printer friendly version

From the editor's desk: Maybe I’m too old?

Andrew Seldon, Editor

There are many companies these days touting their ability to securely authenticate people via mobile devices (or selfies), claiming that it is secure and easy. Some banks are even allowing people to open accounts via selfies without having to physically enter a bank – which is everyone’s dream.

The argument often used is that verifying your identity at the bank is simply a matter of the person behind the counter looking at you and your ID or passport and making a decision. In the past this may have been true, but South African banks can now also check your fingerprints against Home Affairs to make sure it’s you.

Of course, Hi-Tech Security Solutions carried a few stories about ‘selfie enrolment’ over the past two or three years, and everyone involved stressed the simplicity and reliability of the process. I was recently forced to enrol via mobile for a course I was doing and my experience was anything but simple. And while I am not an expert in the technicalities of it, my experience left me doubting the reliability of the enrolment (never mind the question of who my data is going to, what are they doing with it, how long they intend to hold onto it and more. Quite honestly, from what I have seen of some American companies, I would expect the data sent there to be distributed to every server in the USA within seconds – although I may be biased. And yes, I said America and not China which is the usual whipping boy for privacy hysteria, especially from America).

Leaving the privacy issue behind, the process I used was cumbersome. It didn’t like the picture of me taken by my laptop’s camera (although Microsoft seems happy to log me in as administrator via my mugshot in less than a second). Then it couldn’t get a good enough image of my ID credentials. So I moved onto my smartphone (a Nokia X10, so it’s not a cheapie).

Six attempts at reading my ID credentials later and I decided to just take a picture myself and upload it. That worked. However, the idea that a picture taken by someone, somewhere was accepted instead of a real-time scan is a bit off-putting. Then came the ‘live selfie’ confirmation.

I know more about lighting now than Hollywood celebrities. And after however many attempts I apparently still wasn’t me. Eventually I just said some rude words and thought I’d give it one more try before making it someone else’s problem and it worked. Maybe they were monitoring the audio feed and decided to avoid having to talk to me?

The reason for the enrolment was just to get a certificate (if I pass), so maybe that’s OK. Maybe I’m just old and paranoid, but if I was opening a bank account I would be horrified if a bank would accept that enrolment. I would even be prepared to face the trauma of going into a branch rather than trust the process I went through; it’s like saying “here’s a picture of someone’s ID and I promise it’s me.”

Share this article:

Further reading: