Select where you would like to search:

  • Search Store
  • Search Site

IDScan.net Blog

The Latest ID Scanning News and Updates
FTC Safeguard Act for Car Dealerships

What car dealerships need to know about the FTC’s Safeguard Act

/in , , , , /by

The Safeguard Act is an extension of the Graham Leach Bliley Act, which is meant to protect consumer privacy. Car dealerships which provide financing or leasing of vehicles will be subject to provisions Safeguard Act on June 9, 2023, and defined as “non-banking financial institutions.” The deadline was extended for an additional six months due to a broad lack of understanding in the car dealership community.

Which car dealerships must comply with FTA Safeguard?

All auto dealerships with more than 5,000 customers in their database.

What PII is covered under Safeguard for auto dealerships?

Most of this legislation related to protection of personal identifiable financial information (PIFI). PIFI does not simply include social security numbers and credit card information, but all transactions that take place that might disclose a customer’s financial information. This may include basic information such as name and contact information, and applies to all consumers who inquire about financial instruments, regardless of whether a formal application is filed.

What are the requirements for PII protection under Safeguard for auto dealerships?

Your dealership must have a written, stated policy in place that includes the following:

  • Ensure the safety and confidentiality of customer PII and PIFI. This includes encryption of information.
  • Protect against physical and digital threats to the security of customer information
  • Protect against unauthorized access to customer information. This includes access management, multi-factor authentication, and audit logs.

This policy must be oversee by someone with qualified cybersecurity training.

What privacy notices do car dealerships now need to give customers?

Car dealerships must now maintain a record of customer consent for any customers who they extend credit or assist with arranging financing for a private vehicle.

Any personal information that you collect to provide these services is covered by the Privacy Rule. Examples of personal information include
someone’s name, address, phone number, or other information that could be used to identify them individually.

You don’t need to give a privacy notice to someone who simply expresses an interest in buying a car from you or asks general questions about financing or leasing. However, if a person gives you personal information in connection with a potential transaction, even without completing a formal application — you may be obligated to obtain a privacy notice.

Whether leasing or arranging credit, you must give them a privacy notice no later than at the time of signing of the
retail installment contract or lease agreement — even if you do not disclose their personal information to others.

How can VeriScan help dealerships be compliant with FTC Safeguard regulations?

VeriScan Online Enterprise offers integration of waivers and agreements into your onboarding flow. These waivers can be automatically associated to the customer account, ensuring you are compliant from the moment a customer walks into your dealership.

Learn more about VeriScan for car dealerships.

ID Verification, Validation, and Authentication – What’s the Difference?

/in , , /by

Not all identity verification is created equally. Many businesses think they are performing age verification, when the hardware and software they are using is not actually equipped to detect suspicious IDs. More than 46% of college students say they’ve used a fake ID to get past age restrictions. And today’s fake IDs can be imperceptible to the naked eye. So, what level of ID verification are you performing at your business?

What is ID Scanning?

ID scanning simply means an ID was digitally scanned. As there are hundreds of scanners on the market today, there is wide variance in scanning accuracy and fake ID detection.

ID scanning does not necessarily include any level of verification or authentication. In many cases, the scanning software is simply calculating if the birth and expiration dates indicate that a given individual is of age, and that their ID is not expired. There are no requirements for embedded security features.

ID scanner for car dealership

ID Scanning Considerations

  • Hardware capabilities. Low quality hardware will be less capable of detecting fake IDs.
  • Sophistication of 2D barcode parsing algorithm.
  • Breadth of IDs you need to verify on a daily basis. Large states with lots of ID holders have often been seen by algorithms more frequently, and thusly fakes are detected more readily.
  • Third party integrations. If you have a POS system or database, you will want scanning software that integrates, especially if you have PII retention requirements.
  • Staff training
  • State-level compliance requirements.

What is 2D Barcode Security?

At IDScan.net our AI performs more than 75 algorithmic security checks on the 2D barcode (PDF417) during digital scanning.

