Onfido helps businesses to identify their customers using Government IDs and facial biometrics; deploying advanced technology to ensure that IDs are genuine. Onfido was in the UK Financial Conduct Authority’s first Sandbox programme (and has been invited back into the fifth cohort) and is a leader in the concept of portable identity. In this interview, Husayn spoke with prepaid card provider Soldo as to how Onfido are helping members of society who are unbanked use advanced technology to prove their identity.
Security is broken and getting worse from our perspective. When I and my two co-founders researched this seven years ago, when we first started the company, we were surprised at the statistics. The UN estimates that up to 5% of the world’s GDP is laundered money. That is up to $2 trillion worth. And it is used in human trafficking, drug trafficking and terrorist financing.
The common denominator across the many different types of fraud is that the individual would commit identity fraud, but not get caught. And of the laundered funds, less than 1% is recovered by authorities. So 99% of it goes through successfully, which is a terrible statistic and a shameful one for anyone in the security industry.
The first pillar of our business is to make it easy for the honest 98% of people to easily access services while allowing companies to meet their legal obligations. The core of any business, especially if it’s a financial services business, is that they legally have to ensure that you are who you claim to be. Traditionally, that has been achieved using credit bureaux like Experian or Equifax. But a bad actor can easily steal a copy of key documents or buy your date of birth, name and address on the Dark Web. So our approach of using Government IDs and facial biometrics is geared towards ensuring that proving identity is done in a more secure way.
Secondly, there’s a financial component to those companies losing money – or reputation – thanks to bad actors. So the optimized state is for businesses to give access to as many people as possible to their services while locking out the bad actors – it’s two sides of the same coin.
The UN estimates that up to 5% of the world’s GDP is laundered money. That is up to $2 trillion worth. And it is used in human trafficking, drug trafficking and terrorist financing.
Every time we see a Government ID and a facial biometric, our machine learning models are progressively getting trained automatically to understand what good looks like and what a fake looks like. And as we get better at detecting the 2% that are fake, so we can more confidently identify the 98% that are actually genuine.
That may seem obvious, but if you don’t have clear signals as to who the bad actors are, then often legitimate people are blocked from accessing services altogether. If you consider the unbanked and underbanked, or businesses without a strong trading history, people who don’t have rich financial records and who are therefore not on credit bureau listings; historically the financial services industry in particular was not able to extend services to them. There are swathes of communities – emerging markets served by pocket banks, for example, who can now be verified and gain access to services because we can improve our understanding of what a bad actor looks like.
The credit bureaus are aggregating data, which means their method is database driven. They constantly seek to add more data to their databases and create connections between those datasets. It could be social media activity or third party data like insurance information, for example.
We have no reliance on centralized databases whatsoever. If an unbanked person has a photographic Government ID and access to a phone with a camera, then we are able to verify them.
Around 2 billion people are bureau backed; but around half the world’s population are underbanked, unbanked, and not on any bureau’s listings. We can help them prove their own identities and do so more securely. There’s no longer a trade-off between lack of documentation and gaining access because nothing we do is database driven. It’s machine learning applied only to government-backed ID documents and facial biometrics.
Sure. Three quarters of the checks that we provide today are for people who are already banked. Traditionally, a mainstream, high street bank experiences a 40% drop-off. It takes hours for you to open an account there. An online bank can see as little as a 15% drop off, with a 25% uplift in the number of people that are successfully onboarded, while being able to target a five-minute process overall. For the consumer, it will be a matter of 30 seconds actual activity, but including back-office processes, the gold standard for fintechs is really that five-minute mark.
That’s very much the value proposition of our business right now: consumers can verify their ID from the comfort of their own home, you don’t have to go and see someone face-to-face in a bank branch or take your paper utility bills. This is very much at the heart of the first wave of fintech innovation; focusing on UX-centred improvements. The second wave of fintech innovation is the bottom of the pyramid we discussed earlier: servicing the underbanked and unbanked who historically have not had the opportunity to access services at all.
There are broadly three categories that someone would need to consider if they are setting up a fintech company in particular:
Traditionally, a mainstream, high street bank experiences a 40% drop-off. It takes hours for you to open an account there. An online bank can see as little as a 15% drop off, with a 25% uplift in the number of people that are successfully onboarded, while being able to target a five-minute process overall.
In our view, version one of our digital world was the centralised credit bureau model. We have taken things to phase two, which is government identification biometrics: more secure and giving access to more people. The third phase, which we’re working towards now, is consumer-driven identity. We envision everyone in the world being part of essentially a portable identity ecosystem, where the consumer ultimately owns or controls their legal identity. They are then able to provision access to any business or organisation they choose. Fully private, fully controlled by the consumer and even more secure.
You’re completely right that this is an issue. So what we are doing is twofold. One, we wouldn’t be the custodian. For those who want to participate, we work with partners to help consumers store their identity credentials in whichever way they choose. We don’t store the data and we don’t have access to any of it. Only the consumer does, and only the consumer using their biometrics would be able to unlock it and grant access to others.
The second component is that parts of the system will be open source, so that others are able to come and play their role as well. If, one day, we were to become complacent and cease to be the most effective partner , then others should be able to take our place.
The longer term point is that security is, unfortunately, not going to get better. The big concern that I and others have is that the big tech giants have far too much control over us. And that’s because they can profile us online, and therefore they have all the power. But if you are able to have control and ownership over your legal identity, then ultimately you can become invisible online in the sense that you don’t need to prove yourself. You don’t need to share your name, date of birth and everything else with the service providers – you can just give them proof that you’re over 18, for instance, or that you have been verified. That will hopefully create much more of a level playing field online so that businesses can know you, trust you and extend their services to you, but only know what they need to know. That way, we can redress the disparity of the amount of data usage that is increasingly dominated by the tech giants today.