Hello, everyone. Welcome to today's webinar. I'm really happy to have you here. My name is Annie Bailey. I'm a senior analyst with KuppingerCole Analysts. And here with me today is Wil Janssen, who is co-founder and CRO of InverID. We'll be talking about authenticating identities in the age of AI. There's a lot of questions around this, but instead of focusing just on that, we'd really like to be going towards solutions, what is out there to get us towards trustworthy verification. So thank you for being here. And I have a few notes for us before we really get started.
So first to note, you are muted centrally, so no need to worry about your audio or your video. We're controlling these centrally, so you can just sit back and relax and take in the information. But please don't relax too much, because we will be asking for your input, wanting to take the temperature of the room, know where you're at, accept your questions, get answers to you. So at any point during the webinar, you can submit your question. In the Q&A panel, you'll find that on the right hand side of your screen.
So please send those in at any point, and I'll be moderating those and make sure they get answered. We'll also run a few polls throughout the webinar, so I will let you know when we are doing that. You can take a few moments to submit your answer, and we'll look at the results at the end. We are recording this webinar, so you can look forward to having access to the recordings and the slide decks later in the next couple days. So let's go ahead and get started.
We've got a conversation style webinar ahead, so we're going to be starting with So we're going to be starting with understanding the threats and the fraud in the age of AI, as well as then moving towards strategies for trustworthy verification. We're, of course, accepting your questions at all point, but we do have a dedicated Q&A session at the end. So to really kick things off, let's ask a question. How concerned are you about deepfakes impacting your organization?
Of course, you can put in your answer. We'll take a look at the results at the end, but we are here to talk about authenticating identities in the age of AI. So what is your opinion about it at this current moment? And I'd like to ask a similar question to Will. How do deepfakes currently impact digital interactions? What's your take on this whole situation at the moment?
Yeah, Annie, yeah. Thank you for asking, and thank you also for having us here in this webinar.
Yeah, I kind of took pride in being kind of an IT watcher over the last few decades, and once in a while something happens at such a speed that it actually takes you by surprise. And I must say that the speed at which AI evolved, I mean, I did my first AI courses in 1985, something like that, at university, but the things that have happened lately are so hard to follow and so hard to comprehend, including their impact, is that it really took me by surprise at the speed at which that happened.
And then moving into what generative AI means then for us, I mean, basically it means that in general, anything you can see or anything you can hear might be fake. Well, I'm kind of positive that it's actually you at the other end of the line, because we had a pre-conversation and you left and you came in, but you have those famous examples where actually a whole board meeting has been faked in order to ensure money transfer, multimillion money transfer. So can you still trust what you see? Can you still trust what you hear?
Basically, you cannot. To add some figures to that, in June, in the event, oh, that was actually a Coupang Call event, there was a presentation by Uproof where they explained that moving from the first half of 2023 to the second half of 2023, the number of pay swap attacks that they encountered increased by 704%. And for the people that don't know Uproof, they're one of our partners, they do a large part of the biometric verifications for us. So they check whether you're actually the person, when you're actually present in the transaction, but they saw 704% increase in a half a year.
I mean, those are ridiculous numbers because the tooling to do so has been so easy to use and so well, it's abundant. And while preparing for another talk, I did a face swap of a video of myself being on the bow of the Titanic. Unfortunately, I could only swap myself for the ladies, I couldn't be Leonardo DiCaprio. We all know that scene. But suddenly I was in that scene and that was three clicks and 30 seconds waiting time to generate that video, and that was free stuff.
So if you imagine what professional tooling will do here or does here at this moment, it basically means you cannot trust anymore what you see. Anything what you see can be fake.
Yeah, just to jump in here, that gives us a really interesting situation on the social side of things. If we think about just human nature in general, it only takes a small amount of doubt. Is this real? Is this fake? Is this whole digital transaction somewhere where I feel safe? It only takes a small amount of doubt to really unsettle people. And that's a way of course, has business implications as well. It's not just a social phenomenon.
Yeah, yeah, definitely. This has big societal impact. I think it has grown distrust in general, this distrust towards governmental agencies, or towards governments in general, politics. But this might also lead to distrust in transactions and doing business. So it's a fundamental issue here to find ways to restore that trust in order to be also completely to be safe enough in the digital era.
Of course, European Commission, if you look from a European perspective, is doing stuff here. We can talk about that later. In essence, AI is not causing that.
I mean, let's use another example. We're talking also about identity verification here. So in identity verification, you often use a passport. And for example, in Germany, you would then have to show your passport and the video identity. And then you have to see the watermarks and the holograms. And then you can easily see that this is a nice passport, but actually it is a fake one. So this was not made with AI. This is made with Photoshop. So it has been easy to fake documents for ages. And this is not advanced tooling.
