Nearly all consumers in the US, Mexico, Singapore, and the UK note they are more likely to engage with brands that have strong and healthy ID verification measures in place. (CPO Magazine)
In 2022, consumers reported losing roughly $8.8 billion from fraud, increasing 30% from 2021. (Federal Trade Commission)
From 2020-2022, there was a 145% increase in identity fraud losses reported by consumers. (LinkedIn)
Identity Verification as a Service (IDaaS) is a cloud-based solution that allows businesses to verify the identities of individuals remotely and securely. It provides an automated and streamlined process for verifying the authenticity of identity documents, such as passports, driver’s licenses, and national IDs, as well as validating the information provided by the user.
IDaaS typically utilizes a combination of artificial intelligence, machine learning, and advanced algorithms to verify the identity of an individual. The process usually involves the following steps:
Document Verification
The user uploads a scanned copy or a photo of their ID or passport. The service then analyzes the document to check for signs of tampering, forgery, or alteration. The document verification process can usually be divided into four steps: “document collection, data extraction, document validation, and manual verification.”
Biometric Verification
Biometric verification involves matching an individual’s unique traits to his or her identification. The user provides biometric data, such as a facial image or a fingerprint scan. This data is compared against the information extracted from the ID or passport to ensure a match.
Data Verification
The service verifies the data provided by the user against various trusted data sources, such as government databases or credit bureaus. It checks the user’s name, date of birth, address, and other relevant information for accuracy and consistency. IDScan.net’s DIVE API “uses ID scanning and selfies to securely verify user identity.”
Risk Assessment
The service assesses the risk associated with the identity verification process. It may consider factors, such as the reputation of the identity document, the user’s location, and any suspicious patterns or anomalies detected. Assessing risk is an important part of the identity verification process: “Risk levels can change as technology, regulations, consumer behavior and criminal activities evolve. Optimizing the performance of your identity program by using flexible verification methods allows you to be agile –– and adjust your approach as business needs change.”
Results and Decision
Based on the analysis of the provided data and verification checks, the service provides a verification result or score, indicating the level of confidence in the individual’s identity. This helps businesses make informed decisions about whether to trust the user and proceed with a transaction or service.
IDaaS Benefits
IDaaS offers several benefits to businesses, including increased security, reduced fraud, improved customer experience, and compliance with regulatory requirements. By outsourcing the identity verification process to a specialized service, business owners can focus on running a successful business.
It’s worth noting that the specific features and capabilities of IDaaS may vary across service providers, and the implementation may differ depending on the industry and regulatory requirements of a particular region or country.
https://idscan.net/wp-content/uploads/2023/07/what-is-identity-verification-as-a-service-scaled.jpg15032560Sydney Pattisonhttps://idscan.net/wp-content/uploads/2022/05/IDScan.net-Logo-300x137.pngSydney Pattison2023-07-20 14:23:132023-07-20 14:23:18What is Identity Verification as a Service?
The term “fullz” is used by criminals on the darkweb when they are buying or selling stolen credentials. It is short for “full information.” “Fullz” is a complete set of identity information on a fraud victim, with enough detailed information to impersonate the individual online, open fraudulent accounts in their name, and steal their identity. Use of fullz by bad actors presents a risk to businesses who allow for digital identity verification, as fullz give fraudsters a deep ability to impersonate a legitimate customer.
What information is included in the definition of fullz?
At minimum, when a identity thief purports to have fullz on a particular use they will be selling access to:
Full name of the victim
Billing address
Credit card number, including expiration date and CVV code
Social Security Number
Date of birth
Phone number (in some cases)
Because fullz provides such deep data that can be used to perform identity theft, each set of fullz can fetch around $150 on the black market. Incomplete sets of data are far cheaper.
How to protect your business against the risk of fullz
Use of fullz presents a real business risk because this data gives criminals enough information to represent themselves as the identity theft victim online. This opens your business up to account fraud, purchase fraud, return fraud, and other types of fraud, since fullz will allow the criminal to operate as though they are a legitimate user.If criminals use fullz to conduct fraudulent transactions, your business could also be subject to chargebacks. And if your business is subject to strict KYL/AML protocols, you could be liable for failing to identify the illegitimate users.
There are several key ways you can protect your business from fullz usage.
Requiring a photo of the ID for account creation
Fullz might mean that a criminal has access to the ID number and social security number, but rarely do they have access to the physical ID of the identity theft victim. So by requiring a photo of the front and back of the ID, you’ll be creating a major speed bump for fraudsters who thought they could get away with just entering information as plaintext.
While some businesses allow for upload of a previously taken image of the ID, we recommend requiring that the user take the photos during the account setup process, as this reduces fraud from stolen or out-of-date photos and requires that they have the ID in-hand during the remote ID validation process.
Two Factor Authentication
Two factor authentication (2FA) is now part of NIST and most government standards. 2FA requires that users have access to an email or device where the identity verification request can be sent. 2FA is a powerful deterrent against fraud, but it only works if you already have contact information for a particular individual. Truly sneaky fraudster can also sometimes move the victim’s phone number to a phone they control, where they can receive 2FA codes.
Knowledge-based authentication (KBA)
Security questions based on data obtained from a third party database can provide another great speedbump to fraudsters who have fullz on a victim. KBA questions are generated based on things like DMV records and utility bills and are designed to be questions that only the true individual knows the answer to. A criminal who has only access to basic information will likely not know past addresses, family member names, or cell phone providers.
Anti-Spoofing selfies
True identity verification includes matching a real person to the individual on the ID, or associated with the credentials being used. A quick video can create a 3D mask of the user and use face match technology to confirm that the live individual is the same person on the ID. Very few criminals will have access to the deepfake or 3D mask technology to defeat anti-spoofing technology.
Which businesses are at the highest risk of fullz-related fraud?
Financial businesses are the top targets for fraudsters. Loan and new account fraud with banks, credit unions, car dealerships, and other financing organizations are on the rise. Additionally, the government itself is a top target for benefit theft, tax fraud, and fraudulent unemployment benefits.
