Abstract
The Covid-19 pandemic has accelerated digital transformation across all industries, enabling many businesses to carry on trading while streamlining processes. But perhaps not surprisingly, this move to digital has been accompanied by a rise in cyber-crime and fraud. This in turn has accelerated the search for technology that can help improve the security of digital ID verification, while enhancing the experience for users.
Vikas Seth
Focusing on the UK market, government figures illustrate the scale of the challenge: they show that 39% of businesses suffered a cyber-security breach or attack in the 12 months to March this year1. Similarly, the City of London Police, the UK's national force for combatting fraud, received nearly 4,000 reports of cyber-crime in the first month of Covid lockdown2, an increase of over 70% on the previous month and equating to £2.9 million in losses.
This massive spike in fraud, which began with the pandemic, reflects the increase in online activity worldwide by consumers as well as businesses. Without the freedom to pursue their usual in-person activities – such as domestic shopping, banking or signing up for a mortgage or loan – many people entered into new online territory that they simply were not prepared for.
Businesses too moved into unchartered waters. The constantly shifting situation around the pandemic provided an effective distraction for managers and employees, one that was compounded by the challenges of people working from home – again a new experience for many staff. These employees have largely been working using company laptops since the first Covid lockdown, but some have not – exposing them to the security risks posed by using their own computer, alongside inadvertently downloaded malware, via a domestic router. It didn't help that some families were sharing equipment, with cyber-security the last thing on children's minds when they clicked on enticing links and downloaded games.
Equally, many organisations were confident about the security of their VPNs. Pre-Covid, business VPNs were mostly required just for occasional use, when unusual or emergency circumstances forced someone to work from home for a day. Nowadays, they are the mainstay of daily business life as remote and hybrid working patterns are becoming embedded. Cyber-criminals have recognised that this new, flexible way of working is here to stay and are finding increasingly sophisticated ways to hack into business systems. The risks for those who do not act are potentially calamitous.
The increase in online commerce conducted by businesses, consumers and government agencies since the start of the pandemic has inevitably included online banking and the sharing of sensitive financial information. Organisations have had to react to the Covid challenge and new ways of operating quickly and decisively, so it's not entirely surprising that some mistakes were made and specific security checks were overlooked. State aid programmes, hastily put together to support individuals and businesses that were struggling, found themselves open to fraud. For example the UK Government's Bounce Back Loans Scheme was targeted – and as much as £27 billion may have been lost to fraudsters and defaulted payments from this scheme alone3, alongside losses connected to other Covid-19 support programmes.
Again, some businesses were unable to weather the storm and others had to temporarily pause trading. This in turn meant many other companies were scrambling to identify new business partnerships – trading partners, suppliers and customers – almost overnight. The pressure to keep going meant that due diligence and KYC requirements weren't always the top priority.
It's vital to offer a range of customer onboarding methods: lockdowns got people used to video calls, so onboarding via a video with a human agent could work.
Improving ID verification
Against this background, business-to-business (B2B) identity verification systems broadly prioritise security over convenience: a certain amount of red tape is expected and accepted. But businesses dealing with consumers are under pressure to put ease-of-use and simplicity at the top of their priority list, with security an almost ‘invisible’ regard. Consumers want and expect an easy, seamless experience – and businesses have to be able to offer that or risk seeing those potential customers walk. This means any digital ID verification processes have to not only be robust, but also meet the preferences of customers with little patience for long-winded processes.
Again, not every customer is the same. Digital natives and millennials may be fine with some forms of digital onboarding, but older generations may find the idea genuinely off-putting. It's important to be able to offer a range of customer onboarding methods that have multi-generational and cross-demographic appeal. In order to increase conversion rates, a range of methods should therefore be available.
For example, video-based systems that involve a human agent may be preferable for some customers, as they are more like a traditional face-to-face meeting. And lockdowns ensured that even the more digitally-averse have become adept at Facetime calls with friends and family, making a live video communication an acceptable proposition for many who might have shied away from the idea before the pandemic struck in early 2020.
Onboarding new customers usually involves two main objectives – the authentication and confirmation of the presence of a valid identity document, and a second layer of security that confirms ‘liveness’. These checks remove the risks of a criminal using a stolen photograph or wearing a mask, an imposter or close look-alike. One solution that addresses these objectives, while also creating a seamless and straightforward user experience, is to combine NFC communications technology with video, fingerprint and ‘selfie’ biometrics.
NFC – or near field communication – works by using wireless communication, at a range of 4cms or less, to access a ‘passive’ unpowered device such as an NFC-chipped document or passport, that is temporarily powered by an active ‘reading’ device. It is now common technology, embraced by transport systems the world over, though first widely used in the UK back in 2003 by Transport for London (TfL) for its contactless Oyster Card. It's the chip that enables passports to be read and checked instantly at airports, and the reason why contactless payment cards and mobile payment solutions like Apple Pay and Google Pay can access money with a simple wave in the direction of the payment reader.
