News Old

Government authorities and other major institutions are increasingly looking for means of identity verification online due to the social distance rules applied since the global Covid 19 outbreak. For some, this means playing catchup; and for many others, the processes available are either too slow or too weak to suit their purposes.

Of the many shortcomings exposed by the pandemic, the issue of identity verification is certainly one causing a lot of headaches for professionals and organisations concerned with avoiding fraud and criminal access. It is to be hoped that relevant agencies learn lessons about the importance of robust, trustable and convenient online ID verification.

Widespread Demand for Online Checks

In times of limited face to face contact, the issue of identity is probably more important than ever. That’s certainly true in the opinion of law enforcement and border control agencies, and also for financial institutions in both the public and private sectors. As anyone involved in online security checking knows, it is often far too easy for criminals of various backgrounds to assume the identities of innocent citizens, and use this theft for their own purposes.

Of course, just because there is a global pandemic of a deadly disease, many aspects of society must still function as near to normal as possible; this includes legal action, employee recruitment and, in some cases, processing of travel documents such as visas. Without these essential processes, societies would suffer more than could be reasonably expected, illness notwithstanding.

It is at just these interactions with applicants and services users, however, that the issue of identity verification comes to the fore. Many societies still rely on face to face document checking, which has now suddenly become impossible. Slightly too late in the day for some, relevant agencies and businesses are suddenly looking for remote, online checking procedures.

Mismatch of Supply and Demand

For those new to the world of online ID verification, its differences from the face to face version can be something of a wake up call. The fact is that physical documents such as passports can come with many tens of inbuilt, sometimes hidden, security features. This ranges from the look, feel and weight of the material the document is made from, to more modern artefacts like contactless chips.

From this level of security used in physical documentation, suddenly checks used for online checking drop dramatically in number; often less than 10 for a virtual document or image. More recent improvements such as biometric checks are also far from common in online verification systems.

Heightened Need for Catchup

Of course, security agencies and financial institutions cannot lower their standards because the level of checks available online differs from that in the “real” world. For this reason, demand from those organizations is increasing, both in terms of the checks available, and training for their staff in how to apply them. Suddenly, the importance of being able to trust the provenance of an image presented as ID verification, for example, acquires great significance.

With the effects of the current pandemic likely to change society forever, those institutions which will always need robust ID checks are themselves experiencing something of a revelatory moment.

The 2020 Covid 19 pandemic and subsequent measures to deal with it in the UK have led to a reprisal of previously touted and abandoned national ID schemes. As the online element of any such scheme would be cited as one of its main strong points, potentially this could have major implications for the online identity verification industry.

However, as with previous incarnations of any British identity checks, talk of resurrecting or designing a new online verification system are problematic. For reasons highlighted already during the pandemic, the pros and cons of online ID checking are provoking much debate.

British Identity and the State

The UK has a rather unique relationship with its own residents. Often referred to as “citizens”, in fact anyone born in the country is a Crown Subject. Citizenship became a widely used term when the UK was part of the EU, but now that relationship has ended. With it has also gone the idea of citizens and their “rights” in the widely held usage of the terms.

British subjects have civil liberties, not rights. This is one of the many technical and legal niceties with which the UK’s constitution (which remains unwritten) is riddled. Some of the liberties involved date back to the middle ages, while others are rarely brought to the surface. To do so in the light of the internet is bound to provoke a whole lot of questions about identity and intrusion.

Previous Attempts at ID Verification

The last attempt at a UK identity card scheme began in 2006 with the Identity Cards Act. This was hailed as a way of moving the country’s population forward in the digital age, with every “citizen” able to easily prove their identity, in person or online. The motivation behind the scheme was to prevent fraud of many kinds, but specifically fraudulent access to NHS services by foreign nationals.

The Identity Cards Act 2006 was repealed in 2010. The incoming administration scrapped it immediately in a move popular within its own party and in the wider community. This action seemed to strike a cord with a perceived British distrust of the “surveillance state”. It also had the advantage of saving the new government billions of pounds of investment in a newly austere financial environment.

Coronavirus and Identity

The Covid pandemic, lockdown and ensuing developments have led to calls for a revival of digital ID checks from some quarters; including the previous Prime Minister who introduced the 2006 Act. With public spaces being asked to impose restrictions on customers, verification of identity and residence has taken on added importance and urgency.