Yeah, as mentioned, Photoshop, a little bit of photo printing and high quality paper. What now has changed under AI is that people now actually understand how easy it is. And it's everywhere.
I mean, students in secondary schools use JGPT to make their homework. Something we have to live with. So the AI is everywhere and people understand that anything can be generated, which is quite scary, I guess.
Yeah, absolutely. And so moving the conversation along.
Okay, we've established AI is not the only fraud threat out there. Of course not. And I think that's very poignant to say that it just shows how easy it is. So is there a way that we can disarm these threats a little bit instead of just trying to play the game of staying one step ahead until you realize, unfortunately, that you're not one step ahead, but you're two steps behind? How can we get out of this vicious cycle?
Yeah, so there are people that say that, well, we just need better tooling. So as long as my AI is smarter than yours, well, we'll beat it.
Well, I dare say that the AI of the bad guys might be way better than the AI that, for example, governmental agencies are using. So I think there's no point in trying to beat AI with AI. And that's also one of the things that you sometimes see. AI can very quickly adapt. They can learn and so on. So it's very hard to fight AI with AI. So you need a different paradigm to get out of that vicious circle that you mentioned. The good thing is that we still have other means that can ensure that information is authentic and real and hasn't been manipulated. And basically, we use that every day.
I mean, when you go on the internet and you go to the internet bank, you make sure that it's a safe connection. You check that it's HTTPS in the beginning of the URL, which means that the line is encrypted. And that's done using public key cryptography. Fortunately, that same principle you already also use without maybe knowing, because your identity card or your passport has a cryptographically signed identity inside it. It's not just a paper document. It has a chip inside. And some people don't realize that.
But for example, if you go through an e-gate, you put your passport in there and then also the camera starts moving a little bit. It's not only that they take a photo of your passport, now they actually read and verify the chip inside. And that verification can be done with 100% certainty. It's not a guess. Maybe it's good to show a small diagram to illustrate that. If you give me a second, I'll share my screen.
Yeah, please do. But if I can summarize, it sounds like in principle, you're explaining to instead of combating AI with AI to be checking something that isn't being replicated by these toolings. That cannot be replicated, basically. So you should be seeing now my slide with... We can see it, yes. NFC chip and identity document. So there's a chip inside your identity document. It's called an NFC chip that sends from near field communication.
Roughly, that chip contains the same content as you could see on the identity document, whether it's fake or not. So your name, date of birth, document number, and things like. All that information is digitally signed by the issuing country, be it German government, Dutch government, French government. It also contains the original face image. So here you can see a face image in black and white. The original color one is also inside the chip.
Because that chip is very well protected using cryptography, you can read it and you can also completely verify it and make sure that it hasn't been tampered with. For that, you need to get access to the key, to the chip. You need a key for that. That's a password that's on the so-called visual inspection zone page, the MRZ below. There's the data in there that you can use to get access to the chip. You need the document number, the date of birth, and date of expiry. And if you have them, you can do two steps. So the first step is to get that data, to get access to the chip.
And then with any normal modern smartphone that has NFC capability that you'll probably have used for contactless payments, you can then read that chip and verify whether it's real. And that completely makes AI irrelevant because you take the data directly from the chip and you cannot deepfake that chip. This is important. You cannot deepfake a chip. It needs to be made by a government agency that is allowed to issue those documents. Maybe to explain a little bit more on why you cannot deepfake it. There are three security mechanisms inside those chips. One is privacy.
As I mentioned, you need a key to get access to the chip. As I mentioned, you need a key to get access to the chip. And in order to have that key, to compute that key, you need to see the inside of that document. You need to see that machine readable zone. So it's not possible if somebody with a big NFC antenna would walk beside you and you have your identity card in your pocket or in your luggage. They cannot read that chip because they cannot access it. That's one step.
The second step that's implemented within these documents is making sure that nothing can be changed of the data in the document because all the data or the so-called data groups have hashes on them. Those hashes are signed and you can check whether that signature is intact and the hashes are correct. So you can check that there's not a single bit of the data or from the picture that has been changed. And then there's a third mechanism that's in that standard. It's the IKO 9303 standard. It has been there for ages by the international passport authorities.
The third protocol that we use is so-called clone detection. Usually anything digital you can copy, just copy it bit by bit by bit. But there's a secret inside the chip that you can challenge a protocol called chip authentication or active authentication, but you cannot copy it.
