A 360º Solution Covering the Entire Identity and Access Management Lifecycle

Veridas Flow is an end-to-end platform that ensures secure and convenient access to physical spaces. Through a registration process with identity verification, users can access various spaces using biometric terminals. The platform seamlessly integrates with leading access control systems, ticketing systems, government entities, and more, enabling various use cases. Additionally, it allows for identity management and business intelligence analytics through software that centralizes all information in real-time, optimizing resources and facilitating informed decision-making for businesses.

Meet the New Facial Biometric Terminals: Play and ZeroData

Play: Featuring a 10-inch screen, Play offers personalized, secure, and highly convenient access experiences in both indoor and outdoor environments. It supports up to 100,000 users per terminal, making it a scalable solution for any requirement. It optimizes access management from the outset to create memorable experiences and maximize revenue.

ZeroData: With a biometric QR reader (ZeroData ID), ZeroData allows users to carry their biometric information without storing any data on the terminal, making it the ideal solution for high-security access (two-factor authentication), locations with over 200,000 users, and facilities where privacy is essential. It is designed for outdoor and indoor spaces and supports unlimited user access.

Why Choose Veridas Flow? The Benefits Are Clear

With over 80 global clients using the Veridas Flow platform daily, the benefits are evident across various scenarios. From access to events, stadiums, and sports clubs, to enhancing user experience and security in corporate buildings and gaming rooms, Veridas Flow is revolutionizing access control.

• Hospitality Meets Access: Veridas Flow combines top-notch security with an exceptional user experience, allowing effortless and secure access even in high-security environments.
• 360º Identity & Access Platform: Our comprehensive platform manages everything from enrollment to access control, data management and business intelligence.
• Linking Physical & Digital Worlds: Veridas Flow seamlessly integrates physical and digital access, allowing unified identity verification for both environments and enhancing security and user convenience.
• 100% Proprietary & Leading Tech: Fully proprietary technology ensures seamless integration, optimal control, and rapid response to client needs without relying on external vendors.
• One Platform, Different Environments: Flow is designed for diverse use cases and supports various authentication methods and data storage options backed by powerful business intelligence.

Regulatory Compliance and Security

All Veridas systems operate with active user participation (proximity sensor or biometric QR) and are based on user consent. The platform holds the following certifications:

• Data Protection and Privacy: GDPR (General Data Protection Regulation) and RIA (Artificial Intelligence Regulation).
• Quality and Security: ISO 27001 (Information Security Management System), SOC 2 (Service Organization Controls).
• Technical and Performance Certifications: Top NIST (National Institute of Standards and Technology), iBeta Level 1 and 2 (Biometric Testing Certification).

Leading the Way in Access Control Innovation

With this new range of biometric terminals, Veridas Flow continues to lead innovation in security and access management. The company adapts to modern needs, offering robust and aesthetically integrated solutions that provide enhanced security, durability, and user convenience.

How ticket scams work?

Large events attract several types of cyber threats:

• Phishing Scams: Scammers send fake emails or create fake websites to trick you into sharing personal information. They might offer last-minute tickets or exclusive access deals.
• Identity Theft: With so many transactions happening, criminals might steal your personal info to buy fraudulent tickets or sell it online.
• Ransomware Attacks: These attacks lock you out of your data until you pay a ransom. They often start with phishing emails.
• Denial of Service (DoS) Attacks: These attacks overload websites with traffic, causing them to crash. This could affect ticketing systems, official event sites, or news portals.
• Fake Ticket and Rental Scams: Fraudsters create fake websites selling bogus tickets or rentals, leading to financial losses and disappointment.

Ticket scams to watch out for in 2024

Ticket scams vary across different industries because of the characteristic features and vulnerabilities of an industry. Some common types of ticket scams across various industries are as follows:

Sports and Events ticket scam

• Season Ticket Fraud: Scammers selling fake season tickets or unauthorized single-game tickets.
• Secondary Market Scams: Fraudulent activities on secondary markets where tickets are bought and sold.
• Premium Ticket Scams: Sell non-existent VIP or premium seats at high prices.

Concert ticket scam

• Counterfeit Tickets: Fake tickets are sold to unsuspecting customers. Normally, they are indistinguishable from the original ones.
• Duplicate Tickets: A unique genuine concert ticket fraud is sold to many people.
• Non-Existent Tickets: Scammers sell tickets for events that never were or to which they have no access.
• Fake Resale Sites: Fraudulent sites set up to appear as legitimate resale sites.
• Phishing Newsletter Scams: Emails or other messages appearing to offer tickets but are phishing scams to obtain identifying information.

Flight ticket scam and airline ticket fraud

• Fake Booking Websites: Enumeration Websites but work under the guise of a legitimate travel agency or airline to dupe the customer into booking travel asymptomatic.
• Bait-and-Switch: Advertisement of low fares, which are not available at all, and switching to higher ones once the victim is engaged.
• Resale Fraud: Selling used or canceled tickets.
• Fake Flight ticket Confirmation Emails: Emails that look like real booking confirmations but include some fake information or malicious links.

Festivals and Carnivals ticket fraud

• Fake Festival Websites: Entailing an entire fake website mimicking a real festival and collecting money for tickets that would not exist.
• Social Media Scams: Fraudulent offers that are posted on social media sites; most of the time, these are seen using hijacked accounts to make them look more believable.
• Group Discount Scams: A group discount is advertised with the view of collecting money and then disappearing.

  

How to avoid ticket scams?

Technology is crucial in fighting fraud and enhancing user experience:

• AI-Driven Solutions: AI detects and responds to suspicious activities, fighting fraud by analyzing patterns and identifying anomalies.
• Biometric Verification Check: Provide a secure way to verify identities, combating fraud in digital and physical spaces.
• Fraud Prevention: Biometric technologies detect deepfakes and verify ID authenticity, minimizing fraud risks.
• Enhanced Security in Stadiums: Biometric verification ensures that only verified users enter venues, enhancing safety.
• Zero Data ID: Users own their data, ensuring the most secure and private way of personal information protection. See how we enabled access for 12,000 people at the Guardia Civil Flag Swearing in 2024 with our ZeroData ID solution.

What is the future of Event Ticketing?

Biometric solutions like IDV and facial authentication can enhance the fan experience and management processes:

1. Facial Recognition for Entry: Implement facial recognition at entry points to quickly verify attendees, reducing unauthorized access and wait lines.
2. Integrated Ticketing Systems: Link IDV with ticket platforms for seamless verification from ticket purchase to stadium entry.
3. Hands-Free Payment: Activate facial payment systems for convenient transactions without phones or wallets, preventing sales to minors with age estimation if needed.
4. Employee Management: Use biometric authentication to ensure only authorized employees access different areas, complying with clock-in regulations.

With the Paris 2024 Olympics, EuroCup 2024, and Copa America, or even the FIFA World Cup 2026 – Canada, Mexico and the United States next year, robust IDV solutions are the key to enhancing security and streamlining the fan experience. These technologies help ensure that everyone can enjoy the events safely and smoothly.

Threats are increasing in quantity and sophistication, but technology and innovative strategies can give us the confidence we need in a rapidly evolving digital landscape. During the session, Jordi Torres showed how to effectively employ artificial intelligence to combat deepfakes, ensuring customer safety and trust in digital growth.

Have you ever wondered how banks are tackling the challenge of deepfakes and other digital fraud methods? This video offers you a privileged insight into the most effective tactics used by the world’s leading financial institutions. Stay one step ahead in the fight against identity fraud in the banking sphere.

Veridas conference at Money20/20

Types of Identity Fraud Attacks

Identity fraud can generally be categorized into two primary types:

1. Presentation Attacks: These involve an attacker presenting falsified evidence directly to the capture device’s camera. Examples include using photocopies, screenshots, or other forms of impersonation to deceive the system.
2. Injection Attacks: These are more sophisticated, where the attacker introduces false evidence directly into the system without using the camera. This often involves manipulating the data capture or communication channels.