These are essentially what could be called “easter egg checks.” Most ID formats have some intentional quirks
or known consistencies. This might be something as simple as “for all Nebraska IDs, the ID number always starts with an A or a Q.” These are validation points that our algorithms have identified over our 15+ years scanning IDs, and so we’ve built them into our 2D barcode security checks to help catch some fake IDs.

2D barcode security checks can be done using all ID scanners, including mobile phones.

Data from the ID can also be parsed into your database, CRM, or POS at this stage.

Low quality fake IDs are often unable to pass barcode security. So this is a great base for age verification and fake detection. When tested against a library of known fakes, more than half failed this stage of verification.

For an additional layer of ID verification, some scanners can compare the data contained in the barcode with the data on the front of the ID, using optical character recognition.

Best-in-Class 2D Barcode Security

  • Scans the 2D barcode in 1 second or less
  • Can check against all parseable fields stored inside the 2D barcode
  • Can scan and parse all US and Canadian IDs and drivers licenses
  • Can scan and parse all passport and passport ID MRZs
  • Performs algorithmic checks against common 2D barcode errors and “tells”
Zebra TC210 ID Scanner Scanning ID

What is ID Authentication?

Authentication is the most stringent stage of ID verification, which requires specialty hardware. A phone, or low end scanner, will not be equipped with the type of camera or lighting required to truly put an ID through its paces.

At this stage, every aspect of the ID will be examined using powerful cameras. The ID will be checked against hologram and watermark libraries. It will be scanned using white, infrared and UV light. It will also undergo an additional series of algorithmic checks which look for variances in spelling, spacing, and

ID design versus known standards. Six images of the ID are simultaneously compared.

Because of the rigor of authentication, reading and returning results for each ID can take up to 10 seconds. This time is variable depending on the scanner, as well as the processing power of the computer that is being used to run the authentication software.

ID authentication can be performed concurrently with 2D barcode security checks and ID parsing. Authentication provides the highest degree of fake detection and accurately catches up to 95% of suspicious IDs. Even the best fake ID manufacturers have difficulty passing the hundreds of checks that are done in the authentication stage.

Best-in-Class ID Authentication

  • Minimum 400 DPI image capture for both sides of the ID
  • Simultaneous six image comparison
  • UV hologram screening library
  • IR watermark screening library
  • White light scanning
  • Infrared light scanning
  • Additional algorithmic checks on the physical ID
  • Results returned in 15 seconds or less

ID authentication requires specialty scanners. These scanners include embedded cameras, various types of lights, and often motors which can pull the ID in and out of the device. They require connection to a computer which can perform the data processing required to determine the ID’s legitimacy.

What is Identity Verification?

Beyond checking the physical ID, there is an additional layer of verification that can be performed – matching the human holding the ID to the ID itself. This can be performed in a number of ways but commonly involves facial recognition software.

In-person, this can be performed using a web camera, which matches the live photo of the individual’s face to the photo on their ID card.

If the ID checking is remote, or mobile, this can be performed using a selfie with the user’s existing mobile device.

In either case, anti-spoofing should be layered on top of the facial recognition, to ensure that a photo or video is not being used to trick the software.

Results can be returned in less than 3 seconds in most cases.

Facial recognition SDK for .net

How to improve identity verification for your business

Implementing identity verification solutions is simple and straightforward. It can help you better understand your customer, catch fake IDs, identify underage consumers, and eliminate manual processes.

Contact our team to see how we can implement affordable solutions to help you authenticate IDs, verify your customers, and stay compliant.

Hooray: IDScan.net is Officially SOC 2 Compliant!

/in , , /by

At IDScan.net, we pride ourselves on the trust we build between ourselves and our customers. Part of that trust comes from the vigilance and constant improvements being made to our software from a data privacy standpoint.We strive to ensure that our company maintains the highest and most up to date certifications and accreditations, and the latest of those accolades is SOC 2 compliance. 

