Digital Identity Verification – Trends for 2022 And Beyond

Interview with IDScan.net CTO, Andrey Stanovnov

What are the 5 things you are most excited about/looking forward to in regards to identity tech?

  1. Mobile validation of physical documents drivers’ license/passports using mobile cameras and selfies. Our phones now have the tools we need to do basic identity verification. Of course to truly authenticate an ID you need specialized cameras and machinery, but for many purposes a phone works great for verifying that someone is who they say they are. 
  1. Growing adoption of digital IDs. It is funny that Louisiana, which most people don’t think of as a high-tech state, is one of the first states to offer a drivers’ license app for your phone. You really don’t even need to carry a physical ID in Louisiana now. I definitely see more states going this way. 
  1. Visitor management and access control based on proximity sensors. Geo-fencing is the future, both for security, and creating really outstanding personalized experiences. Combined with ID scanning and biometrics like facial recognition, there is just so much opportunity. Secure facilities have been using this tech for years, but we’re now seeing it be deployed in more consumer environments like retail, casinos, and nightclubs, and what it can do is very powerful. 
  1. Gathering demographic information from ID scans and/or biometrics. One of our casino clients was recently telling us how the demographic information from their ID scans was actually the first way they were able to tell that out-of-state visits were trending up. Their hotel bookings were not yet trending, but they were scanning more drive-state IDs. Having this knowledge enabled them to get very proactive with marketing, planning, and operations. So I think we will see more decision-making being made based on identity information gathered on-site. 
  1. Increased public acceptance of ID scanning. I think COVID-19 created a big shift. Everyone had to quickly get much more comfortable with showing their IDs, vaccination cards, and/or test results to enter public places, travel internationally, and conduct business. So I think we will see more integration of identity verification in our daily lives, simply because people are less resistant to it. 

How do you see companies navigating the experience between personalized experiences and privacy?

I believe strongly in what I call “elective convenience.” Some great examples of elective convenience are TSA Precheck, CLEAR enrollment, or saving your credit card to your Google account. None of these things are required to live your life, but the end consumer is offered the option to give up a small amount of privacy in order to add convenience to their life. 

I think as a society we are becoming more and more convenience-driven. We use less cash. We demand backup cameras or self parking features in our cars. We default to shopping on Amazon because we can check out with a single click. Brands that add options for elective convenience continually perform better. 

But we are also seeing legislative directives to allow consumers the option to opt out and to control how their personal information is used. This helps keep companies honest and ensure they safeguard user information, and ensures that the convenience always remains elective.

So I see the balance between privacy, security, and convenience as a personalized experience in and of itself. Elective convenience ensures consumer comfort. 

A good chance to look backward – here’s me back when we first started the company!

 If you had to place a bet on one piece of technology for the next 10 years, which would you invest in?

Not exactly the most lucrative place to put my chip, but I think we are going to see much more synergy between the government, and public institutions, and our phones. In Louisiana we already have our drivers’ licenses on our phone inside an app. It is secure, super simple to use, and a great experience. The other day I got a push notification that I needed to renew my license and I did it with 3 clicks inside the app. I would be surprised if all 50 states didn’t offer this technology within 5 years.

But I think it will go even further. Library cards should be on your phone. In Louisiana your fishing and hunting licenses and COVID vaccine cards are also on your phone.  Insurance cards should be on your phone. Student IDs should be on your phone. 

So my big bet will be on the technologies that allow institutions, even institutions that require a high degree of security, to allow for instant validation for electronic IDs. I bet on a future in which any identity document you need is stored securely on your device, and validation for new accounts is easily done via camera and selfie. 

Which IDScan.net/VeriScan feature are you the most proud of and wish more people knew about?

ID parsing – that is, scanning an ID’s barcode and automatically capturing all the information from the ID (name, DOB, address, age, etc.) was the very first software feature we launched. And it is still unbelievably underutilized. I am continuously blown away when I see companies – even very large companies – using pen and paper to capture this information. Not only is that prone to error, but it takes valuable man hours. Even more maddening is when the front desk agent scans the ID, and then manually types in all the information from the ID – turning something that should be one step into two separate tasks. 

I see this a lot in medical offices. We know healthcare is an industry that still uses a lot of legacy technology and I really would love to see an overhaul of the identity verification and intake process. There is so much duplicative effort and manual entry going on that is easily resolved with IDScan.net products.