And again, there you need the country's certificates to do so. So if you read and verify your travel document, you're certain that the person was active in that transaction. So they collaborated. Nothing has been changed and it's your original document. And as the document was issued by your local government or your national government, basically it's the proof that you exist and deepfakes don't have that chip inside. So that's basically the mechanism that you use at airports, but you can use also on your smartphone to use that to really prove that you exist.
Of course, it doesn't prove that I'm not present in this transaction. I could give my passport to you and you could do the same. So as a second step, you still need to show that you're the person that's mentioned in the passport. That's face verification and that includes typically AI. All solutions for that are AI based.
But if you at least make certain that the first step, do I exist, is 100% certain, and you also get a high resolution image from the chip, that second step, well, you can allow for a certain probabilistic approach there because you already start from a very, very strong foundation, namely that you are certain and really certain that you exist as a person with this photo and this name.
Yeah, thanks for walking us through that and really interesting to also separate, starting with a really trusted foundation and then being able to use probabilistic solutions on top of that to further verify and make certain that the actual person who is described in the document is the one presenting it. But where does this fit in to a user journey? At what points does this make sense to interrupt the risk of fraud?
Yeah, the thing that we were most aware of is, of course, when you get a new customer. If you're a bank and you want to onboard somebody with a bank account, well, then you have to do your KYC, you'll know your customer stuff. Or if you onboard a new employee in your company, you have to check that she is the person she says she is. Those are the steps we all once in a while go through. So it's very important to start there with a good identity because once you're, for example, as an employee in the company, people take you for granted.
I mean, then you're there and then you're part of the environment and nobody anymore questions whether you were actually hired correctly. So it's very important to do that first step right. What we in our company in Inverit see now very much growing is that our customers start using this kind of secure technology because it's very user friendly as well as very secure.
Also, in later stages of the customer journey, for example, you do internet banking. Well, you don't open bank accounts that much in your life once, twice, exceptional cases three times, but once in a while you do appreciate having a new phone because you dropped it or because simply there's a new model that you like. Opening a fake bank account or a bank account with a fake ID, well, that's nice, but then the bank account is empty. It's way more interesting to do account takeover. So once your bank account has a certain amount of money in it, hope we're all doing good.
So there's some money in that. And if a fraudster could pretend he is you and pretend he had a new phone and then do the account takeover, that's way more interesting in the customer journey to do with that. So quite a few of our customers, including ING Bank in the Netherlands, use the same principle, a document check to verify it's you once you reinstall an app. So once you reinstall the app on your phone, they do again the document check and then they're positive that it's you.
They already know you a little bit, so they don't combine it with face biometrics there anymore, but they just check the document. So that's one. And in general, you could say app install is a version of account recovery.
Often, if you really have to recover your account, you have a password reset. Some companies or environments still use knowledge-based questions. Give me the name of your favorite rabbit. What was your mother's name? If you end up in such a situation, go away with that vendor.
I mean, this is something which is so much from the past. I mean, you should assume that everything there is to know about you is known.
I mean, you can buy all that data. I'm not a regular visitor on the darknet, but all the data is for sale and it's cheap. There are those websites where you can check, have I been spoofed or have I been breached? So whether or not your email address is in some of those databases, well, try it and you'll be, if you haven't done it yet, you'll be shocked in how many places, how many databases of fraudsters your email address is already present. And it's not only your email address. It's also your credit card number. It's your birthday. It's your bank account number.
All of that you should consider now. So any knowledge-based account recovery is ridiculous. If your supplier offers that to you, go away there. They don't know what they're doing. So you need something more sensible. And then it's often based on, for example, call center interactions, human interaction. But then you need to equip those call center agents also with good tooling that allows them to distinguish right from wrong. And it's not just because I see you and, well, I appreciate the conversation that you can trust them.
As an example, I'm in the fraud business or at least in the business of preventing fraud, to be more accurate. I had a call from my bank explaining that they had a transaction that they did not trust, explaining in detail the whole protocol. They only asked a close question, so I didn't have to tell anything. So it was a very well-thought protocol. But in the end, something went wrong in the conversation. They said they were bringing me new payment cards the day thereafter, but the conversation got lost. So I called my bank again.
Sorry, I was in contact with your fraud center. And we were still making arrangements to get the new payment cards. And they said, well, then I have bad news for you. We didn't call you.
Well, I'm in the fraud business. I'm educating this. And the whole script was so very much, it was completely correct.
