BLOG: Twin headwinds hitting ID verification

As we head into the second quarter of 2024, the ID market is entering a transition period as portable digital identity solutions are starting to mature, which in the next five years will reduce the demand for identity verification solutions.

Alongside this, competition is having a particular influence on the market with a large number of vendors offering what appear to be similar core identity verification processes.

This is causing confusion among buyers and forcing vendors to offer additional features such as enhanced fraud detection and low-code integrations in order to differentiate.

This amalgamation of the ID market is set to continue as customers require a multiple solution for each KYC journey (document authentication, mobile authentication, email fraud risk checks etc ) so just providing one point solution ID is no longer valid for the market .

As a result, revenues are under pressure as the race to the bottom for transaction fees gains momentum.

At the same time, the malevolent use of AI stands as a key concern for ID verification providers as it becomes increasingly sophisticated.

Although generative AI is not new, the accessibility of tools using this AI – commonly known as deepfakes - and the public awareness of its capabilities have accelerated massively.

Gartner recently reported a significant increase in clients asking about the integrity of the identity verification process now that attackers have the potential to use deepfakes.

Such attacks can broadly be carried out in two ways through ‘presentation attacks’ where the deepfake image or video is displayed on the screen of a secondary device and ‘injection attacks’ where the deepfake image or video is digitally inputted into the identity verification process.

Academic research shows that deepfakes are almost five times better at spoofing verification solutions. Traditional spoofing methods like printed photos placed in front of the camera or realistic 3D masks succeed in 17.3 % of cases. Meanwhile, deepfake-enabled spoofing techniques to succeed in 86% of cases.

This is essentially a new world problem and organisations need new world solutions to counteract them putting further pressure on the ID verification market.

So what makes the ideal ID verification solution? Firstly, more mature offerings will allow an organisation to configure the look and feel of the UI with respect to colours and logos to enable some alignment with corporate branding. The most advanced offerings provide drag-and-drop interfaces that enable deeper configuration of the UI and hence UX, such as requested data fields for the user to complete, flexibility for the user to select document types, and also calling out to third-party data affirmation sources that the vendor has integrated.

These low-code implementation approaches are proving to be attractive as they enable far faster implementations requiring fewer skilled resources, and encourage organisations to try vendor solutions, safe in the knowledge that their initial investment is relatively low. This is also enabling many small organisations to take advantage of such remote identity verification flows. There is a long tail of small independent businesses such as realtors or estate agents, lawyers or solicitors, financial advisors or tax specialists, who need to verify their customers’ identities for regulatory purposes and a remote identity verification process triggered by a QR code with results available for lookup on a portal opens up opportunities for new business processes and modes of interaction.

And what of digital onboarding providers? What role should they be playing as the ID verification market experiences a period of flux?

Most vendors have typically offered organisations an API for browser implementation and a software development kit (SDK) for mobile app implementation. Outside of the core document and selfie image capture UX, organisations have developed and managed the UI components that form the broader identity verification journey. However, vendors are increasingly offering low-code implementation approaches in which the vendor hosts and manages all of the UI components and the entire user journey related to identity verification.

A typical low-code implementation consists of the organisation either sending an SMS to the user containing a link or asking the user to scan a quick response (QR) code, both aimed at getting the user onto their mobile device and on their mobile browser, eventually onto a site hosted by the vendor. More accurate results are generally achieved when the user goes through identity verification on their mobile device as the camera quality is far superior to a laptop or desktop webcam. This also improves UX by reducing requests to the user to retake images due to poor quality.

Once the user has gone through the identity verification process, the vendor will then send data pertaining to the identity verification to the organisation. This may be achieved by the organisation through polling a vendor’s systems, using web hooks, or even simply looking up the results on the vendor’s administrative portal. At the basic end of the spectrum, vendors may offer a fixed UI that the organisation has no control over.

Other articles

See Zenoo in Action

Discover how Zenoo modernises your services and empowers customers to utilise your offering effectively, without coding.

Designed & Developed by Minimize