The Growing Market for Identifying Fake IDs
As commerce increasingly transitions to digital platforms, there is an increasing market for identity verification that does not come at the expense of user experience. Companies like Jumio are leaning on advancements in machine learning to support that transition.
Is an uploaded scan of a driver’s license sufficient proof of identity? With developments in image processing, we are getting better at discerning a document’s authenticity. But when the exchange is over the web, how does a firm verify whether the ID matches the user? As institutions embrace e-commerce, the verification of identity documentation is pivotal to preventing identity theft and fraud.
McKinsey research estimates that the market for identity verification is around $10B globally (2017) and that it will grow to $16-20B by 2022. The current market is largely driven by digital transaction verification; and the volume of these use cases is expected to grow [1]. As shown in the McKinsey graphic, the most influential sector in this market is financial services.
In addition to supply-side requirements for identity verification, consumers are demanding improvements in the space. In 2018, an estimated 7% of consumers became victims of identity fraud according to Javelin Strategy & Research’s annual report [2]. And this rise in fraud is increasing at an alarming rate, causing consumers to lose hundreds of millions of dollars to fraudsters. The US Federal Trade Commission (FTC) collects consumer protection complaints through the Consumer Sentinel Network; and in 2017, the FTC reported identity theft as one of the top three categories of complaints [3].
Machine learning in combination with computer vision and OCR is changing the landscape of identity verification. And in an increasingly digital world, this is a key stepping stone to enabling businesses to build trust with consumers. For companies and their customers, this requires a frictionless verification experience that is simultaneously reliable. Identity verification companies like Jumio are influenced heavily by machine learning because it enables them to improve the process of detecting fraud in documentation. As an example, Jumio’s technology began by creating ID-specific templates as a cross reference (e.g. a MA state driver’s license). The company then developed image processing software to be able to detect edges of the document and identify specific patters and characters on the document to aid in fraud detection [4]. However, the complexity of identifying fake documents becomes more complex when the image of the document is a bit blurry or being held at an angle. Machine learning, and more specifically deep learning enables Jumio to improve their process through the use of artificial neural networks.
In the immediate term, Jumio is working to improve their software’s ability to correctly identify a document as authentic or not. In the world of machine learning, this means accessing a large volume of data to train the system. Jumio’s technology is augmented by human experts in verification that provide feedback to the system. This is presumably a costly model to sustain, however this hybrid approach is important to maintaining relationships with their clients who have much to lose if the computer system is wrong.
Looking forward to the next few years, Jumio has identified key trends that they believe will affect their business [5]. One of these is the shift to biometric facial recognition as a preferred authentication method. For example, the Apple release of the iPhone X in late 2017 featured facial recognition as the unlock mechanism for the phone. And in the summer of 2018, US Customs and Border Protection (CBP) announced its use of facial recognition at vehicle borders to the country [6]. With the increasing prevalence of this technology, Jumio is working to integrate facial recognition into its product.
Jumio’s Netverify Identity Verification product involves first verifying the authenticity of the ID as a document. Next Jumio makes sure that the person holding the document is a live person and the same person as shown in the photo on the document.
As previously mentioned, Jumio’s model relies on a hybrid authentication approach (the software model and the human verification expert). However, with the rapid growth in demand for identity verification services, Jumio will need to focus on how to reduce the operational inefficiency of manually checking verifications in order to compete at scale. One potential avenue for improving the machine learned models is to focus on seeking strategic partnerships that allow Jumio to train their models even faster with access to large sets of data. For example, working alongside the TSA or CBP to train the system will improve the consistency and accuracy in detecting fraud.
Beyond the midterm pressures of creating a scalable business and incorporating technologies like IoT and facial recognition, there is a question remaining about where the identity documentation will be in 10 years from now. Will we still be using physical documentation like passports and driver’s licenses? Or how will digital identity documentation take shape? And what types of opportunities will exist for firms that focus on verification technology? (786 words)
Footnotes
[1] Iyer, V. (2018). The next $20 billion digital market – ID verification as a service. [online] Fuelbymckinsey.com. Available at: https://fuelbymckinsey.com/article/the-next-20-billion-digital-market-id-verification-as-a-service.
[2] Javelinstrategy.com. (2018). 2018 Identity Fraud: Fraud Enters a New Era of Complexity. [online] Available at: https://www.javelinstrategy.com/coverage-area/2018-identity-fraud-fraud-enters-new-era-complexity.