But still, it was fraudsters. So luckily the police came and helped me in catch the group. They didn't show up in the end, unfortunately. But all those fraudsters know the protocols. They know the schemas that the banks use to interview. And it was somebody who spoke the language very nicely, no accent. It was not an Indian calls or whatever. Now it all completely fitted the picture of decent. So you can't do account recovery or things like through a call center. You need something more substantial. And that's also where identity documents nicely fit in.
So we see quite a few of our customers moving in that direction as well. Yeah, absolutely. And when we get into talking about the future, I think that's a thing that many individuals wish for and what analysts bounce back and forth as ideas. Why doesn't this exist where you can do an identity verification to make sure you're talking to your bank? This is something we wish for.
Yeah, and it's there. So it's not something exotic.
I mean, this is proven technology. We can do it like this. Technology has been available since roughly 2016. It came available on iOS in 2019. Big governments like UK Home Office use it for the one login. We're in all major banking schemes. So in Bank ID, MIT ID, we're in the Baltics, we're inside Smart ID scheme.
So many, especially European oriented schemes that appreciate the value of security, they already use this technology. It's not new. It has been introduced by the travel authorities, the ICAO, last century, but it's everywhere. And basically everybody in Europe has a chip in their identity documents, all identity cards are chipped, all passports are chipped. Maybe I can show a picture there that might be worthwhile showing. I'll share my screen.
Yes, please. Just to share. Where are we? There we are. Share. I'll go. So this is, everything green is a country that issues a chipped identity document currently. So it's 174 worldwide. This is a little bit outdated to UK.
So that's, well, a substantial part of the world. Two countries are lagging behind, which are a notorious exception.
India, they just recently started experimenting with issuing chipped identity documents. And South Africa, those are rather bigger countries that don't issue chipped in Egypt as well. But you can see that, for example, if you're doing business in any of the Americas or in Asia Pacific, or especially in Australia, New Zealand, or throughout Europe, you can use these kinds of technologies because people have access to the technology.
Of course, you should not use this, for example, for, not necessarily use it for age verification. If you're in a liquor store and, or want to buy something online and you need to be over 18, this is kind of a big step to do a transaction like this for a low risk transaction. But anything where fraud is relevant, I would consider using this because it's real time, it's affordable, it's cheap, and it's secure. And people love it because it is so real time and it's so easy to use. Maybe one other use case? Yeah.
Yeah, go for it. And then I'll answer the question. So this already comes from travel. So one of the customers that we have together with our partners interest and eye proof is Eurostar. So typically if you bought Eurostar, it's like boarding an airplane. You also have to go through customs and things like. So Eurostar introduced a pre-registration app.
Yeah, basically what you do is you, they check your passport, you upload your ticket. And then when you come in London and you get that London St.
Pancras, they have a kiosk like a smart check border app, border kiosk. It looks like this. Basically what happens is you walk through, it scans your face, it recognize you and you can simply pass. Because they already did the pre-registration. So they know your passport is real, you exist. They've taken a new picture of you as well. But during that phase, they check your ticket, they combine the two and they store that for some seconds. And then when you walk through this gate, it does a one to N matching, a one to few matching. Are you one of the people in that train leaving today?
So it's not generic face recognition, like say what evil states do in the streets. Now it's just matching you to let's say the few hundreds of people that are in that train, or that should be in that train. So it's a legitimate use of biometrics that we support. And it's a very, this is something which you could call, this is really the world was a seamless customer journey. Countries like Singapore do it as well, but they have a slightly different attitude towards privacy. But this can also be done in a very GDPR compliant way.
And actually, we were also part of one of the very recent pilots in Europe concerning the so-called entry exit system to get to its front decks. So we experimented or we piloted this technology at Alanda Airport in Stockholm, doing it in the same way, allowing people to pre-register and for front decks or for the border authorities to do kind of pre-qualification, is that somebody was completely trustworthy and could just pass or do we need to do some extra checks because we don't have the fingerprints yet and so on.
So creating a seamless journey for the traveler, next to doing transactions in banking or in e-commerce or in digital services is a big new area of application of this technology. Yeah.
And yeah, really interesting to see in action, just walking through a gate and having that verification happen in the background. A practical question, thinking back to the map that you showed and you mentioned that a few countries are thinking of or in early stages of issuing or issuing for the first time documents with NFC, that of course means that the majority of documents are not chipped. What is it like then working with the combination of chipped and unchipped documents? Because that's the kind of the mixed reality that we exist in.
Yeah, it's a mixed reality and it's a mixed reality that will stay for some time at least. So there will be quite some years that we still are, we'll have to deal with non-chipped documents. So in our customer journeys that we supported at Inferit, we combine, we basically say we want to have an NFC first approach. So if you can nudge the user to using a chipped identity document, we encourage that. So for example, in the customer journey, do you have this document or that document nearby? Would you please take it?
