Menu Close

Digital identity verification spending to pass $20B by 2027, but security challenges remain

Businesses around the world are spending $11.6 billion on digital identity verification this year, and that amount will nearly double to $20.8 billion in five years, according to the latest forecast from Juniper Research.

The report examines the market verticals where digital identity verification is used, key vendors, and breaks down its market forecast into eight regions. Spending is divided into banking, government services, ecommerce and other services.

Juniper has also published a white paper on ‘Why Verifying Digital Identity is Critical.’ The seven-page paper starts with the basics, reviewing the remote transactions, fraud, and requirements for know your customer and anti-money laundering checks that are imposed by regulators. Challenges identified are dealing with synthetic identities and balancing customer friction and security.

“There are multiple pathways to identity verification success,” says Damla Sat, co-author of the report. “There are many different segments and verification types, with no single vendor covering all the solutions. As such, there is still a lot of room for innovation; vendors must focus on building out innovation partnerships and acquisitions that allow them to intelligently orchestrate the most effective verification types for each use case to drive growth forward.”

Despite the rapid adoption of digital identity verification, even relatively sophisticated means of biometric online ID verification can be prone to spoof attacks.

Biometric video verifications vulnerable

A researcher with the Chaos Computer Club has cracked six different video-based online identity verification solutions with just open source software and some red paint. A recombination of multiple video sources allowed the researcher to fool both human operators and algorithms, according to the announcement.

The group emphasizes the simplicity of the attack, and the corresponding likelihood of success if attempted by a semi-competent criminal. Success would allow the fraudster to access German people’s medical records, as video identification is used for access control to German online medical services.

The system uses ID cards that contain embedded biometric information, but that information is not transferred as part of the video identification process. This blocks off both a potential means of verifying that the person holding the card is who they claim to be, and selective disclosure possibilities, CCC says.

The report itself (German only) takes issue with claims from IDnow that spoof attacks involve high-cost preparation.

The group says that video identity verification for access to sensitive data should be discontinued, and the burden of proof of the security of systems shifted to “process operators.”

“In the future, compliance with existing and new requirements should be regularly proven by independent tests under real attack conditions,” the CCC advises. “In particular, any statement on the effectiveness of countermeasures requires verified evidence. The mere assertion that ‘some AI has been sprinkled over it’ should no longer be sufficient.” Read More

Generated by Feedzy

Disclaimer

Innov8 is owned and operated by Rolling Rock Ventures. The information on this website is for general information purposes only. Any information obtained from this website should be reviewed with appropriate parties if there is any concern about the details reported herein. Innov8 is not responsible for its contents, accuracies, and any inaccuracies. Nothing on this site should be construed as professional advice for any individual or situation. This website includes information and content from external sites that is attributed accordingly and is not the intellectual property of Innov8. All feeds ("RSS Feed") and/or their contents contain material which is derived in whole or in part from material supplied by third parties and is protected by national and international copyright and trademark laws. The Site processes all information automatically using automated software without any human intervention or screening. Therefore, the Site is not responsible for any (part) of this content. The copyright of the feeds', including pictures and graphics, and its content belongs to its author or publisher.  Views and statements expressed in the content do not necessarily reflect those of Innov8 or its staff. Care and due diligence has been taken to maintain the accuracy of the information provided on this website. However, neither Innov8 nor the owners, attorneys, management, editorial team or any writers or employees are responsible for its content, errors or any consequences arising from use of the information provided on this website. The Site may modify, suspend, or discontinue any aspect of the RSS Feed at any time, including, without limitation, the availability of any Site content.  The User agrees that all RSS Feeds and news articles are for personal use only and that the User may not resell, lease, license, assign, redistribute or otherwise transfer any portion of the RSS Feed without attribution to the Site and to its originating author. The Site does not represent or warrant that every action taken with regard to your account and related activities in connection with the RSS Feed, including, without limitation, the Site Content, will be lawful in any particular jurisdiction. It is incumbent upon the user to know the laws that pertain to you in your jurisdiction and act lawfully at all times when using the RSS Feed, including, without limitation, the Site Content.  

Close Bitnami banner
Bitnami