printer friendly version

Selfie and ID card verification for onboarding

Using your mobile device to identify yourself, open accounts and streamline the onboarding process in businesses has been spoken of in the past, but become a reality over the past few years. The question that remains, however, is how reliable ‘selfie onboarding’ is, especially when opening a bank account and registering for other sensitive applications – such as voter registration.

A new player in this market, a market which had about US$4 billion invested in it in 2021, is Trustmatic. The company has turned the onboarding process into a Software-as-a-Service (SaaS) business model, where the application and primary processing is done in a secure cloud environment. Naturally, the company has iOS and Android apps available for people to download and use in their verification process.

Donal Greene, founder and CEO of Trustmatic spoke to Hi-Tech Security Solutions about the company and its solution, including why it’s onboarding process has a 97% completion rate as opposed to the average of around 67%. (One of the reasons is because the end user has very little to do as almost everything is automated.)

Government-quality identity to the enterprise

Greene’s background has been in the biometrics world for many years where he assisted in government identity projects in over 80 countries – he spent six years as the head of EMEA for Innovatrics. He launched Trustmatic with the goal of bringing the same quality and reliability used in government identity projects to the enterprise.

This goal is achievable today now that technology available to everybody has advanced to the stage where remote authentication is reliable. However, the costs can become significant if organisations decide to use on-premises solutions, hence the Trustmatic SaaS model, which reduces costs significantly without compromising on accuracy. The full solution from Trustmatic is cloud-based, meaning there are no individual modules or ID formats to buy. (Of course, the mobile app is on the user’s device, but it is free and uses the cloud for verification and secure data storage.)

The SaaS model also means the solution is affordable for large enterprises or small, as the companies pay a per transaction fee.

The solution has been adopted in various countries (including in the Middle east and Africa where Trustmatic has a presence in Uganda), in the organisations one would expect to be interested in this technology, like banks and telcos. However, an interesting market the company has also found traction in is the sharing economy – such as ride sharing or rentals etc.

Less than a minute

As noted, the onboarding process has been made as simple as possible to avoid failures in registration as well as people simply giving up because the process is to complex or burdensome.

It starts with the user downloading the app and registering for something, such as a bank account. The first thing that happens is the app asks for a scan of the person’s identity card. Unlike most apps where the user must move their phone to place the card in a box on the screen, they simply hold their camera over the card. The AI algorithm identifies the corners of the card, checks the image for lighting, glare, focus and so on and when the image is clear enough to use, takes a picture automatically. This automatic process avoids the user having to move their device up and down and worry about shadows and lighting etc., resulting in significantly fewer failures.

At the same time the app makes some on-the-fly fraud checks by checking the machine-readable zone (MRZ) and finding many of the hidden features used on real ID cards. If these checks fail, the card is not captured. Once captured it is then sent to the server for more processing.

Another user-friendly feature is that the user is not required to enter what type of ID card is being used. The system has over 1000 different ID cards on file (increasing all the time, as Trustmatic is able to add in new cards or formats with ease) and it automatically identifies which identity document it is.

Cards with NFC chips can also be read by holding them to the back of the mobile device (if it has NFC enabled) and the app extracts the user detail and image from the chip – which is really the only 100% reliable way of getting this information remotely.

Once on the server, optical character recognition (OCR) is run to extract the user data and image (assuming it is not read from a chip) and more checks are made to ensure the card is not a fraud – such as checking the hologram etc. This is all captured in a file which will be sent to the client once the process is complete.

Live faces only

The next step is to capture a facial image of the user. Again, to make it simple, all the user has to do is put their face in a circle on the screen and the automatic processing captures the image when it detects the face and lighting conditions, among other checks, allow for capturing an image of high enough quality for facial recognition algorithms. In addition, passive liveness detection is used to make sure the image is a real, live person not a photo or video.

Passive liveness means the AI uses various mechanisms to check for liveness without user interference. Active liveness detection would be asking the user to do something (like smile) to ensure the image is real. This has been used in many apps in the past (and still is in some cases), but modern spoofing technology can fake even facial movements.

Greene says the whole process takes less than 60 seconds. Moreover, as mentioned above, the simplicity involved for the user means Trustmatic has a 97% completion rate for its registration and/or onboarding process, well above the average in these types of applications of 67%. Customers pay Trustmatic per transaction and Greene says the costs, due to the SaaS model, are 30% to 50% cheaper than other options.

The most secure algorithms

Trustmatic does have some of its own algorithms for facial recognition and ID card verification, but Greene explains that the solution is ‘algorithm agnostic’. It makes use of the best algorithms available to ensure it produces the best results, including a combination of core technologies from Innovatrics. For example, the FaceTrust API is powered by the Innovatrics algorithm, top-ranked globally in the NIST (National Institute of Standards and Technology) Facial Recognition Vendor Test. Of course, this depends on the use case. A bank would want the best technology to ensure the highest accuracy, while other customers may be happy with less.

Trustmatic’s solution is in use at high-security sites in the Middle East as well as in schools where attendance is recorded and the management wants to know if unknown persons enter the premises. In an access control scenario, staff and visitors or contractors can register remotely via their mobile devices and obtain easier access. This is simply accomplished by storing their facial image on the company’s database and then using images from a surveillance camera to verify they are allowed onsite – opening the door automatically. If the face is not recognised the door won’t open and they will be directed to a reception area, or a security guard can be alerted.

The SaaS model allows Trustmatic to offer a flexible solution that can be adapted to almost any organisation’s processes, offering a reliable onboarding and verification process that can be tailored to various situations.

Greene admits that the market for digital onboarding is becoming increasingly crowded, making it difficult for organisations to find the right remote identity verification partner. The key, he says, is to look in-depth at the technology being used:

• Can it be customised and scaled?

• Has it been benchmarked and certified?

• Will it be compliant with local data, financial and anti-money laundering regulations?

• Is the technology user-friendly and intuitive?

The most important element he says, is to adapt technology to humans and to efficiently address digital age business needs.

Share this article:

Further reading: