Prove My Age white paper: Fast, free and private age verification for adult content sites

ProveMyAge is fast, free and completely private way to prove you age to access adult content online. This solution was developed in response to the proposed legislation in the UK’s Digital Economy Act which planned to require anyone wanting to access online adult content to prove they are over 18.

The solution harnesses our age estimation technology Yoti Age Scan and the Yoti app to give users two ways of securely proving their age on adult content sites.

You can read the full Prove My Age white paper here.

A step change in data protection and email phishing with digital identities and Galaxkey

Email phishing is an age-old method of cyber crime that is becoming increasingly more sophisticated with modern technologies. According to Verizon’s 2019 Data Breach Investigations report, 32% of all cyber attacks involved phishing, which poses a huge threat to large organisations and individuals.

Our latest partnership with Galaxkey combines high-level encryption with biometric authentication technology to give recipients of an email a way of verifying the sender and protecting their data.

 

Know Your Customer (KYC)

Our identity verification solutions help businesses carry out their KYC checks and mitigate fraud across a range of industries, from gaming to financial services. Receiving secure emails with eKYC is a significant leap in email security. If implemented across the board, phishing emails could be eliminated.

 

Galaxkey

This is thanks to Galaxkey’s secure data protection platform that enables users to secure their data and emails. The high assurance security platform is underpinned with three levels of encryption, ensuring private information is sent securely.

By linking these emails to a digital identity, Galaxkey can now offer a way for customers to verify who is sending the email before opening it.

 

How does it work?

Users access the Galaxkey collaboration platform by scanning a QR code with their Yoti app to authenticate themselves.

When someone sends an email, the recipient gets a Yoti-stamped email and can easily verify the identity of the sender.

The recipient verification and the email transaction verification make it easy for organisations to ensure that the person sending the email is who they say they are.

Find out more

We are really excited about this powerful partnership and our potential to heighten cybersecurity across the globe.

To see for yourself how Galaxkey works, you can up for a 14-day free trial on their website.

Meet the Volunteer Edinburgh digital volunteer ID card!

There has been an incredible citizen response to the coronavirus crisis, with people signing up in their thousands to offer their support in any way they can. But as charities and volunteer groups bolster their ranks, the prohibitive costs and logistical issues of distributing ID cards has become a serious safeguarding issue.

Which is why we’re delighted to be supporting Volunteer Edinburgh with digital volunteer ID cards that they can issue directly to a volunteer’s phone.

Volunteer Edinburgh works with some of the most vulnerable citizens in Edinburgh. As they deploy 1,400 volunteers through the Scottish Government’s Scotland Cares, being able to remotely equip those delivering their services with secure identification is fundamental.

As the issuing authority, they can issue, update and revoke volunteer ID cards via the Yoti app. Volunteers can’t edit the information but can present their ID card on their phone or share verified details ahead of a visit via text or email. 

For extra security, cards have a digital hologram which changes with the movement of a phone and have a live QR code that can be scanned to check the validity of the ID. You can see it in full glory in the video below.

 

Our scalable system is already being used by the NHS to issue secure digital ID cards to thousands of employees under NHS E&I, NHSX and NHS Digital. We fast-tracked the NHS staff digital ID cards at the beginning of the pandemic amidst reports of employees being attacked for their ID cards by opportunists looking to cash in on key worker discounts. Digital ID cards are intrinsically linked to the individual through the Yoti app, so can’t be lost, stolen or asserted by anyone other than their holder.

We’re really happy to also be able to support Volunteer Edinburgh at a time where fraud in the UK has doubled and doorstep scams pose a real danger to the most vulnerable in the community.

As Chief Officer at Volunteer Edinburgh Paul Wilson outlines, “Being able to badge our authorised volunteers remotely and with such control is vital and gives the people we are supporting greater confidence in our volunteers and Volunteer Edinburgh.

Yoti’s contribution to the Covid-19 pandemic response has been invaluable. Their support for Volunteer Edinburgh has allowed us to augment our already robust onboarding process for volunteers and means we can deploy our volunteers with greater safety and security.”

Our Scotland Commercial Director, Gordon Scobbie, tells us, “It’s been a pleasure to help the volunteering effort in Scotland and we look forward to helping out more organisations who need this kind of innovative digital solution.” 

Successfully completing HIPAA Compliance Readiness Assessment

We are delighted to confirm we have received a HIPAA compliance readiness report from an independent auditor.  This gives us and our clients comfort that Yoti fulfils all requirements in the HIPAA Security Rules and the Privacy Rules.

