Based in Vienna, Anyline uses biometrics to make scanning ID’s more efficient and secure with the ability to be used on just a mobile platform. Alexander Loidolt, Partner Enterprise Business at Anyline says that the need for higher levels of advanced ID verification are the result of using more digital transformation technologies in everyday life. Speaking exclusively to Software Testing News, Loidolt also discussed what this type of tech means for the future of digital transformation in general and where he sees the future of biometrics heading.
Why was there a need for a more advanced use of ID checking?
There are two main reasons driving the need for more advanced ID verification.
Firstly, in the private sector, customers expect a seamless digital experience with every purchase they make. But of course, some services require an extra layer of security. By introducing mobile ID verification to the app’s or websites of organisations, they are able to give their customers a faster, more convenient and secure way to identify themselves.
The second reason is to enable organisations and security forces to protect the public and combat cybercrime. With every breach and phishing scam fraudsters are becoming more and more sophisticated with the methods they use to target and disrupt businesses and individuals.
As our world becomes more digitised, this technology is needed to tackle the increased threat technology used by fraudsters and cybercriminals. We hope our tech can ease people’s lives and also protect the public.
What are the tech specifics of how the scanner works?
Anyline ID scanning now enables police and border security to perform a two-step verification process on all biometric passports and IDs. First, an officer can use their smartphone camera to scan the machine-readable zone (MRZ) at the bottom of the photo page on the passport. This block of text contains all the basic identifying information about the individual who holds the passport. The scanner is also able to take a photo of the passport page for comparison.
The police or border official then closes the passport, and holds their phone over the cover. This is where the near field communication (NFC) chip is located and the scanner decrypts the data on the chip using the information collected from the MRZ.
Using this data, the unlocked NFC chip data can be immediately compared against the information on the photo page to check for any discrepancies. These visually genuine documents are quickly identified as counterfeit due to the lack of a valid, matching biometric ID on the NFC chip.
To summarise, our new technology uses the information from the MRZ to decrypt and authenticate what is on the NFC Chip. The ability to scan documents with both machine reading and NFC techniques not only improves security, but also efficiency. Allowing police and border control to scan more documents and reduce queues in the process.
How did you develop the machinery?
The starting point was our market-leading MRZ technology, which we then combined with NFC technology. We also used open-source code and developed it to work with Anyline, while re-implementing parts of the technology in Objective C.
The MRZ technology is the backbone of our ID scanning offering and we have been training and improving the MRZ reader for over five years. This is how we have been able to achieve market-leading accuracy.
What type of software testing did you have to use on this?
Building our enhanced two-step verification process involved a number of additional automated unit tests, which were done to test whether we could decrypt the NFC Chip data correctly, and get the output required for organisations such as the police to be able to check one data source against the other.
Developing this technology required testing on multiple data sets from a variety of different passports. There were also automated tests for encrypting and decrypting the data with some set input which helped us understand specific output if it’s doing it correctly.
We conducted automated programmes like unit tests while also running smaller programmes which work independently on the code and check that certain conditions are met. For example, it shows that when you put in specific data, the right data comes out.
How else do you see smartphones working with this type of tech?
There are so many use cases that this technology can be applied to, ranging from healthcare, to tourism and many more, but I’ll give just two examples.
Across Europe, more than 200 million people have European Health Insurance Cards (EHIC), which are used in hospitals and medical centres. Similar to passports, each EHIC card is equipped with an NFC chip, containing information on the patient. With all the equipment a doctor would carry when visiting a patient, it would therefore be a great relief for practitioners to have the ability to verify a patient’s eligibility with just their smartphone.
Another valuable use-case of smartphones working with this technology is to help reduce deception on platforms such as Airbnb, as highlighted in the recent fake listings scandal. The listings on the exploited platform showed that more needs to be done to protect people from online scammers. One solution could be to use more thorough registration processes for both organisations and their customers which involve smartphone scanning technology.
What do you see for the future of biometrics?
In many ways, biometric technology is already ubiquitous. We are using our fingerprints to unlock our laptops and facial recognition on our smartphones. In future, this technology will be up-levelled as ID verification is implemented at airports and hospitals. Some people already implant NFC chips in their hands! The world is continuously digitising and these functions will become increasingly prevalent in our daily lives. The future, in a way, is already here.
Do you think that AI will eventually take over authenticating IDs?
It can definitely take a lot of the more tedious and repetitive work from humans, and catch many of the inconsistencies that a person could easily miss. Having said that, we do think it will be good to have a human in the loop somewhere as there will always be cases of people who, for example, look different from their ID photos in a way that has not been programmed into the AI. Also, people can also change a lot over time, so basing ID authentication entirely on facial recognition alone is perhaps not the way to go.
Another important point to consider with AI is that the technology is only as intelligent as the data given to it by the programmers. We are seeing more and more situations where the data being used is coding the biases of humans into the machine. For example, researchers at MIT recently found that many leading AI facial recognition technologies are significantly worse at identifying people with darker skin, as the training data used were overwhelmingly images of white men. It is vital diverse sets of data are used to improve the process.
How are you dealing with the security side of the new product?
For us, security is always priority number one. Our scanning technology processes all data on the user’s device, and for this reason, it can even work offline. That means there is no chance of interception by third parties, as there is no need to connect to an external server or transmit sensitive information to a cloud in order to function.
All of our major clients in these police forces have spoken to us about integrating NFC chip reading into their workflows because it gives them an extra layer of security. We are giving police and border security an ‘uncheatable’ ID verification tool, right on their smartphone.
What trends are you seeing in this area?
Basic processes are now being linked to national ID cards. One recent customer success story we have is Safaricom, the largest telecommunications company in Kenya. In Kenya, customers need to provide ID information in order to buy and activate prepaid SIM cards. This means potential users would have to go to a Safaricom shop or reseller with their ID to fill out a registration form before their SIM would work.
This inconvenience didn’t just cost Safaricom customers time; manual data entry can also be inaccurate, leading to incorrect registrations from typos or misread handwriting. By adding Anyline ID scanning into the mySafaricom app, customers now are able to register themselves in seconds with their own phone.
More people than ever are looking for solutions like Anyline’s to improve their organisation’s processes, to work faster and to ensure better data protection. As we digitise society and more regulation comes into play, more stringent controls will be put on organisations to combat fraud and cybercrime, leading to an increase in the need for the technology.