And only in the second step, if you don't have it, say, well, okay, then we'll accept your driving license as well. What we then do is we take the picture of the document. As soon as we see the document like this, and we see that machine readable zone, we know it's a document from the Netherlands, it's that old, it's a passport, it's a residence permit. And then we can decide what the optimal way of working is. So if it doesn't have a chip, we can reroute that image to an optical verification part. And they'll do their utmost best to verify that it's real or not. But don't count on it.
I mean, they'll do an excellent data capture. So OCRing the data on an image from a document is quite good. It's not flawless, but it's quite good. You get to five to 10% of the characters that are sometimes mistaken, but that's reasonable. Checking authenticity, well, that's hard. There's no benchmark data. There's no certification in this area.
I mean, we have certification for biometrics. NIST has very good certifications or at least benchmarks for one-to-one, one-to-N, one-to-many identification. We have the iBETA certifications for liveness, that's at least something. There's no such thing for optically verifying documents. So beware of when you select an optical provider that they are actually doing a good job. Don't trust them just by the talks or by what they say.
Also, don't trust what you see, just check it, try it, try to get through it with a homebrew fake idea. Ask them, let them show it. And anybody can show that they capture some flaw. For example, if you make a fake document and you forget to correct the check digits once you change the name, I mean, those are the, well, the amateur fraudsters, they will do that. But a real fraudster will be smart enough not to, yeah, they will be smarter than that. So just test it.
And well, what we see many of our customers do, if they come through a optical route, then they get a different risk profile. They just are being looked after in a different way after that first initial onboarding than the people that passed the NFC route. So you can simply trust that data more. Yeah. We'll take a quick pause for a reminder. If you have questions, feel free to submit them at any time and we can go ahead and run another poll to know, OK, do you already have an approach for automated verification for customer and consumer identities already implemented?
Is this something that you identified way early on that needs to be in place? Is this a new interest or a rising need for your organization? Go ahead and submit your answer and we'll go ahead and continue thinking about organizations that already have a successful solution in place.
Will, can you share some success stories of mitigating fraud here? Or in a theoretical question, can we measure prevention very well? Can we capture the success of a good prevention? And to a certain extent, we can indeed measure that. So we have customers that, we have many customers in banking and banks, well, they are notoriously targeted by fraudsters because there's money to get there. This kind of identity verification techniques won't help in preventing money muleing.
I mean, then you have somebody who's in an exploitable position. He's a real person or she's a real person. She lends herself to doing these kind of things.
I mean, that doesn't help. Basically, it's a legitimate person, but doing wrong things with their accounts. We have many customers that struggled with identity verification from two perspectives. Either it didn't catch fraudsters and that happened, or they had very low conversion. So the people that were using it had a hard time getting through it. We regularly get calls also from customers saying, why doesn't this party use this type of technology? Because then that's the interview type style or that kind of thing.
So you can measure the difference between, let's say, the old situation and the new situation. And for example, at Bitter Harbour Bank, they saw that the percentage of the onboarding that they do through the digital channel completely automated. It more than doubled when they introduced this type of ring. And before that, all those people would go to branch offices.
Well, the typical strategy of banks nowadays is close your branch offices. So if it's still a vital channel in onboarding new customers, you can't close them. So they saw a doubling of the traffic or the importance of the digital channel for onboarding. We have a Dutch mortgage provider, Floris, part of IBN Amro.
Well, if you want a mortgage, you typically need it fast because you want to bid on that specific dream house that you always wanted. So that it's a situation where people were very much willing to collaborate in that process. And they saw actually a conversion rate, so people that successfully applied it, of 96%. So 96% of people complete the process completely automatically.
Well, compare that with if only 70 or 80% of the people would go through it automatically. And we have 10,000 customers a month. That means that 2,000 or 3,000 of your customers call your call center or go to your branch office. That's a tremendous number of euros or dollars or yens, whatever that you spend in handling those people where you can handle them also automatically. We also had one customer that already did it for a KYC, now a customer processes, and then moved it to app activation. And they actually said, well, we saw the bad guys running away. They had fraud in that channel.
They had fraud in app activation. And they introduced this. And they said, well, then the fraudsters are lazy. They don't want to challenge you as a bank if you're smart. They don't want to outsmart you. They just take the easiest one. It's like having a bike in the Netherlands. You just have to make sure that the lock on your bike is slightly better than the lock of the bikes that are next to it. Because if your lock is better, they'll steal the bike that's next to it. They won't take the challenge, oh, this is one that I never breached before. I'll take two hours to breach it.
