ZOLOZZOLOZDOCS

What is Real ID?

Real ID is an online e-KYC solution for proving "who you are" on the internet based on ID documents and face recognition.

Real ID collects user ID pictures and selfie images, and compares them to detect if they are of the same person for the online verification of users' real identities. During this process, Real ID helps you to detect whether there are forged documents and if the face captured is genuine to ensure the authenticity and accuracy of the information submitted by the user.

The UI for Real ID is shown in the following figure:

Picture 1.png

Figure 1: Real ID User Interface

Features

Document capture

Document capture captures the users’ ID picture, and the algorithm will check the quality of the captured picture as well as verify whether it is the specified ID type.

ZOLOZ provides two capture methods: automatic capture and manual capture.

  • Automatic capture (recommended): The algorithm automatically determines whether the picture is clear. When an eligible ID picture is detected, the algorithm will automatically capture and upload it. This capture process does not require the user to tap on the screen.
  • Manual capture: Users will need to manually tap the capture button and confirm whether the picture is clear enough.

Document anti-spoofing

The document anti-spoofing detection captures and analyzes the document image to determine whether it is a genuine document and if there is a fraud risk i.e. photo prints, screen remakes, or masks. For specific ID card types (e.g. Hong Kong China ID card, Malaysia ID card), ZOLOZ also supports security feature checking to determine whether the document is a high-quality imitation.

Document OCR

Document OCR (Optical Character Recognition) supports structured recognition of key fields on a document, such as the document number, name, date of birth, and more.

Face capture

Face Capture captures users’ live selfie images. The user cooperates by lifting the phone and facing the screen, then follows prompts such as blink/performing other actions so that a selfie image of their face can be captured and collected through the front camera. The algorithm will automatically determine whether the user’s face is genuine and whether the quality of the selfie image is acceptable.

Liveness detection

By capturing and analyzing face images, ZOLOZ determines whether it has collected a real face, or a photo or video. ZOLOZ provides a variety of image algorithm capabilities for liveness detection, and it can help you to identify and defend against presentational attacks such as 2D images, screen remakes, 3D masks, and more. It can also combine multi-frame image and anti-spoofing algorithms to identify injection attack, before finally completing the face capture process.

Face compare

Compares the collected ID portrait with the selfie image to determine if the two faces belong to the same person.

Risk control system

Real ID has a risk control engine to determine the risk strategy. Risk control is mainly reflected in the following two aspects:

  • The initialization session before starting image captureReal ID will determine whether the same device or the same user IDs has displayed multiple risk behaviors within a short period of time. For example, attempting multiple photo attacks. When the number of retries exceeds the limit, the system will reject the initialization request. A new Real ID session can only be started again after a certain period of time.
  • Processing session after successful image uploadReal ID will determine whether the same ID number or the same face has displayed multiple risk behaviors within a short period of time. For example, attempting multiple photo attacks, or multiple comparison failures etc. When the number of retries exceeds the limit, the system will consider it risky and return either Pending or Failure as the final Real ID result.

Use flow

The use flow of Real ID is shown below:

image

Figure 2: Real ID use flow illustration

  1. Capture an ID pictureThe user prepares their ID document to be photographed and aligns it with the frame guide box in the capture interface. They will then take a clear and complete photo of the ID document.ZOLOZ supports 2 ways for users to capture their ID documents: automatic capture and manual capture.Note: The user experience for automatic capture user experience is better. Users can capture more image data, which is convenient for more advanced document anti-spoofing detection as the anti-spoofing protection is stronger. It is recommended for users with anti-spoofing needs to choose the automatic capture method.
    • Automatic capture (recommended): The algorithm automatically determines whether the photo is clear, and the user will be prompted to adjust the document in real-time if the quality of the ID picture is inadequate during the capture process. When an eligible ID picture is detected, the algorithm will automatically capture and upload it. This capture process does not require the user to tap on the screen.

    • Picture 3.png
      Figure 3: Automatic capture
    • Manual capture: Users manually click the capture button and confirm whether the photo is clear enough. If the algorithm determines that the quality of the uploaded photo is inadequate, a pop-up box will appear and prompt the user to re-capture, as shown in the following figure. Picture 4.png

Figure 4: Manual capture

  1. Capture a live faceUsers will need to raise their phone and face the screen. They will have to follow the prompts given and complete certain actions i.e. blinking/other actions, as well as take a selfie using the front camera. The algorithm will automatically determine whether the face captured in the selfie is human, and whether the quality of the face capture is acceptable.
    • When an eligible selfie image is detected, the algorithm will automatically capture and upload it. This capture process does not require the user to tap on the screen.
    • If the algorithm detects that the quality of the selfie is inadequate, it will guide the user to adjust their phone with corresponding prompts, such as if they should move closer or further, if their face needs to be better lit, etc.To verify that it is indeed a genuine human face in front of the camera and not a photo, the algorithm will ask the user to perform an action such as blinking. The capture process will only be successful when the prompted action has been performed.
  1. The collected ID portrait and selfie image are compared to determine if the two faces belong to the same person.When the ID portrait and the selfie image have been uploaded successfully, ZOLOZ's server will automatically conduct a face comparison. The final result will then be returned to the user in the form of success/pending/fail.