[3] Consumer Sentinel Network, Federal Trade Commission (2017). Consumer Sentinel Network Data Book 2017. [online] Available at: https://www.ftc.gov/policy/reports/policy-reports/commission-staff-reports/consumer-sentinel-network-data-book-2017/main.
[4] Patel, L. (2018). Machine Learning, Deep Learning & the Wisdom of the Crowd. [online] Jumio. Available at: https://www.jumio.com/deep-learning-online-identity-verification/.
[5] Valdivia, J. (2018). 7 Identity Trends That Will Dominate 2018. [online] Jumio. Available at: https://www.jumio.com/identity-trends-2018/.
[6] Levin, S. (2018). US government to use facial recognition technology at Mexico border crossing. The Guardian. [online] Available at: https://www.theguardian.com/technology/2018/jun/05/facial-recognition-us-mexico-border-crossing.
Cover image source
Jumio’s Netverify Demonstration Graphic. (2018). [image] Available at: https://www.jumio.com/trusted-identity/netverify/identity-verification/.
I like the question you pose about whether we will continue to rely on physical documents such as IDs and passports in the future. When it comes to sensitive processes (such as airport security or even local voting), it seems as though physical documents and human interactions are valued to try and reduce risks of hacking / digital alteration. Yet that’s also subject to human error. It seems as though Jumio’s deep learning approach will serve them well for pioneering this work, and I’m curious to see how they are able to form partnerships over the next few years in order to help train the systems to an even better degree.
This is a fascinating post reflecting the ways that increased security risks have across business and consumer settings. Jumio’s platform seems poised to leverage its neural network learning model to develop a robust ability to identify fake IDs, but the question of how Jumio can stay relevant in an era of evolving identification methods (e.g., facial recognition, etc.) looms large. As identification methods continue to evolve, so too will efforts to falsify identities, be it with detailed masks, fake fingerprints, and so on. Will Jumio be able to adapt to determine what is a ‘real’ vs a ‘fake’ face? Or will identity verification ultimately require more steps (e.g., two-factor authentication) and/or increasingly advanced identification techniques?
I found your anecdote on how humans can play a role in machine learning fascinating. So often when topics like these are discussed by the public there is great fear that machines will replace humans. Your post highlights the many benefits of moving to a more automated, smarter system that will be less prone to errors, but also doubles down on the necessity of human involvement in the development – beyond writing the initial code. The post does leave me wondering about data security and privacy concerns. How can a company like Jumio ensure this sensitive information doesn’t end up in the wrong hands? Anyone who has ever traveled outside his or her home country has been taught to keep his or her passport close. When your passport has been “read” by Jumio, what stops a malicious third party from hacking that information and using it inappropriately?
Courtney H – Thanks for this interesting read. While Jumio’s goal of using machine learning to detect identity fraud sounds like an innovative idea, I wonder if the company’s business model is too susceptible to any technological disruption. As you mentioned in your essay, facial recognition system could easily eliminate the need to have any physical IDs, where people’s identities are confirmed just using their face. Now that we have this functionality in our hand (iPhone), I suspect that the technology will be very widely used in no time. And, as you mentioned, 10 years down the road, there could be new identity verification technologies that may make Jumio’s services obsolete. Given this, Jumio should strive hard to integrate their machine learning capabilities into any new identity verification systems that could arise.
One additional concern I had was what if people figure out how Jumio does its identity verification through machine learning and try to game the system to trick the machines into believing that fake documents are real? I think there is a risk that people will figure out how to trick the machines and again, Jumio should stay on top of its technologies to prevent this machine-fraud from happening.
I wonder if this technology battle is a cat and mouse that should be slowed, rather than hastened, as with the rise of Jumio. Specifically, as technology for detecting fraud becomes more sophisticated so too arguably does the technology for behaving fraudulently in the first place. Jumio faces the difficult task of protecting and building upon its proprietary software, which essentially acts as a form of cybersecurity. But, as many cybersecurity firms have realized, the game of cat and mouse if never-ending, and I question whether or not the model is a sustainable one in the end, despite the growth of machine learning.
very interesting piece. As many other comments have addressed, I wonder if this technology will quickly become outdated as development in facial recognition, iris recognition, or even spot DNA sequencing are made. However, if short term developments can be made and it can help with TSA lines and setting up banking, I think it is a great idea and excellent application of machine learning.
