Subscribe
About

Using ‘liveness’ in authentication

Reversing South Africa’s recent greylisting is possible, as one cyber security feature may hold the key: enterprise-level biometric authentication.
Gur Geva
By Gur Geva, Founder and CEO, iiDENTIFii.
Johannesburg, 24 Apr 2023

With an understanding of the threats at hand and strategic action at scale, South Africa’s recent greylisting can be reversed.

Identity verification and advanced biometrics constitute the core tenets of financial compliance and anti-money-laundering (AML).

AML refers to the measures financial institutions must put in place in order to prevent financial crimes from taking place. Know your customer (KYC) is one of the AML measures used by businesses to collect information about their customers, thereby verifying their identities.

However, one of the current fault lines running through financial crime in the country can be traced to KYC systems that don’t take all aspects of biometric identification into account.

There are opportunities to add a deeper layer to KYC and AML solutions. However, many positive steps have been taken in recent years. Leading South African banks, for example, are taking steps towards meeting compliance, handling KYC and AML through onboarding using advanced remote biometric authentication.

If we are to successfully reverse SA’s greylisting, action needs to be taken quickly, intentionally and at scale.

Yet, as a recent iProov Biometric Threat Intelligence report reveals, the cyber threat landscape is becoming more sophisticated.

Two of the key trends are presentation and injection attacks. A presentation attack refers to a physical object, mask or photo being held up to a screen by criminals who wish to forge an identity.

An injection attack uses digital means, such as face swaps, deepfakes or computer graphic rendering to insert synthetic imagery into an online authentication system.

Financial institutions must find a new way to prove identity if they want to prevent money-laundering and cyber attacks. The answer, I think, lies in the use of ‘liveness’ in authentication.

Simply put, ‘liveness’ is the confirmation and verification that there is a human being conducting a transaction on the other side of the screen.

While cyber criminals can mine personal data and override certain systems through targeted attacks, it is more difficult to forge a sense of human liveness.

As digitisation accelerates across Africa, the demand for enterprise-grade liveness detection and online identity authentication services has become critical.

Companies require additional security, as online identity fraud, impersonations and cyber attacks become more sophisticated. The infallibility of liveness has also been illustrated in the market. We’ve partnered with one of the country’s leading banks to roll out a 4D liveness solution. The assurance of genuine presence, including proof of liveness, is resilient against deepfakes and replay attacks.

In addition to the sophistication of biometrics, financial institutions need to consider scale.

If we are to successfully reverse South Africa’s greylisting, action needs to be taken quickly, intentionally and at scale.

As companies join the race to implement resilient KYC measures, they must pay attention to the scalability of their solution and insist on a globally accepted, enterprise-level approach.

If a financial institution can demonstrate an ability to combat threats at a global level, this could instil faith in reluctant overseas investors and local customers alike.

South Africa’s greylisting is a call to fortify its digital security at a time when cyber threats are increasing and diversifying exponentially.

Ensuring that we embed infallible, enterprise-level and sophisticated biometric authentication into our financial services infrastructure should not just be a response to our greylisting, but a strategic imperative in an increasingly digitised economic climate where cyber security risks abound.

I believe South Africa has what it takes to reverse its current greylisted status if public and private institutions embrace the capabilities of enterprise-level biometric authentication.

Share