《Consult Hyperion:2024年身份证件验证市场指南(英文版)(12页).pdf》由会员分享,可在线阅读,更多相关《Consult Hyperion:2024年身份证件验证市场指南(英文版)(12页).pdf(12页珍藏版)》请在三个皮匠报告上搜索。
1、 Market Guide Identity Document Verification Date:April 2024 Author:Steve Pannifer Fatma Gharsalli 2|P a g e Market Guide to Identity Document Verification Executive Summary Digital banks were amongst the first organizations to realise the benefits of digital Identity Document Verification.It provid
2、ed a route for remote customer onboarding whilst satisfying regulatory requirements.The technology and service offerings have matured and evolved and now should be seen as a standard part of any consumer facing regulated service including financial services,gambling,insurance and conveyancing1.Today
3、,Identity Document Verification is mostly used for onboarding.It often treated as being one component of the customer due diligence process,bundled with other background checks.The technology can however be used to realise benefits across the customer lifecycle.Identity Document Verification can hel
4、p with account recovery,step up processes and other critical events throughout the customer lifecycle.Identity Document Verification should therefore be made available as a separate capability,unbundled from onboarding processes,so that it can be used whenever required.It should be a key asset withi
5、n a service providers identity fabric,integrated with its identity and access management platform enabling it to be leveraged whenever required.This paper provides an overview of the two primary methods of Identity Document Verification photographic and cryptographic.It shows that the cryptographic
6、method is far superior from a security perspective and can be delivered with an optimised user experience.It also shows that Identity Document Verification is a specialised capability that involves much more than simply scanning the document.We therefore believe that for most organisations,Identity
7、Document Verification is not a core business competency and is therefore best outsourced.This paper was commissioned by Inverid.3|P a g e Market Guide to Identity Document Verification 1 Introduction Documents play a key role in confirming the identity of customers.In particular,official documents s
8、uch as passports provide strong evidence to support a claim of identity being made by a customer.In recent years there has been an explosion of digital Identity Document Verification solutions.This has been accompanied by recognition by regulators of the applicability of these solutions to regulated
9、 sectors such as finance and gambling.This has enabled the development of many mobile-first and mobile-only services,allowing customers to access services with great ease through their mobile devices.The benefits of Identity Document Verification can be realised in many more places than simply custo
10、mer onboarding.Throughout the customer lifecycle there are requirements to confirm the identity of the customer.Identity Document Verification technology is therefore an essential component of any regulated digital service and the platforms that underpin those services,such as banking-as-a-service p
11、latforms.The recent advances in artificial intelligence and machine learning present a challenge to some Identity Document Verification solutions those that rely solely on capturing and analysing an image or video taken of a physical document.These solutions are susceptible to deepfake injection att
12、acks and therefore the more robust chip-based solution,which rely on strong cryptography,provide a more secure approach.This paper unpacks this in four sections:Role of Identity Document VerificationRole of Identity Document Verification,which explains the potential use of Identity Document Verifica
13、tion throughout the customer lifecycle.Approaches to Approaches to Identity Document VerificationIdentity Document Verification,which considers the two key approaches to Identity Document Verification available in the market and explains why a chip-based is both significantly more secure and done we
14、ll can provide a better user experience.Components of Identity Document VerificationComponents of Identity Document Verification,which details the components needed to deliver a robust chip-based Identity Document Verification solution.Sourcing Identity Document Verification,Sourcing Identity Docume
15、nt Verification,providing an outline approach to sourcing the right solution for your organization.4|P a g e Role of Identity Document Verification 5|P a g e Market Guide to Identity Document Verification 2 Role of Identity Document Verification Identity Document Verification is often associated wit
16、h onboarding processes how you establish the identity of a customer when opening a new account.For regulated services,such as financial services2,the ability to remotely read or scan an official document,such as a passport,can enable“know your customer”(KYC)processes to be completed remotely enablin
17、g smooth digital onboarding,at the start of the customer lifecycle.The investment made in Identity Document Verification to support robust onboarding processes can be leveraged to provide significant benefits throughout the whole customer lifecycle.The same process can be employed at several other h
18、igh-risk moments,providing convenient and secure ways to control access to the customers account.For example:Account RecoveryAccount Recovery If a customer loses their device,or it is stolen or broken,then it is essential to provide a secure way to get the customer logged in again.This is particular
19、ly challenging when the customer only uses the mobile channel,as there will be no other communication channel that can be used to support the recovery process.In such circumstances,the identity of customer needs to be reestablished and bound to their new device.Identity Document Verification is a co
20、nvenient and robust way to do this.The capabilities put in place to support robust onboarding can be reused to support secure account recovery.Risks with weak account recovery mechanismsRisks with weak account recovery mechanisms Account recovery is like account opening you have lost the connection