However, fraudsters are increasingly targeting less-sophisticated companies such as small retailers, video game companies, and even peer-to-peer transactions.
Protect against fullz fraud
Contact us for a demo of our digital identity verification solutions, which can fight fullz fraud in multiple ways.
https://idscan.net/wp-content/uploads/2023/06/what-is-fullz-identity-fraud-header-idscan.net_.png5871024Jillian Kossmanhttps://idscan.net/wp-content/uploads/2022/05/IDScan.net-Logo-300x137.pngJillian Kossman2023-06-09 13:35:082023-06-09 13:37:03What does "fullz" mean?
Biometrics refer to the use of physical or behavioral characteristics to identify individuals. In the context of identity verification, biometric authentication systems use unique biological or behavioral features of a person to verify their identity.
Biometric features may include facial recognition, fingerprints, iris or retina scans, voice recognition, hand geometry, or even behavioral traits such as typing patterns or walking gait. These features are captured by sensors and then compared with the pre-existing biometric data stored in a database to confirm or deny the identity of the person.
Biometric authentication systems are becoming increasingly popular in areas such as banking, security, and mobile devices. They are considered to be more secure than traditional methods of identification, such as passwords or personal identification numbers (PINs), as biometric features are much harder to forge or steal.
Facial Recognition
This technology uses cameras to capture an image of a person’s face, which is then compared to a database of stored images to verify their identity. The system analyzes key facial features, such as the shape of the face, distances between eyes, nose, and mouth, and unique landmarks. It extracts numerical representations (face templates or face embeddings) that capture these distinctive features. The extracted face templates or embeddings are compared against a database of known faces or enrolled templates. This comparison is typically done using mathematical algorithms that calculate the similarity between the templates.
Strengths of Facial Recognition for Biometric Identity Verification
Facial recognition is non-invasive and relatively inexpensive due to its maturity in the market.
It works quickly accurately.
It can be used in real-time and in one-to-many scenarios, or as face matching in one-to-one scenarios
Weaknesses of Facial Recognition for Biometric Identity Verification
Facial recognition is commonly cited as a privacy concern due to its ability to be used without consumer knowledge using mounted cameras.
It can also be impacted by lighting, changes in appearance (glasses, facial hair, etc.)
It’s important to note that there are different approaches to facial recognition, such as 2D-based methods that analyze images or videos, and 3D-based methods that use depth information to create a more accurate representation of the face.
Fingerprint Recognition
Fingerprint recognition, also known as fingerprint biometrics, is a technology that identifies and verifies individuals based on their unique patterns of ridges and valleys on their fingertips. The first automated fingerprint identification system (AFIS) was introduced in the 1960s. It utilized early computer technology to digitize and store fingerprint data for efficient matching and retrieval. These early AFIS systems were primarily used by law enforcement agencies to aid in criminal investigations.
Strengths of Fingerprint Recognition for Biometric Identity Verification
High level of accuracy as fingerprints do not change over time
Wide acceptance due to use by law enforcement and in consumer technology
Small hardware footprint
Low privacy concerns since physical proximity is required to collect a fingerprint
Weaknesses of Fingerprint Recognition for Biometric Identity Verification
Fingerprints can be difficult to capture in certain conditions (wet, dirty fingers)
Requires physical access to the individual and cannot reliably be used in remote identity verification scenarios
Fingerprint recognition systems can use various algorithms, such as ridge-based matching, correlation-based matching, or minutiae-based matching. Machine learning techniques, such as neural networks, can be employed to train the algorithms and improve the accuracy of fingerprint recognition. Fingerprint biometrics has gained widespread adoption and acceptance across various industries, including law enforcement, access control, financial institutions, and mobile devices. It has proven to be a reliable and efficient method of identification due to the uniqueness and permanence of fingerprints.
Iris Recognition
Iris recognition is a biometric technology that identifies individuals based on the unique patterns of their iris, which is the colored part of the eye surrounding the pupil. An iris recognition system captures a high-resolution image of the individual’s iris using specialized cameras or sensors. The person is usually required to position their eye within a designated area for accurate image acquisition. The iris region is identified and isolated from the rest of the eye image through a process called iris localization and segmentation. Algorithms are used to detect the boundaries of the iris and exclude irrelevant information, such as eyelids and eyelashes.
Key features are extracted from the iris image to create a unique template or code. These features typically include characteristics such as the arrangement of crypts (furrows), ridges, and other intricate patterns present in the iris. Various algorithms, such as phase-based encoding or Gabor filters, are employed for feature extraction.
This unique pattern is then compared to a database of stored iris images to verify their identity.
Strengths of Iris Recognition for Biometric Identity Verification
Iris patterns are highly distinctive and do not change over time, making iris recognition extremely accurate as a biometric identifier.
Iris recognition works well even in low light environments.
Weaknesses of Iris Recognition for Biometric Identity Verification
Iris recognition requires cameras near the eye and direct eye contact with an individual and thus does not work in one-to-many matching scenarios
Requires physical access to the individual and cannot reliably be used in remote identity verification scenarios
Can be expensive to implement due to novel technology and specialized hardware
Privacy and security measures are critical when implementing iris recognition systems. Iris data is typically stored in encrypted form, and strict protocols are followed to ensure the protection and proper handling of individuals’ biometric information.
Iris recognition has found applications in various fields, including access control, border security, forensic investigations, and identity management.
Voice Recognition
This technology uses software to analyze a person’s voice patterns, which are then compared to a database of stored voice patterns to verify their identity. Voice recognition technology captures and analyzes various vocal characteristics to create a unique voiceprint for each individual. These vocal characteristics include factors such as pitch, tone, cadence, accent, pronunciation, and even physical characteristics of the vocal tract. The voiceprint is created by extracting and storing specific features and patterns from an individual’s voice.
Strengths of Voice Recognition for Biometric Identity Verification
Non-invasive and can be used remotely.
It can be used for both verification and identification.
Weaknesses of Voice Recognition for Biometric Identity Verification
Accuracy can be impacted by background noise or changes in the person’s voice.