As Yoti has been built from day one with security and privacy at its core, we only needed to explain our architecture and control environment to our independent assessors, Corporate Prime Solutions.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was created to modernise the flow of healthcare information, and set out how personally identifiable information is maintained.

Our HIPAA compliance, combined with our ISO27001 and SOC2 (type 2) compliance, mean organisations and consumers can be sure our data controls and protections are legitimate.

#Nudes4Sale: supporting the BBC’s expose of underage porn with our anonymous age estimation technology

A few months ago, Yoti was approached by the BBC to support their investigation into a growing trend on social media called #Nudes4Sale, a phenomenon that sees thousands of adults and teenagers making money from selling their own nude photos and videos. We helped them check the ages of the people sharing content on social media platforms with our anonymous age estimation solution, Yoti Age Scan. And the results were shocking. 

The full documentary is on the BBC iPlayer. You can find us at 13-17 minutes during which the BBC journalist runs profile pictures through our age estimation portal, and then again at 40-43 minutes as our CEO Robin Tombs and CTO Paco Garcia talk through the results from the age estimation. 

The BBC tackles a sinister trend

This documentary investigates why and how so many thousands of adults and teenagers sell nude photos and videos online. They do this through specialist platforms like OnlyFans and promote their activities through their own personal channels on mainstream social media platforms such as Twitter, SnapChat and more. 

Why do they do it?

“The appeal is simple”, explains Flynn, “It’s fast, easy and you can earn big money.”

People can quit their job and make more money from their bedroom without physical contact. The allure for some is obvious, but making anything too fast and easy brings downsides. As Flynn clearly states, “the other side of selling nudes is far more sinister”. 

18+ content from the wrong hands 

Adult content rules are set at 18 for good reason but there’s very little that enforces these rules in the online space. “I saw a disturbing number of seemingly underage profiles advertising nudes for sale, with many promoting their content on Twitter… I was concerned a number of the profiles I came across were younger” Ellie continued.

Her observations were confirmed by Hannah, aged 17 from Scotland. She created an OnlyFans account with a fake ID and was selling explicit personal content at the age of 16. Despite being caught and banned, she managed to rejoin and share again.

BBC commissioned research with Yoti technology 

To test Flynn’s theory, the BBC commissioned a piece of research using Yoti Age Scan to scrape Twitter accounts for explicit images and estimate the age of those who appeared in the photos.

“The results were staggering: In just one day they found 2,545 separate accounts where the person in the profile photo appeared to be under the age of 18. These underage results accounted for a third of the total images, with 37 estimated to be just 13 years old.” said Ellie.

Yoti Age Scan ‘always forgets a face’ ®

Yoti Age Scan uses machine learning AI to deliver accurate age estimations for people of all ages, skin tones and genders. The technology works by comparing an image to its knowledge of thousands of other verified ages. It does this free from human bias and ‘always forgets a face’®, with no image retained after ages are estimated.  

More detail can be found in our regularly-updated white paper.

Every face is different. Some people naturally look young for their age and others look older. It’s possible for an 18-19 year old to be estimated younger than their actual age and equally, some 13-15 and 16-17 year olds could be flagged as older. But, on large sample sizes, the technology delivers high accuracy and enough assurance that accounts could and should be checked if the person appears underage.

Yoti has signed the Safe Face Pledge, which marks our commitment towards mitigating the abuse of facial recognition technology. We have embedded the pledge into our business practises, addressing harmful bias, transparency, showing value for human rights. We are transparent about our use of biometrics and have undertaken an Algorithm Impact Assessment with  Allison Gardner, IEEE expert from Keele University.

Failing to protect the young and vulnerable 

It’s clear from the findings that we are failing to protect young people online, despite networks defiantly claiming they have “zero tolerance” and “strictly prohibit” child pornography.

As leading child safety expert John Carr told us, “companies that are providing the games and Apps that children flock to really must step up and start making much more extensive use of age verification.” However, it’s been proven time and time again that self-regulation isn’t enough for the vast majority of social networks and content businesses. More needs to be done internationally from a governmental level to protect young and vulnerable people online. 

The UK’s Digital Economy Act was a first beacon of hope in this fight, but it sadly faltered when the proposal to introduce an age verification system was abandoned after being delayed three times by the government. While other countries are stepping up efforts for better regulation, the online world needs unified global responses to tackle problems. Child pornography and underage access to social, live streaming, dating and adult platforms are pressing issues that require attention as this documentary shows. 

