truuth: A next generation solution for digital identity and cybersecurity
Mike Simpson
22nd March, 2021 3 min readTruuth, a Sydney-based digital identity and data security company has been successful receiving funding under contract with AustCyber, the Australian Cyber Security Growth Network to deliver next generation solutions to combat identity crime
The recent and rapid rise in ‘deep fake’ identities created by Artificial Intelligence and Machine Learning algorithms is leading to significant fraud risks. Recent estimates by the Attorney-General’s Department indicate that identity crime costs Australia upwards of $1.6 billion each year, with the majority lost by individuals through credit card fraud, identity theft and scams.
Identity crime is also a key enabler of organised crime, which costs Australia around $15 billion annually according to the Australian Federal Police. On a global scale, the United Nations Office on Drugs and Crime (UNODC) estimates could be as high as USD 2 trillion per annum.
Truuth is collaborating with AustCyber and leading Australian enterprises to demonstrate the cybersecurity benefits of the truuth Identity Platform. The $1.9m project is focused on mitigating the risk of identity crime by addressing inherent weaknesses in current Know Your Customer (KYC) and authentication processes by employing multiple user biometrics combined with state-of-the-art ‘liveness’ tests that significantly limit the potential for deep fake and other fraudulent identities.
The truuth Identity Platform enables consumers and enterprises to choose any combination of biometrics for online authentication, greatly improving online security while also delivering a seamless user experience.
Protection of customer identity data has been central to the design of the truuth platform. There are several innovations in our approach that deliver a higher level of assurance when verifying the identity of online users:
First, we employ a range of Artificial Intelligence (AI) and Machine Learning (ML) models to test the authenticity of the user’s identity documents.
Second, we match the face on the user’s photo ID document with a selfie to ensure it’s the same person, and we also perform a test of user liveness to ensure fake presentation attacks are not treated as real people.
Third, we protect user identity credentials with multiple layers of defense including fragmenting, salting, encrypting, and sharding credentials across multiple trusted servers to avoid creating a ‘honey pot’ of customer data.
Fourth, we create a strong ‘binding’ of credentials between the Verification of Identity performed during user onboarding and the ongoing ‘passwordless’ authentication of that user using any combination of face, voice, fingerprint, or other FIDO accredited second factor.
Fifth, we empower organizations to request ‘step up’ authentication based on the risk of authentication event. For example, if a user is transferring a large sum of money overseas they can be automatically asked to authorize the payment by simply authenticating with their face or voice (or both). This assists automating compliance with Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) obligations.
And finally, we enable the user to recover their account without the need to rely on insecure passwords or security questions. The account recovery process is a well known security vulnerability, primarily due to dependence on user information that can be collected by fraudulent actors. We solve for this insecurity by empowering users to recover their account with their face and voice on any registered device.
The combination of these security features enable truuth to verify the human behind the device with market-leading assurance.
If you have high-risk use cases where verifying the identity of your online users is critical, then truuth can assist. Reach out today for an obligation-free trial of truuth KYC or truuth biopass.