Types of injection attacks

Injection attacks related to identity verification can exploit the way applications handle multimedia inputs like images, videos, and audio. Here are some specific types of injection attacks in this context:

1. Document Injection Attacks involve using stolen, falsified, or manipulated identity documents. Attackers may introduce forged passports, driver’s licenses, or other identification documents into the verification system by uploading altered documents or using software to create counterfeit versions of legitimate IDs. 
2. Selfie Injection Attacks occur when attackers submit altered or fake selfies to the identity verification system. This can involve using pre-recorded images, photoshopped pictures or synthetically generated faces (deepfakes) that match the stolen identity documents. Attackers might also employ image manipulation techniques to adjust lighting, angles, or other attributes to bypass liveness detection. 
3. Video Injection Attacks happen when attackers introduce pre-recorded or manipulated videos instead of live video feeds. These can include deepfakes or videos edited to mimic real-time interaction. By injecting these videos, attackers aim to deceive the verification system’s facial recognition and liveness detection features.
4. Voice Injection Attacks involve submitting falsified or manipulated voice recordings. Attackers might use stolen voice samples, synthetic voices generated through deep learning algorithms, or altered recordings to impersonate the legitimate user. 
5. Data Channel Manipulation occurs when attackers manipulate the data capture or communication channels to inject false information directly into the system. This includes intercepting and altering data packets during transmission or using software tools to insert fraudulent data. Such attacks can be particularly sophisticated, as they often exploit vulnerabilities in the identity verification system’s data handling and transmission protocols.

To defend against these attacks, applications should implement robust input validation, sanitize all multimedia inputs, employ secure libraries for processing multimedia files, and use comprehensive security measures. Veridas Solutions has successfully identified various types of injection attack attempts, including:

How can injection attacks be prevented

Veridas employs a comprehensive suite of security measures designed to detect and prevent injection attacks. Here are the key methods used:

• API Security: Veridas utilizes robust security mechanisms to prevent unauthorized API invocations, which could be used to inject malicious content. These include api-key usage and IP filtering, among other advanced security protocols.
• Virtual Camera Detection: The system can detect the use of fake cameras (e.g., virtual cameras). This capability ensures that images or videos injected into the system through a virtual camera, as if they were captured by a real camera, are identified and blocked.
• Man-in-the-middle Attack Detection: Veridas systems are adept at detecting instances where images have been intercepted and altered before being processed by biometric engines. This includes detecting changes due to digital manipulation, compression, formatting alterations, and cropping.
• Business Intelligence Techniques: Dozens of parameters are monitored to ensure the integrity of the identity verification process. These checks confirm that the process is executed end-to-end on the same device, preventing any evidence from being directly injected into the system.
• Deepfake Detection: Veridas employs AI algorithms trained to analyze and detect images, videos, or voices that have been artificially generated. These algorithms differentiate genuine content from deepfakes, ensuring that only authentic images, voices, and videos are processed.

Injection Attack Example

In early 2023, a globally recognized financial services company in the United States fell victim to a sophisticated injection attack targeting their identity verification process. The attackers exploited a vulnerability in the company’s data handling protocols, allowing them to inject falsified identity documents and manipulated selfies directly into the verification system.

The attack involved intercepting data transmissions and using high-quality deepfakes and edited photos to create realistic-looking fraudulent identities. Despite the company’s use of liveness detection measures, the attackers bypassed these defenses with pre-recorded videos that mimicked real-time interactions. Over 5,000 fraudulent accounts were created, leading to direct financial losses exceeding $10 million.

This breach resulted in significant financial losses and reputational damage for the company. Customer trust plummeted, and the company saw a 20% decline in new account sign-ups. The incident highlighted the need for enhanced encryption, advanced liveness detection technologies, and continuous monitoring to prevent similar attacks in the future. The company has since implemented these measures to restore trust and ensure the security of its identity verification process.

Mitigating Deepfake Threats

Deepfakes present a significant challenge due to their ability to create highly realistic but fake images or videos. Veridas employs specialized algorithms to detect deepfakes in both identity documents and selfies, complementing the anti-injection measures. These algorithms work in conjunction with other security techniques to ensure the system can accurately identify and reject deepfake attempts.

Regulatory Compliance and Certifications

Veridas solutions are not only robust in their technological capabilities but also compliant with stringent regulatory standards. In Spain, for example, the National Cryptological Center (CCN) established guidelines for evaluating video identification tools, requiring the detection of various identity theft attempts, including deepfakes. Veridas has achieved a 0% error rate in these evaluations, demonstrating the effectiveness of its security measures.