Robin Tombs, Yoti CEO said: “As a company dedicated to protecting children online, we were proud to support the BBC with our anonymous age estimation tool, Yoti Age Scan, in this investigation. It will be shocking to quite a lot of people because they just won’t assume that is the type of thing that’s going on. It’s clear more needs to be done by these companies to protect children and vulnerable people online. We have the tools available today to do that, you have to question why these platforms aren’t choosing to use them.”

Supporting volunteering platform Do IT with free identity verification technology during the coronavirus crisis

As part of our pledge to help organisations fighting the coronavirus crisis, we are delighted to be supporting Do IT’s volunteering platform with our digital identity technology.

Do IT is the UK’s digital home for volunteering, matching people with good causes for 20 years. They are currently supporting the government’s drive for volunteers during the Covid-19 pandemic.

With Do IT, you can find volunteering opportunities near you, save the opportunities you’re interested in and track those you apply for. You can also select your preferences and be matched with suitable opportunities as they come in.

For individuals who want to join the volunteering effort, they can now join Do IT and verify their account using the free Yoti app. This strengthens Do IT’s vetting and safeguarding procedures, saving them valuable time and money by providing them with already-verified users through the Yoti network. Sign up now at DoIT.life.

The free Yoti app empowers individuals with a reusable digital ID. All users have their biometrics matched to a government-approved ID document, verified by leading technology and our expert security team. Once verified, users have a secure way to prove their identity with Do IT and our other partner businesses and nonprofits using their phone. Over 1.4 million UK individuals and 6.5 million people globally have downloaded the Yoti app. 

This partnership is part of our pledge to offer our identity verification technology free to any public health organisation, emergency service and community initiative that are working to tackle the Covid-19 crisis. 

If you need help authenticating staff, suppliers or volunteers in a secure, private and scalable way, please get in touch and we will happily set you up as quickly as possible, totally free of charge.

Girl showing smartphone with Age UK digital ID card

The Fifth EU Money Laundering Directive is arriving in the UK – here are a few things you need to know.

The Government’s amendments to the Money Laundering and Terrorist Financing Regulations (MLR) are coming into force. This is the result of the transposition of the EU’s Fifth Money Laundering Directive, as well as a set of standards set by the Financial Action Task Force (FATF).

These amendments extend the obligations to meet the MLR requirements to other sectors, which means that they will be obliged to perform ‘Know your Customer’ (KYC) checks and potentially monitor certain transactions. For example, cryptoasset activities will now fall under the scope.

Furthermore, businesses will also need to consider new high-risk factors when determining whether enhanced due diligence is required. For example, insurance companies may have to perform a ‘know your customer’ (KYC) check when a customer is the beneficiary of a life insurance policy. As another example, art galleries and art sector intermediaries trading with the UK will have to do the KYC checks for transactions worth €10,000 or more (currently around £8,500).

 

Digital identities for KYC

The MLR also includes a provision for the use of digital identities for KYC purposes. The inclusion of digital identities is helpful for firms, especially those who are new in the scope of the regulation.

Digital identity platforms provide an outsourced technology solution for identity verification when onboarding clients through digital channels. It provides a convenient customer experience as the necessary information can be provided without the need for face to face engagement. This process can also help to significantly reduce the time of onboarding to minutes or even seconds, and significantly lower costs and risks associated with manual checking.

 

A secure digital identity platform

The MLR mentions that the process needs to be ‘secure from fraud and misuse’. When partnering with a digital identity platform (DIP), businesses need to consider the controls implemented by the DIP in order to ensure that the customer is a real person and that they are who they say they are. The use of biometrics, liveness tests and anti-spoofing technology is the key to preventing fraudsters from committing impersonation fraud, as it is the most secure way to match a real person with a photo government-issued ID.

The regulations also say that the process should be ‘capable of providing an appropriate level of assurance’. In order to achieve a high level of assurance the DIP should combine the use of AI  alongside human overview to successfully and securely verify people’s identities.

To see the full legislation you can visit the following link.

Yoti and native are tackling the touts with digital ID and great music

For those of you who are tired of touts beating you to the best shows and pushing up the prices of resale tickets, our latest partnership will be like music to your ears.

We’ve partnered with native to deliver a nationwide tour featuring the drum and bass duo Sigma. We’ll be showcasing our revolutionary ticketing technology to prove events can be untoutable and put you, the fans, in control. 

And the best part? You can enter our ballot for free tickets before earlybirds go on sale for just £5 – and you can bet all your pennies that you won’t see them on any ticketing resale platform.

