Demographic Bias in Identity Proofing
In Gartner’s Market Guide for Identity Proofing and Affirmation, the authors make special note of demographic bias in facial recognition. If the AI performing the facial recognition or face match has a bias with regards to gender, race, age or any other characteristic then that is wrong on a fundamental human level. Of course, there are business implications as well but our concern transcends those implications.
This is an important topic and one that ID Dataweb takes very seriously. One of our identity proofing templates involves the user taking a selfie, doing a liveness detection, then comparing that photo to a driver’s license or government ID. We don’t control the AI that performs these actions but we do control which backend providers we use on our exchange for these functions. We want to ensure that every user has an equal ability with as little friction as possible to verify their identity to sign up for our customers’ services.
What can we do to mitigate demographic bias?
Of course, we test our pass/fail rates internally for our BioGovID proofing workflow. Due to the nature of our services, we have no way to know the gender or race or age of our production customers but we can determine the demographics of our POC and internal testing. To date, we have had identical results for all of our internal testing through all demographic groups. With pass rates north of 90% in all groups, we are confident that within our company’s, our customers’ and our partners’ employee groups, there has been no demographic bias.
But that isn’t enough. It’s a small sample size with technically astute users. We need to ensure that there is no bias with larger populations. From our production customers, we have never seen any abnormally low pass rates but that still isn’t enough to ensure that the bias isn’t hidden in the numbers. Thankfully, our attribute provider partners are aware of this issue and are taking steps to mitigate and solve the bias when they find it. I am going to provide Acuant’s Fairness Evaluation verbatim. When asked about it, they had an answer immediately and obviously put it at the forefront of their research and product development
Acuant’s commitment to Responsible AI includes building AI services that work equally well for all supported demographic groups and scenarios. To achieve this, Acuant worked with stakeholders to establish the following fairness accountabilities for facial recognition:
- Measure and mitigate error-rate differences between subpopulations based on race, ethnicity, skin tone, gender, and age. Differences should get smaller or stay the same as new and updated features and functions are released. For face verification and identification, Acuant has committed to a <3% performance discrepancy between gender, age, ethnicity, ethnicity x gender, ethnicity x age for the categories defined below.
- Plan to support fairness by evaluating key use cases for potential fairness issues. Particularly for new functions, identify use cases that should be restricted or prohibited, conduct research with key stakeholders to uncover key fairness-related concerns, and evaluate the impact of regulations and policies.
- Document known issues and influences on accuracy, as well as known remediations, specifically for the purpose of informing experience and solution builders. In addition, Acuant is building the product to minimize the amount of work required to properly use Acuant facial recognition AI.
- Provide access for third parties to audit external-facing APIs. Provide contact information for escalating any fairness issues that are discovered and establish an internal review process, including expected outcomes and a communication plan for responding to escalations.
- Participate in credible public fairness benchmark competitions and/or evaluate functions using datasets designed to support evaluating accuracy by subpopulations based on race, ethnicity, skin tone, gender, and age. Existing public datasets are small, unbalanced (<5,000 subjects per subpopulation), and contain labeling errors.
Building a bias-free Identity Verification workflow
Even with all of these efforts in place, relying solely on selfie to government ID matching can be problematic. You not only have the potential AI bias in recognizing faces but also can have issues with disadvantaged populations being less likely to have a government ID. Economically disadvantaged users are less likely to have a smartphone with a high enough resolution camera causing matching discrepancies.
This is one of the many reasons ID Dataweb recommends a two or three step workflow for identity verification:
- Start with a phone possession & ownership check – if the user gets the OTP and we can triangulate that it is indeed the user’s phone without any signs of fraud we consider the user verified. This step usually verifies 70-90% of users.
- If they not able to pass that step, we can then perform a dynamic KBA (knowledge based answer) with either a credit bureau or custom data. This step can verify 70-90% of users who didn’t pass the first step.
- If that step is not passed, we would step up the verification to the selfie to government ID match. This step again, usually verifies 70-90% of the remaining users.
By taking this stepped workflow approach, you are able to bypass a vast majority of the demographic bias. Your users have a more frictionless process and your goal of allowing the correct people through while stopping fraudulent actors with sophisticated security tools built into ID Dataweb’s AXN platform.