The trend of selfie verification, which has been steadily growing since the pandemic, has now gained serious traction. However, this method can easily be abused and service providers should be extra careful with it.
In the past half a decade, banks, fintech organizations, and similar, have increasingly started verifying people’s identities through selfie images. Customers are asked to take a selfie photo, sometimes holding an identification document in their hands. This method aims to mimic what customers would be asked to do at the counter.
Although it looks good on the surface, this approach is far from perfect and comes with risks that need to be addressed. Speaking to The Register, multiple security experts, and market analysts, discussed the practice and identified three major pain points – KYC and AML woes, securing and disposing of image data, and potential data breaches.
Liveness check
Oftentimes, different countries and jurisdictions will have different laws and regulations regarding Know Your Customer (KYC) and Anti-Money Laundering (AML) practices. This, together with the fact that such laws are frequently changed and updated, leads to a “gap in arbitrage”.
Furthermore, many organizations requiring their customers to verify their identities outsource the requirements to a third party. These partners sometimes don’t handle the sensitive data properly, and sometimes don’t even discard the images after the verification is complete. That leads to the third problem – data breaches.
Sensitive data, such as people’s selfies, is very attractive for cybercriminals. They can use it in various ways, from selling it on the dark web, to conducting advanced phishing and identity theft attacks themselves.
To tackle the threat, organizations have started asking customers to take selfies while holding a piece of paper with a unique message on it. While this helps, it is still not perfect, since the message on the paper can be edited.
An even better solution would be a “liveness check” – where customers are asked to provide a video of their face, with different facial expressions, or a head turn. Some liveness checks even search for signs of blood flow underneath the skin.
More from TechRadar Pro
Services Marketplace – Listings, Bookings & Reviews