Conclusion

Injection attacks and deepfake threats pose significant risks to biometric identity verification systems. However, with advanced detection techniques and robust security measures, Veridas ensures that its solutions remain secure and reliable. By employing comprehensive strategies such as API security, virtual camera detection, and specialized deepfake detection algorithms, Veridas stands at the forefront of protecting against sophisticated identity fraud attempts.

Zero Trust architecture is a security framework that operates on the principle of “never trust, always verify.” Unlike traditional security models that rely on perimeter defenses, Zero Trust assumes that threats can originate both outside and inside the network. Therefore, it continuously validates the trustworthiness of every entity attempting to access resources, regardless of their location.

Key components of Zero Trust include strict identity verification, least-privilege access, and continuous monitoring. Every user and device must be authenticated and authorized before gaining access to any resource. Access permissions are granted based on the minimum necessary to perform a task, reducing the risk of unauthorized actions. This principle of least privilege limits the potential impact of breaches.

Additionally, Zero Trust employs continuous monitoring and real-time assessments to detect and respond to anomalies. Network segmentation further isolates resources, ensuring that even if an attacker breaches one segment, they cannot easily access others. This granular control and scrutiny help prevent lateral movement within the network.

Zero Trust architecture enhances security by minimizing assumptions of inherent trust and focusing on rigorous access controls and real-time threat detection. It is particularly effective in today’s landscape of cloud computing and remote work, where traditional network boundaries are blurred.

What is the Zero Trust model?

The Zero Trust model is a cybersecurity approach that emphasizes verifying every access request as though it originates from an open network. It operates on the principle that no user or system, whether inside or outside the network perimeter, should be trusted by default. Each access request is evaluated based on stringent authentication and authorization policies, often incorporating multi-factor authentication (MFA) and device health checks.

The model also incorporates micro-segmentation, breaking down security perimeters into small, manageable zones to limit the spread of potential breaches. Dynamic, context-aware policies adjust access permissions based on factors such as user role, device security posture, and the sensitivity of the data being accessed.

By continuously validating all requests and enforcing fine-grained access controls, the Zero Trust model mitigates the risks associated with advanced threats and insider attacks. It provides a robust framework for securing modern, decentralized IT environments, including cloud services and remote workforces.

How Zero Trust works

Zero Trust works by implementing a rigorous set of security principles and practices designed to ensure that no entity, whether inside or outside the network, is trusted by default. Here’s how it operates:

• Verification and Authentication: Every access request is authenticated using robust methods like multi-factor authentication (MFA). This ensures that users and devices are who they claim to be.
• Least Privilege Access: Access rights are granted based on the principle of least privilege, meaning users and devices are given the minimum level of access required to perform their tasks. This minimizes the potential damage from compromised accounts or devices.
• Continuous Monitoring: Zero Trust involves continuous real-time monitoring of all network activity. Behavioral analytics and machine learning are often employed to detect anomalies and potential threats.
• Micro-Segmentation: The network is divided into small, isolated segments to limit lateral movement. If a breach occurs in one segment, it does not automatically grant access to other segments.
• Context-Aware Policies: Access decisions are based on a variety of contextual factors, such as user role, location, device health, and the sensitivity of the data being accessed. Policies dynamically adjust based on these factors.
• Automation and Orchestration: Automated responses to detected threats help to quickly mitigate risks. Orchestration tools ensure that security policies are consistently applied across the entire network.

By integrating these components, Zero Trust creates a robust, adaptive security posture that protects against both external and internal threats, ensuring comprehensive protection in complex, modern IT environments.

What are the 5 principles of Zero Trust?

The Zero Trust model is built on five foundational pillars that collectively enhance an organization’s security posture. These pillars are:

1. Identity Verification: This pillar emphasizes the importance of verifying the identity of users, devices, and services before granting access to resources. It involves robust authentication methods, including multi-factor authentication (MFA), to ensure that only legitimate entities can access the network.
2. Device Security: Ensuring that devices accessing the network are secure is crucial. This pillar includes checking the security posture of devices, such as their compliance with security policies and their health status. Devices that do not meet security standards are denied access or given restricted access.
3. Network Segmentation: Also known as micro-segmentation, this pillar involves dividing the network into smaller, isolated segments. Each segment is protected individually, which limits the ability of attackers to move laterally within the network if they breach one segment.
4. Application Security: This pillar ensures that applications are secure and only accessible by authenticated and authorized users. Application-level controls, such as application whitelisting and runtime protection, help safeguard applications from unauthorized access and vulnerabilities.
5. Data Protection: Protecting sensitive data is a core component of Zero Trust. This pillar involves encrypting data both at rest and in transit, as well as implementing strict access controls. Data is classified based on its sensitivity, and access is granted on a need-to-know basis.

