The idea of unlocking your phone by scanning your face would have seemed like something out of “Blade Runner” not so long ago. Concepts like iris tracking, liveness detection and 3D face mapping would have come across as novelties, certainly not technology on the brink of becoming commonplace
Yet here we are today, picking up our iPhones and unlocking them with a look. Apple’s Face ID feature has relegated Touch ID to the past and is ushering in a new wave of facial biometrics, as more and more people get comfortable with using their own biometrics as a means of authentication.
As face-based biometrics begin to work their way into the mainstream, it begs the question — what other scenarios could be transformed by this kind of identity verification? In light of large-scale data breaches, the dark web and the high volume of identity theft and account takeover, it has become increasingly difficult for companies to know whether someone is who they claim to be. Therefore, because organisations need to conduct more continual identity proofing, a growing range of scenarios to use face-based biometrics emerge.
Changing the status quo of identity verification
While the need to identity proof has become increasingly more important in recent years, and consumer appetite and familiarity with facial biometrics is nearly where it needs to be, we first have to understand why else organisations would look to adopt this form of security method.
Traditional identity verification methods range from knowledge-based authentication (KBA), whereby you answer personalised security questions based on information like your mother’s maiden name, to two-factor authentication (2FA), whereby you are sent a verification code via SMS message, to prove that you are indeed the person trying to access the account.
However, these methods come with increasingly significant vulnerabilities. For example, hackers are able to easily intercept the four- and six-digit SMS codes that underpin 2FA via the SS7 telecommunication protocol network, or through phishing attacks. A more elaborate hack involves “SIM swapping”. If a criminal has some of your identity details, they might be able to convince your phone provider that they are you and request a new SIM attached to your phone number to be sent to them. That way, any time an authentication code is sent from one of your accounts, it will go to the hacker instead of you.
When it comes to KBA, simple social media searches can reveal the answers to the supposed secret questions that this solution relies on. Hackers can also reset the passwords of legitimate customers using their birthdate, postcode and other personal information, that can be easily found by simple Google searches or purchased from the Dark Web.
Add to the mix cybercrime and the dark web evolving and becoming far more sophisticated, traditional forms of authentication that were once effective can simply no longer reliably ensure that the person logging into their online account is the actual account owner.
Paving the way for new alternatives
Therefore, facial biometrics presents a very real alternative that both increases security and capitalises on consumer understanding and awareness. And we’re already seeing uptake in these new, safer and more secure methods. Using cutting-edge AI and video selfie technology, this technique goes well beyond traditional authentication methods to deliver a significantly higher level of assurance and establish a trusted identity. In addition, these trailblazing solutions also mean that variables such as wearing glasses, gaining or losing weight or growing a beard won’t disrupt the tool.
As companies like Monzo and easyJet begin using face-based biometrics, consumer confidence continues to rise. Research from Experian shows that 74 percent of consumers globally are more confident that physical biometrics will protect their information over passwords. With passwords being bought and sold on the dark web for next to nothing, this is a compelling statistic to see.
Broadening the horizons of facial biometrics
This form of identity verification is key in the account opening stage. But there is an urgent need to use these methods beyond just this step — primarily, in higher-risk scenarios including wire transfers and password reset attempts.
Selfie-based authentication utilises a selfie captured during the account opening process as a reference point. If you need to reset your password, you could take another quick selfie that would be cross-checked with the original selfie used to open the account for quick and secure verification. Using face-based biometrics in this way also opens doors to other use cases, including self-check-in for flights and hotels, and unlocking a pre-arranged rental car.
Businesses can easily lose customers due to a slow, clunky or unclear onboarding and authentication process. This method, however, improves the experience significantly because of its speed, familiarity and simplicity. Perhaps more importantly, it also scares off would-be fraudsters as it’s unlikely they’ll want to share their own picture with the very company they’re attempting to fraud.
By 2022, Gartner, Inc. predicts that 70 percent of organisations using biometric authentication for workforce access will implement it via smartphone apps, regardless of the endpoint device being used. In 2018, the figure was fewer than five percent. Paired with the growing familiarity of face-based biometrics, now is the time for businesses to seize the potential and realise the benefits of this innovative technology.
Philipp serves as Jumio’s Chief Product Officer (CPO) and facilitates Jumio’s product strategy. Prior to Jumio, Philipp was responsible for paysafecard, Europe’s most popular prepaid solution for purchasing online. At paysafecard he played a primary role in launching the KYC compliant mypaysafecard wallet. Before that Philipp served 10 years at e-commerce giant First Data, where he took a deep dive into the classic payments industry. He graduated from the University of Applied Sciences Technikum in Vienna.