Jumio CPO talks age verification amid rising digital fraud

Image courtesy of Cristina Zaragoza on Unsplash.

In today’s hyperconnected world, there is an app for almost everything.

As cybercriminals continue to level up their game, even increased verification measures such as multi-factor authentication are now deemed inadequate against new and emerging threats. 

Nevertheless, businesses must not complicate the verification process as it risks driving users away.

For many cybersecurity experts, biometrics should be the standard for digital identity verification. Jumio, an online mobile payments and identity verification company, relies on its age verification system, to help enterprises in swiftly verifying identities.

Bala Kumar, Chief Product Officer, Jumio Corporation, shares his insights on the matter.

Can you walk us through the technical process of how Jumio’s age verification system works, and how it differs from other solutions in the market?

Jumio’s age verification system employs AI, machine learning, OCR, and face-based biometrics to accurately and efficiently identify and authenticate users in real time. To initiate the process, users are required to submit a valid government-issued ID and a live selfie. This comprehensive approach serves as a robust age-verification and fraud-prevention tool, as minors would be unable to use their own likeness in a real-time selfie when attempting to use someone else’s ID or engage in spoofing to gain access to age-restricted content.

Jumio’s ID verification extracts pertinent information, such as the date of birth, from various government-issued photo IDs. This data is then used to determine the current age of the individual creating the account. The system further employs face-based biometrics and AI to compare the submitted selfie with the ID, verifying if they correspond. Subsequently, during each subsequent login, the user captures a fresh selfie, generating a new biometric template. This template is then compared to the original template to ensure that the person logging in is indeed the legitimate account owner.

The solution utilises advanced liveness detection to counter the vulnerabilities commonly found in less robust biometric systems, which are susceptible to spoofing. Jumio’s liveness detection technology undergoes rigorous testing to effectively thwart sophisticated spoofing attempts, including deepfakes and realistic 3D masks, among others. By requiring an exceptional investment in expensive, cutting-edge technologies, these checks make it incredibly difficult for users to bypass the system.

Additionally, Jumio’s KYX platform employs a layered approach to fraud prevention by incorporating additional risk signals such as the user’s name, address, IP address, device, phone, and email. This comprehensive assessment provides a holistic view of the risk involved, ensuring a highly secure online age verification process that effectively prevents minors from accessing harmful content while delivering a seamless user experience.

Many age verification solutions rely on biometric data, such as facial recognition or fingerprint scanning. What are the benefits and potential drawbacks of using biometric data in age verification, and how does Jumio address any concerns about this technology?

Biometric data utilises personal traits, like facial or eye maps and fingerprints, as unique identification features that are challenging to replicate. This makes it an effective method for verifying a person’s identity and preventing fraud. Businesses can enhance their security measures while providing a seamless user experience. According to Experian’s 2022 Global Identity and Fraud Report, 81% of consumers consider physical biometrics the safest recognition method, highlighting its convenience and ease of use. Additionally, Jumio’s recent research revealed that 83% of Singaporeans believe robust identity verification measures would help prevent underage access to online gaming and gambling.

However, it is crucial to recognise that each biometric verification technology has its own advantages and disadvantages. While facial recognition technology achieves accuracy rates above 99%, implementing facial recognition without liveness detection can expose organisations to risks such as deepfakes or digital injection attacks, where criminals bypass video biometrics using synthetic imagery. Cybercriminals are becoming increasingly sophisticated with their attacks, leveraging AI technology to create synthetic fingerprints capable of deceiving fingerprint scanners.

Furthermore, the use of AI in identity verification carries inherent risks. While more identity verification providers rely on AI to assess the authenticity of ID documents and verify whether the user creating a new online account is physically present, concerns arise regarding potential biases in the facial recognition process. Biases can manifest within algorithms due to limitations in training data size and quality, including biased human decisions or reflecting historical or social inequities, even when variables such as gender, race, or sexual orientation are removed.

One challenge with age verification is ensuring that the individual being verified is actually the person they claim to be. How does Jumio’s solution address this challenge, and what steps does the company take to prevent fraud or impersonation?

Jumio’s solution tackles this challenge by integrating advanced liveness detection, enabling businesses to determine the user’s physical presence behind an app and even detect deepfakes. This ensures that the person creating the account or making an online purchase is physically present.

Bala Kumar, Chief Product officer, Jumio. Image courtesy of Jumio.

In addition to verification checks, organisations need to assess each user’s risk levels to prevent fraud or impersonation. To achieve this, they can implement multi-factor and risk-based authentication, orchestrating only the necessary risk signals and technologies for identity verification. Jumio’s advanced risk signals can help organisations flag high-risk transactions promptly to ensure that their users do not provide any unnecessary dangers to their business, whether it be during onboarding or each time they return to the website.

On top of these measures, employing multimodal biometrics, such as a combination of fingerprint and facial recognition, can provide an added layer of protection for high-risk profiles, ensuring the highest levels of security. These solutions streamline the onboarding process and enhance the customer experience without imposing laborious steps on the end user.

Moreover, implementing these additional steps increases the complexity for fraudsters. While some organisations rely on email ID and password verification, these methods are easily bypassed. Even though using a spoofed mobile number presents greater challenges, it is still feasible. Creating a synthetic identity has become relatively simple in today’s digital landscape. However, generating a counterfeit government ID that matches a corresponding face, which may be required for verification at any time, poses a significant hurdle for cybercriminals attempting to spoof identities. Jumio’s fraud detection technology enables organisations to identify multiple instances of fake IDs, strengthening their ability to prevent fraudulent activities.

Some age verification systems rely on manual review or human intervention to verify user data. How does Jumio balance the need for accuracy and compliance with the need for speed and efficiency in its verification process?

Many businesses are still using checkboxes to verify the age of users. Alternatively, they may require users to submit their ID document as proof of age and identity. However, such an approach cannot truly verify that the person who submitted the ID is the same person.

Some organisations establish in-house teams to manually check ID documents. However, these teams may lack sufficient training to detect manipulated ID documents, especially considering the various security features and document types involved, particularly when verifying ID documents from other countries. Additionally, as businesses expand and transaction volumes increase, it may be challenging to allocate additional personnel. This compromises both accuracy and customer experience as more IDs need to be processed, leading to longer approval times.

With users seeking fast and seamless access to gaming or social media platforms, for instance, authentication processes must be efficient and time-sensitive. Otherwise, organisations risk users switching to other platforms. To overcome these challenges, Jumio’s technology leverages AI and advanced liveness detection to automate ID and identity verification within minutes. Manual review is reserved for special cases requiring additional scrutiny in decision-making.

With the rise of remote work and online commerce, there has been a surge in demand for remote identity verification solutions. How does Jumio’s age verification technology fit into this broader trend, and what opportunities and challenges does this trend pose for the industry as a whole?

As remote work becomes more prevalent, companies are increasingly reliant on third-party technologies, creating an increased risk of cyberattacks targeting their networks. It is therefore critical for companies to have a verification system and risk management framework in place for assessing the full IT parameters of remote work, including third-party technology providers.

As for online commerce, age verification plays a vital role in both identifying legitimate customers and protecting minors from harmful content in the online marketplace. Many countries now have legal requirements that mandate online businesses and service providers offering age-restricted products or services to verify the age of their consumers. For example, regulations in countries like China and Australia are evolving to include age verification for alcohol and tobacco products, as well as to safeguard minors from accessing online gaming services.

In today’s digital era, real-time age verification is increasingly important across various industries. Organisations need to prioritise the development of secure authentication mechanisms for their customers while ensuring convenience. This is essential to create safe online environments for users worldwide, including minors.

In your view, what are some of the most exciting developments or advancements in age verification technology, and how is Jumio positioned to make the most of these developments?

The advancement of AI technology has led to exciting developments in age verification technology. Businesses now recognize that simple checkboxes or ‘Over 18′ buttons are inadequate for verifying users’ age. There is a growing understanding of the value of integrating age verification technologies with identity verification technologies to accurately confirm users’ age. Many companies are adopting integrated platforms that offer end-to-end processes with the flexibility to customise according to different market needs. For businesses that require Know Your Customer (KYC) compliance, a unified KYC and ongoing customer monitoring platform can optimise operational costs while ensuring compliance with regulatory requirements.

Another noteworthy trend is the utilisation of AI-based biometric facial recognition technology to estimate users’ age as part of the age verification system. This approach streamlines the verification process, minimising disruption and inconvenience to the user experience.

Furthermore, Jumio has recently unveiled the latest evolution of the Jumio KYX Platform, which includes identity-proofing enhancements and an expanded range of risk signals to provide additional assurance and support compliance. The platform now incorporates age estimation technology, offering businesses access to over 500 global data sources for identity proofing, risk assessment, and KYC compliance. Real-time analytics and insights help organisations respond effectively to threats.