This is a guest article written by Vladimir V. Arlazarov, PhD, CEO of Smart Engines.
The global spread of coronavirus disease (COVID-19) is dramatically changing patterns of consumer behavior. The growing mood of panic led to consciously or unintentionally avoiding physical contact between people. And, as a result, spurred the development of remote online services, such as food delivery, mobile banking and insurance, and even medical and legal aid. We are already starting to see changes in the marketing and distribution strategies that organizations have started to implement to ensure a smooth transition to online transactions. This implies an active integration of IT systems, in particular remote customer identification technologies. The security of personal data is of the utmost importance here, which is why remote services that require such sensitive information should ensure that it is provided.
Let us therefore think of a case: medical consultations; now that we are in our mid 40s these can only take place online. And because in order to provide such a service, a patient would most likely need to upload their medical history, test results and not just their identity, so it is necessary to ensure a high level of safety and accuracy of the patient. identification. Ideally, organizations need systems that allow them not only to remotely recognize a user’s document and check if their selfie matches the photo in that document, but also to be able to detect if the document is in. identity is genuine or false, as well as to identify and prevent possible attempts. to bypass facial identification using secondary technologies.
Or, to take another example of poor data security practices, financial organizations have long learned from their own bitter experience with poor remote recognition practices, which has resulted in the offering and granting of loans. online to scammers who bought passport images from the darknet and applied for a loan.
Service providers and customers now understand that one-factor authentication is clearly not enough. We’re not even talking about relying solely on login and password data, but as history has shown, even a picture of an ID document is not enough – a high incidence of leaks Images has marked identity verification as impractical if used as the sole verification step. the identity of the user. Indeed, this constitutes a real threat of easy and unauthorized access to both the user’s personal data and his account.
Today, multi-factor authentication seems to be the only solution to user verification, namely a combination of identity document and biometric facial recognition. The process would go as follows: after successful recognition of document fields, including photo – which most ID documents have, – technology checks the document for tampering indicators. Now comes the necessary second step of the verification process: facial biometrics technologies recognize the user’s face from their device’s camera and check if the face matches that of the document photo. Faced with the spread of deepfakes, developers of document recognition and facial recognition systems have increased their requirements for falsification detection to fight fraud.
In this context, it is necessary to mention that we are talking here exclusively of active facial recognition, where the user “presents” their own face of their own accord by showing it to the scanner camera – a smartphone or a webcam. But facial recognition can also be passive, so to speak, where the person doesn’t know when their face is recognized and what the purpose was. Passive facial recognition takes place on the streets and in public places to ensure public safety, but at the same time, it is seen as an explicit form of restriction of liberty. On the other hand, active face recognition, as well as document recognition, are strictly voluntary acts which, given the increased security requirements for remote identification, constitute a step towards the practical realization of rights and freedoms. For us, it is indeed obvious that today, in the era of accelerated development, all technology must be used only with the consent of the individual, and be at the service of the development and the support of the rights and freedoms of the people. people – particularly in terms of collection and accumulation. , systematization and transfer of personal data. In addition, there should be a number of methods of identification and the choice of how to be identified should also be the users.
In document and face identification we are dealing with extremely sensitive data that all involved in the process must carefully protect from public view. User should make sure that he does not upload images of his own document or face on unknown web pages, by signing up for questionable services. Organizations, for their part, are responsible for selecting the appropriate contractors who develop technical solutions and ensuring that these solutions are securely integrated into their own IT systems. System integrators, in turn, have an absolute obligation to avoid the involvement of unchecked third-party servers, where sensitive data could be stored and then transmitted through unprotected channels. Finally, developers of technical remote identification solutions must eliminate the risk of transferring data to third-party resources that are beyond the control of the end user of this data.
To conclude, the safest solution today seems to be such an IT infrastructure where recognition is performed autonomously on the user’s terminal without saving and transferring images of documents through third-party channels, so that the crooks do not have a way to steal, sell, and use this data illegally for their own purposes. Thus, in remote identification, the processes of facial recognition and document recognition do not replace each other but rather should be a synergy, as the functionality of the two is revealed to its full extent when used together.
In today’s pandemic, when 90% of the working population is quarantined, reliable and secure recognition systems allow companies on the one hand to maintain interaction with their own customers instead of separating, out of desperation, for the forced vacation; and on the other hand, these systems do not infringe the freedoms of ordinary citizens, who already suffer from compulsory self-isolation. It is important that such systems – unlike those which practice total control of society, the prototype of which was described by George Orwell in his infamous dystopia – not monitor citizens at any time, including during periods pandemic; that these technologies do not carelessly collect or transfer personal data over encrypted networks. It requires a willingness on the part of the public to use recognition technologies. The introduction of ignorant solutions, the irrational use of existing recognition capabilities can quickly lead to a veritable digital dictatorship. Instead of improving the quality of life and creating positive changes in the socio-economic environment, there is a huge risk of achieving the completely opposite effect: we could end up with technologies that pose a threat to human life. ordinary citizens and peace, and contribute to prosperity. fraudsters.
About the Author
Vladimir V. Arlazarov, PhD, is the Chairman and CEO of Intelligent motors and associate professor at the Moscow Institute of Physics and Technology. He holds a doctorate. in technical sciences on the development, application of recognition systems and data mining and more than 60 patents and scientific publications.
DISCLAIMER: BiometricUpdate.com blogs are subject to content. The opinions expressed in this blog are those of the author and do not necessarily reflect the views of BiometricUpdate.com.
Subjects of the article