IQSEC, S.A. de C.V.: Validación de identidad en la era digital – Biometry as a key factor to avoid identity theft
The digital transformation that has taken place in recent years has led different states and organizations to implement a strategy to recognize a secure and immutable digital identity in the digital environment.
In this sense, in the Digital Identity Guide of the International Financial Action Task Force (FATF) published in March 2020, the digital identity system is mentioned as a reliable solution to: (i) verify the identity of people; (ii) facilitate customer verification; (iii) support due diligence; (iv) help transaction monitoring, and (v) manage risks.
This Digital Identity Guide also notes that digital identification systems may soon be available on a large scale, this as a consequence of the use of biometric technology, internet ubiquity, mobile phones, digital device identifiers, life testing, artificial intelligence.
The need for secure identity validation mechanisms in the digital environment arises from the increase in the crime of identity theft, without undermining the economic losses that this represents for organizations and citizens.
Having a digital identity, linked to biometric data such as fingerprint or facial, are solutions that have been successful in specific use cases. At the international level, biometric data is used to implement authentication mechanisms or biometric systems for airport boarding processes, without the need to continuously present passports and boarding passes, as in the Narita International Airport Corporation, in which passengers are registered in a biometric kiosk where the facial image of the passenger is captured and verified with their passport.
In this context, data from the United States Federal Trade Commission (FTC) indicated around 1.4 million complaints of identity theft received by the said Commission in 2020. In this sense, imagining that a reproduction of the face through deepfakes can supplant identity, or be victims of bank fraud due to not having a robust identity validation mechanism, begin to be part of the risks that society faces.
To avoid identity theft, various Mexican authorities have issued regulations regarding biometric identification, as is the case of the National Banking and Securities Commission of Mexico, that since 2017 strengthened the identity verification procedures and mechanisms applied by credit institutions, with the help of a fingerprint. Biometrics has also been an ally to reduce inequality gaps and guarantee access to services, as is the case with the Aadhaar application in India.
We must keep in mind that in any database, registry, register or procedure where biometric data is handled, it will always be essential to have measures that allow, with reasonable certainty to maintain integrity, confidentiality and availability of such information, that is to say, in order to minimize unauthorized access risks, information leaks or cyber attacks risks.
Likewise, the digital transformation and the new distancing needs caused by COVID-19, have led to the implementation of non-face-to-face authentication mechanisms, known as Digital Onboarding, which have represented improvements to processes and savings for the parties involved.
It should be noted that at the international level there are standards that allow avoiding the risk of identity theft through the treatment of biometric data, as is the case of the ISO / IEC 30107-3: 2017 Information technology – biometric presentation attack detection. This ISO is aimed at suppliers or testing laboratories seeking to carry out evaluations of Attack Presentation Testing mechanisms.
By using technological components that comply with the ISO / IEC 30107-3: 2017, las Technological solutions become reliable to avoid risks of identity theft attacks with artifacts (masks, high definition videos, 3D molds, 2D printing, 3D printing and more) or human characteristics (similar biometric characteristics, lifeless samples, alteration of biometric characteristics, among others).
It is also important to highlight facial validation with proof of life that allows determining if a biometric sample, in this case the face, is being taken from a person alive and present at the capture point, through the camera of a cell phone. Thus corroborating the identity of the users of a process and / or service, against reliable databases, with which you can be certain of the identity of a person.
As the biometric data is physical, physiological or personality traits attributable to a single person, they allow us to avoid impersonation by electronic means, as long as safe mechanisms are used, accredited with the best practices and international standards.
Whilst biometrics is a great ally to meet new identity validation needs, it is important to keep in mind that the use of biometric technology also represents important cybersecurity challenges, protection of personal data, encrypted database backup, confidentiality, availability and integrity, that as manufacturers, implementers and organizations we must not lose sight of.
IQSEC, S.A. de C.V.
Manuel Moreno, Security Sales Enablement Director
Joined in 2020