1. What is ID Network?

ID Network (IDN) builds out a network graph based on large amounts of historical data (i.e. face data, device information, user identity information, etc) and uses computer vision algorithms, text algorithms, graph mining algorithms as well as retrieval techniques to identify large-scale batch fraud risks.

2. Risk introduction

ID Network effectively identifies the following three types of risks:

• Identity fraud risk

  The information submitted by the user is not their real information e.g. they might have tampered with the portrait photo, ID card number, name, etc; on the document.

• Duplicate authentication risk

  The same user authenticates multiple accounts

• Batch registration risk

  Many people conduct identity verification in the same environment, such as using AI face-swap tool to impersonate others for loan application

Common examples of typical identity fraud risks:

• The same face appears on different IDs, with the same ID type but with different ID numbers or identity information.

• The same ID type and ID number corresponds to different faces.

• The same ID type and ID number corresponds to different identity information (i.e. name and date of birth).

• The same identity information i.e. same name and date of birth, corresponds to different faces or IDs.

Common examples of duplicate authentication risks:

• A certain business supports the use of ID cards or passports for identity authentication, which means that the same user can authenticate two real name accounts using two different documents. This poses a duplicate authentication risk.ID Networkcan identity whether the same face is on different documents to avoid duplicate authentication.

Common examples of batch registration risk:

• In bank loan scenario, frauders from black and gray industries use AI face-swap tool to impersonate others and make loans.IDNetworkcan identify faces with similiar backgrounds to defend the AI-generated deepfake attacks.

3. Features

ID Network provides two main functions – database management and risk query.

• Database Management: Includes data entry and deletion, as well as record search.

• Risk Query: Specifies the user information and checks the risk associated with the user; usually used for in real-time query of fraud risk during business processes.

3.1 Database management

The database management includes three API interfaces, inbound, outbound and record query.

3.2 Risk query

The Risk Query API is used to query the risk associated with a specified record. It supports two risk query methods:

• Querying the risk associated with a record in the databaseWhen calling the risk query API, pass in the itemId parameter returned from the entry data, and specify the risk type and time window. The entry data can be queried corresponding to the specified itemId.If the risk type and time window are not specified, it will default to corresponding the record against the entire database and query through all possible risks.

• Query the risk of data that has not beenentered into the database.

  When calling the risk query API, pass in the imageInfo and basicInfo parameters to return the corresponding risk associated with that data. The API will compare it with all the data that has been entered into the database before.

You can specify the following data when making a risk inquiry:

• Specify the risk typeSpecifies the type of risk for the query. The risk types include two categories – identity fraud and duplicate authentication. One or more types of risks can be specified for querying. When more risks are being queried, the longer the process will take.

• Specify the time windowSpecifies a comparison with the database for a specific time window e.g. querying for data risks stored in the past 6 months. Limiting the time window can shorten the time spent on the interface. If the time window is not specified, the default is to query the risks within the entire database.

4. Accessibility modes

ID Network provides an API access mode for you to access the ZOLOZ service. For more information, see API integration for ID Network.

5. Use flow

The use flow of IDN is shown below:

Figure 1: IDN use flow illustration

1. Enter existing data into the database.

   Call the add API to store images and identity information of existing users into the database. In order to improve response speed, it is recommended to turn off the risk query function when inputting into the database.

2. Real-time risk detection.

   During the eKYC process, the add API is called to store the collected user information into the database, and at the same time, risk query is performed to determine whether there is any risk of identity fraud and batch registration. In order to improve response speed, a time window for querying risks can be set. The smaller the time window, the quicker the query speed.

3. Risk information query.

   When the risk query identifies a risk, the riskData can be obtained in its risk details and the get API can be called to query detailed images and information associated with the riskData.

4. Manual review.

   It is recommended to manually review multiple records with risks again before making the final decision.

6. Advantages

6.1 Strong technical capabilities

• Face image feature extraction techniquesFeature extraction for face images is performed and converted into a fixed length vector, which can be used to assist in the discovery of risk groups while retrieving in real-time.

• Large-scale vector retrieval technologyRetrieve face similarities quickly and accurately in real-time from full-volume historical data. The core technologies involved include an improved vector retrieval system based on ElasticSearch, and large-scale vector retrieval algorithms based on PQ and HNSW.

• Multi-factor group mining techniquesIdentify potential risk groups in the full data. Core technologies involved include a Louvain-based multi-factor group mining algorithm and a weighted LPA-based multi-factor label propagation algorithm.

6.2 Highly scalable

In addition to face images and ID information, IDN also supports incoming device IDs, user IDs, and other information to construct a network of multi-dimensional data; allowing for the discovery of more comprehensive risk-type groups and application scenarios.

7. Common scenarios

Typical application scenarios of IDN include discovering identity fraud groups and duplicate authentication performed by the same person during online authentication, as well as discovering of batch attacks and other behaviors during face login and payment processes.

7.1 Online identity verification

When performing an online real-person authentication, users will need to upload their ID photos, take selfies, and submit a series of identity information. Using IDN, the information submitted by users can be compared with the historical information previously collected during the identity authentication process, as well as detect in real-time whether there is identity fraud risk. If a risk is detected, businesses can choose to intercept the authentication attempt or introduce a secondary manual review.

7.2 Offline risk inquiry

Offline risk query identifies possible identity fraud risks by comparing the relationship between a specific record and a historical record. Specific risk types are the same as the real-time risk query types in an online authentication scenario.

Since offline risk query takes a shorter amount of time for IDN to return results, the scope of risk query can be expanded. When the size of historical data is large, the time spent to retrieve a database is longer. During the real-time processes for eKYC, this can have a great impact on the user experience. In cases like these, offline risk query can be performed instead.

It is recommended to use a combination of real-time query and offline query to check for recent fraud risks during the real-time business processes. Once the process is complete, for users who are deemed to be high-risk, an additional layer of offline risk detection can be performed.