It can also be impacted by health conditions that affect the person’s voice.
Privacy measures play a crucial role in ensuring the secure and responsible use of voice recognition for biometric identity verification. Voice data is treated as sensitive personal information and protected using appropriate security measures. This includes encryption during storage and transmission, access controls, and secure storage practices to prevent unauthorized access or data breaches.
Voice recognition is commonly used in applications such as phone banking, call center authentication, voice-controlled devices, and access control systems.
5. Hand Geometry
Hand geometry is a biometric modality that uses the physical characteristics of a person’s hand to verify their identity. Hand geometry recognition involves capturing and analyzing specific measurements and features of the hand to create a unique biometric template. Here’s some more information about hand geometry for biometric identity verification:
Strengths of Hand Geometry for Biometric Identity Verification
Easy to use and non-invasive.
It can work in a variety of conditions and is widely used in security applications.
Weaknesses of Hand Geometry for Biometric Identity Verification
It can be impacted by changes in the person’s hand, such as injuries or aging.
It can also be difficult to capture accurately.
Hand geometry data should be protected using appropriate security measures. This includes encryption during storage and transmission, access controls, and secure storage practices to prevent unauthorized access or data breaches.
Hand geometry recognition is commonly used in applications such as access control systems, time and attendance tracking, and physical security applications. It provides a reliable and user-friendly biometric solution for identity verification.
6. Signature Recognition
Signature recognition, also known as signature verification, is a biometric technology that analyzes and verifies an individual’s signature for identity verification purposes. It involves capturing and analyzing various features and patterns present in a person’s signature to create a unique biometric template.
Strengths of Signature Recognition for Biometric Identity Verification
Widely used and can be implemented easily in a variety of applications.
Weaknesses of Signature Recognition for Biometric Identity Verification
Can be impacted by changes in the person’s signature over time, and is vulnerable to forgery.
When implementing signature recognition systems, privacy measures should be implemented to protect the collected signature data. This includes obtaining clear consent, securely storing and transmitting the data, implementing access controls, and complying with relevant data protection regulations.
Signature recognition is commonly used in applications such as document authentication, financial transactions, and legal agreements. Its convenience and familiarity make it a popular choice for identity verification, especially in contexts where handwritten signatures are traditionally used.
7. Behavioral Biometrics
Behavioral biometrics refers to the measurement and analysis of an individual’s behavioral patterns or traits for the purpose of identity verification. Unlike physical biometrics that focus on anatomical or physiological characteristics, behavioral biometrics capture and analyze unique behavioral attributes exhibited by individuals during their interactions with systems or devices. Some examples include keystroke dynamics, mouse dynamics, and gesture recognition.
Strengths of Behavioral Biometrics for Biometric Identity Verification
It can be used in combination with other biometric technologies for added security.
It can also be used in a variety of applications.
Weaknesses of Behavioral Biometrics for Biometric Identity Verification
It can be impacted by changes in the person’s behavior, and may not be as accurate as other biometric technologies.
Behavioral biometrics involve the collection and analysis of user behavior, raising privacy considerations. Organizations should implement appropriate measures to ensure data protection, informed consent, and compliance with relevant privacy regulations.
Behavioral biometrics are increasingly being used in various applications, such as user authentication, fraud detection, access control, and continuous monitoring. They offer an additional layer of security and user convenience, complementing other forms of biometric identification and authentication methods.
Overall, there are many different biometric technologies available, each with its own strengths and weaknesses. Organizations will need to choose the biometric technology that is best suited to their specific needs and use case.
IDScan.net has already implemented several forms of biometric identity verification into our software, but as technology advances, we will continue to add more security features. To learn more about how our biometric screening works, be sure to contact a member of our team, or schedule a demo.
https://idscan.net/wp-content/uploads/2023/04/what-are-biometrics-in-identity-verification.jpg4501600Brittaney Gillieshttps://idscan.net/wp-content/uploads/2022/05/IDScan.net-Logo-300x137.pngBrittaney Gillies2023-04-27 13:18:592023-06-20 11:15:57What Types of Biometrics Can Be Used In Identity Verification
Synthetic identity fraud is a type of fraud where criminals create a new identity by combining real and fake information to open new accounts, obtain loans, or engage in other fraudulent activities. Here are some of the most shocking statistics related to synthetic identity fraud:
According to a study by the Federal Reserve, this type of identity fraud is the fastest-growing type of financial crime in the United States. It accounted for $6 billion in losses in 2016 and is projected to reach $8 billion by 2020.
A more recent study done by Javelin Strategy & Research found that an astonishing $43 billion was lost in 2022 due to identity fraud. Which was an improvement from the year before which had $52 billion in losses.
A report by the Aite Group estimated that this type of identity fraud accounts for up to 20% of credit losses and up to 85% of all credit card fraud losses.
The same report also estimated that synthetic identity fraud affects up to 5% of all new account openings and up to 20% of credit applicants.
The average loss per synthetic identity fraud incident is much higher than for other types of fraud. According to the Identity Theft Resource Center, the average loss per incident for this identity fraud was $15,000 in 2019, compared to $1,050 for credit card fraud and $4,400 for all types of identity theft.
This type of identity fraud is often not detected until months or even years after the fraudsters have started using the synthetic identity. This is because the fraudsters build up the synthetic identity’s creditworthiness over time by making small purchases and paying them off on time.
These stats highlight the severity of synthetic identity fraud and the urgent need for businesses and individuals to take proactive measures to protect themselves against it.
Where does the majority of synthetic identity fraud come from
The sources of synthetic identity fraud are diverse and can come from different channels. However, there are a few common sources that are often associated with synthetic identity fraud.
The Dark Web: The Dark Web is a hidden part of the internet where illegal activities take place, including the buying and selling of personal information. Fraudsters can purchase stolen Social Security numbers, dates of birth, and other personally identifiable information on the Dark Web and use them to create synthetic identities.
