips.

From this level of security used in physical documentation, suddenly checks used for online checking drop dramatically in number; often less than 10 for a virtual document or image. More recent improvements such as biometric checks are also far from common in online verification systems.

Heightened Need for Catchup

Of course, security agencies and financial institutions cannot lower their standards because the level of checks available online differs from that in the “real” world. For this reason, demand from those organizations is increasing, both in terms of the checks available, and training for their staff in how to apply them. Suddenly, the importance of being able to trust the provenance of an image presented as ID verification, for example, acquires great significance.

With the effects of the current pandemic likely to change society forever, those institutions which will always need robust ID checks are themselves experiencing something of a revelatory moment.

The 2020 Covid 19 pandemic and subsequent measures to deal with it in the UK have led to a reprisal of previously touted and abandoned national ID schemes. As the online element of any such scheme would be cited as one of its main strong points, potentially this could have major implications for the online identity verification industry.

However, as with previous incarnations of any British identity checks, talk of resurrecting or designing a new online verification system are problematic. For reasons highlighted already during the pandemic, the pros and cons of online ID checking are provoking much debate.

British Identity and the State

The UK has a rather unique relationship with its own residents. Often referred to as “citizens”, in fact anyone born in the country is a Crown Subject. Citizenship became a widely used term when the UK was part of the EU, but now that relationship has ended. With it has also gone the idea of citizens and their “rights” in the widely held usage of the terms.

British subjects have civil liberties, not rights. This is one of the many technical and legal niceties with which the UK’s constitution (which remains unwritten) is riddled. Some of the liberties involved date back to the middle ages, while others are rarely brought to the surface. To do so in the light of the internet is bound to provoke a whole lot of questions about identity and intrusion.

Previous Attempts at ID Verification

The last attempt at a UK identity card scheme began in 2006 with the Identity Cards Act. This was hailed as a way of moving the country’s population forward in the digital age, with every “citizen” able to easily prove their identity, in person or online. The motivation behind the scheme was to prevent fraud of many kinds, but specifically fraudulent access to NHS services by foreign nationals.

The Identity Cards Act 2006 was repealed in 2010. The incoming administration scrapped it immediately in a move popular within its own party and in the wider community. This action seemed to strike a cord with a perceived British distrust of the “surveillance state”. It also had the advantage of saving the new government billions of pounds of investment in a newly austere financial environment.

Coronavirus and Identity

The Covid pandemic, lockdown and ensuing developments have led to calls for a revival of digital ID checks from some quarters; including the previous Prime Minister who introduced the 2006 Act. With public spaces being asked to impose restrictions on customers, verification of identity and residence has taken on added importance and urgency.

In the opinion of its proponents, a digital ID card and scheme would enable business owners and other premises managers to quickly check their customers’ appropriateness, as well as avoiding potential fines and other penalties.

To opponents, however, renewed calls for a national ID scheme are using a time of national crisis as an excuse to erode civil liberties. With a poor track record of testing and tracing technology in the UK, and evidence of abuses elsewhere, any attempt at a UK digital ID scheme faces serious hurdles.

One of the ironies in the current global health crisis is that people want, and may need, to have their health checked, but are advised not to physically attend clinics unless absolutely necessary. This dilemma is certainly more prevalent in countries which have the best access to healthcare, increasing the irony by an order of magnitude. In communities with the most basic level of care, the choices are rather more basic.

However, for rich, developed economies, the presence of remote ID verification is proving extremely useful in combating a resurgence in Covid 19 cases; this being a problem for many countries across Europe. Luckily, many of those nations are able to make use of the latest onboarding verification technology.

Covid 19 and the Rise of Telehealth

A highly infectious, potentially deadly disease like Covid 19 is the perfect motivator to introduce a system of remote consultations. By accessing the services of medical professionals remotely (either over the phone or, more recently, online), people worried about their health can often gain the help they need without having to expose themselves and others to the risk of further infection.

Such systems have been rolled out in many developed countries. In the UK, for example, the National Health Services 111 helpline was fully introduced in 2014; at least in part to take pressure off overloaded and understaffed GPs surgeries, hospital and accident and emergency (A&E) departments. The system has been a great success, and is often the first line in successfully diagnosing illness, including Covid 19.

