With the rise of digital registration services, consumers can now easily create new accounts from the comfort of their own homes. For crucial services such as opening up bank accounts, users are required to scan their face and identity documents using mobile phones to prove the user’s authenticity.
But like any automation service, it is vulnerable and prone to bypassing. Take facial recognition systems, for instance. Instead of live image capture, fraudsters can instead produce false profile photos using:
- Digital phone screens
- Printed photos
- A physical mask impersonating the user
Identity documents are also prone to spoofing as well, such as:
- Sticker pasting
- Physical tampering
- Photoshopped document produced on a screen
- Photoshopped document printed on laminated paper
“According to statistics from the Commercial Crime Investigation Department at Royal Malaysia Police, Malaysians have suffered losses amounting to about RM2.23 billion on cybercrime frauds since 2017” — TechwireAsia
How Spoofing Works
A common thread between all fraud cases is that; most of them operate under a false guise with the means to transfer ill-gotten funds and remain untraced by authorities. This is where spoofing comes into play — where scammers build false accounts and profiles to access banking and telecommunication services.
It is now easier than ever for scammers to appear legitimate. Beyond mere private credentials, the general public in today’s era leaves an abundance of digital footprints through their media presence and regular online postings. Coupled with frequent, unmitigated data leaks, scammers are able to obtain personal particulars such as full name, identification number, bank account, and other confidential details.
With sufficient data, scammers can impersonate anyone, access their financial accounts and drain off their balance, or create an unsuspecting new bank account for mule purposes.
The banking sector is under constant threat, with scams and fraud taking place on a daily basis. According to FreeMalaysiaToday, banks were estimated to have faced RM1.6 billion losses due to online purchasing fraud over the span of three years, severely affecting profit margins.
How banks (or online services in general) try to mitigate these issues is through SMS or email authentication, where they send out messages to verify a user’s authenticity. However, even such methods have their limitations, with disposable SMS and email services available for free online.
Banks are not the only victims here grappling with reputation control while collaborating with local authorities. The telecommunication sector has suffered immense monetary damage from the various schemes stemming from identity fraud, ranging from subscription fraud to international sharing revenue fraud (ISRF). However, it is the general public that bears the brunt of the cost of unmitigated identity fraud.
Current Anti-Spoofing Methods
Traditionally, businesses prevent fraudulent user signups by conducting manual verification during the account registration process — a method known as “Know Your Customer” or KYC. This process requires users to prepare necessary documents, physically visit a branch office, meet with dedicated personnel and perform biometric verification via thumbprint scanning or quick photo capture.
This manual process is tedious for both the user and the business itself. The user is required to prepare physical documents and plan their appointments accordingly, most of which only happens during office-working hours which can be disruptive to their daily lives. Businesses are also compelled to maintain the upkeep of the physical bank branches and bear the overhead cost of hiring these office workers.
Unsuccessful registrations require both parties to restart the process all over again from scratch, which is resource-intensive and environmentally unsustainable, considering the upkeep and traveling carbon footprint. If there are changes to KYC guidelines and regulations, there will be friction in updating SOPs, retraining staff members, and auditing the changes. Manual processes are also prone to human errors, such as bribery and corruption.
Most importantly, traditional onboarding and KYC processes provide poor user experiences, affecting brand reputation and customer loyalty.
The eKYC solution
eKYC solutions are the modern way to resolve these decades-old challenges. Current facial recognition systems are created to prevent identity theft. Built-in passive liveness detection ensures that the phone’s camera is capturing a live human being instead of a digital screen or printed photo.
Modern document verification systems can also detect common spoofing attempts, such as physical tampering and photoshopping parts of the document. A misplaced landmark; a change in the font; and weird oddities within the documents captured can trigger red flags, alerting businesses of suspicious onboarding attempts.
Leveraging AI technologies, these systems can also automate tedious data entry processes, such as automatically populating essential fields through the documents captured using optical character recognition (OCR).
Fortunately, Innov8tif’s flagship product EMAS eKYC contains all the necessary components for most businesses to conduct an efficient and secure user onboarding experience. Beyond just facial recognition and document verification, we have components such as OkayDB which match profiles against existing databases, such as bankruptcy status and politically-linked individuals.
Digital businesses are the way of the future — enabling 24/7 services, automating workflows, and providing a smooth user experience. However, relying too much on automation opens up systems to vulnerabilities that fraudsters can exploit. Investing in ID verification systems will have compounded benefits in the long term and cut down on the implicit and explicit costs in fraud prevention and user onboarding.
Innov8tif is one of the pioneer ID Assurance providers within the ASEAN region, serving major financial institutions, telecommunication companies, and even household brands. To learn more, feel free to drop us an email at [email protected]