Data breaches: Data breaches are another common source of personal information used for synthetic identity fraud. When a company suffers a data breach, the stolen information can be used to create synthetic identities.
Children’s Social Security numbers: Children’s Social Security numbers are often targeted by fraudsters because they have clean credit histories and are unlikely to be monitored for fraudulent activity. Fraudsters can use a child’s Social Security number and combine it with fake information to create a synthetic identity.
Synthetic identities from other sources: Fraudsters can also create synthetic identities from scratch using a combination of real and fake information.
Overall, synthetic identity fraud can come from multiple sources, and fraudsters are continually finding new ways to obtain personal information. Businesses need to stay vigilant and adopt effective fraud prevention measures to protect against this growing threat.
Antiquated techniques for protecting against synthetic identity fraud
Some of the old techniques businesses would protect against this identity fraud include:
Verifying identities in person: Businesses would verify the identity of customers by checking government-issued IDs, such as driver’s licenses, passports, or national identification cards. This would help ensure that the person applying for credit or opening an account is who they claim to be.
Checking credit history: Businesses would check the credit history of applicants to verify their creditworthiness and identify any inconsistencies or red flags in their credit history.
Manual underwriting: Businesses would manually review and underwrite credit applications instead of relying solely on automated systems. This would allow underwriters to detect any suspicious activity or inconsistencies in the application.
Cross-checking information: Businesses would cross-check the information provided by applicants against other databases and records to ensure that the information is accurate and consistent.
Conducting in-person interviews: Businesses would conduct in-person interviews with applicants to verify their identity and assess their creditworthiness.
While some of these methods are still used today, they have limitations and may not all be effective in detecting synthetic identity fraud. Fraudsters can use a combination of real and fake information to create a synthetic identity that may pass traditional identity verification methods. Therefore, businesses are increasingly turning to new and innovative approaches, such as artificial intelligence to detect and prevent this type of identity fraud.
Modern methods to protect against synthetic identity fraud
Artificial Intelligence (AI): This technology is used to analyze vast amounts of data and detect patterns that may indicate synthetic identity fraud. By AI algorithms, businesses can quickly and accurately detect suspicious activity and prevent fraud.
Behavioral analytics: Behavioral analytics involves analyzing user behavior to detect anomalies and unusual patterns of activity. This approach can help detect this type of identity fraud, as fraudsters often exhibit different behavioral patterns than legitimate users.
Biometric authentication: Biometric authentication uses unique physical or behavioral characteristics, such as fingerprints, facial recognition, or voice recognition, to verify a user’s identity. This method is difficult to replicate and can prevent this identity fraud.
Device fingerprinting: Device fingerprinting involves analyzing the characteristics of the device used to access an application or service, such as the device’s IP address, location, or browser settings. By analyzing this data, businesses can detect whether a user is using a synthetic identity.
Third Party Checks: One of the older methods of protection still useful today is Third Party Checks. These checks run collected data against known databases such as the DMV, sex offender registry, Identifraud and more. Collaboration with these third party businesses involves sharing data and insights across businesses and industries to identify and prevent this identity fraud. By working together, businesses can identify patterns and trends in this identity fraud and develop more effective prevention strategies.
These cutting edge methods leverage advanced technology and analytics to detect and prevent synthetic identity fraud in real-time. As synthetic identity fraud continues to evolve, businesses will need to stay ahead of the curve and adopt new approaches to protect against this growing threat. For more information on how your business can implement these protections, be sure to contact a member of our team, or schedule a demo to see it in action.
https://idscan.net/wp-content/uploads/2023/04/protect-against-synthetic-identity-fraud-idscan.net-header.jpg4501400Brittaney Gillieshttps://idscan.net/wp-content/uploads/2022/05/IDScan.net-Logo-300x137.pngBrittaney Gillies2023-04-17 15:49:212023-05-01 10:04:33Synthetic Identity Fraud and How to Protect Against It
But every once in a while we have a major release. Our latest release includes a complete overhaul of our VeriScan for Windows product.
Eligible customers will now have access to a greatly improved VeriScan product for Desktop use.
A modern, user friendly interface
Our support team is always here for you, but the updated user interface was designed to be intuitive so that you don’t need to pick up the phone.
VeriScan Dark mode for low light environments
Click the sun icon in the bar to easily switch between light and dark mode!
Many of our users in the bar and nightclub industries work in low light environments, and we are excited to share that our new VeriScan for Windows app will be a little easier on the eyes.
Configurable view on each scan
You can choose from three views of your scan results card, and configure any tables that appear so that the data most relevant to your business is what is front and center. If all you want to see in your recent visitor history is the date/time of the scan and whether the ID was fake or real, you can configure the columns in the table to hide everything else.
Filter your visitor history by date, time, alerts, and more!
When you scan thousands of visitors per day, finding a particular visitor later can be a daunting task. But if you know approximately the date and time range someone came in, the location they visited, maybe their hair or eye color, and first name, you can now filter and search to narrow your results considerably.
This is particularly useful when you need to file an incident report and manage your customer groups, such as BANNED, TRESPASSED, or VIP.
View visitor history by cropped ID photo
Identifying someone you need to add to your BANNED group after they misbehaved in your establishment can be tricky, particularly if you don’t know or remember their government name. With improved VeriScan for Windows, you can view your visitor history by their ID photo, or by a live photo taken at the time of the scan using a webcam. Visitor history photos are displayed as an array and link directly to their visitor profile which will contain their name and ID information. Finding and adding patrons to lists just got a whole lot easier!
Add images of credit cards, medical cards, etc. with ease
So many nightclubs are prone to credit card chargeback fraud. Someone comes to your establishment and spends thousands in the champagne room, but then denies they or their credit card were present. VeriScan helps you to collect the evidence you need to fight those fraudulent chargebacks by attaching an image of a credit card or person to a visit record. Images can be added by webcam, ID scanner, or upload.
Customize alerts, sounds, and pop-ups
As a manager, you might want an audio alert to let you know when someone on your VIP list walks in, so you can ensure their needs are taken care of. VeriScan allows you to choose from a long list of sounds for each type of alert, so that you can hear from across the room whether it’s a fake ID scan or a VIP.