Our journey to SOC 2 compliance was completed in 3 major steps. In Fall of 2019, we completed a Readiness Assessment. Then in January 2021 we obtained our SOC 2 Type I report. The final step in achieving compliance came in October 2022 when we were able to complete the SOC 2 Type II audit and obtain our report. By achieving this compliance, we are able to assure our customers that their sensitive information remains safe and protected within our company. 

What is SOC 2 compliance?

Service Organization Control 2 (SOC 2) is a subsect of the American Institute of CPAs’ Service Organization, but what does that mean? SOC 2 is a voluntary compliance standard for service organizations, developed by the American Institute of CPAs (AICPA), which specifies how organizations should manage customer data.

It is especially imperative that technology companies achieve SOC 2 compliance because oftentimes, they are storing information and data in a cloud based environment. Having private data in the cloud can make it more susceptible to data breaches without the proper precautions in place. 

What are the two types of SOC 2 reports?

Type I: This report is a standalone snapshot of the company’s control landscape on any given day. This type of audit is designed to assess a vendor’s systems and whether their design is suitable to meet relevant trust principles.

Type II: This report attests to both the design and the operating effectiveness of controls over a defined period of time, usually between 3-12 months. 

How to become SOC 2 Certified

The SOC 2 certification is awarded based on compliance with one or more of the 5 trust principles:

  1. Security: The company in question must be able to show that their system, and thus their customer’s data, is protected from unauthorized access. By proving this access control, it ensures both the auditor and the customers that measures are in place to prevent misuse, theft, or improper removal of sensitive data. 
  2. Availability: The company being audited must prove that the system has controls in place that ensure the information is available as needed. For example, if the server goes down, there must be measures in place to ensure that the service will be rerouted in a way that makes it available for the end user. 
  3. Processing Integrity: This test is designed to ensure the system is achieving the purpose it was designed to. Especially for software companies, it is critical that the correct data is delivered to the correct customer, and at the correct time. 
  4. Confidentiality: Information that is deemed confidential should have certain protections in place to ensure that the information stays private. These protections must include encryptions that work to protect sensitive information during transmission of said data. A prime example of encryptions are firewalls.
  5. Privacy: This final principle addresses how a system collects, uses, retains, discloses, and disposes of any personal information in accordance with their privacy notice as well as in accordance with the AICPA’s Generally Accepted Privacy Principles. This principle is particularly important because it protects against the unauthorized access of any personally identifiable information (PII), like race, age, health, sexuality, etc. 

Why SOC 2 Compliance is Important

By becoming SOC 2 certified, you are promising your customers that you value their privacy with the utmost regard. You are letting them know that your company has taken every measure necessary to provide them with the services they need, while ensuring that you respect and protect their sensitive information. 

At IDScan.net, we strive to comply with all 5 of the trust principles to safeguard our customers’ private information. By attaining this SOC 2 Compliance, we are able to prove to our customers that we do actually implement those security measures that we pride ourselves on.

Best ID Scanners for Bars and Nightclubs

/in , , , /by

The intoxicating world of Bars and Nightclubs is an ever changing realm, but in this post-Covid era, it seems more different now than ever before. Like most industries, the Bar and Nightclub world has had to make a lot of changes to ensure the health and safety of its patrons is at the forefront, and switching to as many touchfree options as possible has aided in that practice. For any Bar or Nightclub, service starts at the door where security will ultimately check the ID of every patron, and doing this manually not only takes a lot of time, but leads to increased exposure when it is unnecessary. 

ID Scanners and ID scanning solutions can help the Bar and Nightclub industry in a variety of ways. For starters, having a scanner can cut down on the time it takes to get people through the long lines that can accumulate during peak hours. As previously mentioned, these ID scanners can also help to cut down on potential exposure to various pathogens. However, the most important reason businesses should invest in a scanner and accompanying visitor management solution is the fact that it can not only catch fake IDs, but you can also customize profiles to flag specific patrons as VIPs, Banned, Big Spenders, or whatever else you desire.  In this article, we will be taking a look at the best scanner options for businesses in the Bar and Nightclub industry.