Real ID results

Field name

Meaning

Description

ekycResult

eKYC Total Results

  • Success: The eKYC is successful. ekycResult combines ID, face and risk control results. If all of them are successful, then the results will pass. It means that the ID and face are genuine and the comparison is consistent. The result of each item can be seen in ExtFaceInfo.ekycResultFace, ExtIdInfo.ekycResultDoc, ExtRiskInfo.ekycResultRisk.
  • Failure: The eKYC has failed. There is a Failure result present in the ID, face and/or risk control module, which means a high risk is present in this authentication.
  • Pending: There is a certain risk present in this authentication, and a second manual review is required. There is no Failure result present in the ID, Face, and Risk Control modules, but there is a Pending result.
  • InProcess: The eKYC process is not finished and may still be in progress.
  • VoidCancelled: The eKYC process is not completed, and is interrupted in the middle of the process. For example, the user clicked Exit while the eKYC was still in progress.
  • VoidTimeout: The eKYC process timed out and did not complete.

ExtFaceInfo.ekycResultFace

Face session total results

  • Success: Face verification has passed. The face quality score and liveness detection have passed, and face comparison is consistent.
  • Failure: Face verification has failed. There is a higher risk present in this authentication e.g. the ID portrait and the selfie image are not of the same person (the matching score is lower than the ZOLOZ’s lower threshold), or the face liveness detection does not pass.
  • Pending: There is a certain risk present in this authentication, and a second manual review is required. The reason for Pending may be that the ID portrait and selfie image’s matching score is not high enough e.g. between the upper and lower thresholds set by ZOLOZ.

ExtFaceInfo.faceScore

Human face comparison score

The similarity score for live face and ID portrait face comparison.

  • When the comparison score ≥ the upper threshold set by ZOLOZ, the face comparison passes.
  • When the comparison score is between the upper and lower threshold values set by ZOLOZ, a second manual review is required and the total result of the face module will be Pending.

When the matching score is less than the lower threshold set by ZOLOZ, the face matching does not pass and the total result of the face module will be Failure.

ExtFaceInfo.faceQuality

Face quality score

The quality detection score for face images.

  • When the quality score ≥ the quality score threshold set by ZOLOZ, the face quality passes.
  • When the quality score < the quality score threshold set by ZOLOZ, the face quality fails and the total result of the face module is Failure.

ExtFaceInfo.faceLivenessResult

Liveness test results

  • Success: The liveness detection test has passed.
  • Failure: The liveness detection test has failed. This authentication has a high risk of a possible spoofing attack.

ExtIdInfo.ekycResultDoc

Document session total results

  • Success: The document verification has passed. Both the document quality compliance test and anti-spoofing test have passed.
  • Failure: The document verification has failed. There is a high risk present as the document quality compliance test did not pass. For example, the document may be blurred, or the document type is incorrect, etc.
  • Pending: There is a certain risk present in this authentication, and a second manual review is required. The document anti-spoofing test has failed i.e. prints or duplicate documents, etc.

ExtIdInfo.spoofResult

Document anti-spoofing results

Detailed document anti-spoofing results. All the anti-spoofing detection values supported by ZOLOZ are as follows

  • TAMPER_CHECK: Masking tamper detection. Y means pass, N means fail.
  • MATERIAL_CHECK: Material detection; Y means pass, N means fail.
  • SCREEN_RECAPTURE_CHECK: Screen recapture detection; Y means pass, N means fail.
  • INFORMATION_CHECK: Information verification detection. Verifies ID, name and symbols in the China Hong Kong ID card; Y means pass, N means fail.
  • SECURITY_FEATURE_CHECK: Anti-spoofing security feature detection. Detects security features in the Hong Kong ID card and the Malaysian identity card; Y means pass, N means fail.

ExtIdInfo.docErrorDetails

Details of documentation identification failure

  • NO_REQUIRED_ID: The ID picture does not match the specified ID type.
  • BLUR: The ID picture is blurred.
  • NO_FACE_DETECTED: The face that should have been detected in the specified ID picture is not detected from the uploaded ID picture.
  • NOT_REAL_DOC: The ID security detection has failed. The ID picture is detected as fake.
  • EXPOSURE: The ID picture is overexposed.
  • UNKNOWN: All other recognition errors.

ExtRiskInfo.ekycResultRisk

Risk control results

  • Success: Risk control verification has passed. All risk control checks have passed.
  • Failure: Risk control verification has failed. There is a high risk present in this authentication, and accumulated attack risk is detected.
  • Pending: There is a certain risk present in this authentication, and a second manual review is required. Possible reasons are IDN, blacklist, age mismatching; please check ExtRiskInfo.strategyPassResult for the specific reasons.

ExtRiskInfo.strategyPassResult

Risk control result details

  • PASS: Risk control has passed.
  • VELOCITY_HIGH_RISK: Accumulated attack risk is detected.
  • ID_NETWORK_HIGH_RISK: IDN risk has been detected for multiple transactions, e.g. situations where the same face has different IDs, or the same ID with different faces etc.
  • BLACKLIST_HIGH_RISK: Blacklist hit has been detected.
  • AGE_MISMATCH_HIGH_RISK: There is a significant age difference between the live face and the face in the ID.