All data is stored securely in our protected cloud–no PII on your local computer or employee devices
According to security experts, more than 40% of data breach incidents are caused by lost, stolen, or compromised endpoints such as phones or computers. So it is critical to ensure your customer data and any retained PII is stored on a secure cloud-based server, with multiple redundancies.
If your laptop is lost or stolen, you can simply deactivate the device from our secure cloud, and rest assured that no PII will make its way to the dark web or other nefarious places.
Centralized account management across all your devices
When you have dozens of computers connected to your account, managing the settings on these individual machines or preventing users from falling out of compliance with regulations in your industry can be an onerous task. VeriScan centralizes control of everything devices connected to your account can access. You choose whether end users can add someone to a BANNED group or change your pop-up settings.
One Person, many IDs
One person might have multiple forms of scannable IDs. If you scanned a trouble-making visitor’s driver’s license and put them in your BANNED group previously, they could potentially skirt the ban by just offering up their military ID or passport the next time they visit. However, with new VeriScan, a person with matching name and DOB will be flagged as a potential match for someone you’ve scanned before. You’ll be able to look at the two IDs side-by-side, and confirm if they are the same person.
How to upgrade your VeriScan for Windows
All VeriScan customers with an active subscription are welcome to migrate to the latest version.
There are a few features that have not made it to our new and improved VeriScan, including third party checks, and in/out tracking. So if you rely on these features, we recommend staying put on the current version for now. We expect to add these features over the next few months!
https://idscan.net/wp-content/uploads/2023/03/VeriScan-for-Windows-Updates-Blog-Header.png5341600Jillian Kossmanhttps://idscan.net/wp-content/uploads/2022/05/IDScan.net-Logo-300x137.pngJillian Kossman2023-03-08 08:54:212023-04-27 11:05:53Product Update: VeriScan For Windows Major Release
Protecting children is always a key topic at the forefront of the American media cycle, especially in our current political climate. Legislators across the country have been enacting new laws and rules aimed at protecting minors from a range of influences, which is where digital age verification comes into play.
Many of these new laws include identity verification components that require ID scanning for purchase of tobacco, alcohol, or cannabis. The newest trend is: age restrictions to access online pornographic websites. As a Louisiana-based company, we have had a birds eye view to the nation’s first law requiring digital age verification for internet browsing.
Louisiana Act No. 440, prohibits anyone under the age of 18 from accessing “adult” websites. The law went into effect on January 1, 2023. The law states that “reasonable age verification methods” must be taken to ensure a person seeking access to pornographic material is 18 or older. This means requiring the person attempting to access pornographic material to either provide a digitized identification card, or to comply with a commercial age verification system – more about what that means later…
Act 440 states that pornography is a public health crisis for young viewers due to the hyper-sexualization of teens that may lead to low self-esteem and body image issues. The act also states that entrance into these sites leads to increased problematic sexual activity at younger ages and an increased desire to engage in risky sexual behavior.
“This bill is about protecting our children, not limiting adults.”
Louisiana Rep. Laurie Schlegel, Twitter
The law now requires websites with at least 33.3% pornographic material to implement age verification measures for those located in Louisiana. Traffic to adult websites is, by some estimates, nearly 30% of total web traffic. So this regulation is broad-sweeping and likely to impact a large majority of adult internet users in the state.
What is the current process for identity verification to access adult websites in Louisiana?
Visit www.pornhub.com in Louisiana and here’s what you’ll see. A CTA inside the PornHub website kicks you out to an external page for a site called AllPassTrust.
The AllpassTrust website asks you to create an account or login and take part in digital age verification. For those living in Louisiana, this can be linked to your LA Wallet to confirm identity and age. Upon verification by whichever method you choose, you should then be able to access your desired website.
So who is AllpassTrust?
Little is known about the company other than they are registered in the country of Cyprus and have made a business based on providing access to age restricted websites. They are owned and operated by MG FREESITES LTD, also registered in Cyprus.
The privacy policy on MGfreesites website states that they may collect several types of information from and about users of their applications including name, email address, billing information, passwords, or other online contact information. Obviously, by virtue of age verification they are also gaining access to crucial PII contained in a driver’s license. MGfreesites LTD also notes that they can collect the information by you directly providing it to them, when the app is downloaded (whether consensual or not), and even from third party companies or other applications controlled by MGfreesites or their affiliates.
Who are they and what are they doing with our information? Do Louisiana citizens want their personal information exposed to a company in Cyprus, not subject to US data protection or privacy laws?
Edit: We have received confirmation that AllPassTrust is owned by MindGeek, which Financial Times recently accused of being the true owners of multiple porn sites like PornHub, Brazzers, RedTube, and YouPorn based on public financial records.
If this is true, that would mean the very people that are verifying the ages of consumers to ensure they are over 18, are the same people providing the content in the first place. So you’re giving all of your personal information to the porn sites to verify you are in fact 18, but can this even be trusted? Why would they want to ensure accuracy of age when they stand to make a profit off of users being on their website? And do we want businesses that are in the business of hosting and sponsoring adult content holding sensitive PII of its users?
How Minors Are Circumventing Digital Age Verification
As with most things, children and teens will quickly find workarounds.
Use of Borrowed or Fake IDs
One such method to circumvent these new porn restriction laws would be to borrow the ID of someone who is 18 or older and use it to enter your desired site.
Use of VPNs
Tech savvy minors can also just use a different VPN (Virtual Private Network) which allows people to have a private, encrypted connection online. The VPN would make the user appear as if they are accessing the website from a location other than Louisiana.
Accessing adult content via the dark web
While mainstream sites like PornHub and RedTube have the funds and compliance-mindset to comply with laws such as Louisiana 440, smaller, more niche sites, especially those accessed via Tor, may not. This creates a digital landscape in which minors may be motivated to seek out sites that do not require digital age verification. This may lead them to view more subversive, damaging, or even potentially illegal material. Or access sites that contain malware and viruses.
