The European Union Agency for Cybersecurity, ENISA, is the Union’s agency dedicated to achieving a common level of cybersecurity across Europe. The Agency works together with stakeholders, through knowledge sharing, to strengthen trust in the digital economy and infrastructure.
We were very happy to contribute, alongside colleagues from other stakeholders, to ENISA’s report on Remote ID Proofing – Good practices.
The report is in response to recent developments in attacks, particularly deepfakes, causing concern about identity proofing, with the goal of increasing awareness and assisting in risk analysis practices. The report identified two areas of attacks:
- Biometric and injection attacks against a face
- Presentations and injection attacks against an ID document
The report concludes the following findings and measures as potential ways of moving forward:
- Identity proofing is a critical component of the current digital world and there is a constantly evolving attack landscape that is becoming more and more complex
- There is asymmetric regulation across Member States regarding identity proofing
- Technical and information sharing and practices between stakeholders would help build awareness
- Different levels of assurance between on use cases, not one solution fits all
- The role of humans to review documents for fraud attempts, as well as using automated fraud detection systems.