OneID® | News and Events

A marketeer's experience of ChatGPT on digital identity and fraud

Written by Carl Griffiths | 19/01/23 08:55

As a digital marketeer, I try to keep my finger on the pulse and stay up to date with marketing trends. Creating new content is sometimes a challenge and often time consuming.

I read this blog How can I use ChatGPT for marketing? and it made me wonder how much relevant and correct material ChatGPT could create on topics that are relevant to OneID®.  

I tried to login at 1.05pm and got a message.... 

‘ChatGPT is at capacity right now. Get notified when we're back' 

I tried again at 1.45pm and this time I was able to get started. I thought I would ask a series of questions, then check the quality of the responses to determine if the content is of a high enough quality to be used on our channels. Admittedly, I was somewhat skeptical and didn’t know what to expect.  

As part of this process, I also caught up with one of our identity authentication experts, Adrian Field, who is Head of Market Development here at OneID® (connect with Adrian on LinkedIn here).  

I asked Adrian to review the information given by ChatGPT in terms of accuracy and usability. I was excited to get his opinion on the answers given by ChatGPT and to hear his thoughts on the topics being highlighted in these questions from his thought leadership perspective.

Here is how it went:   

Q1: What is digital identity? 

A: Digital identity refers to the online identity of a person or an entity. It represents the online representation of a person or entity, and it is created by the use of various digital technologies such as social media accounts, websites, and mobile apps. Digital identity can include a variety of information such as name, age, address, email address, phone number, and other personal or professional details. It is used to identify and verify the online presence of a person or entity, and it can be used for a variety of purposes such as logging into websites, making online transactions, and accessing online services. 

Adrian said: 

Not bad, and ChatGPT is learning from the collective and varied views of what a digital identity is, so the somewhat vagueness of ‘created by the use of..’ is understandable. Here at OneID® we define identity as your legal identity (e.g., entry on a birth registry or company register to create a legal ‘identity’) that has ‘personhood’ (i.e., can own things, sign contracts etc.), and your digital identity as a set of personal data that is provably linked to your legal identity as a person or organisation, and stored with a digital account. The process of creating a digital identity should verify that you are a real person and the right person, be secure and involve issuance of a verifiable digital certificate unique to you, and secure credentials/authenticators that you keep safe and use to access your digital account. 

Q2: How can we verify digital identity? 

A: There are several ways to verify digital identity: 

  1. Two-factor authentication: This is a process that involves the use of two different methods to verify the identity of a person or entity. For example, logging into a website may require a password as well as a code that is sent to a mobile phone. 
  2. Digital certificates: These are electronic documents that are issued by a trusted third party and used to verify the identity of a person or entity. Digital certificates can be used to secure websites, email, and other online communications. 
  3. Public key infrastructure (PKI): This is a system that uses a combination of public and private keys to verify the identity of a person or entity. A public key is a piece of information that is shared publicly, while a private key is kept secret. PKI is often used to secure online transactions and communications. 
  4. Biometric authentication: This is a method of verifying identity using unique physical characteristics such as a fingerprint, facial recognition, or voice recognition. 
  5. Knowledge-based authentication: This is a method of verifying identity by asking questions that only the person being verified would be able to answer. For example, a person may be asked to provide the name of their first pet or their mother's maiden name. 

Adrian said: 

There is nothing wrong with the answers to this question, but the question could be answered in two different 

ways; how do you initially verify (and issue) a digital identity, and how do you re-verify a returning person is the owner. The answers all relate to the latter, authentication case. Issuance of a digital identity is usually called ‘identity proofing’ and involves a secure process to verify the individual and bind them to a digital account that stores their identity data, and is protected by the authenticators (2FA, certificate keys, PKI, biometrics etc.). Knowledge-based authentication (KBA) is seen as a weak authenticator as anyone can look up your data online (e.g. your mother’s maiden name is on open birth registry data and social media). KBA therefore does not prove that the right person is present, just that they have the data relating to the data subject. 

Q3: How is digital identity changing? 