 

Sigma

Sigma’s knack for turning soaring strings and heavy breakbeats into blow-your-speakers anthems shows why they headline international festival stages, boast 3 million singles sales and 2 Brit nominations.

 

The problem with ticket touts

A ticket tout is someone who buys several tickets for an event to re-sell them at a much higher price. They will often target events that are difficult to get tickets for and drive up the resale prices up to extortionate prices.

Ed Sheeran recently took a stand against this growing practice after discovering £75 tickets to a charity concert on sale on a secondary ticket exchange for £7,000. 

 

Yoti and native put the fans back in control

Yoti and native have partnered up to put a stop to the ticket touts and will be showcasing our revolutionary ticketing system with a nationwide tour with Sigma. 

 

How does it work? 

When you register for tickets with your Yoti app, your photo and name will be embedded within the QR code on your ticket. The QR code is scanned on entry to securely share your ticket and ID in one. This means the ticket is yours and yours only.

 

So where do you sign up for tickets?

Register for the presale here and be entered into the ballot for free tickets!

After the ballot, earlybirds will have the opportunity to buy tickets, starting at £5.

Good luck!

Meet the Guardians: Seyi Akiwowo

We’re  over the moon to present our latest member of the Guardian Council – Seyi Akiwowo. 

 

The Guardian Council

The Guardian Council is our independent board of trustees and advisors. They have no financial stake in the company but are wholeheartedly invested in protecting the people we seek to serve. They bring expertise from fruitful careers in sectors like human rights, data privacy and last mile tech to advise us as we navigate the complex world of identity, digital or otherwise.  

 

Seyi Akiwowo

Seyi Akiwowo is a force to be reckoned with. She’s passionate about ending online abuse, self-care, meaningful inclusion and political leadership, and is an inspirational public speaker  who has spoken across the globe on these fundamental issues.

After graduating from the London School of Economics, Seyi was elected as the youngest female black Councillor in East London at just 23. Growing up in one of the poorest boroughs in London, she became involved in politics in various ways to make a positive difference in her community. 

Currently, Seyi is the Founder and Executive Director of Glitch, a young not-for-profit organisation determined to end online abuse through education, campaigns and advocacy. Glitch has a flagship training programme on Digital Citizenship, which is primarily delivered to young people to raise awareness so that they exercise their agency to navigate the online world in a positive, critical and respectful way. Glitch’s achievements are far reaching and have been recognised in Parliament, as well as in books such as Slay in Your Lane and Misogynation. 

 

On top of all of this, Seyi’s an Amnesty International Human Rights Defender, a fellow of the Institute for the Royal Society of the Arts and a Fellow of the Institute for Canadian Citizenship. In 2017, she was invited to present at the 38th United Nations Human Rights Council on online, gender-based violence and again in 2019, to the 10th session of the Ad Hoc Committee on the Elaboration of Complementary Standards to discuss how to update the Convention on racial discrimination to include online abuse. 

Seyi’s passionate about widening participation and representation of diverse groups in public life, and anyone that has met her will know how charismatic and positive she is about all of the wonderful work she’s doing. Seyi is also an expert facilitator in skills and inclusion and delivers workshops around the world, including London, Kuwait and UAE. In addition to her inspirational talks, Seyi’s also written reports and seminal pieces for The Guardian, Gender IT.org and Huffington Post

 

 

Without further ado 

So please join us in welcoming Seyi to take the fourth seat on our Guardian Council. We’re really excited to have her insight and enthusiasm onboard our mission to fix the broken identity system.

If you want to follow all the interesting things she’s saying and doing, you can find her at @seyiakiwowo.

Our approach to security and privacy

Just as the right to identity is a fundamental human right, privacy is too.

We created Yoti to give everybody a secure, privacy-friendly way of proving their identity, online and in person. Privacy and security, therefore, aren’t just our priority but our raison d’etre.

Our free Yoti app is built with privacy and security at its core and harnesses data minimisation techniques that enable you to share less data. 

We have a rigorous approach to security and have built an innovative database architecture designed to protect against data breaches or cybersecurity attacks.

To ensure that we are held accountable, we are advised by our Guardian Council, an independent board of expert professionals and dedicated advisors from data privacy, human rights, online harms and last-mile technology sectors.

Our mission is, and will forever be, to be the world’s trusted identity platform. This is not a journey we make on our own but with policy advisors, think tanks, researchers, academics and humanitarian bodies.

As our sixth core business principle states, we are transparent about what we are doing and why, so in light of this transparency, we have answered your questions on how we protect your data.

 

Is Yoti recognised?

