Identity, Fraud, Terrorism and Social Media – Connecting the Dots
Why Social Media is an Important Piece of the Puzzle for Identity Verification
As the DHS announces it will use Social Media as part of the vetting process for new visa applications; one company has been using it for broader identity verification – and showing meaningful results.
This month, U.S. Homeland Security Secretary Jeh Johnson indicated that his department has been consulting social media in reviews of immigration applications since early this year, in an apparent reaction to the terrorist-related tragedy this month in San Bernardino, California. Some would argue this should have been a regular practice for a long time now, but this blog is really directed at the inherent value of social media in verifying the true digital identity of individuals.
Back in 2011, Sunil Madhu, a security architect by training and repeat start-up entrepreneur, started thinking deeply about “social proof”, and the powerful data that can be gleaned from resolving the one true identity of an individual. The obvious starting point for this, to be respectful of personal information is not the conventional “credit header data,” but rather the digital presence and ‘data exhaust’ from our online personalities.
Applications from social media networks to news feeds, online shopping sites and everything in between use e-mail as a unique identifier. In dozens of applications every online user has interacted with, they’ve created an implicit link between their e-mail, phone number, physical address, and other data points.
Social media sites also offer a deeply compelling ways to confirm the veracity of an individual—two elements in particular—history and social proof.
The history, or time element of profile updates, posts, likes, etc. give a meaningful trail data. Personal social networks have been in existence for about a decade. Based on the age, gender and background of an individual, meaningful information has been dribbled out over some duration as profiles expand, connections are added and interactions with others appear. It would be odd, for example, if a 23-year-old American from a suburban family had a profile that is only 6 months old, with few connections and no shared updates. This data point in itself may not be indicative of anything, but taken with other pieces of information it’s incredibly telling.
Social media also offers something new and unique – several forms of social proof. In a professional network, for example, by virtue of the fact that an individual has years of work history, with hundreds of connections, dozens of recommendations, and perhaps a history of updates, they’ve left a digital trail that would be exceedingly hard to falsify. Further, since profile pictures, work history and work activities are part of this profile, those connections offer social proof that this individual looks something like their profile picture, has worked in those positions, and had meaningful interactions.
While most organization understand the power of social media and trusted online data, finding a way to make it useful had proven challenging. Socure set out to solve the challenge of making this data meaningful for institutions that want to verify individual identities, and integrate this into their existing authentication processes in a meaningful way.
Commentators have noted that a “simple Google search” would turn up meaningful information on a person, is completely within the realm of public information, and at the same time is unobtrusive to the individual. This is true, but that type of search is generally a tedious manual process, put open people in roles where time is short and workload is daunting – there had to be a better way.
Automating this process, Socure created a patented process to fuel its Social Biometrics™ Platform. The components of the platform access trusted online data – things like phone, email, etc. with social media profile information, as well as facial recognition software to conduct a process called “entity resolution.” It further looks to IP geo-location (where a device is in the world as indicated by the path by which it is accessing the internet), device ID (the fingerprint of a smartphone or computer), and related information. As the patent details, this process combs through the volumes of data and the access data to match the individual.
Sure not to run afoul of personal information, the data returned to a requesting institution consists of scores and reasons for those scores. Typically the score indicates the probability that the identity is authentic, confidence level of this score, and fraud score - a rating of how likely this identity is at this time fraudulent.
The key value of this process, whether verifying an identity for entry into the country or to approve a new credit card application– is that it returns an answer in just a few seconds… and provides links to public profile information, including profile photos, phone directory information.
Social Media is a valuable component of identity verification. While the meaning of “identity” has gotten increasingly digital over the past decade, organizations—governments and private institutions alike—need to recognize the value of social media data and put it to good use to protect their citizens, users, clients and employees in an increasingly digital world.