A: Digital identity is constantly evolving as new technologies and approaches are developed. Some of the ways in which digital identity is changing include: 

  1. Increased use of biometric authentication: As biometric technology becomes more advanced and more widely available, it is becoming increasingly common for digital identity verification to be based on biometric characteristics such as fingerprints, facial recognition, and voice recognition. 
  2. Greater focus on privacy and security: As more personal information is being shared online, there is an increased focus on protecting privacy and securing digital identity. This includes the use of stronger passwords, two-factor authentication, and other security measures. 
  3. Greater use of decentralized identity systems: Decentralized identity systems allow individuals and organizations to own and control their own digital identity, rather than relying on a central authority to manage it. These systems use blockchain technology to create a decentralized, secure, and transparent way to verify identity. 
  4. Increased use of artificial intelligence: Artificial intelligence (AI) is being used to automate many aspects of digital identity verification, including the analysis of biometric data and the evaluation of online behavior. 
  5. Greater integration with the physical world: Digital identity is increasingly being used to facilitate interactions and transactions in the physical world, such as unlocking a door or making a purchase. This requires the integration of digital identity with physical devices and systems. 

Adrian said: 

This answer on the whole is good. The topic of decentralized identity is a broad one, with many things to consider that go beyond the scope of this question; such as how decentralized, centralized and federated systems will all continue to co-exist, control can be achieved with any model via data protection laws, and ownership isn’t a good term for data (which is copied rather than ‘owned’). Data rights are a more applicable term, and both parties in a relationship have data rights and obligations. Decentralized identity also does not need a blockchain, and indeed personal data should not be stored on a blockchain as this causes privacy and compliance problems. The core of digital identity, a legal identity, will always be centralized as it comes from a legal identity issued by a nation state. There is no ‘bitcoin nation’ that can issue a legal identity. 

AI picking up on commonly used memes or hype and repeating/amplifying it is one of the issues with AI-generated content; how does the reader know what is hype and what isn’t? 

 

Q4: Are there any fully digital identity providers? 

A: There are many companies that offer digital identity services, which are designed to help individuals and organizations verify and manage their online identity. These services can include a variety of features such as identity verification, authentication, and access management. Some examples of companies that offer digital identity services include: 

  1. Okta 
  2. Microsoft Azure Active Directory 
  3. OneLogin 
  4. Auth0 
  5. Ping Identity 
  6. LoginRadius 

These companies offer a range of services, and the specific features and capabilities may vary. It is important to carefully research and compare the different options to find the digital identity service that best meets your needs. 

Adrian said: 

The question should be ‘any digital identity providers who are fully digital?’. Large companies that offer a full suite of services are unlikely to be 100% digital. A process to scan a document and capture a video or selfie is also not 100% digital; it is a digitization process of a physical document, with data capture from that document. Many of the solutions in market are actually ‘digitized identity’ rather than ‘digital identity’. 

OneID® is, of course a good answer as it is a 100% digital service! 

 

Q5: How can we reduce economic fraud? 

A: There are several ways to reduce economic fraud, including: 

  1. Increasing government oversight and regulation of financial institutions and markets. 
  2. Implementing stricter laws and penalties for individuals and companies found guilty of fraud. 
  3. Providing education and resources to individuals and small businesses to help them recognize and prevent fraud. 
  4. Developing and implementing advanced technology, such as artificial intelligence and machine learning, to detect and prevent fraudulent activity. 
  5. Encouraging whistle-blowers to report suspicious activity. 
  6. Collaboration between law enforcement agencies, regulators, and the private sector to share information and coordinate efforts to combat fraud. 

Adrian said: 

For the UK, there is a complex network of organisations that are tasked with reporting and reducing fraud (mostly with reporting it), that could be simplified. 

There needs to be more focus on prevention rather than reporting, which is where new tools such as digital identity and OneID® come in. Adding digital identity checks in a user journey is now a simple process with low friction, that can enable both parties in a transaction to be securely identified by their banks, before any payment is sent, thus greatly reducing fraud. 

 

Q6: Do you have any data on economic fraud in the UK? 

