Deep fakes, facial recognition and identity verification frauds are some of the biggest challenges of the 21st century. The growing technologies are only pushing for more innovative ways to trick verification systems, and the solutions are not growing at the speed of crimes. IDfy is one of India’s oldest and most widely used AI-based identity verification firms. Analytics India Magazine got in touch with the co-founder, Ashok Hariharan, to discuss their proprietary AI-stack that can detect 2D, 3D and photo deepfakes, among various other solutions.

AIM: What was the pain point that IDfy is trying to solve?

We started working 11 years ago now. We are a 2011 Vintage startup. At that time, virtual transactions were increasing, and we could see India was heading in the direction of the US, where a lot of the interactions that people are going to have will be virtual. So virtual transactions are increasing, and as virtual transactions increase, how do you deal with risk? So it was a broad thesis; we cannot digitise or increase the speed of transactions unless we add layers of digital authentication.

It was early when we started; most of the technologies we use today were either non-existent or existed in universities. This is when an agent would come to your house to collect your physical documents, you would true-copy it, give it to that guy, that guy would probably go give it over to some street vendor. The chances of leakage of identity theft were significant. This is a lot of theft that could happen. If you look at UPI charts today, 200 crores a day is scammed by thieves. There are far easier and more accurate ways of determining some of these. So that’s sort of how we looked at the world. We got into the KYC solutions game from 2017 onwards; we are the largest video KYC implementors in the country.

AIM: Please explain the tech stack behind your AI-based verification solutions.

On the technological end, the information is captured through our standard platform. The journey includes the capture of documents/pictures, tampering detection, data extraction, and verification from public sources. There is a video-based assisted journey with a video KYC on a full call centre platform that banks like HDFC use today. This is done on our media servers; we have built our queueing theory and a platform that can handle massive scale amounts. We generally use elixir, Ruby on Rails, Go, and REACT.js to make the capture journey on the video. This allows us to work in very short bandwidths requirements; for example, we can work on a 70 kbps connection right. We will change the frame rates based on the use case; some may not need video conversation or high bandwidth video connection, so we will reduce the bandwidth requirement on the video but increase the bandwidth requirement on capture because you need to capture the documents correct. So we play around a lot with how we figure out the most optimal way to get the best outcome. 

We have got 65 APIs that you can push documents to us through. These are machine learning models with 120 odd data points on a card to figure out if this card looks genuine. We use a convolutional neural net to stack our tampering detection and OCR. Our OCR tech on the face match side works with a single photo to tell whether it’s a live photo or photo matching. This is also a machine that we are the only ones in the world to have. 

We use standard products for data crawling that look at data sources. Additionally, we use AI NLP in instances like looking at a court record. If you look at the court record today, there are about 3500 courts with data public, but it is unstructured. Our model works on fuzzy logic. The model can understand Hindi words converted to English; our fuzzy phonetic match matches Hindi names and addresses to possible combinations and smells. 

Tech stack is one element, but we also need to scale. We are doing millions and billions of transactions a month, and several authentications on a single individual daily demand the software to scale. We have a platform team. The only job is to figure out how to scale. So we have AI models to auto scale our systems. Our scale-up and scale downtime when volume comes is only 10 seconds. We have put in a lot of tech behind architecture scaling and building security. Our technology ensures the data is purged at the right time. We have vaulting systems encryption at rest/ transit/ source, so as soon as we collect the document, our system should not see it for security reasons. We do key-based and key rotation encryption that we call a key handshake allowing the customer to rotate the key anytime.

AIM: Tell us about IDfy’s use cases

I call this a Trinity; the three things that we verify are employees, customers and enterprise. For enterprises, we do SME authentication for applications like onboarding a merchant into an E-commerce site. 90% of the verification for digital wallets and the gaming industry is done by us. For instance, a delivery being onboarded can be verified in 10 minutes by IDfy; earlier, it used to be a four to five-day engagement. 

There are four big areas that we operate in. The first step in any onboarding authentication is how you capture information about the person. This includes photos of documents and a conversation where a person collects documents on a video call within two minutes, on a chatting interface like WhatsApp or through an API stream. The next step is document authentication by verifying the data with data sources to ensure it has not been tampered with. The third step is verifying the documents with sources. For instance, you found my pan card and are now pretending to be me. How do you know who Ashok is? You need to do a face match for which you will take the ID card and selfie and match right. Lastly, I will scour the public data sources available by the government and find anomalies in this data. For example, someone says he earns ten lakhs a year and is an associate at a BPO centre in Infosys. Now I have data today to tell you an associate at Infosys BPO does not make that much. I know the data he is sharing does not match his profile. So then you can start to play around with data shared and the data that we have collected through address or employment data and do anomaly detection to figure out if there is any chance of any risk of him defaulting lying.

AIM: How does IDfy overcome deepfakes in ID verification?

When we have control of the camera, the fakes cannot happen. Deepfakes can happen when a person takes a picture on their laptop, but again, since we control the camera, we can detect a 2D surface. The second is any liveness detection that checks if the picture is an alive person and not a picture of a picture. This means your picture needs to be a 3D surface. We have 200 data points in our model that are detecting features. So even if you take a picture of a wax model, we will be able to detect it because the light does not reflect off the skin’s surface correctly. 

AIM: What are the vulnerable sectors prone to fraud in India? How can the government/enterprises help ensure more safety? 

I don’t think security is the first thing that anybody thinks, unfortunately, in this country. Everybody gets funding for having cool front ends, but nobody thinks about the security. I don’t think there’s much thought being put today in bettering security; there has to be a significant amount of intention from the regulators to push the agenda there. Today, if the data is leaked, it needs to move far beyond only a slap on the wrist. I’m looking forward to the PDP bill coming. That’s going to make a massive shift towards how you deal with personal security.

AIM: You have recently raised investments in a Series D round; how does this shape your expansion plan?

We want to go much deeper into our products. We need to get deeper into fraud. People figure out new ways to commit fraud every day; you launch a new technology, people will figure out new ways to commit fraud. Fraud will be evolving in business, so we want to go deeper into the nature of fraud, fighting out a high-risk profile, transactional monitoring. This is the direction we want to go in. We will also go international; towards Southeast Asia, Africa, the Middle East, South America. Developing markets is something that is a key focus to us. 

AIM: Tell us about your global expansion plans; how do you customise your services for different countries?

Internationally, the documents that need to be identified by the machine learning models add to the complexity. The nature of fraud is different in different countries as well. For example, African Prince fraud is no longer as big in the US as it is in India today. Likewise, there are these SMS and KYC scams that happen in India. We don’t customise our solutions; we expand. There are layers of configuration that are different as per use-cases. But we do not configure for the customers; we build extensions for new markets. For example, if you’re going to Southeast Asia, there are new cards that you need to pass. They will go through our machine learning stack. Today, we can launch a card in about 72 hours. So I need data, and I can launch a new country in 72 hours.