Is there anything exciting that IDScan.net is working on for 2022?

We have three major technology initiatives that I am super excited about. 

One is a complete overhaul of our VeriScan product. We have completely redesigned the interface, added tons of new features, and made it much faster and even more accurate. The new VeriScan is currently in QA and the beta will be released to select customers shortly. I am very excited to hear their reactions. 

We also have invested substantial development effort in our mobile ID verification product (DVS). This product is very straightforward for the end user – they simply take a photo of their ID, snap a selfie, and our software does the rest. So from their perspective this software is simple – but it uses ID parsing, ID scanning, and facial recognition to provide a seamless experience. A lot of work is being done under the hood to make it faster and more accurate. That product is now being used by some very large customers and I’m excited to see it rolled out to even more companies.

And last is a small, but meaningful project – Kojak fingerprint scanning to .EFT (electronic fingerprint transfer) file. Right now the process of taking and submitting fingerprints is extremely time consuming – the ink prints take months to be processed by federal agencies. Submission by file will reduce the time for approval from 14 months to a matter of weeks. So we are excited to launch scan-to-.EFT capabilities using the Kojak scanner in late Q2. 

Overall, we have so many development initiatives going on. It is a very exciting time for IDScan.net and the identity verification industry.

elon musk tweet

“Authenticate All Real Humans” – How Can Elon Musk Combat Bots on Twitter?

Last week Elon Musk bought Twitter for $45b. His goal? Make the platform “free speech friendly.” But he faces a tough challenge: how to enable free speech without letting bots and bad actors run amok. Musk’s solution: “authenticate all real humans.”

But what does authenticating all real humans mean? During my nearly 20 years in identity technology I’ve worked hard to help educate businesses about what “authentication” means. So naturally when I heard Musk use the term authenticate I began to think of his true meaning, and how he might implement a strategy that makes Twitter open, usable, and bot-free. Or how he might take it one level further to match individual identities to each Twitter user.

Bots Vs. Humans

A very simple way to keep the bots off Twitter is to force users to perform a liveness check using facial recognition. Liveness checks are a feature of our Age Restricted Vending product, and are used in that instance to check that someone is not holding a photo up to a camera to scam the system. A liveness check can include actions such as:

  • Smile
  • Turn head side to side
  • Remove glasses
  • Remove mask

Liveness checks can be performed via selfie. The user simply uses the backward facing camera, and places their head inside an oval that is overlaid on the screen. They are then prompted to perform between 1 and 3 liveness checks. The program can then virtually confirm that they are a live human. 

Liveness checks can be performed and liveness can be validated in <5 seconds. This step could be done as a pass fail with no other identity verification or authentication checks. It would simply confirm that a real human is associated with the account. It would, however, exclude potential Twitter users who do not have access to a camera. Live humans would also, theoretically, be able to be verified on multiple accounts. So it would not necessarily solve the issue of call centers or troll farms where real humans are acting as bots. 

Mobile ID Validation

Liveness checks are a great option to ensure that Twitter users are real humans. But they don’t actually tie a user to a real human. To do this, Musk would need to perform some type of ID checking. The information on the ID could then be checked against self-reported information. Mobile ID validation is commonly used by banks and financial institutions for loan origination, and for online gaming to verify age. 

To perform ID verification remotely, the user would need to take front and back photos of their ID. Then two key things occur. One, the information on the front of the ID is read using optical character recognition, and matched to the information stored in the barcode. Then the barcode is scanned and reviewed for any issues, as many fakes contain issues inside the barcode itself. 

PII could be flushed after front and back matching, and/or checking against the existing Twitter database is performed. Or some combination of information could be retained. It all depends on the policies created when the system is set up. 

When combined with a selfie, mobile ID verification is a great way to match a digital identity to a real human, and perform some basic checks to ensure the ID is real. However, because phone cameras can’t perform UV/IR scanning, or look for holograms, they won’t be able to perform more stringent authentication.

ID verification is one of the three methods Twitter currently uses to confirm identities for the blue checkmark for verified accounts.

An actual photo of a troll farm – showing it is real humans, not “bots” that negatively impact the user experience on platforms such as Twitter

Mobile Authentication

So as I mentioned, authentication needs more sophisticated, powerful hardware such as the E-Seek M500 (used by the TSA) or the CR5400. These scanners include powerful cameras with high image resolution and several different types of light, so they are great at catching fake IDs. 

