How Biometric Face Verification Enables Effortless IAM in a Zero Trust Environment

Then I will hand the stage over to you.
Thank you very much. So I wanted to introduce myself again, cause I just did, but let's talk about a little bit about how we feel that biometric face verification can enable a really effortless process, especially around IAM, including in zero trust environments.
So the question and what face verification is all about is enabling trust in remote users. Yeah. We all obviously live in a world that's increasingly digital. I increasingly remote where people are less likely to be in your branches and your stores and your offices anymore for, for various reasons, even before the current pandemic and trusting in those people who are remote are not physically present is really important. You growing online channels requires authentication methods that enable those remote users to prove they've got the required permissions to access the digital service, the digital product, the digital thing that they, that they want to use.
And I'd like to argue today that that just a good service for that is not good enough up to now. Digital identity has been largely built for the organization, you know, such as banks or the financial institutions or even governments, but not really for the user. It's been focused on the organization, not the user it's been focused on meeting regulations, you know, compliance to regulations, AML D PST two, which is obviously fine. You know, of course, I'm not gonna argue today that that's not important and that no one needs to be compliant. That'd be crazy, but there needs to be a security and usability trade off, but that's even, that's not really any longer acceptable. The area of passwords and even selfies and video chats has, has gone their time consuming. They've got high levels of customer friction. Their operationally, very inefficient and solutions need to be better than good enough. Passwords are no longer fit for purpose. Current fraud, defenses are no longer usable and all these things need to evolve.
Let's now quick, look at we'll get about what we are up against anyone who's in biometrics or, or cybersecurity will, will know a little bit here and what we're all up against together. There's three primary attack types which need defending against you. On the left hand side here is the, the sort of most obvious one in a way that's impersonation or just getting the wrong face. So person a pretending to be person B and attempting to misrepresent themselves. The second one though in the middle is about presentation attacks or presented artifacts. So that could be a, a static artifacts such as a mask or, you know, sophisticated Silicon mask of someone that looks highly realistic, a screen recording presented to the sensor, you know, a video or even just a basic paper photo held up to the camera. But on the right hand side, there is something that's becoming increasingly prevalent and, and, and seems to be particularly dangerous at the moment, which is digital attacks that includes deep fakes and deep fake manipulation. And a lot of these actually bypass sensors, such as cameras, they're injected into data streams. So they're not things that are physically held up to the camera.
So we need to solve the problem of assuring trust in remote users and combat those types of fraud. So how do we, how can we do that? Well, the first couple of things we can do is make sure we've got the right person. So that's through face matching. That's the yellow circle on the, on the screen, I've just brought, brought up there and that can fight against imposter attacks. If we can make sure that we can face match the person against some sort of form of trusted ID passport or, or driver's license, maybe the classic ones, then we can know we've got the right person and we can guard against it being the wrong person. We can also guard against presentation attacks that's by using sort of machine learning based approaches to and ascertain that the person is real. And that's, that's essentially called liveness something.
Something may, maybe many of you will have heard of. So all of this together is, is liveness assurance. And that's a really important aspect to understanding that someone is, can be trusted. I'd argue today though, that we need to go to a third level to combat those digital identity, digital injected attacks, rather there's those deep fakes, the synthetic imagery I mentioned in the previous slide. So we need to check whether that person is not just the right person and the real person, but it's also there right now, check that they're there in real time. Now I prove we do that with controlled illumination, which those of you are familiar with what we dove, seen that before. And if you're curious again, come and see us in our digital booth, but however that's done understanding the person is validating verifying in real time right now is really crucial to make sure that they're not a deep fake, they're not synthetic. And to make sure we could be assured of the genuine presence of that person.
So a really good secure approach needs to be dynamic as well, to adapt to a changing landscape. Those threats that I've showed a couple of slides ago, they're not gonna stay static. They're not gonna stay the same forever. Attackers will always try new things. So everyone needs to monitor that and, and stay one step ahead was to monitor for bias, of course, and, and threat analysis. There's also monitoring needs to be centralized needs to centralized across all platforms. It should not be on device cause anything on device is open to reverse engineering and experimentation. So any security based analysis needs to be off device. It also needs to be highly secure, protecting against those threats, making sure of data security and of course, privacy of the user. That's crucial. It can't just be secure. It has been private too. So in conclusion, I'd argue that a cloud-based approach enabling dynamism essentially, and, and, and flexibility to monitoring the landscape prevents attacks and that prevents them becoming scalable and repetitive repeatable.
One of the really important element that we be remiss me to not mention today is that digital inclusion needs to be a priority. So we're returning to the idea I mentioned before that the focus needs to shift from biometrics to serve the organization only, but to the user. So the usability, the usability point that I made on that first sort of Seesaw slide, if you remember, isn't just about being quick and easy to use, although that's of course really important to get good user success rates and happy customers, but it's also about privacy, inclusivity and bias. So privacy is now in the mainstream. I mentioned it a moment ago, making it high on the user's agenda there, that people are aware of the, of, of what they need or what they want for their to maintain their privacy. There are challenges of inclusivity. Of course you, any successful solution needs to be available to any device with minimum instructions, especially text based. And it needs to respect the dignity of the user. Usability is key. It needs to be usable for all crucially. So it's not just about usability. It's about applicability and accessibility. Gotta make sure that we cater for everyone and, and any ability and, and disability of course, and bias. You've gotta talk about and, and consider age bias, ethnicity bias, you know, especially around skin tones, if you're, if you're talking about face verification.
So I'm returning to the, the, the imagery I showed at the back of the beginning to repeat that cloud based face barometric authentication can do all these things. It can create a secure, trusted, digital identity. It can deliver a balance between security and usability, which includes those considerations of inclusion of, of accessibility. And it can mitigate against fraud and digital attacks. So in summary, with a face biometric verification organization, such as IPRO, but no longer do we have to compromise, we don't have to compromise between security against usability and usability against security that can enable an effortless IAM in zero trust environments, IPRO, where I, I represent we've been authenticating, genuine remote users with the highest level of security, inclusivity and usability for many years. And we do it at scale. If you've got any questions, like I said, right at the beginning, or if you'd like to continue the conversation drop by the virtual booth in that virtual expo area. Thanks again for joining. Enjoy the rest of the conference.