In the USA, meanwhile, the pandemic has led the government to remove restrictions regarding Telehealth from the Medicare health insurance scheme, leading to a huge surge in demand for online consultations. With advances in technology, worried patients can log their symptoms via a smart device or other computer, receiving treatment advice without worrying about costs.

Need for ID Verification

The issue of healthcare costs is, indeed, a very hot topic in many developed nations. Health tourism, for example, has been cited as being a major worry for British citizens worried that the NHS is struggling to cope with demand, even during the course of a “normal” year. In societies which have other financial arrangements, who is able to access health advice is at least as important, if not moreso.

The recent rise in demand for these “telehealth” or “telemedicine” services has, therefore, led to a subsequently high demand for online ID verification. Onboarding services provided by established online verification companies fit the bill exactly. Not only that, but the surge in demand is driving a number of startup businesses offering their own version of bespoke health ID checking and onboarding; one such business in Sweden dealt with an increase in business of 240% from March.

Europe Leading Developments

The continent of Europe, including many EU countries, are by far and away the biggest adopters of online health eID verification processes. This is partly because those countries have some version of a national health insurance scheme, and a robust idea of who actually lives within their borders. The technology available, however, is arguably even more important in nations where either or neither of these situations is the case.

The covid pandemic of 2020 has produced some surprising positives alongside all the negatives. One of these positives is a boost to the profile of digital online ID verification, and its usefulness to governments, business and society as a whole. In the UK, a scheme to register and apply online for a state benefit in May – itself a by-product of the national coronavirus lockdown – has been so successful that it has prompted the country’s government to develop and set out a whole future digital ID strategy.

Rise in Numbers of Online Benefit Applications

On the 13th of May this year, the UK government launched its Self-Employment Income Support Scheme. This initiative was designed to give assistance to the millions of self-employed people who found themselves without an income due to the almost total lack of business available because of the government’s imposition of a nationwide “lockdown”, stay at home policy. The scheme is solely available via online applications at the GOV.UK website.

Whatever results the DWP was expecting, it’s fair to say they were overwhelmed with their own success. A massive 2.6 million applications were received in the opening weeks of the scheme. While this figure is instructive about how many self-employed workers there are in the UK, the application process itself also revealed a rather big hole in the online verification sphere.

Perhaps surprisingly (but perhaps not), of those 2.6 million applicants, 1.4 million were severely hindered by the fact that they had no appropriate digital ID credentials with which to further their application. As the HMRC has understandably strict rules on verifying identity, this caused a great deal of frustration among those applying for this essential benefit.

Need for a National Digital ID Verification Strategy

This specific benefit situation highlights a more general need across society. Even in the health sector, ability to prove one’s identity via online verification methods is now a major boost; registration for a new GP, for instance, is now much easier to achieve online with the right credentials. With a national drive to keep healthcare costs down and avoid fraudulent access, this situation is certain to continue.

The perceived benefits of online ID verification have produced a new government body: the Digital Identity Strategy Board (DISB). This is the result of a report by the Department for Digital, Culture, Media and Sport (DCMS), which showed evidence of a massive defrauding of government funding by dishonest online applications.

Statistics available for 2019 show that online ID fraud had risen by almost a third since 2014, and almost a fifth since 2018. Last year’s figure was a startling 223,163; almost a quarter of a million people successfully fooling online checking systems.

Six Principles for Future Safety

The DISB has already made a contribution to future UK online ID verification; it has published six principles by which the strategy going forward will operate. They are: privacy, transparency, inclusivity, interoperability, proportionality and good governance. As a set of founding principles, this certainly seems like a very good base from which to start improving the UK population’s online security, and secure future services.

Cruel cyber scammers are taking advantage of the COVID-19 crisis by sending fraudulent emails to trick you into clicking in malicious links or opening dodgy attachments.

Many claim to be from WHO (World Health Organisation) asking for donations and inviting you to click on the link provided. Make sure the link starts with ‘https://www.who.int’. Better still, navigate to the WHO website directly, by typing ‘https://www.who.int’ into your browser.