In the opinion of its proponents, a digital ID card and scheme would enable business owners and other premises managers to quickly check their customers’ appropriateness, as well as avoiding potential fines and other penalties.

To opponents, however, renewed calls for a national ID scheme are using a time of national crisis as an excuse to erode civil liberties. With a poor track record of testing and tracing technology in the UK, and evidence of abuses elsewhere, any attempt at a UK digital ID scheme faces serious hurdles.

One of the ironies in the current global health crisis is that people want, and may need, to have their health checked, but are advised not to physically attend clinics unless absolutely necessary. This dilemma is certainly more prevalent in countries which have the best access to healthcare, increasing the irony by an order of magnitude. In communities with the most basic level of care, the choices are rather more basic.

However, for rich, developed economies, the presence of remote ID verification is proving extremely useful in combating a resurgence in Covid 19 cases; this being a problem for many countries across Europe. Luckily, many of those nations are able to make use of the latest onboarding verification technology.

Covid 19 and the Rise of Telehealth

A highly infectious, potentially deadly disease like Covid 19 is the perfect motivator to introduce a system of remote consultations. By accessing the services of medical professionals remotely (either over the phone or, more recently, online), people worried about their health can often gain the help they need without having to expose themselves and others to the risk of further infection.

Such systems have been rolled out in many developed countries. In the UK, for example, the National Health Services 111 helpline was fully introduced in 2014; at least in part to take pressure off overloaded and understaffed GPs surgeries, hospital and accident and emergency (A&E) departments. The system has been a great success, and is often the first line in successfully diagnosing illness, including Covid 19.

In the USA, meanwhile, the pandemic has led the government to remove restrictions regarding Telehealth from the Medicare health insurance scheme, leading to a huge surge in demand for online consultations. With advances in technology, worried patients can log their symptoms via a smart device or other computer, receiving treatment advice without worrying about costs.

Need for ID Verification

The issue of healthcare costs is, indeed, a very hot topic in many developed nations. Health tourism, for example, has been cited as being a major worry for British citizens worried that the NHS is struggling to cope with demand, even during the course of a “normal” year. In societies which have other financial arrangements, who is able to access health advice is at least as important, if not moreso.

The recent rise in demand for these “telehealth” or “telemedicine” services has, therefore, led to a subsequently high demand for online ID verification. Onboarding services provided by established online verification companies fit the bill exactly. Not only that, but the surge in demand is driving a number of startup businesses offering their own version of bespoke health ID checking and onboarding; one such business in Sweden dealt with an increase in business of 240% from March.

Europe Leading Developments

The continent of Europe, including many EU countries, are by far and away the biggest adopters of online health eID verification processes. This is partly because those countries have some version of a national health insurance scheme, and a robust idea of who actually lives within their borders. The technology available, however, is arguably even more important in nations where either or neither of these situations is the case.

The covid pandemic of 2020 has produced some surprising positives alongside all the negatives. One of these positives is a boost to the profile of digital online ID verification, and its usefulness to governments, business and society as a whole. In the UK, a scheme to register and apply online for a state benefit in May – itself a by-product of the national coronavirus lockdown – has been so successful that it has prompted the country’s government to develop and set out a whole future digital ID strategy.

Rise in Numbers of Online Benefit Applications

On the 13th of May this year, the UK government launched its Self-Employment Income Support Scheme. This initiative was designed to give assistance to the millions of self-employed people who found themselves without an income due to the almost total lack of business available because of the government’s imposition of a nationwide “lockdown”, stay at home policy. The scheme is solely available via online applications at the GOV.UK website.

Whatever results the DWP was expecting, it’s fair to say they were overwhelmed with their own success. A massive 2.6 million applications were received in the opening weeks of the scheme. While this figure is instructive about how many self-employed workers there are in the UK, the application process itself also revealed a rather big hole in the online verification sphere.

Perhaps surprisingly (but perhaps not), of those 2.6 million applicants, 1.4 million were severely hindered by the fact that they had no appropriate digital ID credentials with which to further their application. As the HMRC has understandably strict rules on verifying identity, this caused a great deal of frustration among those applying for this essential benefit.