These pillars collectively ensure a robust, multi-layered defense strategy, minimizing the risk of breaches and enhancing overall security.

What is zero trust security?

Zero Trust security is a cybersecurity paradigm that assumes no user or device, whether inside or outside the network, is inherently trustworthy. It mandates continuous verification and strict access controls for every access request.

By employing multi-factor authentication, micro-segmentation, and real-time monitoring, it ensures that only authenticated and authorized entities can access resources.

The approach dynamically adjusts security policies based on contextual factors such as user roles and device health, effectively minimizing risks and preventing unauthorized access and lateral movement within the network. This model is especially pertinent for modern, cloud-based, and remote work environments.

What is an example of Zero Trust?

Zero Trust security, when applied to Veridas Voice Shield, ensures that every voice interaction is continuously authenticated to protect against deepfake and other audio-based frauds. This solution involves real-time verification of voice authenticity without relying on user registration or consent, thereby reducing friction.

Voice Shield leverages advanced AI algorithms to distinguish between genuine and fraudulent voices by analyzing specific voice properties. This approach aligns with Zero Trust principles by treating every voice interaction as potentially untrusted and requiring continuous verification to secure sensitive communications and prevent fraud.

Zero trust solutions

Zero Trust solutions applied to Veridas’ offerings focus on stringent identity verification and authentication measures across digital and physical domains. Veridas employs advanced biometrics, such as facial recognition and voice recognition, to authenticate users securely and seamlessly.

These solutions ensure that access to systems and data is continuously verified, aligning with Zero Trust principles by treating every access request as untrusted by default.

Veridas’ solutions includes identity verification for digital onboarding, secure access control, and real-time fraud detection, providing comprehensive protection against unauthorized access and identity fraud.

What is zero trust network access?

Zero Trust Network Access (ZTNA) is a security framework that ensures secure, authenticated access to applications and data. It operates on the principle of “never trust, always verify,” meaning every access request is rigorously authenticated, authorized, and encrypted. ZTNA continuously assesses the security posture of users and devices, granting the least privilege access necessary.

This minimizes potential attack surfaces by dynamically adapting security policies based on real-time context and user behavior, thereby enhancing protection against internal and external threats.

What is the main goal of Zero Trust?

The main goal of Zero Trust is to enhance security by eliminating implicit trust within an organization’s network. It continuously authenticates and verifies every user and device seeking access to resources, regardless of their location.

This approach ensures that only authorized entities with verified identities and appropriate security postures can access sensitive data and systems.

By applying strict access controls and real-time monitoring, Zero Trust minimizes the risk of breaches, limits potential attack surfaces, and prevents lateral movement within the network, thus providing robust protection against both internal and external threats.

In essence, it allows the prover to demonstrate knowledge of a certain fact or secret without divulging the actual content of that knowledge. This concept ensures privacy and confidentiality while still providing assurance of correctness.

In a ZKP interaction, the verifier can be convinced of the truth of a statement without obtaining any knowledge about the underlying data or computation process. This property makes ZKP invaluable in various fields, including biometric or blockchain technology, where it enables transactions to be validated without exposing sensitive information.

By adopting ZKP, parties can authenticate each other’s claims and transactions securely, enhancing trust and privacy in digital interactions.

In this article, we look at the key benefits of Zero-Knowledge Proof and how Veridas technology allows you to securely and confidentially verify user information through biometric systems.

What is zero-knowledge encryption?

Zero Knowledge Encryption (ZKE) is a sophisticated method in cryptography where data is securely encoded in a manner that allows for its verification without revealing any details about its content.

Unlike conventional encryption, where decryption keys are needed to unlock data, ZKE permits verification without any access to the actual information. This ensures the utmost confidentiality while still enabling data authentication.