WHO’s Dos and Don’ts

It is imperative to verify a person or organisation before responding to any email because by doing so you could reveal your username and password, which can then be used to extricate money from your account and access sensitive information.
According to WHO it will never:

• Ask for usernames or passwords from anyone
• Email attachments that haven’t been requested by you from them
• Charge money for a job application, conference registration or hotel reservation
• Conduct lotteries, offer prizes, certificates, funding or grants via email

COVID-19 Solidarity Response Fund

The only call for donations WHO has issued via the internet is the COVID-19 Solidarity Response Fund and this can only be accessed through the official WHO website www.who.int.

There have been reported cases of scammers claiming to represent WHO or the COVID-19 Solidarity Response Fund and might try sending you an invoice requesting payment on behalf of the charity. Just remember, that WHO or its affiliates the UN Foundation or the Swiss Philanthropy Foundation will never contact anyone for their credit card or banking details. If you want to legitimately give to the prementioned charities, then go straight to the WHO website.

Check the Address

WHO recommends you always check the sender’s email address. It should have the person’s name followed only by @who.int. If there is anything other than who.int after the @ symbol, the email is from a scammer. WHO will never send emails ending in .com or .org.

Sadly, criminals can go one step further and can forge the “from” address on email messages to make them appear to be from someone at WHO. So, just be alert and ask yourself if you have requested information from WHO recently, as it is highly unlikely, they will be sending you any unsolicited emails.

Malware Attacks

In this current crisis it is not only cyber criminals looking to glean your personal information through ill-gotten means, there are also attackers out there who need to hack into your computer to install malware on it. Malware can be any type of malicious software created specifically to harm or exploit any device, service or network that is programmable.

Report the Scam to WHO

If you have been approached at any time during this COVID-19 crisis, WHO says you should report this potential fraud with them immediately. They have a team dedicated to dealing with scamming, so you will be in safe hands. By reporting any suspicious activity, you will be helping the organisation track down and prevent any other unsuspecting people from being scammed in the name of a worthy charity.

A recent report by Citizens Advice said that around 4 million people in the UK fall victim to scams every year. These are usually targeted at the most vulnerable people in society, and can therefore be extremely upsetting and harmful.

Cross-generational issue

Unfortunately, it’s not just “the usual suspects” who fall for online and telephone scams, and neither are the type of people who carry them out. The point of a scam is that it seems plausible, which is why so many people fall for them; this includes younger, IT literate generations who can’t imagine themselves being duped.

The rise of online dating is an example of the ways in which online scammers can catch out the unsuspecting victim. Individual loneliness in the modern world leads people of all adult generations and sexes to look online for company; by definition, these people are vulnerable, at least from a scammer’s point of view.

The point is that anyone using online dating services is unlikely to be thinking about being stolen from; their minds are, literally, on other things. The promise of a future life with a new love has led thousands of men and women every year to give away their life savings.

Suspicion is a virtue

Another common online scam is for someone to receive a call, email or other means of contact (via Facebook, for instance), which is unexpected and brings good news. Long lost relatives that people didn’t know they had, for instance, can sometimes prompt otherwise cautious people into acting irrationally. The popularity of ancestry websites and TV programmes continues to stir up this longing for connections, which is viewed by fraudsters as a way into a complete stranger’s personal life.

A good rule of thumb when avoiding online scams is: if something seems too good to be true, it is. From this starting point, it is easier to spot give-away signs which the scammer will always exhibit. As soon as they ask for confirmation of anything, for instance, this means they don’t know; if not, why not? Never confirm any details over the phone; not even postal address.

Practical checks

Senders’ email addresses, meanwhile, are very easy to check out. The easiest way is to hover over the sender’s name. Whatever name has been entered, the computer will display the actual email address; any discrepancy between the two will be obvious. Common tricks by scammers are to replace details of familiar contacts with others; for instance, replacing “m” with “rn”, or “l” with “1”.

Similarly, any contact from a website can be verified quickly and easily. Google is a good way to start; enter the website’s details and see what results come back. Any legitimate site will have at least some previous hits and reviews. It’s also best to click on the URL itself, and see how easily and securely a connection is made. Bad English and too much advertising are also giveaways.

Stay alert

By staying alert, any online scam should be easy to spot. At the end of the day, a scam is the product of human beings, who have weaknesses. While the scammer may be trying to use yours, by the same token you can look out for theirs.