NFC is a useful tool at a time when it's clear that Covid-19 isn't going away any time soon and biosecurity will continue to be a worry for many. NFC can help to contain the spread of the virus: its ‘tap-and-go’ process guarantees less physical interaction and provides a more hygienic way of operating than using government-issued ID documents. NFC technology also provides an additional layer of authentication, as ID retrieval is done from a digitised imprint on a chip. This is harder to manipulate than a paper document, so making it difficult for criminals to carry out ‘similarity’ fraud.
Today, the more up-to-date Apple and Android mobiles all have the ability to read NFC chips, making digital ID verification quicker and more secure. NFC chips hold biometric information about an individual that can be instantly compared with the in-person customer. It becomes even more effective when used alongside other real-time digital sources such as photo and video selfies to support remote onboarding. This blend of two secure processes protects the user experience, while securing their data and their digital identity from unwanted criminal interference.
NFC in Europe
Digital technology for improved ID verification is now becoming standard across Europe. And countries including Portugal, France, Germany, Switzerland and Austria are implementing law changes around NFC technology to enable digital ID verification. Currently, 14 European Union (EU) member states have their own national identity card systems, each designed independently in different ways with limited interoperability. In their place, the EU is introducing a ‘digital identity wallet’ where citizens across all member states can store their electronic ID (eID) such as driving licences, bank account details and even educational and professional qualifications. This will allow people to access online and offline services using their mobile phones, at home and across the trading bloc.
Naturally the proposal that individuals store all of their identity documents in one place has caused concern amongst some commentators, worried about cyber-crime. However the option to combine NFC technology with other forms of digital ID verification is taking off, as governments and organisations appreciate the security and compliance benefits alongside a user-friendly experience.
France has launched a new digital identity service using an NFC ‘passport’. Citizens can use their smartphone to upload a selfie video. This captures their face from multiple angles with movement and expressions, which can then be compared to the photo in their biometric passport. This provides not only an accurate verification of the likeness, but also serves as a proof-of-life to thwart would-be ID theft.
The aim of this scheme is to offer secure identification authentication that will allow French citizens to access the government's online services gateway. This is used by banks, other private sector companies and government agencies. Users simply have to complete a single registration that will then enable them to access multiple services.
As with all data transferred using NFC technology, images are not stored and cannot be copied, making them more secure. The verification video is deleted as soon as the ID is authenticated by the comparison with the biometric photo. This increased level of security also provides the user with more control over their own data.
In Germany, meanwhile, national ID cards with an activated electronic ID function (eID) can be used alongside an NFC-enabled smartphone for more rapid digital identification. Consumers can use the two technologies combined to register for services such as banking and other financial activities, insurance and telecommunications, within minutes.
There are also solutions available that use alternative additional verification methods, for customers who don't have devices with the required eID or NFC-enabled specifications. Identity verification specialists can offer businesses a platform that uses digital verification via video-chat, backed by AI technology – or even using a customer's existing and therefore authenticated bank account to send a refundable micro money transfer alongside a scanned ID document.
European countries are changing the laws around NFC technology: in Germany, ID cards can now be used with an NFC-enabled smartphone for faster digital identification.
Customer service
The key to customer satisfaction is to offer consumers the choice of an easy and inclusive experience, so that no matter how tech-savvy or tech-naïve they are, there is a simple and hassle-free solution available for verifying their identity.
This type of increased control, combined with simplicity of interaction for the user, is the most persuasive argument for using a combination of NFC with other biometric identifiers. It gives those businesses that choose to deploy it a better chance of converting prospects into clients. And in competitive markets, it is important to offer processes that drive positive customer feedback, further supporting future conversion rates and bolstering reputation.
NFC used alongside mobile phone-based biometric identifiers is secure, compliant with legislation, protects personal data and is customisable for mobile and web integration. For customers there is no need for additional hardware. They can register their details at any time of day or night – using a system that works as easily as paying for their weekly shop with a phone or bank card.
Biography
About the author
Vikas Seth is chief product officer at IDnow. He is an advocate of NFC technology, and is implementing this technology as part of the IDnow Platform to enable secure customer biometric verifications whilst combatting fraud. Before joining IDnow, Vikas spent 20 years in product management at companies including Honeywell, EMC Data Storage Systems, AVG Technologies and lastly Avira, where he spent three years working as the director of product management and engineering.
References
- 1.UK Government’s Department for Digital, Culture, Media & Sport; 24 March 2021. ‘Cyber Security Breaches Survey 2021’.https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2021/cyber-security-breaches-survey-2021 [Google Scholar]
- 2.‘Cyber attacks increase as people work from home’. City of London Police. 9 September 2020. https://www.cityoflondon.police.uk/news/city-of-london/news/2020/template4/press-releases/cyber-attacks-increase-as-people-work-from-home/
- 3.‘Taxpayers set to lose tens of £billions in Government’s Covid-19 support schemes’. UK Parliament’s Public Accounts Committee. 30 June 2021. https://committees.parliament.uk/committee/127/public-accounts-committee/news/156186/taxpayers-set-to-lose-tens-of-billions-in-governments-covid19-support-schemes/