Internationally, fraud is responsible for trillions of dollars a year in costs to businesses. Fraud impacts businesses in every industry but is particularly insidious in the financial industry as well as retail. Businesses are constantly fighting against fraudulent activity, identities and transactions. While there’s no silver bullet that will prevent all types of fraud in all situations, there are tactics that businesses can employ to battle the most rampant forms of fraud.
Facial recognition for proving and authenticating people is an effective, but controversial, method for battling the identity fraud that enables other fraudulent activity.
How Facial Recognition is Used for Fraud Prevention
Facial recognition is one of the most popular authentication methods due to the high level of accuracy possible, as well as the ability to add liveness detection to the authentication process.
Liveness detection is essential, as the lower end facial recognition algorithms can be fooled by many of the common presentation attacks. Presentation attacks can be as basic as holding up an image to the camera and being allowed access. They can also be more elaborate, utilizing real video footage of the person being faked, deep fake videos, or hyper-realistic masks to fool the facial recognition algorithm into “recognizing” the person at the other end. Combining liveness detection with spoofing detection and other identity verification methods helps combat these elaborate and dedicated presentation attacks.
For the average consumer or employee, however, the level of effort needed to bypass facial recognition (even systems with simpler or less accurate facial recognition algorithms than what Q5id relies on) is significantly higher than any potential payout from the fraud. For this reason, using facial recognition as at least one identity verification method is highly recommended when it’s a sensitive or important transaction.
Facial recognition prevents fraud by increasing the assurance that a given person trying to access a system, transfer funds, or make a purchase is actually who they claim to be. It can seem overly simplistic to say that simple identity assurance is a safeguard against fraud, but it adds a layer to your cybersecurity strategy to further protect your business.
In addition to making it harder for a bad actor to gain access to legitimate accounts, facial recognition as a part of your initial new user enrollment is an essential part of the initial proof of identity. By using facial recognition to compare the new person being enrolled against existing forms of ID, combined with liveness detection, new people in the system have a high level of identity assurance. Fraud is prevented both through the confidence that a new person is legitimate, as well as by making it significantly harder to pretend to be that person.
If Facial Recognition is So Helpful for Fraud Prevention, Why is it Controversial?
While facial recognition is convenient, adds security and helps fight fraud, it’s not without problems. Many people are concerned about facial recognition as a potential invasion of privacy, or that their data may be stolen if an unscrupulous business is hacked. Additionally, many of the facial recognition algorithms on the market are not as accurate for non-Caucasian faces, making bias a concern.
Most of the concerns over facial recognition being biased or having harmful impacts relate more to its use in law enforcement, where a false positive can lead to a wrongful arrest.
When used for identity proofing and verification, however, the results of a false positive are much less horrifying. In a system such as the process used by Q5id, a false positive would pass through to the next verification method – either palm or voice, which add an additional layer of complexity. In the case of authentication being used to grant access, it is much more common to adjust the software to trend towards providing false negatives instead. Rather than risk someone gaining access who shouldn’t, the risk instead is that a legitimate user is denied access.
False positive: when the system says there is a match, but it should not; someone presents themselves to the system and is incorrectly matched to an enrolled user.
False negative: when the system says there is no match, but there should be; an enrolled user presents themselves to the system and is denied access.
In the case of using identity assurance to guard against fraud, incorrect matches in either direction are undesirable, but a false negative is less bad than a false positive. In the case of a false negative for a legitimate user, re-trying to authenticate can be all that’s needed solve the problem. For a false positive, a bad actor could gain access and wreak havoc unchecked before being discovered.
In addition, compared to the problems rife in using facial recognition for law enforcement, the facial recognition used in Q5id’s multi factor authentication is no more intrusive than the picture used for your driver’s license. The geometry of your face is matched to the geometry of the image used for your government issued ID, and cannot be used for surveillance, tracking, or other controversial purposes.
Q5id allows businesses to fight fraud by ensuring that everyone enrolled in a system is exactly who they claim to be. If you’d like to discuss your business’s use case, reach out to set up a time to discuss to your needs by emailing us at contact@Q5id.com.