1. Identity verification in the private sector Chris Gration 30 March 2006

2. DRAFT 2 What is identity? Identity – (noun) (1) the fact of being who or what a person or thing is. (2) the characteristics determining this. Latin idem – the same (Concise OED) The identity of an individual has a number of aspects: e.g., his/her given name (which of course may change), date of birth, place of birth. Other facts about an individual accumulate over time (the so-called electronic “footprint”): e.g., family circumstances and addresses, employment and business career, contacts with the authorities or with other financial sector firms, physical appearance. UK Joint Money Laundering Steering Group 5.3.1 Identity is an artefact, and also a function or process. The law assumes that each individual has a single, continuous identity as a natural person – a ‘true identity’. The law assumes that true identity is accessible. In practice it is not, but it may be approximated. A range of identity recognition processes can attempt to approximate true identity. All are fallible, and no practical recognition process is unconditionally the best.

3. DRAFT 3 Identity & probability  Identity recognition – establishing ‘true identity’ – is always a probabilistic process.  Identity recognition evidence may include: Biometric (fingerprints, voice, retina, facial structure and DNA) Attributed (birth name, date of birth, parent’s details) Biographical (evidence of social interaction such as credit history, educational certificates, electoral registration) (Identity Fraud: A Study, UK Cabinet Office 2002)  The outcome of the identity recognition process can be defined as a probability. Is this John? (90% accurate) Is this Smith? (95% accurate) = Is this John Smith? (99.5% accurate) +

4. DRAFT 4 Identity and probability  Identity recognition is always fallible. Even if the data is infallible, the mechanism to collect and assess it is fallible.  More attributes can be added to the recogniser to decrease the probability of error.  The recognition and the decision processes are separable.  The same recogniser can be used for different decision contexts by adjusting the certainty threshold depending on costs and risks.  Raising the certainty threshold will increase both the hit rate (frauds detected) and the false alarm rate (non- frauds flagged as frauds). High consequence decision Low consequence decision Low threshold High threshold Recogniser Recognition Decision Low hits Low FAs High hits High FAs

5. DRAFT 5 Risk – valid ID validly claimed  Testing validity of claim to an ID is the most difficult claim for verification processes. It requires detecting ID frauds (either ID takeover of a valid ID, or synthetic creation of a valid ID).  Face to face verification (facial recognition) may be considerably less effective than remote, algorithmic processes.  More than 50% of unfamiliar faces were not matched to photo IDs in one study. 1 1.Kemp, Towell and Pike “When seeing should not be believing: photographs, credit cards and fraud” Applied Cognitive Psychology Vol 11 211-222 1997 Detection rate % of frauds detected False Alarm % of non-frauds rejected Best case Easiest to detect fraud 66%7% Worst case Hardest to detect fraud 34%14%

6. DRAFT 6 Electronic ID verification  Electronic ID verification is a remote, algorithmically integrated ID recognition process  eID tests evidence from the ID claim, with elements of biographical and attributed evidence stored digitally in datasets.  The key elements of eID are data, a matching process, and a scoring layer to integrate a probability.  eID differs from Document Verification in its goal: document verification seeks only to verify that a document is validly issued. It may be a source of evidence for ID verification.  Electronic ID and Electronic document verification may both operate remotely and using algorithmic integration of the evidence.  Algorithmic integration may in many circumstances be superior to manual integration:  It permits integration of a very large number of evidence variables consistently ID claim Matching process Internal & cross checks Integration layer Score

7. DRAFT 7 Comparison of UK and Australian data sources available Data set AustraliaUnited Kingdom Consumer credit records Yes Public record information Yes Companies information YesNo Electoral roll Yes Telephone numbers Yes Deaths NoYes ID Fraud information Yes Postal addresses Yes Post office re-directionsNoYes Watch lists Yes Aliases Yes

8. DRAFT 8 Privacy issues We need to clarify  public interest in identity verification  matching is not disclosure  how consent can be made meaningful  consistent guidance for use of public registers