Need for a National Digital ID Verification Strategy

This specific benefit situation highlights a more general need across society. Even in the health sector, ability to prove one’s identity via online verification methods is now a major boost; registration for a new GP, for instance, is now much easier to achieve online with the right credentials. With a national drive to keep healthcare costs down and avoid fraudulent access, this situation is certain to continue.

The perceived benefits of online ID verification have produced a new government body: the Digital Identity Strategy Board (DISB). This is the result of a report by the Department for Digital, Culture, Media and Sport (DCMS), which showed evidence of a massive defrauding of government funding by dishonest online applications.

Statistics available for 2019 show that online ID fraud had risen by almost a third since 2014, and almost a fifth since 2018. Last year’s figure was a startling 223,163; almost a quarter of a million people successfully fooling online checking systems.

Six Principles for Future Safety

The DISB has already made a contribution to future UK online ID verification; it has published six principles by which the strategy going forward will operate. They are: privacy, transparency, inclusivity, interoperability, proportionality and good governance. As a set of founding principles, this certainly seems like a very good base from which to start improving the UK population’s online security, and secure future services.

Cruel cyber scammers are taking advantage of the COVID-19 crisis by sending fraudulent emails to trick you into clicking in malicious links or opening dodgy attachments.

Many claim to be from WHO (World Health Organisation) asking for donations and inviting you to click on the link provided. Make sure the link starts with ‘https://www.who.int’. Better still, navigate to the WHO website directly, by typing ‘https://www.who.int’ into your browser.

WHO’s Dos and Don’ts

It is imperative to verify a person or organisation before responding to any email because by doing so you could reveal your username and password, which can then be used to extricate money from your account and access sensitive information.
According to WHO it will never:

• Ask for usernames or passwords from anyone
• Email attachments that haven’t been requested by you from them
• Charge money for a job application, conference registration or hotel reservation
• Conduct lotteries, offer prizes, certificates, funding or grants via email

COVID-19 Solidarity Response Fund

The only call for donations WHO has issued via the internet is the COVID-19 Solidarity Response Fund and this can only be accessed through the official WHO website www.who.int.

There have been reported cases of scammers claiming to represent WHO or the COVID-19 Solidarity Response Fund and might try sending you an invoice requesting payment on behalf of the charity. Just remember, that WHO or its affiliates the UN Foundation or the Swiss Philanthropy Foundation will never contact anyone for their credit card or banking details. If you want to legitimately give to the prementioned charities, then go straight to the WHO website.

Check the Address

WHO recommends you always check the sender’s email address. It should have the person’s name followed only by @who.int. If there is anything other than who.int after the @ symbol, the email is from a scammer. WHO will never send emails ending in .com or .org.

Sadly, criminals can go one step further and can forge the “from” address on email messages to make them appear to be from someone at WHO. So, just be alert and ask yourself if you have requested information from WHO recently, as it is highly unlikely, they will be sending you any unsolicited emails.

Malware Attacks

In this current crisis it is not only cyber criminals looking to glean your personal information through ill-gotten means, there are also attackers out there who need to hack into your computer to install malware on it. Malware can be any type of malicious software created specifically to harm or exploit any device, service or network that is programmable.

Report the Scam to WHO

If you have been approached at any time during this COVID-19 crisis, WHO says you should report this potential fraud with them immediately. They have a team dedicated to dealing with scamming, so you will be in safe hands. By reporting any suspicious activity, you will be helping the organisation track down and prevent any other unsuspecting people from being scammed in the name of a worthy charity.

A recent report by Citizens Advice said that around 4 million people in the UK fall victim to scams every year. These are usually targeted at the most vulnerable people in society, and can therefore be extremely upsetting and harmful.

Cross-generational issue

Unfortunately, it’s not just “the usual suspects” who fall for online and telephone scams, and neither are the type of people who carry them out. The point of a scam is that it seems plausible, which is why so many people fall for them; this includes younger, IT literate generations who can’t imagine themselves being duped.

The rise of online dating is an example of the ways in which online scammers can catch out the unsuspecting victim. Individual loneliness in the modern world leads people of all adult generations and sexes to look online for company; by definition, these people are vulnerable, at least from a scammer’s point of view.

The point is that anyone using online dating services is unlikely to be thinking about being stolen from; their minds are, literally, on other things. The promise of a future life with a new love has led thousands of men and women every year to give away their life savings.

Suspicion is a virtue

Another common online scam is for someone to receive a call, email or other means of contact (via Facebook, for instance), which is unexpected and brings good news. Long lost relatives that people didn’t know they had, for instance, can sometimes prompt otherwise cautious people into acting irrationally. The popularity of ancestry websites and TV programmes continues to stir up this longing for connections, which is viewed by fraudsters as a way into a complete stranger’s personal life.

A good rule of thumb when avoiding online scams is: if something seems too good to be true, it is. From this starting point, it is easier to spot give-away signs which the scammer will always exhibit. As soon as they ask for confirmation of anything, for instance, this means they don’t know; if not, why not? Never confirm any details over the phone; not even postal address.

Practical checks

Senders’ email addresses, meanwhile, are very easy to check out. The easiest way is to hover over the sender’s name. Whatever name has been entered, the computer will display the actual email address; any discrepancy between the two will be obvious. Common tricks by scammers are to replace details of familiar contacts with others; for instance, replacing “m” with “rn”, or “l” with “1”.

Similarly, any contact from a website can be verified quickly and easily. Google is a good way to start; enter the website’s details and see what results come back. Any legitimate site will have at least some previous hits and reviews. It’s also best to click on the URL itself, and see how easily and securely a connection is made. Bad English and too much advertising are also giveaways.

Stay alert

By staying alert, any online scam should be easy to spot. At the end of the day, a scam is the product of human beings, who have weaknesses. While the scammer may be trying to use yours, by the same token you can look out for theirs.

Banks and other financial institutions (FIs) are rightly concerned about fraud. Becoming a victim of fraud is bad news for individuals, but trusted organisations like banks suffer in a number of ways. As well as suffering direct financial losses, they are liable to fines and legal action. Plus, there is the biggest hit of all; reputational damage.

New account vulnerability

While FIs must be vigilant at all times, it is the setting up of new accounts which presents the greatest time of danger. A recent worldwide report showed that 57% of fraud hits businesses more at the time of account opening or takeover than at any other time. These figures are from those who have reported being victims of fraud, and so are particularly relevant.

This statistic points to the fact that generating a new account, or changing its owners, are times of maximum vulnerability to fraud. This being the case, verifying the identity of any new account’s owners is fast becoming a necessity for financial organisations; anyone who can provide foolproof ways of doing this will be very popular indeed.

Financial regulators’ concern

In many countries, financial regulators are aware of the problem of new account fraud, and have taken steps to try to counter it. For example, in the UK, the Financial Conduct Authority (FCA) has brought in a law whereby any FI setting up a new account for a customer must ensure they produce two separate documents; one proving identification and another a valid address.

In wider terms, fraud regulators have identified an impressive 15 “red flag” factors, any of which should be a warning to a FI when approving a new account holder. In an age of hackers and identity theft, the number 15 is perhaps not surprising, although a reminder of how many ways fraudsters have devised to gain access to other people’s money.

Ways of identifying fraudsters

Many FIs, or the companies they hire to carry out ID verification for them, are now insisting on multiple levels of checks. Any individual should have some form of documentation issued by a state institution, be it a passport, driving licence or some other form of official ID. On top of this, verifiers are asking for the applicant to provide a recent selfie, to compare with the photo on the ID card.

Verification of address is the other main way to spot fraudsters. Firstly, an address can be checked for its actual existence; then, whether the applicant actually lives there, or has done recently. Even mis-matched addresses can point to a potential fraud; someone has tried to copy out an address, but (because they’re not familiar with it), makes a typo or inserts a town where a street should be.

Small mistakes like these are one of the 15 red flags which verifiers look out for; any one of them can be a sign that a new account holder is not who they say they are. Spotting fraudsters early can save institutions and individuals a whole lot of time, trouble and money.

Online identity verification is a hot subject for an increasing number of businesses, as the web becomes ever more important in people’s everyday lives. Also, for any business, the opening of an account is its most vulnerable time in terms of exposure to fraudsters. While there are already many types of identity verification accepted by businesses, the humble selfie is now adding a new level of safety.

