In this article, we’ll cover how ID fraud can threaten both individuals and companies, as well as some of the key methods fraudsters are currently using to bypass KYC processes.
Then, we’ll discover how Passive Liveness offers a powerful defense against this complex and evolving problem.
ID Fraud: Multi-layered threat
By using an ever-evolving arsenal of nefarious technological methods, criminals constantly try to circumvent KYC measures that are designed to ensure companies know who they are providing services to.
The benefits to criminals who are able to fraudulently gain access to digital-based financial services – whether its access to a crypto exchange, DeFi platform, traditional bank or a wide range of other gatekeeper industries – are huge.
Indeed, ID fraud cannot only be used to carry out illegal financial transactions anonymously – it can also be used to defraud companies and burgeoning projects, in particular those attempting to raise funding through ICOs/token sales.
We’ve discussed this issue in more detail in our KYC/AML Compliance Guide for ICOs
By using fake identities, criminals can then go on to engage in activities such as money laundering, fraud and other illegal uses of financial systems with relative impunity, as such activity does not trace back to their real identity.
In parallel, criminals are also incentivized to steal identities from unsuspecting people in order to replicate and use them to perpetrate their crimes.
The results can be devastating for victims, who can be left with enormous debts for loans they haven’t taken out, and drawn into criminal investigations by law enforcement agencies who believe they have been engaging in illegal actions.
Banks have been implementing KYC measures for years, and the emergence of digital or ‘neo-banks’ has led to the industry adopting online customer onboarding processes.
In parallel, Virtual Asset Service Providers (VASPs) such as crypto exchanges and DeFi platforms are also increasingly using a combination of automated and KYC processes to vet potential customers. This has allowed VASPs to quickly scale and onboard new customers without the need for vast and resource-heavy human compliance teams.
However, even human compliance teams that manually interview potential customers can be tricked by fraudsters who have used stolen, fabricated or synthetic ID data to pose as someone else.
These tactics are broadly known as Presentation Attacks.
They essentially involve using biometric data belonging to someone else to create spoof versions and fakes.
The data – which can be anything from a photograph of someone found online or accessed through a hacked system to a fingerprint taken from someone covertly – can be used to create either digital, or even physical fakes, such as silicon masks and 3D-printed fingerprints or even video replays.
Through advanced programming and image manipulation, sophisticated fraudsters can create ‘deepfake’ individuals based on stolen identities that are then used to complete a KYC process.
In order to counter the threat of presentation attacks, a KYC process needs to be able to verify that the applicant is in fact real – in other words, to evaluate their ‘Liveness’.
The first approach that was developed came to be known as Active Liveness.This is a type of onboarding process that directs the applicant to complete certain prompts during a selfie check, such as turning their face left and right, etc.
The problem with Active Liveness is that it can be annoying – users are often unable to quickly satisfy the prompts, which leads to high abandonment rates during a KYC process. From a business perspective this is highly problematic, as a customer who abandons a KYC process may very well simply move on to a competitor.
In order to address this friction-heavy approach to Liveness, a new process has been developed: Passive Liveness.
Passive Liveness is an exciting and important new technology that can precisely determine whether a single frame in a captured and/or submitted selfie image or video is genuine.
The technology is an evolution of its Active Liveness. Where it differs is that in contrast to prompting applicants to carry out gesture-based actions and gimmicks, Passive Liveness seamlessly works in the background.
It evaluates the validity of a selfie by automatically scanning and evaluating an image, whether it is an uploaded selfie or a live video.
Passive Liveness brings some key advantages:
- It significantly reduces friction and abandonment rates in the onboarding process
- By evaluating images or videos automatically, it significantly reduces processing times and data transmission, making onboarding processes ‘frictionless’
- It prevents fraudsters from understanding the verification process, making it harder for them to “hack” the system in the future.
How does it work?
Well, the specific technical processes at play with Passive Liveness scans are obviously a closely-guarded secret – both for commercial and security reasons.
But in principle, Passive Liveness works by using a ‘single frame approach’ that simply analyzes one frame – whether it’s an image or from a video interview or upload. This means that there is no need for command-based actions such as looking left and right, etc.
Using proprietary algorithms, Passive Liveness technology can first determine whether a captured frame (whether it’s from an uploaded selfie or video interview) is suitable for analysis.
Then, using a Deep Neural Network (DNN) approach, the technology is able to effectively differentiate between images that are genuine representations of a person, and those that have been manipulated or fabricated, producing a ‘Liveness Score’ of between 0-10.
These findings are then cross-referenced against the ID document provided by the individual applicant, which itself is subject to advanced authenticity checks. If the liveness score checks out against the verified ID documents, then an applicant’s identity can be confidently authenticated.
In addition, Passive Liveness tech is also integrated with Machine Learning algorithms that are constantly incorporating new data to refine the process’ accuracy, improving its performance over time and helping companies keep up to pace with the evolving technology of criminals.
KYC-Chain’s Passive Liveness
Last year, KYC-Chain rolled out the Passive Liveness feature on our end-to-end onboarding solution.
It’s a powerful new tool for confronting the increasingly sophisticated risks of data fraud, identity theft and money laundering presented by criminals trying to exploit loopholes in KYC processes.
The Passive Liveness feature KYC-Chain uses is a new technological breakthrough: prior systems were simply not able to reach ISO 30107-3 Level 1 compliance from a single image.
Interested in using Passive Liveness to have a KYC processes that is secure and frictionless? Get in touch with us and we’ll be happy to talk about how KYC-Chain can make it happen.