Jumio Authentication is a new AI-based technology for preventing identity theft - updating an existing selfie verification service already used by the likes of Monzo and Paysafe
Hijacking people’s identities to get access to their bank accounts, vehicles and even hotel rooms could soon be a thing of the past using new “selfie” verification technology.
Jumio Authentication captures hundreds of images of people when they take a selfie video to verify themselves during high-risk online transactions – or when unlocking accounts and doors – to create a 3D identity map that can’t be spoofed.
This offers a new dimension to existing biometric authentication – recognising a person’s unique human traits such as their face and voice – by enabling ongoing verification that’s more secure, according to Silicon Valley artificial intelligence firm Jumio, which launched the new service today (12 February).
The company hopes it will replace less secure verification processes such as passwords and two-step authentication for its clients, which include airline easyJet and challenger bank Monzo.
Jumio president Robert Prigge told Compelo: “Selfies are now our passports. Increasingly over the next few years, biometrics will be the future.
“In the past, companies have checked who we are by asking questions about our background or two-factor authentication.
“All those systems are so easy to spoof that I’m convinced it’s really all about biometrics – our faces and voice will be how we unlock things in the future.
“With technology like ours, you’re just going to need to take a video selfie to unlock a rental car, get into your hotel room if you’ve lost the key, open a new bank account and make a big transaction.”
Why is selfie verification needed?
Palo Alto-headquartered Jumio claims to be the world’s largest AI-powered provider of identity-as-a-service technology, with more than 2,000 staff and offices across the world.
The sectors it serves range from hospitality and online gaming to aerospace and banking, with other key clients it serves are United Airlines, Metro Bank, HSBC, Bwin, WeWork, Instacart and Coinbase.
Its previous tech has enabled identities – whether documents such as driving licences or people’s faces – as well as documents to be verified instantly using AI more than 150 million times.
Mr Prigge said this offers far greater security than previous methods, such as knowledge-based – think questions about a mother’s maiden name or first car the user bought – and multi-factor authentication as these remain vulnerable to imposters, credential phishing, large-scale data breaches, dark web user data dumps and main-in-the-middle attacks.
But Jumio realised fraudsters were quick to spot loopholes in past attempts at biometric authentication and learned how to fool online identify verification software with “spoofing attacks”.
This has involved using a photograph, video or mask of the authorised person’s face, making it increasingly important to check whether the correct user is physically present during the account set-up process.
Identity theft is on the rise, with 16.7 million victims recorded in the US in 2017, costing nearly $17bn through the loss of data, according to Javelin Strategy, while UK fraud prevention service Cifas said the number of cases in Britain rose by 125% in ten years to 175,000 in 2017.
Mr Prigge said: “Identity fraud is absolutely rampant and increasing as a problem. As companies move online, there’s been almost no way of dealing with it remotely.
“So they’re reacting to it now and adapting to new ways of verifying identities.”
How Jumio’s new selfie verification technology works
Jumio Authentication is integrated with anti-spoofing technology made by FaceTec, which begins during enrolment when a user takes a photograph of their government-issued ID, such as a driver’s licence, passport or ID card.
They then take a video selfie, which is instantly analysed using AI to determine they are who they claim to be and not an imposter.
Later, when the user wants to log into their account or whenever a high-risk transaction occurs, the facial recognition tech enables the user to take another video selfie – where a new 3D face map is created – which is then compared to the original face map, verifying the user and unlocking the account in seconds.
Named ZoOm 3D Face Login with TrueLiveness Detection, it is claimed to be the only software of its kind recognised with level one and two security certificates by software testing company iBeta and the US’ National Institute of Standards and Technology (NIST).
Mr Prigge said: “We’re tying your biometrics to your identity so we know who you are. When you’re taking a selfie, instead of one image, it’s taking hundreds – if not thousands – of them.
“This creates a 3D map and shows whether it’s a mask or if you’re pretending to be someone else.
“The real power of it is that, because we can map the video selfie, if you lose your phone, all you need to do is take another video selfie and the technology will identify it as you again, rather than someone who might have stolen your phone.
“It can also register change, such as whether people grow facial hair and lose or put on weight.
“Trust is the killer problem that companies need to solve when they go online and we think this is the only way.”
Rise of selfie verification tech
According to research group Gartner, more than half the world’s large companies will replace existing authentication platforms with biometrics by 2023, while there will be more than 2.6 billion biometric payment users in banks by the same year.
And in June last year, consultancy McKinsey said the identity verification-as-a-service market in which Jumio is a major player would grow from $10bn (£7.8m) to near $20bn (£15.6m) by 2022.
Jumio CEO Stephen Stuut added: “As more of our important interactions move online, establishing trust digitally has become critical.
“Jumio is pioneering selfie-based authentication to allow businesses to leverage biometric user data captured during enrolment and re-verify that data in the future.
“With our new selfie-based authentication, users are not required to repeat the identity proofing process again — they just take a quick selfie — and as the digital chain of trust grows, so does the security level.”
FaceTec CEO Kevin Alan Tussy said: “Data breaches have put hundreds of millions of personal records and passwords into the hands of fraudsters.
“But biometric technology, especially face authentication, holds universal promise for solving our user access security challenges.”
He added that its ZoOm technology is “secure enough to replace passwords, knowledge-based authentication, and even SMS-based two-factor authentication on over 10 billion supported devices”.