Cyber security can feel like an intractable problem. Every day there seem to be new stories about hacking, scams, and financial fraud that target our reliance on digital tools and use them against us. Just this week, we had news of a spyware attack on Whatsapp.
And while cyber attacks are becoming more sophisticated, our defences remain worryingly basic. Despite several warnings by the industry, many of us still use weak passwords to control access to our email and banking accounts. Last month, the UK’s National Cyber Security Centre revealed that 23.2m accounts around the world were protected by the password – wait for it – “123456”.
Steps are being taken to beef up protections. Many financial institutions are investing in biometric security, such as using fingerprints and asking customers to take selfies to prove who they are.
But how can banks tell that these photos are genuine? Someone could use a picture stolen from social media, and if the bank instead asks for video footage of the customer, this can be forged using “deepfake” technology – a system that uses artificial intelligence to create fake video and audio recordings that are incredibly difficult to tell apart from the real thing.
So how can people better authenticate themselves online? Enter iProov, a tech company aiming to address this challenge using facial verification.
“The problem with facial recognition is ensuring that you’re looking at a genuinely present person,” explains the company’s founder and chief executive Andrew Bud. “It’s all very well to recognise someone’s face, but you have to be sure that you’re not looking at a deepfake video. Our patented verification technology is one of the only effective ways of doing it in the world.”
iProov's system is straightforward to explain. Using the camera on someone’s handheld device, it takes a recording of a random sequence of coloured lights being shone on a user’s face. This footage is then analysed in the cloud to check that the light is bouncing off an actual three-dimensional face and not a mask or photo, and the colour sequence is used to ensure that the video is unique.
“The sequence of colours changes each time – it’s like a spectral timestamp. The colour sequence has to be right, and if it’s not, then we’re looking at a recording,” Bud adds.
The process takes just half a minute. A user can combine this with tapping their device against the data chip in their passport, and are thus able to prove their identity from anywhere in the world.
Bud, whose background in the mobile industry stretches back to the nineties, has been working on this technology since 2011, aiming to provide a system for strong access control that is also easy to use.
And the market is responding positively – iProov’s system is already being adopted by major clients.
For instance, Dutch banking giant Rabobank is allowing customers to use it in order to open accounts and authenticate themselves without having to visit a branch.
Meanwhile, the Home Office is using the technology with its EU Settled Status app: so far, 600,000 people have proven their identity remotely via iProov and gained permanent settled status.
Last year, the company was awarded a contract from the US Department of Homeland Security to make it easier for people to cross the US land border.
“The objective is for people to self-certify themselves, so that it’ll be enough for trusted travellers to use iProov to legally cross the border, which would produce huge savings in cost and manpower, and be an enormous convenience for travellers,” Bud says. “Before it procured us, the Department of Homeland Security tested every mobile face verification system on the market, and we were the only one they were unable to break.”
There’s a sense that most companies are playing catch-up when it comes to cyber security, reacting to new threats only after it’s too late. Bud, however, is wary of the threat from hackers, so iProov is being proactive and constantly monitoring cyber attacks around the world in order to stay one step ahead.
“The mistake that was made for a long time was a lack of respect for the attackers. We’re dealing with some of the smartest people in the world, who are very often driven by a compelling business model,” he says.
“We’re up against people who are at least as smart, or possibly smarter than us, and probably have a lot more resources than we do. Our biggest advantage is that we learn more from every attack than they do.”
iProov is interesting not just because of its technology, but because it’s a reminder in the face of high-profile stories about cyber crime that the market is responding to the issue, and that innovative businesses are trying to provide solutions.
Biometrics in the form of fingerprints or iProov’s facial verification software should mean that our online accounts are better protected.
It’s easy to steal a password, it’s much harder to steal a face.