ZKE finds extensive utility in scenarios where preserving data privacy is critical, like secure communication or data storage.

By leveraging ZKE, parties can exchange sensitive information with assurance, confident that their data remains shielded from prying eyes or unauthorized disclosure.

Zero-knowledge explained in examples

This is how Zero-knowledge works explained with the example of Veridas’ ZeroData ID technology:

Veridas’ ZeroData ID leverages ZKP by converting biometric data (such as a selfie) into an irreversible biometric vector. This vector, encrypted and embedded in a QR code, verifies identity without storing any sensitive data, ensuring user privacy and regulatory compliance​.

The user scans the biometric QR code using a compatible device such as a facial reader, smartphone, or computer. Upon scanning, the biometric QR code is decrypted and its contents are extracted.

Veridas captures the user’s image and transforms in real-time it into a biometric vector, which is compared with the biometric vector stored within the QR code.

The device performs a 1:1 comparison to make a match. If the biometric data matches the stored biometric vector and the contextual information is validated, the user gains access to the desired service, location, or transaction.

How does zero knowledge proof work?

Zero Knowledge Proof (ZKP) is like proving you can solve a puzzle without revealing the solution. Imagine you have a friend who claims they can unlock any combination lock. Instead of showing the combination, they ask you to set a lock and then, without seeing the combination, they unlock it. You can confirm they unlocked it, but you still don’t know the combination. In this scenario, your friend proves their skill without revealing the secret.

In the digital world, ZKP works similarly. For instance, in a password authentication system, instead of transmitting the password itself, a ZKP protocol allows a user to prove they know the password without actually sharing it. This way, the system can verify the user’s identity without exposing the password to potential eavesdroppers. ZKP ensures privacy and security while still enabling authentication, making it a powerful tool in cybersecurity and cryptography.

Types of Zero Knowledge Proof

Zero-Knowledge Proofs (ZKPs) come in various types, each with its own way of demonstrating knowledge without revealing information.

• Interactive Zero-Knowledge Proofs: In a scenario like a shell game, where a friend hides a ball under one of three cups, and by choosing cups repeatedly and having your friend reveal them empty, you convince yourself of the location of the ball without your friend ever showing it. This interactive process demonstrates zero-knowledge.
• Non-Interactive Zero-Knowledge Proofs: Imagine a sealed box containing a solved puzzle, and you claim you solved it without opening the box. Presenting the sealed box, a third party verifies your claim without seeing the puzzle’s solution. This demonstrates zero-knowledge without interaction.

In digital identity verification, these types of zero-knowledge proofs enable users to authenticate themselves without revealing sensitive information, ensuring secure transactions and privacy.

Benefits of Zero-Knowledge Proofs

By allowing verification without full disclosure, ZKPs offer enhanced privacy, improved security, and increased trust in digital transactions. This innovative approach has gained significant attention across various industries, including cybersecurity, blockchain technology, and data privacy, due to its potential to revolutionize how sensitive information is handled and authenticated in digital environments.

• Enhanced Privacy: ZKPs enable individuals to prove knowledge or possession of information without revealing the actual data, thus preserving privacy.
• Improved Security: By allowing authentication and verification without transmitting sensitive data, ZKPs reduce the risk of data breaches and unauthorized access.
• Increased Trust: ZKPs provide verifiable proof of identity or credentials without full disclosure, fostering trust in online transactions and communications.
• Regulatory Compliance: ZKPs help organizations comply with privacy regulations by minimizing the exposure of personal data, aligning with data protection requirements.
• Efficient Authentication: ZKPs streamline authentication processes by providing a secure and efficient method to prove identity or ownership without extensive data sharing.
• Versatility: ZKPs can be applied across various use cases, including blockchain, authentication systems, and secure communication channels, offering versatility in enhancing security and privacy.

Zero-Knowledge Proof Use Cases

Zero-Knowledge Proofs enable individuals to prove specific attributes or qualifications while maintaining the privacy of sensitive information, enhancing security and trust in digital identity verification processes.