Yoti is certified to meet the requirements of ISO/IEC 27001, the global gold standard for information security management. 

We’re also a SOC 2 Type II certified company. We were externally audited over a six month period and we received a flawless report for the operation of our security controls.

The architecture of our security systems has also been reviewed by Cigital (Synposys) and we regularly undergo penetration testing to look for any potential vulnerabilities in our security operations.

 

How do you keep my data secure?

We have taken a radical new approach to protecting personal data. Instead of storing your information as a single record on one big database, we store each individual piece of your data separately.

Imagine the Yoti database as a bank vault. Each piece of your data is split up, turned into unreadable data through encryption and stored in a different safe. 

Only you have the key to access these safes, which is stored on your phone and not on the Yoti database. 

When you unlock your app with your five-digit PIN, you activate your key which then pulls all of these individual pieces of data together and turns them back into readable text. 

For extra security, Yoti also encrypts your key. To gain access to your safes in the vault, your key must match our Yoti key.

 

Can Yoti be hacked?

The Yoti database is protected by high-level security and firewalls that are extremely hard to penetrate. In the unlikely situation that somebody did hack the database, the fact that you have your own encryption key means that your data would appear as random gibberish to a hacker.

Imagine the bank vault with the safes again. In Yoti’s system, even if hackers broke into the vault, they still wouldn’t be able to open all the individual safes – they would need the keys from every user’s phone.  

 

What is encryption and how does Yoti protect my data with it?

Encryption is a mathematical code that turns text into meaningless strings of numbers and letters. We use AES-256 encryption, which is trusted by governments and organisations such as Apple as being virtually impossible to break. 

The number refers to the length of the encryption key and means a hacker will require 2256 different combinations to break a 256-bit encrypted message. We use this encryption for both storing and sending data, so it can’t be intercepted. 

 

Can Yoti see my data?

Once we verify your account, we can see your data for seven days for security purposes. This allows us to recall any documents that may be flagged up for fraudulent purposes and protect the Yoti ecosystem. After this period, we send your data to the central Yoti database where it is stored as encrypted text. Only you can turn this back into readable text with your encryption key. 

 

What happens when I share data?

A business will request the information they need from you, which you can accept or deny with your Yoti app.

When you accept a data share, the specified information is sent to the agreed third party  and both parties will get a receipt of the information exchanged.

Yoti can’t see the information you have shared, we can only see the type of attribute (such as ‘name’ and ‘address’), the company and the time and date. 

 

How is this any better than using my passport?

The Yoti app allows you to share just the information strictly necessary for a transaction. 

For example, to prove your age to buy alcohol in the UK, you can just share the fact that you’re over 18 and nothing else. If you were using a passport, you would have to share your photo, name and date of birth.

We will have already verified your details against the ID document you used to open your Yoti, so the business can have confidence that the details shared are real and accurate without needing to have a copy of the ID document themselves. This protects you against identity fraud and means you don’t need to send ID documents insecurely via email.

 

How can I be sure that identities are verified correctly?

When you create your Yoti Digital ID, you’re required to take a quick scan of your face during what we call a “liveness test”. This is to prove you’re a real person. We also ask you to scan an official ID document using your phone’s camera. 

We then use a combination of expert AI and manual checks to accurately extract the information from your document. Our team of super recognisers verify the document is genuine and that the photo on the ID document matches your face scan. They are the 2% of the population that have superior skills in recognising faces and work in our security centre, which is a highly secure environment where phones are prohibited and only security personnel can enter. 

To make sure fake and fraudulent documents aren’t being used, the security team check against the Keesing database of global ID documents and the CIFAS (Cross Industry Fraud Prevention Service) database. We also have connections with other fraud watchlists and are a member of the Association of Document Validation Professionals.

 

Will you ever sell my personal data?

No – we will not, and cannot, sell your information to third parties for marketing or any other purpose. We give you the tools to securely share your information with a chosen organisation. That organisation pays for the check and you have a receipt of what you have shared, but we don’t have access to your personal data.

 

Can I delete my personal information from your systems forever?

Yes. If you no longer wish to have any of your personal information on our database, you can delete your account by logging in to the app and tapping on More > Settings > Delete my account. We will ask you to take a photo of yourself so we’re sure it’s you deleting your account. We will delete this photo along with the rest of your data when we have verified it’s you. Once you delete your account, your information will be permanently deleted from our systems.

If you just uninstall the app without deleting your account, you do not delete your data.

 

More questions?

If you have any questions about privacy or security at Yoti, please drop us a line and we will be happy to clear up any doubts.

>