No, they'll just take the bike with the weak lock. Fraudsters work the same thing. They'll take the easy route. Another example, we had an accounting and we have a customer that does bookkeeping software for SMEs. And they introduced not only bookkeeping, but they added bank accounts to it. It's a new kind of a neo bank, but they're not a bank. They promoted that widely. And that immediately caught a lot of attention of fraudsters who say, ah, those are new kids on the block. They are not as good as something there or HBC or Unicredit.
No, we'll try them. So they had a lot of attention, not only from their customers, but also from the bad guys. So they introduced also NFC-based verification, one with biometrics and the fraud basically disappeared.
So yeah, there's evidence. There's lots of evidence, but only if you have AB, before, after situation, you can measure. What we always measure is customer satisfaction. And for example, we had the case of the EU settlement scheme. So when the UK left Europe, so to speak, all European citizens living in the UK suddenly became real foreigners. So they had to apply for under the EU settlement scheme for a residence permit. More than 6.7 million people went through that process.
Well, the grade they gave to that process was very high. So almost, I think it was close to 70 or 80% that said it was easy or very easy to go through it. So you didn't have an AB situation, but people were so relieved.
Ah, I never expected I could do this in 10 minutes. So now we're sorry, because this was vital for them. It was meant, can I stay in the UK or can I not?
So yeah, many user stories that were so relieved that it was so easy. And basically, that also recreates that trust that we talked about in the beginning. If you make sure that these kinds of processes work and work correctly, you can reestablish trust in governmental institutions. It can also reinforce the trust in your bank.
Well, yeah. And yeah, thanks for sharing some of those and getting back to the reestablishment of trust where there's confidence in interacting digitally. And we've of course been talking about solutions which are ready now and exist today. But I think there's, or I know that there's more work being done for the next wave of user-centric, very privacy and security forward solutions. Maybe you can share what Inver-ID and Read-ID are doing here.
Yeah, so one of the important developments that probably most of you have heard of is the so-called EDIS 2.0 legislation, or better known as the European Identity Wallet. Europe has adopted a very forward-looking legislation called EDIS 2.0, building upon earlier legislation that was more on, well, say government-to-government type of interactions or citizen-to-government type of interactions. That EDIS 2.0 legislation envisions a world in a few years, 2026, 2027, where every citizen can have a so-called EU identity wallet.
It means that your identity will move from a government database or from your chipped identity document into your smartphone, into a wallet. And then a trusted wallet, so-called EDIS high level of trust. So it's not your Apple or Google wallet where you can put in roughly anything. It's just a way of storing things.
I mean, I also put in my real wallet, I put small papers or things I need to remember. That's not a trusted environment. That identity wallet should be a very trusted place, both in the sense that it will only take data from data sources that are registered, and it can also only be used by so-called relying parties that are also registered in that ecosystem. So the vision of the EU wallet is a very promising one.
Of course, thinking about wallets has been there for ages. First, it was called personal data management, personal data services. But this does seem to be a breakthrough in terms of striving for interoperability throughout Europe. And I know also that, for example, the UK government with their trust framework is also looking towards Europe to see what is going on there. So it might be the case that this new framework will have a similar forward-looking role like GDPR had.
I mean, first people said, well, GDPR, the Europeans are crazy, they ruin industry. But I think worldwide, except for a few big economies, that view has changed. And people now say, well, actually, GDPR is doing a good thing. It's actually protecting people and allowing them to do business. The EU wallet will do the same thing. It will create a reusable identity. So you might say, well, if you have a reusable identity, where does that leave technology like read ID that we have at Inverib?
Now, the business model will definitely change. But if I want to get my identity inside my wallet, it needs to be trusted. And you can take it from a trusted source because you already have that digital identity. It's inside here. Your government already gave you your digital identity, but it's hidden inside a piece of plastic and silicon. And with the same technology that we do, identity verification, you can also ingest your identity in a trusted way into your wallet and also bind it immediately to you using face verification.
So that's one use of this same technology in the context of wallets. And it's a very, I think it's even the best way of doing it because it means that any wallet provider has one single interface being the IKO 9303 standard to get identity data from people all over the world. And if you would need to rely on government databases, well, then I would have a protocol to talk to the German government and would have a protocol to talk to the Belgium government, protocol to talk to the UK government, the Austrian government, slightly different APIs.
So the world of wallets will become very complex if we rely on the ability of governments to supply that digital identity trustworthy to the wallets. And I mean, there are some countries that already have this in place. Austria is a nice example. Poland also has stuff in place, but many countries don't have this in place and they have not shown the ability to move in this direction easily.