A: I do not have any recent data on economic fraud in the UK, as my knowledge cut off is in 2021. However, according to the National Fraud Intelligence Bureau (NFIB) of City of London Police, in 2019, the most common types of fraud reported in the UK were: 

  • Online shopping and auction fraud 
  • Impersonation scams 
  • Investment fraud 
  • Scams involving the use of the telephone 
  • Banking and credit account fraud 
  • Advance fee fraud 
  • Computer software service fraud 

Adrian said: 

As with most statistics, there is always a lag of a year or so before data is collated. UK fraud is also very complex, with multiple parties collating and publishing data. A more joined-up approach is needed to understand the size of the problem, and monitor the impact of proposed solutions. 

 

Q7: Can you see economic fraud changing over the next few years?  

A: It is likely that economic fraud will continue to evolve and change over the next few years. As technology advances and becomes more integrated into our daily lives, new opportunities for fraud may arise. For example, with the increasing use of mobile banking and online transactions, fraudsters may develop new methods to steal personal and financial information.  

As fraudsters become more sophisticated in their methods, it is also likely that the types of economic fraud will change. For example, there may be an increase in complex frauds such as business email compromise (BEC) or email account compromise (EAC) where fraudsters use social engineering to trick individuals into making wire transfers or other financial transactions.  

Furthermore, the COVID-19 pandemic is also likely to have a continuing impact on economic fraud in the next few years. Fraudsters may take advantage of the confusion and uncertainty caused by the pandemic to carry out fraud.  

It is important for government agencies, financial institutions, and individuals to stay informed about the latest trends in economic fraud and take steps to protect themselves. 

Adrian said: 

As AI tools evolve, they will be incorporated into the toolbox for both fraudsters and the organisations trying to prevent fraud. Humans will remain the weakest link in the chain due to our susceptibility to social engineering tactics. 

 

Q8: Is biometric authentication secure and safe? 

Biometric authentication can be a secure and convenient way to verify identity, but it is not foolproof. There are several potential security and safety concerns to consider: 

  1. False negatives: Biometric authentication systems can sometimes fail to recognize a person's biometric characteristics, resulting in a false negative. This can be frustrating for users and may discourage them from using the system. 
  2. False positives: In some cases, biometric authentication systems may incorrectly identify a person as someone else, resulting in a false positive. This can be a serious security risk if it allows unauthorized access to sensitive information or systems. 
  3. Privacy concerns: Some people may be concerned about the privacy implications of using biometric authentication, as it requires the collection and storage of sensitive personal data such as fingerprints or facial scans. 
  4. Vulnerability to hacking: Biometric authentication systems can be vulnerable to hacking and other forms of cyber-attacks, particularly if they are not properly secured or if they use weak authentication methods. 

Adrian said: 

Whether or not content is AI-generated, providers of biometric systems need to do a better job of explaining how the technology works. The actual biometric should, in most cases, not be stored, rather a templated representation of it in numeric form is securely generated and stored. If that data is then compromised, it is useless to the hacker as they cannot regenerate the original biometric to pass the comparison test. If this was communicated more clearly then less people would be apprehensive about using it. 

There are also two main branches of biometrics; one-to-one mapping to provide access, which is broadly accepted and liked, and one-to-many face searching (such as CCTV) which has much broader social and ethical concerns. We should not slow the adoption of the safe one-to-one technologies whilst we debate the need for the one-to-many services. As ever, the issues are around how the overall system is designed and governed, rather than the actual technologies themselves being bad.  

Overall, biometric authentication can be a secure and convenient way to verify identity, but it is important to carefully consider the potential risks and to use appropriate security measures to protect against them. 

Conclusion 

Overall, I found this information comprehensive and insightful. It worked quickly and the answers were accurate and informative. There are, however, some things that I would add to flesh out certain points.  

The answers to the questions did impress me and were constructed in a way that read well, to the extent that it was near impossible to identify that it had not been written by a human being. As a marketeer, I predict that ChatGPT is going to become an asset to businesses, marketers and content creators going forward. This will allow us to work in a way that is quick, effective, informative and strengthens SEO. I do still feel there is a need for human editing, but this certainly helps to speed up the process and provides a robust contribution to content.  If you too are interested in reducing fraud, we would love to hear from you.