In a recent LinkedIn article, biometric authentication specialist FaceTec sounded the alarm on a serious digital identity threat raised by a U.S. Customs and Border Protection report that stated nearly 20,000 fraudulent ID documents had been seized at a single port within the first half of 2020. To dig deeper into what this fake ID crisis means for the digital identity industry, and what steps can be taken to remedy the issue, we spoke with FaceTec’s CEO, Kevin Alan Tussy.
Read the full FindBiometrics interview with Kevin Alan Tussy, CEO, FaceTec:
Peter Counter, Editor in Chief, FindBiometrics: These seized synthetic/fake ID numbers are absolutely shocking. What are the implications on the state of the digital identity industry?
Kevin Alan Tussy, CEO, FaceTec: This is a serious problem, and we are concerned it will compromise the entire eKYC trend, making it just another false start in digital identity. This was just one US port of entry, which likely means many hundreds of thousands of fake IDs have slipped past the authorities in the last year alone. When we see dozens of fake IDs in the same shipment, it’s not just some underage college kid. These IDs are being ordered by organized crime, and the fraud these fake IDs create have the potential to completely undermine the eKYC industry and set digital identity back many years. What we really need are government identity issuers to become digital verifiers so fake IDs can’t be used and synthetic identities can’t be created.
Peter Counter, Editor in Chief, FindBiometrics: This threat is clearly a deeply rooted existing issue that is becoming more alarming the longer it goes unchecked. Why has it been so difficult to address this cybersecurity problem in a meaningful way?
Kevin Alan Tussy, CEO, FaceTec: There has long been a disconnect between government ID issuers and digital identity, and unfortunately the general public doesn’t yet fully understand how liveness detection allows biometrics to protect their privacy, their identities, and access to their accounts. But we hope through education we can explain how biometrics have a much higher purpose than surveillance; they have the ability to create and maintain trust in the digital world, for all of us.
Peter Counter, Editor in Chief, FindBiometrics: What’s at stake here if we move toward a future of commercial root identity providers before addressing this threat?
Kevin Alan Tussy, CEO, FaceTec: We will be heading for the same problems that we see in countries like South Africa today, where there have been more than twice as many personal identification numbers issued than there are people living in the country. So many synthetic identities have been created, and now the system is breaking down because of the massive fraud.
Peter Counter, Editor in Chief, FindBiometrics: Once this threat is addressed, I can see some huge opportunities for identity-based applications in spaces like voting, social media, finance, and smart-city tech. What use cases do you see opening up once this issue is addressed?
Kevin Alan Tussy, CEO, FaceTec: Absolutely. Once liveness detection and biometrics are embraced, citizens can be authenticated remotely with exceptionally high confidence, and that opens up remote voting, small business loan applications, stimulus checks, managing unemployment claims, business-to-business transactions without the need for a notary, and so much more. All with increased privacy and none of the fraud.
Peter Counter, Editor in Chief, FindBiometrics: The entire issue at hand further illustrates how dangerous the fraud threat landscape is becoming. It reminds me of the Digital Shadows report from earlier this year, which stated over 15 billion credentials were on sale on the dark web. And the pandemic is obviously only further complicating things, with remote work and mobile customer channels greatly expanding the attack surface. It’s a frightening time. What are the immediate steps organizations can take to protect themselves right now?
Kevin Alan Tussy, CEO, FaceTec: KBA (Knowledge Based Authentication) was completely undermined by the breaches of Equifax and others, and if we continue to rely on user provided ID documents, we are headed for the same fate with eKYC. A massive infrastructure will no longer be trusted if fake IDs keep pouring into our ports and over proxy IP addresses. In addition to creating best practices and promoting the most secure 3D liveness technologies, we need organizations like BetterIdentity.org and DIACC, to lay the foundation for governments to take the ambiguity out of digital identity once and for all. We should all be supporting these exemplary efforts and the others like them by federal governments around the world.