IDfy CEO Ashok Hariharan Reveals How Their Fake Deep Recognition Tool Works
Deep counterfeits, facial recognition and identity verification fraud are among the greatest challenges of the 21st century. However, growing technologies are only pushing for more innovative ways to fool verification systems, and solutions are not growing at the speed of crimes. IDfy is the oldest and most widely used AI-based identity verification company in India. Analytics India Magazine reached out to Founder and CEO, Ashok Hariharanto discuss their proprietary AI stack capable of detecting 2D, 3D, and photo deepfakes, among various other solutions.
AIM: What was the problem IDfy is trying to address?
We started working 11 years ago now. We are a Vintage 2011 startup. Around this time virtual transactions were increasing and we could see that India was moving towards the United States where a lot of the interactions people are going to have will be virtual. So virtual transactions are increasing, and as virtual transactions are increasing, how do you manage risk? So it was a broad thesis; we cannot digitize or increase the speed of transactions unless we add layers of digital authentication.
It was early when we started; most of the technologies we use today were either non-existent or existed in universities. That’s when an agent would come to your house to collect your physical documents, you would faithfully copy it, give it to this guy, this guy would probably give it to a street vendor. The risks of flight or identity theft were significant. That’s a lot of thefts that could happen. If you look at the UPI charts today, 200 crore a day is being ripped off by thieves. There are much easier and more accurate ways to determine some of them. It’s a bit like that we looked at the world. We entered the game of KYC solutions from 2017; we are the largest KYC video enforcers in the country.
OBJECTIVE: Please explain the technology stack behind your AI-based verification solutions.
Information is captured either through our platform or on our customers’ websites/apps using our APIs. The journey includes document/image capture, tampering detection, data extraction and verification from public sources. This is done on our media servers; we have built our queuing theory and a platform that can handle massive quantities. We use Elixir, Ruby on Rails, Go and REACT.js for different stages of the user journey on live video. This allows us to work in very short bandwidth conditions; for example, one can work on a right of connection to 70 kbps. We will change the frame rates depending on the use case; some may not need a video chat or high bandwidth video connection so we will reduce the bandwidth requirement on video but increase the bandwidth requirement on capture because you need to capture the documents correctly. So we play a lot to find the most optimal way to get the best result.
We have 65 APIs to identify and authenticate an individual or business using their documents, photos, and location. These are machine learning models with 120 odd data points on a map to determine if that map looks authentic. Our facial recognition technology for liveness detection examines a single image of a person to determine if it is a live image or an image of an image. This is based on machine learning models that only we in the world have.
We use standard techniques for data mining that examine public data sources. In addition, we use our own templates for checking court records. There are approximately 3,500 courts whose data is publicly available. But the data is unstructured. Our models can confirm the details of these datasets.
Our models also work on fuzzy logic. We understand the nuances between languages. Sometimes in India, Hindi words are written using English alphabets; our fuzzy phonetic correspondence can recognize and interpret them. Likewise, our fuzzy logic can identify an address despite differences in how they are written on different documents.
While the tech stack itself is important, it’s more important to build it in a way that it can scale. We perform millions of checks per month. In addition, we perform multiple authentications on a single individual. All of this requires our platform to be able to scale.
So we developed AI models to automatically adapt our systems. Our increase and decrease times when the volume fluctuates suddenly are less than 10 seconds. We put a lot of thought into an architecture designed for scalability and security. We have at-rest/transit/source vault encryption systems. When we collect a document or data, our systems do not see it for security reasons. Our key handshakes (key-based and key-rotation ciphers) allow the customer to rotate the key at any time.
AIM: Tell us about the use cases of IDfy
I call it our Trinity – Employees, Customers, Businesses. We help verify and integrate the three entities. For enterprises, we typically perform SMB authentication for use cases such as onboarding merchants to e-commerce platforms. On the customer side, we help verify customers for banks and fintechs. 90% of verifications for digital wallets and gaming platforms are done by us. Employees – full-time and part-time – are safely onboarded by us. E-commerce businesses use our platform to onboard delivery staff. Thanks to our video platform, we are able to verify an aspiring delivery person in 10 minutes, where the whole process took 4-5 days earlier.
We operate in four steps to complete the verification. The first step in any onboarding authentication is information capture. This includes document photos or a live video call where a screenshot is captured. This can also be done via a chat interface like WhatsApp or via an API feed. The next step is document validation. We perform checks to ensure that the document or image has not been tampered with. The third step is to verify the details of the sources. We scan the details in government and public databases to make sure they match. We also run a FaceMatch between the document and the live selfie to make sure the person is who they say they are. Finally, we review the information to spot anomalies in this data. For example, someone says he earns Rs 10 lakhs per year but is an associate in a BPO center of Infosys. Now we have data today to tell us that an associate at Infosys BPO doesn’t earn that much. We may notice that the shared data does not match the profile. You can then start playing with the shared data and the data we have collected through address or employment data and perform anomaly detection to determine if there is a risk that it is lying by default.
AIM: How does IDfy overcome deepfakes in identity verification?
When we have control of the camera, fakes cannot happen. Deepfakes can happen when someone takes a picture on their laptop, but again, since we’re controlling the camera, we can detect a 2D surface. The second is any liveness detection which checks if the image is a living person and not an image of an image. This means that your image must be a 3D surface. We have 200 data points in our model that detect features. So, even if you take a picture of a wax model, we will be able to detect it because the light does not reflect correctly on the surface of the skin.
AIM: What are the vulnerable sectors prone to fraud in India? How can government/business help provide more security?
I don’t think security is the first thing that comes to mind, unfortunately, in this country. Everyone gets funds to have cool front ends, but nobody thinks about security. So I don’t think there’s a lot of thought today about improving security; there must be a meaningful intention on the part of regulators to push the agenda there. Today, if data is leaked, it must go far beyond a simple slap on the wrist.
I look forward to the upcoming PDP bill. It will make a massive change in how you handle personal security.
PURPOSE: You recently raised investments in a Series D round; how does this shape your expansion plan?
We want to deepen our products. We need to dig deeper into the fraud. People are discovering new ways to commit fraud every day; you introduce a new technology, people will discover new ways to commit fraud. Fraud will evolve in business, so we want to deepen the nature of fraud, fight against a high risk profile, transactional monitoring. This is the direction we want to go. We will also go internationally; to Southeast Asia, Africa, the Middle East, South America. Market development is a priority for us.
OBJECTIVE: Tell us about your global expansion plans; how do you customize your services for different countries?
Internationally, the documents that need to be identified by machine learning models add to the complexity. The nature of fraud is also different from country to country. For example, the African Prince fraud is no longer as prominent in the United States as it is today in India. Likewise, there are those SMS and KYC scams that happen in India. We do not customize our solutions; we expand. There are configuration layers that are different depending on the use cases. But we don’t configure for customers; we are building extensions for new markets. For example, if you go to Southeast Asia, there are new maps you need to pass. They will go through our machine learning stack. Today, we can recognize and extract details from a new map in about 72 hours. So if we have the data, we can launch in a new country in 72 hours.