Great post Courtney! I’ve been thinking about whether physical identification documents will become obsolete in 10 years, and I’m leaning towards no. Despite the advances that machine learning has offered identity verification companies, like Jumio, I don’t yet know how if the global economy is ready for it. In a world without paper identification, foreign countries would have to share data to allow facial recognition (or whatever identity verification used) to allow cross-country travel. How else will UK customs know who I am when I visit London? Perhaps this may work within the EU, since people form various countries are using the same passport, but I imagine there are security risks with this data sharing. This may be another example of regulation being the bottleneck to technological advancement.
Great piece. While Jumio is using ML to optimize for an “old” world of physical IDs, one interesting avenue to explore is whether blockchain-based identity mechanisms will find a way to supplant these status quo systems — financial services seems like a ripe target to begin with, particularly with blockchain-based mechanisms being used to verify market transactions on distributed ledgers.
Super nice post, thanks for sharing this! I very much agree with the need delineated at the top – the recent surge of mass scale data leaks (Equifax), fake accounts (Twitter), and privacy-centric regulation (GDPR) have illustrated a real issue with online authentication. There is also a need for KYC (‘Know Your Customer’) in crypto exchanges to reduce fraud. But… if Jumio is creating a centralized database of user profiles and government/ biometric documents, is there a material risk of being hacked? I’d argue that this type of data storage will need to be decentralized, or else they put themselves up as a very large target as their user base continues to grow.
Thanks for sharing this piece. I found the evolution of the technology fascinating, but I kept coming back to the security of the data. How is Jumio addressing security / privacy issues with the sheer volume and sensitive nature of the data. I fear that here is the potential for Jumio to expose its consumers to the very fraud and security issues it is trying to prevent. It seems to me that the evolution of the form of identification could help in this as the conventional ID is much easier to duplicate or impersonate then DNA or facial recognition, but it would be great to get your take on this.
Thank you for the great post, Courtney! I completely agree with you that future of identification remains unclear and that this represent a big challenge for companies such as Jumio, that try to offset that risk by going into these new technologies. I wonder, however, if we (and these companies) are still thinking with a very much analogical/ physical mindset (basically, thinking of identity as piece of physical document). What if, in the future, identity could be linked to your behavior patterns (e.g. typing speed, sites you visit, places you’ve been to), creating a “digital DNA”? Then, such companies wouldn’t be ready for the change. The idea of using AI for better identity processes is great, but I believe there is still space for being more disruptive!
Our direction in identification sounds exciting, especially as we think about how frictionless systems like facial recognition can be but I think there are consumer concerns that don’t receive sufficient attention.
For example, on a recent Jet Blue flight, we boarded the plane using facial recognition instead of our boarding pass. This raised a concern for me, because I had no clue Jet Blue had a database with my photo (or a partnership with some company that has my photo)! Further, am I comfortable as a consumer having an airline keep information that can potentially be used to steal my identity if facial recognition is widely adopted? I don’t think I am.
Further, I don’t know if we think enough about what happens when identities are stolen. We do our best to stop it, but what does someone whose identity has been stolen actually do. For example, changing passwords is easy, but if your password is your face, changing your face might be much more difficult and reigning in fraud might become increasingly difficult.
I am a bit more skeptical of that we will no be using phisical documentation in the next 10 years.
I believe that we will have technological advancements that will allow other types of identifications but making a shift from physical to digital requires mass investment ans infrastructure. Take the passport case: We would need to ensure that every customs in the worlds has the compatible system that recognizes this new source of identification and its database of the past visits in other countries. Not only that, you need to ensure that all have digital infrastructure to access the online database in real time. I cannot imagine most third world countries being able to adopt such technology in 10 years making the implementation of this project not viable. The problem with IDs is that adoption needs to be universal and therefore takes more time to make implementation feasible.
Thanks for sharing Courtney – this was a great read. Fake ID is a topic which I am sure many of us have come across. The impact this will have on underage drinking will be substantial I believe, as this is presumably a huge market in the US. It would be interesting to see what the adoption of this platform would be from an array of different companies. I imagine some institutions spend considerable amounts on verification, such as governments, however, I question if this would be adopted more broadly in small local shops etc. This would be an additional cost which smaller institutions have not had to pay in the past, and as such, I would think that only with a push from governments to crack down on ID issues, will they be truly on board with adoption. You also raise fascinating questions regarding what the future holds for ID verification – I look forward to seeing what path society takes!