Identity verification in the private sector

advertisement
Identity
verification in
the private
sector
Chris Gration
30 March 2006
What is identity?
DRAFT
Identity – (noun) (1) the fact of being who or what a person or thing is. (2) the
characteristics determining this. Latin idem – the same (Concise OED)
The identity of an individual has a number of aspects: e.g., his/her given name (which of
course may change), date of birth, place of birth. Other facts about an individual
accumulate over time (the so-called electronic “footprint”): e.g., family circumstances
and addresses, employment and business career, contacts with the authorities or
with other financial sector firms, physical appearance.
UK Joint Money Laundering Steering Group
5.3.1
•
•
•
•
Identity is an artefact, and also a function or process. The law assumes that each
individual has a single, continuous identity as a natural person – a ‘true identity’.
The law assumes that true identity is accessible. In practice it is not, but it may be
approximated.
A range of identity recognition processes can attempt to approximate true identity.
All are fallible, and no practical recognition process is unconditionally the best.
2
Identity & probability
DRAFT
 Identity recognition – establishing ‘true
identity’ – is always a probabilistic process.
 Identity recognition evidence may include:
Biometric (fingerprints, voice, retina, facial
structure and DNA)
Attributed (birth name, date of birth,
parent’s details)
Biographical (evidence of social
interaction such as credit history,
educational certificates, electoral
registration)
(Identity Fraud: A Study, UK Cabinet Office 2002)
 The outcome of the identity recognition
process can be defined as a probability.
Is this John?
(90% accurate)
+
Is this Smith?
(95% accurate)
=
Is this John Smith?
(99.5% accurate)
3
DRAFT
Identity and probability

Identity recognition is always fallible.
Even if the data is infallible, the
mechanism to collect and assess it is
fallible.

More attributes can be added to the
recogniser to decrease the probability
of error.

The recognition and the decision
processes are separable.

The same recogniser can be used for
different decision contexts by adjusting
the certainty threshold depending on
costs and risks.

Raising the certainty threshold will
increase both the hit rate (frauds
detected) and the false alarm rate (nonfrauds flagged as frauds).
Recogniser
Recognition
Low
consequence
decision
High
consequence
decision
Decision
Low
threshold
High
threshold
Low hits
Low FAs
High hits
High FAs
4
Risk – valid ID
validly claimed
DRAFT

Testing validity of claim to an ID is the most difficult claim for verification processes. It
requires detecting ID frauds (either ID takeover of a valid ID, or synthetic creation of a
valid ID).

Face to face verification (facial recognition) may be considerably less effective than
remote, algorithmic processes.

More than 50% of unfamiliar faces were not matched to photo IDs in one study.1
1.
Kemp, Towell and Pike “When seeing should not be believing: photographs, credit cards and fraud” Applied Cognitive
Psychology Vol 11 211-222 1997
Best case
Detection rate
False Alarm
% of frauds detected
% of non-frauds rejected
66%
7%
34%
14%
Easiest to detect fraud
Worst case
Hardest to detect fraud
5
DRAFT
Electronic ID
verification
ID claim

Electronic ID verification is a remote,
algorithmically integrated ID recognition process

eID tests evidence from the ID claim, with
elements of biographical and attributed evidence
stored digitally in datasets.

The key elements of eID are data, a matching
process, and a scoring layer to integrate a
probability.

eID differs from Document Verification in its goal:
document verification seeks only to verify that a
document is validly issued. It may be a source of
evidence for ID verification.

Electronic ID and Electronic document
verification may both operate remotely and using
algorithmic integration of the evidence.

Algorithmic integration may in many
circumstances be superior to manual integration:
Matching process
Internal & cross checks
Integration layer
Score

It permits integration of a very large number
of evidence variables consistently
6
Comparison of UK and
DRAFT
Australian data sources
available
Australia
United Kingdom
Yes
Yes
Yes
Yes
Yes
No
Yes
Yes
Yes
Yes
No
Yes
Yes
Yes
Yes
Yes
Post office re-directions
No
Yes
Watch lists
Yes
Yes
Aliases
Yes
Yes
Data set
Consumer credit records
Public record information
Companies information
Electoral roll
Telephone numbers
Deaths
ID Fraud information
Postal addresses
7
Privacy issues
DRAFT
We need to clarify
 public interest in identity verification
 matching is not disclosure
 how consent can be made meaningful
 consistent guidance for use of public
registers
8
Download