Legislators must consider that children and teens are digital natives and will find ways to work around these restrictions.
What Exactly Does “Digital Age Verification” Entail?
Louisiana Law 404 states that adult websites must perform “reasonable age verification”, but what does “reasonable age verification” actually entail? We’ve all visited an eCommerce store selling liquor or cigarettes and clicked the “yes, I’m over 18 button.” So how far do these new laws require that websites go to verify age? Do local legislators truly understand the steps required to verify age with a high degree of confidence? Or is their definition of age verification meant just as political theatre.
Digital Identity Verification Overview
The first step to any digital identity verification process is to scan and parse the ID presented – either a 2D barcode or machine readable zone (MRZ), as both of these symbologies contain the date-of-birth, which will be required to determine if a user is 18+.
If the user is presenting a driver’s license or ID card, you will also want to capture the front of that document to ensure the information in the barcode matches the text on the front of the ID.
The ID verification process can be embedded inside the onboarding workflow for the adult website, or accomplished via SMS , which would send an identity verification request to the user’s phone – a lower tech lift for smaller porn sites.
Once the document is verified, the app then prompts the user to do a facial matching process to ensure that the person scanning the ID is the same person trying to enter the website. The app creates a 3D mesh model that combines anti-spoofing and liveness checks to ensure accuracy and validity. Once these quick and easy steps are completed, the user could then be allowed onto the adult website.
But both of these steps are needed to perform true age verification and reduce easy workarounds. This brings up several PII concerns as both ID information, and facial mapping, are required to perform “reasonable age verification” in any instance.
PII and Data Retention Concerns
While ID Scanning and Face Matching are the most accurate and effective methods of preventing minors from accessing porn websites, it will likely raise concerns regarding data privacy and protection. Luckily, our Digital Identity Verification solution is easily customizable to set limits on the type of data that can be stored and for how long. It would be up to lawmakers to set restrictions as to what data can be collected and how long it can be stored, which is already in place in Louisiana, but the technology to protect personal information is already in place from a technological standpoint.
Other States Looking to add Solutions – Utah, Arkansas
Although Louisiana was the first state to pass legislation enforcing age restrictions to enter porn sites, two other states already have legislation in the works; Utah and Arkansas.
Utah
Utah’s newest proposed bills are H.B. 311, proposed by Rep. Jordan D. Teuscher and S.B. 152, proposed by Senator Michael K. McKell. These bills regulate and enact provisions to various computer platforms and social media sites. Both bills would limit internet access for minors using age verification methods.
Utah already has a law on the books – signed by the governor in 2021 – that would require cell phones and mobile devices sold in the state to come with porn pre-blocked. So the traditionally conservative state has already pushed forth measures to auto-restrict access. However, the bill only goes into effect if 5 other states pass similar measures. The feasibility of auto-blocking all adult-content at the device level is murky.
Arkansas
Arkansas is even further in the process of content restriction for minors. Senate Bill 66 was passed by the Arkansas senate on January 31, 2023. This bill would also require commercial entities displaying pornographic material to use “reasonable age verification methods” which are the same methods as those listed in Louisiana. Also similar to the Louisiana legislature, the bill claims that pornography is “creating a public health crisis and contributing to the hyper’sexualization of minors.” The language is so similar, we suspect the same lobbying groups may be involved in passage of the bill.
Sen. Tyler Dees (one of the bill’s sponsors) said the bill was needed to protect children, stating:
“When I look at my children – – I’m a father of three young kids – – and I see technology advancing, and the way I describe it as a weapon. It’s a sword, and it can be used for good or it can be used to cut off your own arm.”
Utah Senator Mike Lee also introduced the SCREEN Act (Shielding Children’s Retinas from Egregious Exposure) back on December 13th, 2022. This would direct the Federal Communications Commission (FCC) to issue a rule requiring all commercial pornographic websites to adopt age verification technology to ensure nobody under the age of 18 can access pornographic material.
Our Digital Identity Verification Solutions
New laws and restrictions always pose new challenges for companies to ensure they remain compliant, but our team is always happy to answer any questions. For more information on how DIVE API works, contact our team or schedule a demo to see for yourself just how effective our solutions are.
https://idscan.net/wp-content/uploads/2023/02/age-restriction-laws-porn-louisiana-utah-arkansas-idscan.net-header.jpg4491600Brittaney Gillieshttps://idscan.net/wp-content/uploads/2022/05/IDScan.net-Logo-300x137.pngBrittaney Gillies2023-02-13 15:33:582023-05-08 12:38:14The future of digital age verification - Louisiana, Utah, Arkansas look to require sites to check ID before entry
When selecting ID scanning software, it’s important to carefully consider your specific needs and requirements. The right software solution can help you verify customer age to avoid costly fines, streamline operations, enhance security, and improve your customer experience.
Accuracy of the ID Parsing Engine
The software should be able to accurately scan and extract information from a wide range of identification formats, including driver’s licenses, passports, and ID cards. Not all parsing engines are created equally. You will want a parser that has frequent updates to ID document formats. This will help to ensure that the information you receive is reliable and trustworthy, reducing the risk of fraud.
Processing Speed
The main benefit of using an ID scanner is to reduce manual effort and data entry. You want to ensure your ID scanning software can process IDs in just a few seconds. Processing speed can be dependent on the processing power of the computer you are using to power your ID scanner. Real-time scanning is especially important for age verification, as it ensures that you are able to quickly and accurately verify the age of customers who are attempting to purchase age-restricted products, such as alcohol or tobacco.
Automatic Data Extraction
The software should automatically extract information from the ID, including the name, address, date of birth, and expiration date. This will help to streamline your processes and reduce the risk of manual errors. The automatic extraction of data, combined with real-time scanning, can help to quickly identify and prevent fraudulent activities, such as using a fake ID to purchase age-restricted products. Ideally, this automatic data extraction can be integrated directly into the key systems you use to run your business such as POS platforms or CRMs.
