News and resources on cyber and physical threats to banks and fintechs worldwide.
Jumio introduces biometric video selfie identity proofing

Jumio introduces biometric video selfie identity proofing

In an interview with Finextra, Jumio’s president Robert Prigge explains the reasoning behind the firm's new 3D video selfie verification, which combines the enrollment and authentication phases of the identity proofing process.

Launching Tuesday, Jumio Authentication’s mission is to eliminate identity fraud by adding this verification extension to the proofing process, which Gartner predicts will displace existing authentication platforms in over half of large and global enterprises by 2023.

Prigge highlights that this answers “a large business problem for our customers and for the consumer because for the first time we’re not checking who you say you are, we’re checking who you are.”

Jumio believes that this new form of authentication would be ideal for high-risk scenarios alongside tasks such as unlocking doors of rental cars, checking in to hotels and taking online tests because of the increased security that biometrics offers, in comparison to knowledge-based authentication or multi-factor authentication which remain vulnerable to threats.

Prigge said: “We’re gigantic believers in biometrics. Your face and your voice are infinitely more secure than old methods such as KBA or two factor authentication, however those methods are no longer viable in this day and age, so we’re convinced that the future is biometrics and your face is probably the best example of that.

“Apple has worked on ensuring that people are comfortable with the idea that their face can be their password and we’ve been able to tap into that with our partnership with FaceTec.”

Jumio is leveraging FaceTec’s anti-spoofing technology to process face images taken with a 2D camera to create 3D face maps, which contains 100 times more data than a single photo.

“It’s able to detect whether you’re wearing a mask, makeup or prosthetics and it’s building up a map of what your face looks like so if you grow a beard, gain weight, or lose weight, it doesn’t matter. The AI is able to compare you to your previous hundreds of selfies and determine whether or not you’re the same person.”

Prigge adds that the enrollment and authentication processes will be pushed together in a number of industries, but will transform the landscape for financial services institutions in particular, because “KBA and two factor authentication are dying.”

Comments: (2)

Stephen Wilson
Stephen Wilson - Lockstep Consulting - Sydney 20 February, 2019, 00:40Be the first to give this comment the thumbs up 0 likes

I've got several reservations about this class of identity proofing. Alarm bells ring when someone claims that biometrics are "infinitely more secure".  More secure in what way precisely? We need specifics.

Biometrics are not intrinsically immune to spoofing, and they continue to pose major headaches for disaster recovery. Once stolen (or synthesised by AI) they're still impossible to restore. 

AI/Machine Learning is creating "Deep Fakes" which threaten face and voice biometrics.  The anti-spoofing arms race has only just begun; we need to treat anti-spoofing with a grain of salt.  

And where is the ID document matching taking place? These solutions genberally take a picture of your government ID document and match your selfie against that.  Where are the pics stored? What are security arrangements? Some solutions send the photo ID off to a third party for document verification.  What do we know about thoese transactions, the privacy promises and the side effects? 

You're in for a wild ride with these solutions along the personal information supply chain. 

A Finextra member
A Finextra member 22 March, 2019, 08:50Be the first to give this comment the thumbs up 0 likes

It has become a massive industry of claiming that an "Identity Management Solution" allowing "selfie registration" can authenticate someone by only using their face or voice biometrics. You can almost find such an "Identity Authentication Solution" under every bush.

The idea of regsitering yourself on any "Identity Authentication Solution" creates a golden opportunity for crime syndicates to register as many identities as they want under false entities. The thought of crime syndicates exploiting these "solutions" to create Synthetic Identities on them should be a major concern for any financial institution, as they will be hit with mega losses (which will never be recuperated due to no human who can be traced) in the years to follow by trusting these solutions to do their KYC.

How does any of these "solutions" prove that the Identity enrolled onto their "solution" only belongs to a Single Existing Real-World Human Being, that there exists only one of the enrolled Identities on their system which is linked to the Single Existing Real-World Human Being   and lastly, that their "solution" does not nor will contain any Synthetic Identities.