As a longtime horror fan, I live for October. It’s nearly Halloween, that spooky time of year when people dress up, don fright wigs, put on bedsheets, and wear scary masks that look like Frankenstein, Dracula, or my wife’s cousin. These trappings are meant to be cartoony and fun, and you can spot from a block away the fact that these getups are just for laughs. As in, nobody looks like that in real life (or so we hope).
When you take off the mask, you look like yourself, and nothing like that latex caricature. Bar bouncers are pros at telling the difference between your rugged older brother’s picture on the license you “borrowed,” and your own angelic, underage face, and telling you to scram. Most humans can do that.
But what about digital recognition? To a computer, your picture isn’t pretty, ugly, sneaky, or scary. You’re just numbers. The distance between your eyes, your nose to your lip, your lip to your chin, the space between your ears. Your lovely mug is reduced to a grid of features and their relation to each other.
Which is why, believe it or not, it’s easier to fool the computer than a person when it comes to facial spoofing. If a fraudster is using a stolen ID for digital verification, and the photo on that ID has to match up with a selfie, they have two options. The first is to take a picture of a picture (such as a photo lifted from the ID owner’s Facebook page). Various solutions might detect that this is not 3D or that it’s not live. In fact, liveness technology is meant to detect that the selfie is taken by a real person in real time, and not a flat image.
The other option is to wear a mask. No kidding. If I walk up to you wearing a full-face mask, you’ll normally call the cops, or hand me some candy, depending on the time of year. But to a digital verification system, you might look legit. Wraparound masks provide the 3D effect and can also allow you to blink or move your lips or fulfill whatever liveness requirements the system demands. And these masks can be utterly ridiculous but still fool a computer. They’re meant to mimic the mathematical grid of the identity victim’s face and defeat standards such as NIST PAD L2 certification.
There are all sorts of vendors who try to mitigate these kinds of frauds, which are called “spoofs” in the industry. But they do so with tons of friction. They tell you to tilt your head this way and that, sing your school fight song, cough, dance the Macarena, whatever. But in locations with spotty coverage, where you can’t afford to send a giant payload, or when you just plain need a more streamlined user experience, these methods aren’t viable. At Socure, we provide a passive, minimal-friction, single-frame, simplified-yet-accurate experience.
Instead of bolting on a separate feed, Socure holds the user’s hand to ensure a friendly and easy image capture. Then the fully integrated process kicks in. We extract the data and photo from an ID, along with that selfie, and feed it all to our machine learning platform to achieve comprehensive, holistic ID verification. A more efficient onboarding flow, one that isolates more fraud while greasing the tracks for legitimate applicants, means drastically reduced losses combined with increased revenue and happier consumers.
Neither ghosts nor ghouls will steal your identity. Flesh and blood crooks, wearing masks and wielding pilfered credentials and physical IDs are doing the damage. Socure’s Predictive DocV, integrated with our industry-best identity verification platform, is the best way to keep your company safe from the digital fraud monsters who hide under the bed. Talk to an expert now to see it in action!
Jeff Scheidel is a technologist with 38 years in software, including 26 years in security solution design. He is the author of numerous white papers on security and regulatory compliance, as well as a McGraw-Hill book on identity, access, database, and application protection. Jeff is an expert on compliance requirements across a number of industries, and has presented at a wide variety of security events.