Third Party Checks
You will want the ability to query your data against databases such as the DMV, Sex Offender Registry, and criminal databases to provide a deeper picture of your customer identity.
Customizable Fields
The software should allow you to customize the fields that are displayed, so you can focus on the information that is most important to your business. This will help to ensure that you have access to the information you need to make informed decisions, particularly when it comes to verifying the age of your customers. Ideal systems allow for you to tag customers, add them to lists, add notes, and set up alerts so that your team can be alerted in the event of looping, fake IDs, or banned patrons trying to enter.
Privacy Settings
The software should have robust security features to protect sensitive information and prevent unauthorized access. This includes encryption, secure storage of data, and multi-factor authentication. This will help to prevent fraudsters from accessing or manipulating the information contained in the ID scans, further reducing the risk of fraud. Most states have specific requirements around PII retention and protection of customer data, so a configurable portal is important for managing a variety of settings across multiple locations where you will be scanning IDs.
User-Friendly Interface For Easily Training Security Staff
The software should have a user-friendly interface that is easy to use and navigate, with clear instructions and prompts. This will help to reduce the risk of errors and ensure that your employees are able to use the software with confidence, particularly when it comes to verifying the age of your customers.
Navigation should be simple and intuitive, allowing users to quickly find the information they need. This includes a clear and concise navigation menu, as well as effective search functionality.
Feedback is an important element of a user-friendly interface, as it provides users with information about what is happening within the software. This includes visual cues, such as changes in color or animation, as well as text-based notifications, such as error messages or status updates. Pop-ups that automatically alert staff to underage patrons, or expired IDs make the software foolproof to use.
Ability to scale with your business
The software should be scalable, so it can grow with your business and accommodate increasing demands for ID scanning. This means syncing between multiple devices and locations so that information from scanned IDs is accessible to your full team.
It’s important to carefully consider your specific needs and requirements when selecting ID scanning software, so you can choose the solution that is best for your business.
https://idscan.net/wp-content/uploads/2023/02/id-scanning-software-blog-header.jpg4501600Jillian Kossmanhttps://idscan.net/wp-content/uploads/2022/05/IDScan.net-Logo-300x137.pngJillian Kossman2023-02-09 21:08:192023-04-26 11:19:54How to Choose an ID Scanning Software Provider
Not all identity verification is created equally. Many businesses think they are performing age verification, when the hardware and software they are using is not actually equipped to detect suspicious IDs. More than 46% of college students say they’ve used a fake ID to get past age restrictions. And today’s fake IDs can be imperceptible to the naked eye. So, what level of ID verification are you performing at your business?
What is ID Scanning?
ID scanning simply means an ID was digitally scanned. As there are hundreds of ID scanners on the market today, there is wide variance in scanning accuracy and fake ID detection.
ID scanning does not necessarily include any level of verification or authentication. In many cases, the scanning software is simply calculating if the birth and expiration dates indicate that a given individual is of age, and that their ID is not expired. There are no requirements for embedded security features.
ID Scanning Considerations
Hardware capabilities. Low quality hardware will be less capable of detecting fake IDs.
Breadth of IDs you need to verify on a daily basis. Large states with lots of ID holders have often been seen by algorithms more frequently, and thusly fakes are detected more readily.
Third party integrations. If you have a POS system or database, you will want scanning software that integrates, especially if you have PII retention requirements.
Staff training
State-level compliance requirements.
What is 2D Barcode Security?
At IDScan.net our AI performs more than 75 algorithmic security checks on the 2D barcode (PDF417) during digital scanning.
These are essentially what could be called “easter egg checks.” Most ID formats have some intentional quirks or known consistencies. This might be something as simple as “for all Nebraska IDs, the ID number always starts with an A or a Q.” These are validation points that our algorithms have identified over our 15+ years scanning IDs, and so we’ve built them into our 2D barcode security checks to help catch some fake IDs.
2D barcode security checks can be done using all ID scanners, including mobile phones.
Data from the ID can also be parsed into your database, CRM, or POS at this stage.
Low quality fake IDs are often unable to pass barcode security. So this is a great base for age verification and fake detection. When tested against a library of known fakes, more than half failed this stage of verification.
For an additional layer of ID verification, some scanners can compare the data contained in the barcode with the data on the front of the ID, using optical character recognition.
Best-in-Class 2D Barcode Security
Scans the 2D barcode in 1 second or less
Can check against all parseable fields stored inside the 2D barcode
Can scan and parse all US and Canadian IDs and drivers licenses
Can scan and parse all passport and passport ID MRZs
Performs algorithmic checks against common 2D barcode errors and “tells”
What is ID Authentication?
Authentication is the most stringent stage of ID verification, which requires specialty hardware. A phone, or low end scanner, will not be equipped with the type of camera or lighting required to truly put an ID through its paces.
At this stage, every aspect of the ID will be examined using powerful cameras. The ID will be checked against hologram and watermark libraries. It will be scanned using white, infrared and UV light. It will also undergo an additional series of algorithmic checks which look for variances in spelling, spacing, and
ID design versus known standards. Six images of the ID are simultaneously compared.
Because of the rigor of authentication, reading and returning results for each ID can take up to 10 seconds. This time is variable depending on the scanner, as well as the processing power of the computer that is being used to run the authentication software.
ID authentication can be performed concurrently with 2D barcode security checks and ID parsing. Authentication provides the highest degree of fake detection and accurately catches up to 95% of suspicious IDs. Even the best fake ID manufacturers have difficulty passing the hundreds of checks that are done in the authentication stage.
Best-in-Class ID Authentication
Minimum 400 DPI image capture for both sides of the ID
Simultaneous six image comparison
UV hologram screening library
IR watermark screening library
White light scanning
Infrared light scanning
Additional algorithmic checks on the physical ID
Results returned in 15 seconds or less
ID authentication requires specialty scanners. These scanners include embedded cameras, various types of lights, and often motors which can pull the ID in and out of the device. They require connection to a computer which can perform the data processing required to determine the ID’s legitimacy.
What is Identity Verification?