The FZ-N1 is the perfect choice for those establishments that have high volumes of customers. It is quick, powerful, and features an all day battery life, but if you still worry that one battery isn’t enough, don’t. This device allows for quick and easy battery swaps if one needs to be recharged. This solution is also handheld, so it is easy to take it wherever it is needed. Oh, and did we mention it has a military grade design? That makes it one of the toughest scanners we offer.

The Panasonic FZ-N1 has both Wi-Fi and Bluetooth capabilities, so it is able to be used on or offline, so it is especially ideal for areas that may not always have the best internet connection. The scanner also offers an 8-megapixel shooter that is able to read MRZs (machine readable zone). The scanner does not have UV or IR capabilities though, so if authentication is something you need, there are other options that would better suit your needs. 

The M500 is perfect for any establishment that needs authentication, other third-party checks, or offers age-restricted vending. The scanner has a motorized side load design that allows you to quickly and precisely check IDs. Powered via cord, you never have to worry about this unit running out of battery life in the middle of peak hours. This ID scanner is the best option for those wanting the most accurate verification possible of scanned IDs.

This ID scanner includes full-color ID scans with the built in 600 dpi camera and magstripe reader allowing for proper authentication or third party checks. The only con for this ID scanner is the size. The E-Seek M500 is a relatively large unit that will need a table to sit on during use, so it might not be the best choice for those establishments looking for a portable ID scanner. 

3: IDWare Falcon

The newest product in our fleet, the IDWare Falcon is perfect for those establishments that truly want a touch-free solution for guests. This tablet sized ID scanner is not just a scanner, but has the visitor management aspect built right in. The Falcon can either be portable or mounted on a stand, and if it is on the stand, patrons can just hold their ID under the built-in scanner for quick and easy verification. This scanner can be used on or offline which makes it another great option for those with unreliable Wi-Fi. 

The IDWare Falcon has a whopping 8 LCD inch screen, and the built-in scanner is able to read 1D and 2D barcodes, PDF417, NFC and MRZs. This makes it especially good for those Bars and Nightclubs that get a lot of international visitors that may not have a United States driver’s license. 

Above are three solid options for Bar and Nightclub establishments, but if none of those suit your needs, we have plenty of other ID scanners for you to choose from. Be sure to talk with one of our industry experts so that they can help guide you to make the perfect decision.

What is the difference between RFID and MRZ?

/in /by

Over the past 5-10 years, most national passports have been transitioning from the primary data storage format of MRZ to RFID. Both formats are intended to speed up border crossings and customs interactions by making passports scannable by specific cameras and hardware. Instead of manually reading a passport an agent can scan the document and immediately ingest a variety of fields.

Machine Readable Zone (MRZ)

Global organization ICAO sets the standards for passport designs and readability. There are currently three MRZ sizes, but the two most common are:

“Type 3”  – passport booklets: 2 lines × 44 characters

“Type 1” – passport cards – 3 lines × 30 characters

The dimensions of the effective reading zone (ERZ) is standardized at 17.0 mm in height with a margin of 3 mm at the document edges and 3.2 mm at the edge against the visual readable part. This is in order to allow use of a single machine reader.

Only characters A to Z (upper case), 0–9, and < (angle bracket) are allowed. The typeface is universally OCR-B, a typeface which is ideal for optical character recognition.

The following information is stored within the MRZ on all travel documents:

  • document type
  • document holder name 
  • document number
  • Nationality
  • date of birth
  • sex
  • document expiration date

MRZ has been the worldwide standard since the 1980’s. It is an easy format that anyone can use. However, wear and tear on the passport can render it unreadable. It is also limited in the amount of information that can be stored – because of this some fields such as long names, may be truncated.