The importance of biometrics

It is already accepted that useful ID verification should rely on two out of three of the following; something the applicant knows, something they have, and something they are. The first level is the oldest; knowledge of a password, date of birth, first job, etc. is a long-established means of verification. The second, in today’s world, means a smartphone; something a person has which can help with checking their identity.

The third – something you are – is becoming ever more important in the online world. Biometric identification is thought of as access by thumbprint, or retinal scan. In fact, the oldest form of biometric ID is the photograph. Unfortunately, photos can be faked, which is where the selfie comes in.

Extra level of security

Applicants for new accounts can scan in their official documents, some of which will include a photograph. In fact, all this proves is that the person who sent the application has a copy of the document. What a business really needs to check is that the person doing the applying or registration is the same person as the one on the ID card.

Taking a selfie is a quick, reliable way to check this. Also, as the ID form will already be in the hands of the verifier, completion by taking a selfie can be carried out very quickly. The days of standing in a queue with a passport, proof of address and other verification are, thankfully, over. Natwest, one of the UK’s main banks, took up selfie ID verification in 2019, and is very likely to be followed by other major institutions.

Selfies’ fit with risk management

Risk is at the heart of ID verification, in the online environment more than anywhere else. For web-based businesses, this means risk of losing custom as much as allowing in fraudsters. The fact is that many of today’s potential customers don’t want to waste time verifying their identity if they can help it; a business which offers a quick, intuitive way of doing so will convert more customers than one that doesn’t.

In many ways, the selfie is the perfect form of ID authentication; it is instant, and very human on a number of levels. There is no way, for instance, that someone under duress from a third party would be able to manage a cheerful smile for a real-time selfie.

Some companies are taking this a step further and asking for short videos from applicants; just a quick clip to say hello, I’m [whoever] and I’d like to open an account. Recording such a clip is very easy, and also an intuitive way for the verifier to be sure the applicant is who they say they are.

In many ways, there is no theft more frightening than identity theft. This modern day version of stealing can affect a person’s life more profoundly than old fashioned theft, like having your car stolen. At the end of the day, you can always get another car, or even use public transport; but how can you get your identity back?

Online problem

Of course, the identity in question is the online version; those personal details we all give up to private companies and other agencies, in order to buy goods and services, or, indeed, verify our identity. The thing is, without facial recognition or some other “fool proof” way of checking, anyone who enters the right letters and numbers into an account passes for “you”.

With the right details, the thief can then commit identity fraud; that is, obtaining access to lines of credit or other goods and services by pretending to be another person. Identity fraud allows the fraudster to open bank accounts, receive state benefits, credit cards, loans, goods, mobile phone contracts and documents such as a driving licence or passport, all under a false identity.

For victims of identity theft, the only sign something is wrong is when they notice something unexpected, such as going to the ATM and not being able to withdraw cash. By the time this happens, the thief could potentially have committed a whole range of other frauds; this is a terrifying situation for any victim to find themselves in.

Common vulnerability

The term “hacking” is often used when thinking about ways in which identity is stolen; this conjures up images of some IT genius in a darkened room trawling the internet for unwary citizens’ personal details. In fact, your identity can be “hacked” while you’re sitting in a restaurant, paying for your meal.

Many retail outlets, bars, and other spending environments now provide a free Wi-Fi service. As soon as this is logged into, personal details are vulnerable to anyone who knows how to look, and who is also using the same Wi-Fi. As this could be anyone within range, this could be literally hundreds of people.

For this reason, it’s important to keep all personal details private. Online banking, for example, should never be done over a non-secure Wi-Fi service; as this will require at least a password, and possibly some memorable information, anyone hacking into your account might as well be looking over your shoulder while you type in the details.

Offline solutions

Not all identity theft is carried out online, however. A much more old-fashioned method is for thieves to go through your bins. As people receive “junk” mail all the time, they tend to throw it straight out; this may be a big mistake. Mail with an offer of a pre-approved credit card, for example, will give the potential thief some useful information with which to get started.

The best way of avoiding the horrors of identity theft is to stay alert. In today’s connected world, the fact is that someone is always looking over your shoulder, even if they’re not there physically. Most of those doing the looking will be harmless, but it only takes one who isn’t to ruin your life by stealing your identity.