Is it really continuous verification if fraudsters can easily outsmart it?
View in browser
The Signal by Incognia
Verified User

Continuous verification should actually be continuous

 

By André Ferraz, CEO and Co-Founder at Incognia

 

Continuous verification should actually be continuous. 

 

It sounds pretty straightforward, but many companies don’t treat it that way. 

 

Here’s the issue:

 

If your continuous verification method is…

  • Easy to fool
  • Too friction-heavy to trigger often
  • Too costly to use consistently 

…Do you really have continuous verification? 

 

As an example, consider driver selfie verification in the food delivery and rideshare space.

 

Unauthorized account sharing and ATO are evergreen problems in this industry.

 

So to prevent this abuse, some platforms ask drivers to take a selfie at the start of each shift. That selfie is used to verify that the account owner is the one accessing the account and driving for the platform.

 

But selfie verification is easy to fool with image injector apps. These apps allow fraudsters to bypass the device camera and inject an image from the camera roll instead. 

 

It’s also a higher friction way to verify. If you only ask for one selfie at the start of the shift, that’s hardly continuous. And yet no one wants to inundate their drivers with selfie requests every hour. 

 

So the friction of the method presents another challenge.

 

If fraudsters can slip in through the cracks by simply downloading an image injector, the verification isn’t really continuous. 

 

Ultimately, we should be verifying every user, every time. 

 

So, what’s the best way to do that? 

 

I think we should be looking towards passive, spoofing-resistant signals like device and location. 

 

Tech giants like Apple are already recognizing the power of location. 

 

Physical device theft has been a growing way to facilitate ATO attacks. 

 

Steal a phone while the user is already logged in, and you have access to their on-device accounts. 

 

Apple introduced a location-based feature, Stolen Device Protection, that stops device thieves from changing Apple passwords and viewing saved passwords if they’re located too far from the device owner’s trusted locations. 

 

How could a similar concept be applied in the rideshare and food delivery space?

 

Every US driver’s license has a home address on it. Asking for proof of a driver’s license is already part of the onboarding process for driver-side apps. 

 

So how could we verify that the account isn’t being rented out or hasn’t been rented out?

 

By verifying that the device signing into the account: 

  1. Is the same device from onboarding 
  2. Returns to the same home address consistently 

These signals can also be collected passively, reducing user burden. 

 

A leaky verification process isn’t going to adequately protect user accounts from abuse and misuse. 

 

Don’t settle for anything less than robust verification of every user, every time they access their account.

div_5

Upcoming event

webinar_The-Device-&-App-Tampering-Epidemic_wide_

Device and app tampering pose a significant threat to marketplace platforms, leading to bigger fraud losses and less accurate fraud signals. 

 

Is your platform prepared to fight back against tampering in 2025?  

 

Join experts from Lalamove and Incognia as they break down the ins-and-outs of the tampering epidemic and what you can do to keep your signals reliable. 

 

The Device & App Tampering Epidemic:

What Marketplaces Need to Know in 2025

Wednesday, Jan 29th, at 10 AM PST

 

Register now
div_5

Other resources to check out

 

Blog post

How & Why Driver Account Sharing Happens (And How Food Delivery Apps Can Prevent It) 

This blog post looks at methods drivers use to share or rent out accounts, the motivations behind it, and some ways that food delivery and other gig apps can take back control. 

 

Blog post

3 Signs Your User Verification Friction is Too High

In this post, we explore the symptoms of high user verification friction, as well as some solutions for creating a more user-friendly experience that’s still secure. 

 

Case Study

Digital car rental marketplace reduces identification friction with Incognia's Location Verification

For this car rental platform, implementing Incognia’s Location Verification led to decreased new user abandonment, increased automatic user verifications, and lower verification friction. 

Incognia Logo

Incognia is the innovator of next-generation identity solutions that enable secure and seamless digital experiences. For more information, visit Incognia.com.

LinkedIn
YouTube

Incognia, 333 West San Carlos Street, Suite 600, San Jose, CA

Unsubscribe Manage preferences