Radio Frequency Identification (RFID)

RFID, also known as “a chip” or “biometric passports” stores all of the information, and more, on a chip which is embedded inside the hardcover of the passport. It is the same technology used for embedding a chip into a pet for finding them when they get lost. It is intended to be read only by a device within 4 inches of the physical chip

Unlike MRZ, ICAO has not set a standard for what information must be stored inside an RFID chip on a passport. For American citizens, there is no personal information stored on the RFID tag, simply a reference code to a file the government keeps on you and agents can access at passport control. Most other countries store data directly on the chip itself. For Europeans this typically means all of the information about you is inside of the passport (e.g. name, date of birth, etc.) plus your photo and fingerprints. Most countries attempt to perform some type of encryption on the RFID chip to protect sensitive data.

Currently, 160 countries have some type of RFID. Notable national passports that do not contain a chip and still rely on MRZ exclusively are India, South Africa, Egypt, Cuba, Ethiopia and many more countries in Central America, Africa, and the Pacific Islands. India plans to start issuing biometric passports in 2022.

Benefits of RFID vs. MRZ

  • A larger storage capacity that includes the ability to store images, as well as avoiding truncation
  • Harder to damage with less wear and tear
  • Embedded in the document, so does not take away visual real estate on the document
  • All data is transmitted and can be verified near instantaneously
  • Substantially harder to fabricate

Although MRZ is much cheaper to produce, and MRZ-readers are cheaper to manufacture, it appears that most nations are making the investment in the superior identity data storage format. 

ID Scanners That Can Read Both

Passport scanning and passport parsing can be performed on both MRZ and RFID, however the IDScan.net passport parsing SDK only works on MRZ.

For hardware that can handle both MRZ reading/parsing and RFID reading, take a look at our AT10K and AT9000 which can do both, in addition to reading drivers’ licenses and state IDs. IDScan.net offers a variety of solutions that can scan and parse the necessary information to keep security at a maximum and wait times to a minimum. 

Still not sure? Contact us and let one of our industry experts help to guide your company to the right solution that will help you remain compliant and efficient. With summer travel picking up, and security queue times at record highs, the time to upgrade your scanning solution is now. 

elon musk tweet

“Authenticate All Real Humans” – How Can Elon Musk Combat Bots on Twitter?

/in , , , /by

Last week Elon Musk bought Twitter for $45b. His goal? Make the platform “free speech friendly.” But he faces a tough challenge: how to enable free speech without letting bots and bad actors run amok. Musk’s solution: “authenticate all real humans.”

But what does authenticating all real humans mean? During my nearly 20 years in identity technology I’ve worked hard to help educate businesses about what “authentication” means. So naturally when I heard Musk use the term authenticate I began to think of his true meaning, and how he might implement a strategy that makes Twitter open, usable, and bot-free. Or how he might take it one level further to match individual identities to each Twitter user.

Bots Vs. Humans

A very simple way to keep the bots off Twitter is to force users to perform a liveness check using facial recognition. Liveness checks are a feature of our Age Restricted Vending product, and are used in that instance to check that someone is not holding a photo up to a camera to scam the system. A liveness check can include actions such as:

  • Smile
  • Turn head side to side
  • Remove glasses
  • Remove mask

Liveness checks can be performed via selfie. The user simply uses the backward facing camera, and places their head inside an oval that is overlaid on the screen. They are then prompted to perform between 1 and 3 liveness checks. The program can then virtually confirm that they are a live human. 

Liveness checks can be performed and liveness can be validated in <5 seconds. This step could be done as a pass fail with no other identity verification or authentication checks. It would simply confirm that a real human is associated with the account. It would, however, exclude potential Twitter users who do not have access to a camera. Live humans would also, theoretically, be able to be verified on multiple accounts. So it would not necessarily solve the issue of call centers or troll farms where real humans are acting as bots. 

Mobile ID Validation

Liveness checks are a great option to ensure that Twitter users are real humans. But they don’t actually tie a user to a real human. To do this, Musk would need to perform some type of ID checking. The information on the ID could then be checked against self-reported information. Mobile ID validation is commonly used by banks and financial institutions for loan origination, and for online gaming to verify age. 