Beyond checking the physical ID, there is an additional layer of verification that can be performed – matching the human holding the ID to the ID itself. This can be performed in a number of ways but commonly involves facial recognition software.
In-person, this can be performed using a web camera, which matches the live photo of the individual’s face to the photo on their ID card.
In either case, anti-spoofing should be layered on top of the facial recognition, to ensure that a photo or video is not being used to trick the software.
Results can be returned in less than 3 seconds in most cases.
How to improve identity verification for your business
Implementing identity verification solutions is simple and straightforward. It can help you better understand your customer, catch fake IDs, identify underage consumers, and eliminate manual processes.
Contact our team to see how we can implement affordable solutions to help you authenticate IDs, verify your customers, and stay compliant.
https://idscan.net/wp-content/uploads/2022/12/ID-Verification-Validation-Authentication-Differences-IDScan.net_.png500737Jillian Kossmanhttps://idscan.net/wp-content/uploads/2022/05/IDScan.net-Logo-300x137.pngJillian Kossman2022-12-03 12:00:182023-04-26 11:23:28ID Verification, Validation, and Authentication - What's the Difference?
Happy Holiday! First, a sincere “thank you” to our customers and partners who have helped make 2022 our best year yet!
Here’s a quick year in review of the most important news stories of the year, and some of our company highlights!
2022 Identity Verification Trends
The global identity verification market is currently valued at $8.43B. It is expected to grow to $32.94B by 2023, increasing at a CAGR of 16.35% over that time. COVID-19 continues to help accelerate digital account opening and the need for contactless onboarding processes. Additionally, the increasing frequency of identity theft and identity-related fraud is driving businesses to increase their spend on identity verification services. Though large enterprises account for 68% of global spend on identity verification services, small business investment in the vertical is also growing, as scammers are targeting vulnerable businesses with smaller IT and cybersecurity budgets.
Identity Proofing
Terms such as “validation” and “verification” have been replaced with the broad term of “identity proofing.” Gartner’s 2020 report on the industry established the term, but we really saw adoption increase in 2022, as firms searched for a way to define their solutions more broadly, and differentiate between “authentication” which encompasses password and device management.
Mobile Drivers Licenses (mDLs)
More than 30 states have now either launched, or are piloting digital drivers licenses. Although there is not yet a standard for these apps, they are incredibly popular due to their convenience; more than 70% of global citizens say they would like to have their identity document on their phone.
Apple is emerging as a leader with their solutions for adding drivers licenses to a digital wallet, however this raises accessibility concerns for Android users. Thales Smart ID (used by Florida) is another major player. Every conference we attended in 2022 had multiple sessions on mDLs and the future of digital identity.
Death of the magstripe
All driver’s licenses and state IDs contain multiple symbologies (machine readable technologies) which store data and can be scanned by different devices. For many years, all IDs contained magstripes, which are the big black strip on the back of the ID. Magnetic recording was first invented in 1950, and is used on credit cards, ID cards, and other cards such as hotel room keys and food stamp cards. However, with all states now currently using the PD417 2D barcode, magstripes have become redundant. Iowa, Florida, Pennsylvania, Wisconsin and Montana IDs and driver’s licenses no longer utilize magstripes, and more states are expected to follow suite.
With EMV chips largely replacing magstripes on credit cards, magstripes are quickly falling out of favor across multiple use cases. Compared to 2D barcodes, magstripes contain less data, are more easily damaged, and are easier to duplicate, thus making them a greater security risk.
The declining popularity of the magstripe also relates to a broader trend, towards machine readable technologies that can be scanned and de-coded using a mobile phone camera.
Facial recognition pulling ahead as the #1 biometric identifier
Although iris scans, voice recognition, vein mapping, and fingerprinting have all been positioned as the future of biometrics. However, facial recognition has continue to lead the way as the most popular form of identity verification. Amongst businesses, facial recognition is most popular due to the ability to face match to the photo on the ID. Thus, it does not require any specialty scans to capture an initial biometric marker.
Challenge questions are getting technical
The “challenge question” has been a mainstay of identity verification for years. They have typically been questions such as “what is your mother’s maiden name?” or “which address have you lived at?” However, now challenge questions are shifting to verify wireless providers, phone types, and browsers.
Age limits on product purchase are a top priority for legislators
The June 2022 FDA decision to deny Juul authorization to continue selling e-cigarettes is a bellwether event for the industry, coming on the heels of a change to the federal minimum age for tobacco sales. Across all states, regulations for the sale of alcohol, tobacco, cannabis, and other age-restricted products are becoming more stringent. Supplements, weight loss products, pornography, firearms, Tide pods, and other products have all been the subject of regulatory debate. The prevalence of delivery services and online purchasing only adds to the conversation, as most eCommerce stores do not have sophisticated age verification technology in place.
We predict more states will begin to expand legal verbiage around age verification for age restricted purchasing to encompass both online and offline sales, and that supplements, kratom, CBD, and additional products will start to attract attention due to their popularity amongst young people.
Biggest Identity Verification News Stories of 2022
2022’s most talked about news stories related to identity verification, age verification, biometrics, and more.
Elon Musk’s quest to eliminate bots, promote free speech, and “authenticate all real humans” on Twitter led to an $8 account verification process with no identity verification. Hilarity ensued.
We launched VeriScan Fingerprinting, which uses livescan devices to create .EFT files, accepted by the ATF and other government entities for background checks. .EFT file submission can reduce approval times from 18 months to 6-8 weeks.
We launched our ID Scanning Laws Portal, now free and accessible to all – keep abreast of the latest legislation related to identity verification.
Cheers to an amazing 2022, and even more excitement in 2023!
https://idscan.net/wp-content/uploads/2022/11/Happy-Holidays-Email-Header.jpeg250600Jillian Kossmanhttps://idscan.net/wp-content/uploads/2022/05/IDScan.net-Logo-300x137.pngJillian Kossman2022-12-02 13:58:312023-06-20 11:47:542022 Year in Review: ID Scanning & Compliance + IDScan.net Company Updates