21、with the customer and so their identity needs to be confirmed to reestablish that connection.A weak account recovery mechanism,such as the use of SMS one-time passwords,will be exploited by attackers wishing to perform account takeovers.Dormant AccountDormant Accounts s With non-transactional accoun
22、ts such as a long-term savings account,you may not interact with your customer for extended periods of time.When the customer eventually needs to access their money,they may not have active authentication credentials and therefore need to be identified.Identity Document Verification provides a robus
23、t way to establish that you are dealing with the legitimate customer.Step Up ProcessesStep Up Processes For high value transactions,especially where those transactions are atypical for the customer,care must be taken to ensure that the request is being made by the legitimate customer.Step up authent
24、ication processes are often employed for this purpose.Identity Document Verification can also be used for this purpose either as an alternative mechanism or as a fallback mechanism in the event that the customer has a problem with the step-up authentication process.Ongoing Customer Due DiligenceOngo
25、ing Customer Due Diligence If you believe the customer account is at risk of being accessed by an unauthorised party Identity Document Verification can be used to provide assurance that the correct person is using the account.6|P a g e Approaches to Identity Document Verification%Image of DocumentAI
26、 ModelProbabilistic ScoreY/NJ1R3YXMgYnJpbGxpZywgYW5kIHRoZSBzbGl0aHkgdG92ZXMKRGlkIGd5cmUgYW5kIGdpbWJsZSBpbiB0aGUgd2FiZTsKQWxsIG1pbXN5IHdlcmUgdGhlIGJvcm9nb3ZlcywKQW5kIHRoZSBtb21lIHJhdGhzIG91dGdyYWJlLgpCZXdhcmUgdGhlIEphYmJlcndvY2ssIG15IHNvbiEKVGhlIGphd3MgdGhhdCBiaXRlLCB0aGUgY2xhd3MgdGhhdCBjYXRjaCE=Chal
27、lenge/ResponseCryptographic Verification ProcessDeterministicpass or fail Trivial to Clone Straightforward to fake Document Images Practically impossible to clone Practically impossible to fake Document Chips Market Guide to Identity Document Verification 7|P a g e 3 Approaches to Identity Document
28、Verification For many years,secure physical documents have played an important role enabling people to get in-person access to services.Passports,drivers licences and bank notes all employ a range of physical techniques such as secure printing and holograms to make the production of good forgeries d
29、ifficult,although not impossible.Staff are then trained to be able to distinguish real documents from forgeries.The process is,however,prone to error,especially when done remotely.To enable remote access to services,two methods for verifying identity documents digitally have been developed:Photograp
30、hic methodPhotographic method,whereby a photographic image(or video recording of)the document is captured and analysed.Unfortunately,it can be difficult to analyse document physical security features from an image.With advances in AI,it is increasingly easy to generate authentic looking fake images
31、or videos.Cryptographic methodCryptographic method,whereby data is read from a secure chip embedded in a passport.This can be done with a mobile device using the NFC interface.The data read from the passport is cryptographically signed by the passport issuer.The chip also contains a private key that
32、 can respond to a challenge/response process,making cloning of the chip practically impossible.Whilst no security control is 100%guaranteed,cryptographic and chip technology is highly resistant to attack which is why it is employed across the card payments sector3.Note that to read the chip on a pas
33、sport it is first necessary to scan the Machine-Readable Zone(MRZ)printed on the“biographic data”or“photo”page.This includes a key necessary to read the chip data,preventing covert scanning of documents without the document holders permission.There is a significant difference in security between doc
34、ument images and document chips.It is trivial to copy,manipulate and share document images or videos.Cloned or faked images can then be presented to Identity Document Verification solutions in a variety of ways including physically printing and presenting the image,or injecting the image into the pr
35、ocessing flow by exploiting a software or communication vulnerability with the potential for scalable attacks and no requirement to have been in possession of the genuine original document.Document chip-based solutions,on the other hand,are not susceptible to copying or manipulation due to the stron
36、g cryptographic controls they employ and the security certifications they undergo4,meaning that access to the genuine original document is necessary in order to use it in an Identity Document Verification process.Risks with probabilistic solutionsRisks with probabilistic solutions Photographic metho
37、ds of Identity Document Verification are probabilistic,using machine learning models to provide a score of how likely the document is to be genuine.They may need to store images of documents,creating significant data protection risks.Furthermore,sophisticated deep fakes may not be detected by existi
38、ng models,requiring additional training or new models to be developed.This arms race will continue to be a challenge with the commoditisation of generative AI.8|P a g e Components of Identity Document Verification Cloud Managed service:Wide document support Configure to customer Device Small device
39、footprint:Maximise device support Reduce device risks Maintain list of trusted root certificates from document issuing authoritiesMatching in cloud to mitigate against injection attacks15:25Cryptographic verification in cloud to mitigate device security risksBest in class facial biometric and livene
40、ss captureMonitor for and respond to threat intelligenceLogging to enable measurement against KPIsDevice,behavioural and context data for monitoring and security PASSPORT15:25Place Place Passport Passport HereHereMaintain information on documents globallyOngoing testing of all supported handsets and
41、 operating systems in marketFlexible UX accounting for all combinations of handset and document typeSupport for test documents to facilitate service testingSmall SDK enabled through cloud processing.Device just acts as readerAnalytics to spot issues with documents and devicesManagement of document a