To perform ID verification remotely, the user would need to take front and back photos of their ID. Then two key things occur. One, the information on the front of the ID is read using optical character recognition, and matched to the information stored in the barcode. Then the barcode is scanned and reviewed for any issues, as many fakes contain issues inside the barcode itself. 

PII could be flushed after front and back matching, and/or checking against the existing Twitter database is performed. Or some combination of information could be retained. It all depends on the policies created when the system is set up. 

When combined with a selfie, mobile ID verification is a great way to match a digital identity to a real human, and perform some basic checks to ensure the ID is real. However, because phone cameras can’t perform UV/IR scanning, or look for holograms, they won’t be able to perform more stringent authentication.

ID verification is one of the three methods Twitter currently uses to confirm identities for the blue checkmark for verified accounts.

An actual photo of a troll farm – showing it is real humans, not “bots” that negatively impact the user experience on platforms such as Twitter

Mobile Authentication

So as I mentioned, authentication needs more sophisticated, powerful hardware such as the E-Seek M500 (used by the TSA) or the CR5400. These scanners include powerful cameras with high image resolution and several different types of light, so they are great at catching fake IDs. 

However, it isn’t practical for Twitter to physically authenticate everyone. A mobile solution is required. So to truly check for fakes and authenticate identity, a mobile authentication solution would be required. This is accomplished by checking identities against a third party database. It is a similar solution to what we provide for our cannabis delivery customers, who need to authenticate IDs in a mobile environment. 

Twitter would simply scan the back of the ID, containing the barcode, and then run a check against a trusted third party database (we offer both US and global checks). This would match a real individual to the account, confirming that the individual exists, and could perform additional checks such as location, which could mitigate foreign call centers using IDs.

Mobile authentication is typically priced per scan, with volume discounts applying at the scale in which Twitter would be operating. They would likely want to implement a stepped approach, in which their most high risk or controversial accounts are forced to go through the mobile authentication process first, or accounts are forced to undergo mobile authentication after a ban or a warning. 

Conclusion

In the end, it really comes down to the nuance of what Musk said. Does he want to match every Twitter account to a real human? Or does he just want to block obvious bots? If the former, will this information be public, like Facebook? Or will only Twitter know the true identities of users? And how will this work for companies? If removing bots is the true motive, then how will he eliminate call centers and farms that are behaving like bots?

Identity Fraud History

Return Fraud: What It Is and How to Prevent It

/in , /by

Return Fraud is a persistent problem for retail businesses today, resulting in billions of dollars in lost revenue and additional costs in the U.S. every year. According to the National Retail Federation, the world’s largest retail trade association, the surge in eCommerce since the onset of the Covid-19 pandemic has continued to drive return fraud losses even higher, with retailers losing more than $78.4 billion in 2021 alone. 

Read more

How to Protect Yourself from Cryptocurrency Fraud

How to Protect Yourself from Cryptocurrency Fraud

/in , /by

What You Need to Know to Protect Yourself from Cryptocurrency Fraud

Read more

identity proofing

Identity Proofing – an Easy to Understand Explanation of an Essential Business Security Process

/in , /by

The process of identity proofing is garnering renewed interest lately. As reputable businesses and savvy consumers work to protect themselves from the alarming increase in digital crime, identity theft, and fraud during the Covid-19 pandemic, the demand for proven security measures that mitigate the escalating risks has steadily grown to become one of the most critically urgent issues facing companies today. To meet this demand, business leaders must routinely take a hard look at their own security procedures and investigate the efficacy of their organizational defenses.

Read more
driver-license-security-features-hologram

The Most Common Security Features to Look for When Verifying IDs

/1 Comment/in , /by

Verifying the authenticity of a driver’s license and other forms of identification is one of the smartest things a business can do to protect its interests and foster growth. Read more

SHARE YOUR CART