This secure and rapid authentication method is ideal for account logins and high-risk scenarios (e.g., logging in from a foreign IP address or authorising high-risk transactions such as wire transfers and online purchases). Secure selfie authentication can also be used to unlock doors (rental cars), self check-in (hotels), e-learning (online test taking) and continuous security (e.g., re-verifying the identity of ride-sharing drivers on a frequent basis).
“As more of our important interactions move online, establishing trust digitally has become critical,” said Stephen Stuut, CEO of Jumio. “Jumio is pioneering selfie-based authentication to allow businesses to leverage biometric user data captured during enrolment and re-verify that data in the future. With our new selfie-based authentication, users are not required to repeat the identity proofing process again — they just take a quick selfie — and as the digital chain of trust grows, so does the security level.”
Biometric authentication is the verification of enough unique human traits to physically prove a user is actually who they claim to be. It offers far greater security than previous step-up methods, such as knowledge-based authentication and multi-factor authentication, which remain vulnerable to imposters, credential phishing, large-scale data breaches, dark web user data dumps and man-in-the middle attacks.
But past attempts at biometric authentication have had their own vulnerabilities, as fraudsters have quickly learned to fool online identity verification solutions with spoofing attacks (e.g. using a photo, video or mask of the authorised person’s face). This is why it’s increasingly imperative to check whether the correct user is physically present during the account set-up (enrolment) process.
To combat this emerging threat, Jumio integrated the world’s first and only iBeta Level 1 and Level 2 Certified anti-spoofing technology, ZoOm® 3D Face Login with TrueLiveness Detection from FaceTec, into its online identity verification suite to capture and process the user’s face images taken from any 2D mobile device camera or webcam. These face frames are then reconstituted to create a 3D face map which contains over 100 times more liveness data than a 2D photo.
With Jumio Authentication, the digital chain of trust starts at enrolment when an online user takes a photo of their government-issued ID (driver’s license, passport or ID card) and then takes a video-selfie, which is instantly analysed via AI to determine that they are living human and not a spoof. The selfie is compared to the picture on the ID document to reliably establish the digital identity of the new user.
Later when the user wants to log into their account or whenever a high-risk transaction occurs, Jumio Authentication allows the user to take another video-selfie (where a new 3D face map is created), which is then compared to the original face map, verifying the user and unlocking the account in seconds.
“Data breaches have put hundreds of millions of personal records and passwords into the hands of fraudsters, but biometric technology, especially face authentication, holds universal promise for solving our user access security challenges,” said Kevin Alan Tussy, CEO of FaceTec. “ZoOm provides Jumio’s customers with 3D face authentication featuring iBeta/NIST Level 1&2 Certified Liveness Detection based on the ISO 30107 standard, making it secure enough to replace passwords, knowledge-based authentication, and even SMS-based two-factor authentication on over 10 billion supported devices.”