42、nd device types supported and/or trusted 9|P a g e Market Guide to Identity Document Verification 4 Components of Identity Document Verification A full solution for cryptographic identity document verification requires much more than just the ability to read a passport chip.The following areas need
43、to be considered:User ExperienceUser Experience For a passport chip read to be successful,the passport must be positioned in the correct place against the mobile device NFC antenna.This positioning can vary for different passport and device types.To ensure a good user experience and high conversion
44、rates,it is necessary to guide the customer so that they know how to position the document against the device.The customer may also need to be made aware that protective device or passport covers can interfere with the process.Device SupportDevice Support There are thousands of mobile device models
45、in the market,with a wide variation in the dominant devices used in different geographic markets.Optimal user experience is dependent on knowing NFC antenna positions and making use of the latest platform and app deployment capabilities.Verification should occur on a server in a controlled environme
46、nt rather than on the users device.This will enable a wider range of devices to be used,including those with outdated operating systems as well as reduce the security risks in markets where it is common for customers to bypass operating system controls,through a jail breaking or rooting process.Docu
47、ment CoverageDocument Coverage and and VerificationVerification To be able to verify passports and identity cards from around the world,it is necessary to maintain an up-to-date database of root certificates and to support new document formats,data formats and security controls.An example of this is
48、 the transition from Basic Access Control to Password Authenticated Connection Establishment(PACE)5 for the chip readout protocol in many identity documents.There is no single source for such information which is continually changing.A cloud-based service can monitor and respond to required changes
49、in a managed and efficient way.MatchingMatching Biometric TechnologyBiometric Technology Identity Document Verification usually needs to be accompanied by a remote facial biometric and liveness detection process that ensures that the correct person is presenting the document.It is essential that bes
50、t of breed solutions are chosen that are resistant to current deep fake attacks and that provide the ability to adapt to new attacks as they arise.ComplianceCompliance and and S Securityecurity Ensuring compliance to relevant laws and standard,such as digital identity(e.g.EU eIDAS)and data protectio
51、n(e.g.EU GDPR),is complex.10|P a g e Market Guide to Identity Document Verification 5 Sourcing Identity Document Verification U Unbundle nbundle Identity Identity Document Verification from Document Verification from C Customer ustomer OOnboardingnboarding Today,Identity Document Verification is oft
52、en treated as one component of the customer due diligence process performed during onboarding and tightly coupled with other background checks,such as PEPs and Sanctions checks.Identity Document Verification is,however,a robust control that can be employed at many other high-risk moments in the cust
53、omer lifecycle.Unbundling Identity Document Verification from onboarding and making it available to platforms that support the entire customer lifecycle,such as Identity and Access Management,Customer Relationship Management and HR platforms,will allow Identity Document Verification to be leveraged
54、whenever required.Realising the Realising the B Benefits ofenefits of Identity Document Verification across the Identity Document Verification across the C Customer ustomer L Lifecycleifecycle The following table provides an outline plan of the steps you should take to realise benefits across the cu
55、stomer lifecycle.PhasePhase Example Example ScopeScope AnalyseAnalyse Customer Base Passport and document types used by customers.Understand future customer needs.Service Context Identity Access Management solution that Identity Document Verification will need to integrate with.Customer Lifecycle Li
56、fecycle events where Identity Document Verification will provide a convenient and secure process.DefineDefine Functionality Document verification with or without facial biometric verification.Supported document issuers.Which flows to be supported,e.g.mobile only or web combined with mobile.Operation
57、al Requirements Performance and availability.Customer support requirements,including minimising the use of manual intervention.Regulatory Requirements Data protection including sovereignty and retention.Identity assurance requirements.Security certifications.SourceSource Partner Select partner capab
58、le of meeting current and future requirements.Integration Integrate with enterprise identity fabric,such as Identity and Access Management systems,to ensure consistent approach to customer identity management.Align with industry technical standards to avoid lock-in.Testing Test across as wide a rang
59、e of devices and documents as possible.Leverage test results from partner.Operation Set detailed KPIs.Monitor Analytics Dashboards.Audit for compliance to data protection regulations.11|P a g e Market Guide to Identity Document Verification References 1 HM Government Land Registry.https:/www.gov.uk/
60、government/publications/encouraging-the-use-of-digital-technology-in-identity-verification-pg81/practice-guide-81-encouraging-the-use-of-digital-technology-in-identity-verification 2 EBA guidelines.https:/www.eba.europa.eu/legacy/regulation-and-policy/regulatory-activities/anti-money-laundering-and-
61、countering-financing-4 3 EMVCo.https:/ ENISA.https:/www.enisa.europa.eu/publications/remote-id-proofing-good-practices 5 ICAO.https:/www.icao.int/publications/Documents/9303_p11_cons_en.pdf Head Office:Consult Hyperion|Tweed House|12 The Mount|Guildford|Surrey GU2 4HN|UK US Office:CHYP USA Inc,a Consult Hyperion Company|234 Fifth Avenue|New York|NY 10001 Copyright 2024 Consult Hyperion