As a practitioner rather than a theorist, I will run a few practical compliance tests this week to better understand the situation with detecting and verifying synthetically generated IDs in the modern digital KYC provider industry.
This time I've looked at two platforms that use Shufti Pro and Onfido. Both KYC providers state on their websites that they use AI-based models to detect the synthetic IDs and prevent registration if detected.
This time I've looked at two platforms that use Shufti Pro and Onfido. Both KYC providers state on their websites that they use AI-based models to detect the synthetic IDs and prevent registration if detected.
- The information below shows the approach I used to test how good KYC solutions are at detecting AI-generated identities. (Disclaimer: this is only a practical test of KYC verification capabilities aimed at identifying the potential gaps in the digital KYC process with no any illegal purposes in mind). I also masked data on a screenshots for compliance and security reasons.
Shufti Pro
Step 1: I've synthesised the Polish National ID document, which costs me $15;
Step 2: I've checked which companies are partnered with Shufti Pro for identity verification matters and picked up https://www.ironfx.com which is FX broker;
Step 3: I've created google mailbox and register it using random data from my synthesised ID;
Step 4: I've registered on ironfx platform using that google account credentials and pass through the identity verification process successfully;
Step 2: I've checked which companies are partnered with Shufti Pro for identity verification matters and picked up https://www.ironfx.com which is FX broker;
Step 3: I've created google mailbox and register it using random data from my synthesised ID;
Step 4: I've registered on ironfx platform using that google account credentials and pass through the identity verification process successfully;
Assuming that ironFX was indeed using Shufti Pro as their identity verification provider, I could conclude that their solution failed to detect the synthesised document; Failed;
Onfido
Using the same google account I've registered on the www.moneygram.com which partnered with Onfido for KYC verification purposes;
After the initial registration website requested me to prove my identity, which was done using the same synthesised ID document;
After the initial registration website requested me to prove my identity, which was done using the same synthesised ID document;
Assuming that moneygram actually using Onfido as their identity verification provider (which at least stated on the widget), I could conclude that their solution failed to detect the synthesised document; Failed;
As you can see, both tests failed, confirming my concerns that AI-generated IDs pose a significant risk to the KYC industry. I'm continuing to test digital KYC solutions this week. My goal is to find a solution provider that can identify synthetic IDs and reject my synthetic ID through the automated identity verification process.
As you can see, both tests failed, confirming my concerns that AI-generated IDs pose a significant risk to the KYC industry. I'm continuing to test digital KYC solutions this week. My goal is to find a solution provider that can identify synthetic IDs and reject my synthetic ID through the automated identity verification process.