However, it isn’t practical for Twitter to physically authenticate everyone. A mobile solution is required. So to truly check for fakes and authenticate identity, a mobile authentication solution would be required. This is accomplished by checking identities against a third party database. It is a similar solution to what we provide for our cannabis delivery customers, who need to authenticate IDs in a mobile environment. 

Twitter would simply scan the back of the ID, containing the barcode, and then run a check against a trusted third party database (we offer both US and global checks). This would match a real individual to the account, confirming that the individual exists, and could perform additional checks such as location, which could mitigate foreign call centers using IDs.

Mobile authentication is typically priced per scan, with volume discounts applying at the scale in which Twitter would be operating. They would likely want to implement a stepped approach, in which their most high risk or controversial accounts are forced to go through the mobile authentication process first, or accounts are forced to undergo mobile authentication after a ban or a warning. 

Conclusion

In the end, it really comes down to the nuance of what Musk said. Does he want to match every Twitter account to a real human? Or does he just want to block obvious bots? If the former, will this information be public, like Facebook? Or will only Twitter know the true identities of users? And how will this work for companies? If removing bots is the true motive, then how will he eliminate call centers and farms that are behaving like bots?

Amazon Payment Disable

a:7:{s:8:”location”;a:1:{i:0;a:1:{i:0;a:3:{s:5:”param”;s:12:”options_page”;s:8:”operator”;s:2:”==”;s:5:”value”;s:30:”acf-options-amazon-conditional”;}}}s:8:”position”;s:6:”normal”;s:5:”style”;s:7:”default”;s:15:”label_placement”;s:3:”top”;s:21:”instruction_placement”;s:5:”label”;s:14:”hide_on_screen”;s:0:””;s:11:”description”;s:0:””;}

Popup Hide Duration

a:13:{s:8:”location”;a:1:{i:0;a:1:{i:0;a:3:{s:5:”param”;s:9:”post_type”;s:8:”operator”;s:2:”==”;s:5:”value”;s:5:”popup”;}}}s:8:”position”;s:6:”normal”;s:5:”style”;s:7:”default”;s:15:”label_placement”;s:4:”left”;s:21:”instruction_placement”;s:5:”label”;s:14:”hide_on_screen”;s:0:””;s:11:”description”;s:0:””;s:18:”acfe_display_title”;s:0:””;s:13:”acfe_autosync”;s:0:””;s:16:”acfe_permissions”;s:0:””;s:9:”acfe_form”;i:0;s:9:”acfe_meta”;s:0:””;s:9:”acfe_note”;s:0:””;}

POPUPS

a:13:{s:8:”location”;a:3:{i:0;a:1:{i:0;a:3:{s:5:”param”;s:9:”post_type”;s:8:”operator”;s:2:”==”;s:5:”value”;s:4:”post”;}}i:1;a:1:{i:0;a:3:{s:5:”param”;s:9:”post_type”;s:8:”operator”;s:2:”==”;s:5:”value”;s:4:”page”;}}i:2;a:1:{i:0;a:3:{s:5:”param”;s:9:”post_type”;s:8:”operator”;s:2:”==”;s:5:”value”;s:7:”product”;}}}s:8:”position”;s:4:”side”;s:5:”style”;s:7:”default”;s:15:”label_placement”;s:4:”left”;s:21:”instruction_placement”;s:5:”label”;s:14:”hide_on_screen”;s:0:””;s:11:”description”;s:0:””;s:18:”acfe_display_title”;s:0:””;s:13:”acfe_autosync”;s:0:””;s:16:”acfe_permissions”;s:0:””;s:9:”acfe_form”;i:0;s:9:”acfe_meta”;s:0:””;s:9:”acfe_note”;s:0:””;}

ID Scan Product Settings

a:7:{s:8:”location”;a:1:{i:0;a:1:{i:0;a:3:{s:5:”param”;s:9:”post_type”;s:8:”operator”;s:2:”==”;s:5:”value”;s:7:”product”;}}}s:8:”position”;s:15:”acf_after_title”;s:5:”style”;s:7:”default”;s:15:”label_placement”;s:3:”top”;s:21:”instruction_placement”;s:5:”label”;s:14:”hide_on_screen”;s:0:””;s:11:”description”;s:0:””;}