I mean, there are almost disqualified to do so, but they haven't shown in the past that they can do so. So then you can better base yourself on a proven technology that you already as a government issue, then try to do it online. The second thing that, so that's onboarding so-called PID data, personal identifiable data. The second thing is government databases, for example, don't contain your face image. Some countries, you have central databases of face images, take for example, Switzerland, but most countries do not.
And if I want to use that wallet, for example, with a ticket for a concert, and I bought a ticket, and then you typically want to link that ticket to you as a person, also sometimes visually with your face image, and then the face image becomes very important. And you can get that from your passport and you can also bind that immediately to you as a person. So that's not PID data, it's in the so-called optional data fields in the new standard, but it's important data that you can then issue as what they call a qualified attestation.
So next to your direct personal data, date of birth, personal number, name, things like, you can also add other attributes to the wallet that belongs to you. What are your qualifications? What did you learn? Do you have a driving license? What do you look like? Things like that. So also in the area of those attestations, there's room for the digital identity that's inside your identity document as well. But it's a very interesting development. I think it's very good. It's well scrutinized by everybody. So the solution that will come out, either it, well, if it works, it will work properly.
It's not a guaranteed success yet. There's a lot to say about governing that whole ecosystem.
It's very, very complex. I think there's also the danger of different member states not implementing it in the same way. There are rumors that, for example, some member states won't accept wallets from other member states.
So again, a bit of that protectionism, which is, of course, in line with the current societal distrust. So borders are getting closer instead of opening. So there are a lot of risks in this development, but it is very promising. And I do think that European Commission shows a very visionary and leading role in this aspect. That was a bit surprising to me, but I really appreciate them moving forward with this at the pace that they do.
Yeah, and really, really interesting initiatives and interesting to think about having a foot in both worlds, for example. So first of all, depending on trusted technology solutions that are not new, NFC is not new, but applying it towards really fast moving, trusted and secure user journeys, but also being able to work with that in a very future looking mindset in a multi-credential, multi-wallet sort of world, looking for how to build the interoperability while maintaining a trusted basis.
Yeah, the relationship between interoperability in practice and trust is big. I mean, we trust cars.
I mean, if I step in a new car, I know where the handle is. I know how to start there.
Well, maybe the cars evolve and I have an electric car, it's slightly more, well, it's simpler, but also more complex, but I trust the concept. When the European Union succeeds in getting that basis of trusted wallets, on top of that, many things can flourish and they can be verticals as well. You can have standardization in mortgages that will allow for very easy application for mortgages. You can standardize, it's one of the use cases they use as well, all kinds of things that have to do with working permits and qualifications.
So, mobility of people throughout Europe to work will increase without a lot of red tape. So, if you get that new basis of trust, where it's not, I mean, you're not forced to using it, but if people want to use it, it can really give a big impulse to both society and economy.
Yeah, so I do hope that making that interoperable will unify Europe a little bit more again. Yeah, thanks for that insight there. And to start to wrap up our conversation, I want to make another call for questions. Feel free to submit those again from the right-hand side panel. You'll find the Q&A section. And we'll do one last poll before we end today and get to those questions.
So, if you'd consider how important will remote identity verification be for your organization in the next 12 months, you can take a moment and submit your answer while Will and I give a few closing words. I'll be here to share my screen. And if you're looking for a place to continue this sort of conversation, you can see here right at the top of our key topics list is AI and cybersecurity. If you're looking for a place to continue this conversation, CyberEvolution is an event held in Frankfurt at the beginning of December. They'll be in person, but also able to be attended virtually as well.
So, consider that if you are looking for more conversations like this with more contact with organizations going through similar challenges, looking to solve similar problems as you, that's a good place to connect. So, keep that in mind. I'd also like to point out more resources. If you need guidance on identity verification, for example, or taking a closer look at ReadID, which is from InVID, you can take a look at the executive view. There's a link here on the slide and, of course, available on Kupiner-Kohl's research library.
So, take a look when you need more information. Kupiner-Kohl, we provide research.
Of course, we do provide events and webinars like this to network, to continue the conversation. And when you do need more practical guidance, we offer advisory services as well.
And so, with that, I'd like to give a big thank you to our attendees and then take a look at any final questions you have. Take a look at our poll results and wrap up the webinar.
So, we're taking a look at the first result here. The question was, how concerned are you about deepfakes?
And okay, the overwhelming majority of attendees today say yes, they are concerned. So, thank you for choosing this webinar. I hope we answered some of your questions here. We do have a portion who are very concerned.
