Open in app

Sign in

Write

Sign in

“Ripping” IDs Should Go the Way of CDs…

David Kelts on ID
5 min readFeb 21, 2024

--

The Solvable Problems of Mobile KYC

Remember endless hours ripping your CD collection to digital…why are we spending endless hours scanning analog ID documents over and over again? Alternatives exist. Let’s think differently about how Mobile KYC fails customers

A recent thread on a work-oriented social platform caught my attention. Some people I know to be the people they are could not verify their profiles using a mobile KYC solution. This article isn’t to bash those solutions, or the myriad improvements made, but to urge our industry to understand the complexity we’ve foisted on our users and incite action to do different.

Analog to Digital Conversion, anyone? “Ripping IDs” to confirm identity should go the way of Ripping CDs…

How do I know the problems that exist?

In December 2014, before a presentation to the Identity Ecosystem Steering Group about how to “Bring the trust of the Driver’s license online”, MorphoTrust USA filed a provisional application that became US Patent 10,678,939. The front-back-selfie wave was born, admittedly without the system of record connection described in that patent text. I spent several years leading a smart team improving an identity verification product line.

I’ve watched thousands of people try to run these selfie-to-DL matching steps in various forms and helped debug their issues with smiles, vision acuity, phone models, and lighting. I’ve spent weekends helping hundreds of great Utahns use mobile registration live in a credit union lobby.

Visually impaired people cannot get over these hurdles. It takes too many hands for these solutions to be inclusive. Back-facing phone camera quality varies greatly with how much you can spend. These solutions are not inclusive by any stretch of the imagination, and the fallback is to go to a physical location.

The Places Within the Selfie-ID Verification Process that Fail

  1. Manually taking a quality, flat, well-lit, high-res picture of a card is hard
  2. Taking an ICAO-quality, well-lit, machine-matchable portrait is difficult. Everybody wants to smile (or make duck lips …idk…) in a selfie
  3. Webcams are very low resolution compared to phones and vary widely
  4. PDF417 Barcodes from the back of DL/ID cards are easy to generate and nearly every Fake ID has the same information on the back and front
  5. Connections to databases that would verify the authenticity and validity of a DL/ID are expensive or restricted to law enforcement (makes sense)
  6. Most hard-to-forge security features of an ID card require multi-spectral light, are tactile, or require magnification. Phones capture visible light
  7. Cropping the card portrait results in a small, low-res photo for machine-matching that has security lines, holograms, and indicia through it
  8. Cropping a portrait from a poorly captured, low-res ID card will not give sufficient resolution to measure the facial features for matching
  9. You need cloud/phone processing power to determine that a human is live and real for the probe image — called Presentation Attack Detection
  10. I have to ID myself repeatedly with each new service that wants (notice I didn’t say “needs”) ID and each KYC system differs, creating doubt

Can I stop here? We haven’t even gotten to the accuracy of biometric matching algorithms (new entries, if used, have solved any racial/gender bias, so lighting is the major hurdle to accurate matching). People think biometrics are 100% when a human visual verificdation is only ~97% (per a 2017 Google study that I cannot find).

Oh, did I mention that people end up with images of their IDs in photo rolls and synchronized to every app they grant photo library permission?

Humans are humans and will do what humans do using technology.

You simply cannot account for the variations people and machines will cause to happen (credit Jurassic Park)

If there are this many variables to a process that seems conceptually simple, one or more of those variables will go wrong.

We are turning away good potential customers

There are tremendous capture, scan, photo, and biometric matching systems out there from excellent, reputable vendors. The improvements in the decade since selfie matching started are incredible and laudable. This process is significantly easier and more accurate than it ever was.

Still, people sitting at their desks get turned away from having “verified profiles”. Now try taking a picture of your ID with one hand, holding your phone in the other, on a sidewalk balancing your potential rental scooter against your hip in bright, vacation sunlight. Ya, no!

Let’s go Digital

Mobile Driver’s Licenses (mDL) are now available to greater than 17% of the US cardholding population. Adoption isn’t awesome yet because people don’t know they have existed in production for nearly 2 years and in concept for four-plus years. ISO/IEC 18013–5 is solid and functional. The data is digitally signed by your Issuer but you control it. It provides a level of control over data and transparency into data-storage that users haven’t experienced for decades. There are verifier apps and equipment from multiple vendors. Places do accept mDL.

In the coming months of 2024, ISO/IEC 18013–7 will add consented, selective-disclosure, digitally-signed mDL sharing to apps on the same device AND to websites over the Internet. (This will be the topic of a forthcoming post of mine.) So imagine sharing just your age to be granted entry to that website you don’t want your name associated with… or accurately filing for benefits without typing into a form. During the final approval stages, the ISO/IEC 18013–7 Technical Specification will be available for implementation.

Let’s Go Digital to Digital

“The first bank to replace their Mobile KYC with a connection to a Mobile Driver’s License is going to garner attention from the press and obtain new customers.”

It’s time.

The mDL provides digitally signed, matchable portraits upon consent as well as only the digitally signed data relevant for the approval. ISO/IEC 18013–7 will allow app-to-app consent and retrieval of mDL data similar to the way your email launches your airline application. It will also present a subset of mDL data to a website after consent for uses like age verification.

The challenge is made: Let’s short-circuit problems 1, 3, 4, 5, 6, 7, 8, and 10 above. Let’s make better self-registration and selfie-KYC solutions. Let’s work together on mDL acceptance. Who will sign up:

Relying Party (bank): _____________________________________

Biometric Match and Liveness Vendor: ______________________

mDL Solution Provider: ____________________________________

Test Subject mDL Holders: _________________________________

David can be reached for comments and feedback at david at decipher dot id

Mdl
Kyc Verification
Identity
Identity Verification
Mobile

--

--

David Kelts on ID
David Kelts on ID

Written by David Kelts on ID

58 Followers
8 Following

Trusting identity in our mobile web of a world is a solvable problem if we define and build the right framing. David is a long-time identity industry expert.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams