Yoti MyFace liveness white paper
Learn how Yoti’s liveness solution can help you defeat spoof attacks Liveness is an essential part of any verification or authentication process. It gives you reassurance that you are dealing with a real human. Read our latest white paper on liveness to learn how Yoti’s MyFace liveness solution can help defeat presentation attacks including: Paper image Mask Screen image Video imagery Deep fake video Injection attacks Bot attacks Key takeaways from the report Yoti’s MyFace solution is NIST Level 2 approved with 100% attack detection. Why liveness is important for verification and authentication. The difference between active and passive liveness. Age, gender and skin tone bias minimised. Download the liveness white paper (March 2023)
Yoti featured on Liminal’s list of Companies to Watch in 2023
Today, Yoti has featured on Liminal’s list of Companies to Watch in 2023. Each year Liminal, a strategy advisory firm serving the digital identity, cybersecurity and fintech markets, recognises ten standout companies with the potential to make significant impact in the coming year. Liminal’s research team, led by Travis Jarae, independently chooses all the companies on the list based on how well their products fit the market, their company momentum, and the current state of the ecosystem. Liminal has been tracking emerging trends, technologies, and business leaders in the rapidly evolving ecosystem of digital identity, cybersecurity, and fintech solution providers since 2016. Yoti was recognised due to its leading age verification solutions, and the important role these can play in protecting children online and offering easy, privacy-preserving proof of age for adults globally. Yoti is the leading global provider of age assurance, having performed over 570 million checks using its facial age estimation technology across retail, gaming, gambling, dating, social media, live streaming, ecommerce and adult content services. Travis Jarae, CEO of Liminal said, “The outstanding group of businesses that make up this year’s ‘companies to watch’ list are pioneers in their respective solution segments within Liminal’s Digital Identity Landscape. As strategists, we believe that these businesses provide us with the most insightful information about what the future holds for innovation, strategy, and teamwork.” Robin Tombs, CEO of Yoti said, “Given the high esteem of Liminal in the digital identity market, we are delighted to feature on their list of Companies to Watch in 2023. This recognition demonstrates the growing importance of digital identity and the role Yoti’s technologies play in reducing fraud and improving online safety. Our world leading privacy-preserving facial age estimation is helping an increasing number of global brands to create age-appropriate experiences. Last year was a momentous year for us and 2023 is shaping up to be just as big.” About Yoti Yoti is a digital identity technology company that makes it safer for people to prove who they are, verifying identities and trusted credentials online and in-person. They now provide verification solutions across the globe, spanning identity verification, age verification, document eSigning, access management, and authentication. In the UK, Yoti has partnered with Post Office to accelerate digital identity adoption, with a national footprint spanning 11,500 Post Office branches, online and more. Over 12 million people have downloaded the free Yoti app across the world. It is available in English, Spanish, French, German, Portuguese and Polish. Yoti is certified to ISO/IEC 27001:2013 for ID Verification Services, ISAE 3000 (SOC 2) Type 2 certified for its technical and organisational security processes. For more information, please visit www.yoti.com.
How Yoti can help combat injection attacks
As use of online verification grows, there inevitably follows increasing temptation for bad actors to develop ways to exploit the process. As a provider of verification services we must show businesses, regulators and governments that we have robust anti-spoofing technology, checks and processes. An emerging but rapidly growing threat for verification services are injection attacks. What are injection attacks? Injection attacks are a form of attack on remote verification services. Direct attacks are the most common attempt to spoof systems. Examples of direct attacks are: Paper image 2D and 3D masks Screen image Video imagery Direct attacks are an attempt to spoof a verification system that a person is real, older, or someone else altogether. Our facematch and liveness technologies use layers of anti-spoofing to determine that the person is real (not a picture or mask, for example) and that they are who they say they are. An injection attack is an indirect attack and attempts to bypass liveness detection. It involves injecting an image or video designed to pass authentication, rather than the one captured on the live camera. It is a rapidly emerging threat to digital verification services. Using free software and some limited technical ability, a bad actor is able to overwrite the image or video of the camera with pre-prepared images. How can Yoti help prevent injection attacks? We have developed a patent-pending solution that makes injection attacks considerably more difficult for imposters. It is a new way of adding security at the point an image is being taken for a liveness or facematch check. There are two parts to this. As well as obfuscating the code, Yoti adds a cryptographic signature key. As such, a potential hacker needs to both reverse engineer the obfuscation and infer or guess the cryptographic signature key. Yoti frequently changes the obfuscation and the signature key. This means that if the hacker were to reverse engineer the obfuscated code, by the time they have done so, the signature key will have changed, and vice-versa. There remain ways to spoof this (not that we’d say how) but it significantly adds to the effort, time, skill and cost of spoofing verification checks, moving bad actors on to less secure opportunities. If you’d like to learn more about our NIST approved liveness products, please do get in touch.
NIST Certification explained
Many companies in the identity space talk of NIST certification. What does this mean for you as a user of identity services and what does it mean for your customers? Who is NIST? NIST is the National Institute of Standards and Technology (NIST), a non-regulatory agency of the United States Department of Commerce. NIST’s remit is to create and certify measures, standards and technology to enhance trade and productivity. Formed in 1901, their remit is to provide standards and certification for business. At first this included clocks and thermometers, all kinds of ‘weights and measures’. But over time the agency has grown to include tech, such as election technology and, of interest to us, cybersecurity. What is NIST compliance? Broadly, NIST certification means the product in question meets defined standards. Liveness is an anti-spoofing process that checks to ensure we are dealing with a real person. Not someone who is, for example, wearing a mask or using a photo or image of someone else. We use it across our suite of solutions including identity verification, digital ID and age verification. What does NIST certified liveness mean? NIST provides a framework for testing performance levels of liveness. NIST Level 1 involves testing using things that could be found in a normal home or office. Materials used for testing should not cost more than $30. Masks are excluded. To pass NIST Level 1, you must detect every attack and limit false negatives to less than 15%. NIST Level 2. Involves testing against more specialist attacks, such as latex facemasks or 3D printers. Materials used for testing should not cost more than $300.To pass NIST Level 2, the you must detect 99% of attacks and limit false negatives to less than 15%. Once a liveness service has passed testing, they will be issued with a Presentation Attack Detection (PAD) Confirmation letter that provides results and methodology used and what product was tested. To learn more about our liveness products, please do get in touch.
On Facial Age Estimation, improvements and updates
We continue to invest in improving the accuracy of our world-leading facial age estimation and we will soon be releasing a new ‘Jan 2023’ model with improved accuracy across all skin tones and gender for those aged 6-70. At Yoti we constantly strive to improve all our services given our commitment to tech for good, and given the growing market importance of these services and increasing regulatory engagement. For example, coming soon we’ll be introducing multiple, concurrent age estimation models, which will help improve accuracy even further, whilst still completing a check within seconds. We will also continue to update our Yoti Age Estimation white paper, now 4 years old this month, in which we transparently publish our accuracy across age, gender and skin tones by year between ages 6 and 70. We expect to publish the updated white paper in the next couple of weeks but importantly, we can share today our Jan 2023 model further improves our accuracy and further reduces bias. Across all age ranges, gender and skin tones we are seeing a 5.1% increase in accuracy, reducing the weighted average MAE for 6 to 70 year olds from 3.0 to 2.8 years. As you can see below for this model we have been focussing on reducing the discrepancy between light skintones (tone 1) and darker skin tones (tone 3) We recognise our work is not finished in this regard. Table shows mean average error (MAE) for age range 6-70 by gender and skin tone, and the percentage improvement from our May 2022 model to our January 2023 model. So, well done for marking your own homework, you might say! But we are happy to report our May 2022 white paper has been independently verified as to the measurement methodology and accuracy of our results. On the request of one of our clients, the ACCS undertook an independent evaluation of our May 2022 white paper and had this to say: “The training, testing and results reporting presented in the whitepaper have been independently validated by ACCS, who have certified that Yoti have deployed appropriate methodologies to analyse the performance of their Age Estimation algorithm, including ensuring appropriate separation of machine learning training data, testing data and validation data.” In addition to this, we are also happy to announce that we have been invited to participate in a workshop on ICO commissioned research on the measurement of age assurance on Thursday 19th January, in London organised by ACCS and AVPA. Follow us on LinkedIn to stay abreast of Yoti news or get in touch to find out more.
Yoti digital age verification trialled at supermarkets
Last year, UK supermarkets – including Asda, Morrisons, Tesco and The Co-op – trialled our digital age verification at self-checkouts in a scheme run by the Home Office. During the trial, shoppers in participating stores could try two new ways to prove their age: Facial age estimation technology: shoppers purchasing alcohol looked at a camera on the self checkout and age estimation technology estimated their age. A privacy-preserving solution, it didn’t require any personal details or ID documents, and all images were instantly deleted once someone received their estimated age. If the system detected they looked younger than the set age threshold, customers were asked to use an alternative method. Digital ID app: shoppers could use the free Yoti or Post Office EasyID app to scan a QR code on the checkout screen and share a verified age attribute. Customers who did not wish to use digital age verification had the option to ask a staff member to come and approve them and if required show their ID to a colleague instead. We’re delighted to share some key takeaways from the trials: Participating supermarkets confirmed they support digital age verification, and would welcome legislative change in this area. There were no reported sales of underage customers purchasing age restricted items when using our age verification technology. Informed consent was gathered from all customers, who were given a choice whether to use the technology or present an ID document to a member of staff. The majority of shoppers who used Yoti digital proof of age solutions liked the technology and would use it again, once available. Digital age verification technology provided an opportunity to reduce the number of physical age interventions, giving retail staff more time to monitor other activities, including spotting proxy sales. Yoti facial age estimation is more accurate than humans which reduces the risks of incorrectly estimating the age of shoppers. Yoti facial age estimation is more inclusive because anyone who looks over the required age threshold does not need to carry around a physical ID to prove their age. Digital age verification supports the ability for retailers to achieve the Licensing Objectives Alongside these trials, Aldi has been successfully trialling Yoti facial age estimation on its mobile shopper app, and Regal Gaming technologies are trialling our technology in their gaming machines to help staff create safer gambling experiences. Our facial age estimation is now being used globally by a wide range of social, gaming, ecommerce, adult, gaming and retail organisations. To date, we have completed over 570 million age checks using our privacy-preserving technology, and have the ability to scale to tens of millions of age checks every day. Since the 2022 supermarket trials, we have continued to invest in our facial age estimation technology and have upgraded our online and offline terminal facial age estimation service to enable automatic face capture. This optimises the image taken of the shopper to further improve success rates. We transparently publish our accuracy rates across age, gender and skin tone in our whitepaper. Next steps Currently, the law requires a person to observe and approve the sale of age restricted items. The Home Office is due to publish full reports with the outcomes of the supermarket trials, and whether digital age verification will become an accepted verification method for the sale of age restricted goods. With 70% of people saying they would use facial age estimation when buying age restricted goods at self checkout, we believe shoppers and retailers are ready to embrace this new technology. We look forward to reading the full outcome of the trials. To learn more, please get in touch.