So, I hope there are… you have a plan in place to make you a little less concerned and give you… put you at ease a little bit how you will deal with this. Maybe one small comment here, that it's slightly beyond the topic of identity verification. There are some initiatives there, I do think, but it would be nice.
So, in your passport, you have your certified identity. That's only one type of data. Wouldn't it be great if images taken by press agencies would be certified in the same way? And that you could see, well, this is the original image and this is not AI generated. Or when an interview would be signed by the corresponding agency or press agency, well, this is the original content. And when you could see whether that was… things were added to it.
So, something like a… almost like a typical open source common… well, Creative Commons type of license, but then certified for other types of content. So, I'm more concerned about other type of deepfake content, like deepfake news, which hasn't been solved at all yet.
Yeah, very, very interesting insight there. Let's take a look at the next results.
So, again, the question was, how important will remote identity verification be for your organization in the next 12 months? The majority says important. I'm glad you were here.
I hope, again, this was informational for you. Yes. And a final survey. Okay. And let me do a last check on questions from the audience. Let's take a quick look at the user experience. We have a question in on if NFC is too complex for the typical user.
Yeah, yeah. That's the thing that… yeah, it's a question that's… it's a good question. It can be very complex.
Because, well, as with any standard, the document standard is… well, it's only a standard to a certain extent, and many countries have slight variations on it. For example, one of the big variations is, where's the chip? In my Dutch document, it's inside that plastic card. US documents have it in the back card, the back backside, UK documents.
So, it can be in many different places. At the same… similarly, where's your NFC reader in your phone? It's an iPhone, it's on the top. On Android phones, it can be in seven different places. And then it makes a big difference on whether you put your… how you hold them.
So, creating that excellent user experience is not easy. But it's possible.
And well, that's also what I think so. But not… it's very easy to build an NFC reader. We even provide the open source software for that. It's called JMRTD. Build it yourself. Feel free. But it's very hard to make. It's way more hard to make something that really… that people really, really like.
So, that's indeed a fair question. Another issue that some people have is… which makes them choose for optical verification is the fact that it has an app flow, that you need an app for that.
So, they prefer a web flow over an app flow, despite the fact that it will allow for fraud. For them, that's good news. I even have a picture of that.
On Apple, there's something which is called App Clips. And that instantly removes the need to install an app, at least visually. It works like a normal link or a QR code. I'll quickly share my screen in the last minute. If people trust me a little bit, they can scan this QR code.
On iOS, it will start an app clip. It means that you don't have to install the app. It's our free personal app called Read.me. We don't gather your personal data, check the privacy statements, but it allows you to check your document, your ID card, or your residence permit, or your passport. And you'll see how it works. If you scan it, it has a toaster that opens the app immediately without needing to install it. And it will continue the journey thereafter. That can only be done for very small apps.
So, we did put a lot of effort in shrinking our app to the 15 megabytes that you're allowed to use. But then again, you get that seamless journey.
So, basically, this removes the app installed on iOS. On Android, you have a similar thing. It doesn't work as seamless as that. But at least after installing the app, you can immediately continue the customer journey.
So, use app clips or the similar thing on Android to create that seamless journey. Feel free to try it or visit readme.com to get that code.
So, try it. This really the first time you see the app, what's going on, you need a big surprise. It's technology that has been there for a few years, but hardly anybody uses it. But these kind of one-off use cases, it's perfect.
So, try it, use it, and build it also in your own app. Thanks for sharing that.
And yeah, an interesting end note coming back to the user journey where it's really a critical part in making this a success, not necessarily for deterring fraud, but for really building in security into experiences that customers like to return to or are not bothered by, which is more than can be said for the general identity verification solution out there. It's not typically a fun experience, but getting the security to something smooth and painless is really great.
Will, any last closing words for our audience today? No, just to emphasize what you said in the end. It's important to establish that foundational trust again in the services that you as a company provide. People used to say, well, there's always that balance between user friendliness and security or privacy.
So, you have to make things hard to make it secure. It's not true, not true anymore.
So, don't settle for less than a truly secure solution. And with everybody with a smartphone and everybody with a document in the current situation, don't settle for less, don't accept fraud in your company and don't accept fraud from the people, the companies that you work with. It's not needed. We need to re-establish that foundational trust. Thank you for having me here today, Annie.
Yeah, thank you. And thanks for the great discussion. A big thank you to our audience members as well. Please continue to send in your questions or feel free to be in touch if you'd like to find out any more information or ask questions at a deeper level.
So, many thanks and take care. Have a wonderful day.