• Biometric Authentication: Zero-Knowledge Proofs can be used to verify biometric data such as facial or voice recognition without exposing the raw biometric information. For example, a user can prove they possess a valid face for authentication purposes without revealing the face itself.
• Password Authentication: Instead of transmitting passwords over a network, users can prove their knowledge of the password using a Zero-Knowledge Proof. For instance, a user can demonstrate they know their password without revealing the password itself when logging into an online account.
• Age Verification: In scenarios where age verification is required, individuals can prove they are above a certain age without disclosing their exact birthdate. For instance, a person can demonstrate they are over 18 years old to access age-restricted content without revealing their birthdate.
• KYC Compliance: Zero-Knowledge Proofs can facilitate Know Your Customer (KYC) compliance in financial services without sharing sensitive personal information. For example, individuals can prove they meet KYC requirements, such as residency or citizenship, without revealing their full address or national identity number.
• Credential Verification: Zero-Knowledge Proofs can be used to verify credentials such as educational degrees or professional certifications without disclosing the specific details of the qualifications. For instance, a job applicant can prove they hold a relevant degree without revealing the exact institution or graduation year.

Zero Knowledge proof vs Zero Trust

Zero Knowledge Proof (ZKP) and Zero Trust are two distinct concepts in the realm of cybersecurity, albeit with some similarities.

ZKP is a cryptographic protocol that allows one party to prove the validity of a statement to another party without revealing any additional information beyond the truthfulness of the statement. It ensures privacy and confidentiality while providing assurance of correctness, commonly used in authentication processes where one party needs to verify identity without sharing sensitive data.

On the other hand, Zero Trust is a security framework that assumes no entity, whether inside or outside an organization’s network, should be trusted by default. Instead of relying on a perimeter-based security model, Zero Trust requires continuous verification of every entity’s identity and device, regardless of their location or network access. It enforces strict access controls and least privilege principles, treating every access attempt as potentially malicious until proven otherwise.

While ZKP focuses on proving statements without revealing information, Zero Trust focuses on continuously verifying and validating identities and access attempts. Both concepts aim to enhance security and privacy in digital environments, albeit through different approaches and mechanisms.

How to implement zero knowledge proof?

Implementing Zero-Knowledge Proofs (ZKPs) involves several key steps to ensure the secure and efficient verification of information without revealing sensitive data. First, define the statement to be proved and choose an appropriate cryptographic protocol for the ZKP. This could involve selecting an interactive or non-interactive ZKP depending on the application.

Next, determine the underlying mathematical problem or cryptographic primitive that will serve as the basis for the proof. Common primitives include discrete logarithms, elliptic curve pairings, or hash functions. Then, design the ZKP protocol to demonstrate knowledge of a solution to the chosen problem without revealing the solution itself.

Develop algorithms and procedures for the prover and verifier to interact securely. This includes generating cryptographic commitments, constructing proofs, and verifying their validity. Implement these algorithms using secure programming practices and cryptographic libraries.

Test the implementation thoroughly to ensure correctness, security, and efficiency. This may involve simulated interactions between the prover and verifier, as well as rigorous analysis of computational complexity and security properties.

Finally, deploy the ZKP implementation in the desired application environment, ensuring that it integrates seamlessly with existing systems and processes. Monitor its performance and security over time, and update as necessary to address any vulnerabilities or performance issues. With careful planning and implementation, Zero-Knowledge Proofs can be effectively deployed to enhance privacy and security in various digital applications.

The Scope of Identity Fraud

Identity fraud is growing in the United States, affecting 42 million Americans in 2021 alone. The discussion highlighted the sophistication of modern identity fraud techniques, particularly focusing on the rise of deepfakes. These AI-generated fake identities pose a severe threat as malicious actors use them to erode public trust. The speakers emphasized the urgent need for advanced detection and authentication technologies to counter these threats effectively.

The Role of Biometrics

Mikel Sánchez shared valuable insights from the company’s extensive experience in identity verification. Since 2017, Veridas has conducted over 100 million identity verification processes. Sánchez pointed out that with the rise of generative AI, the cases of fraud and impersonation have become more sophisticated. However, he firmly stated, “machine does not fool machine.” He underscored the reliance on biometrics as the most secure method of identity verification, highlighting the daily challenge of emerging new attacks and the constant evolution needed to stay ahead.

Identity Fraud in the Digital Environment

Identity fraud is not limited to any single country. In Spain, a gang using false identity documents swindled 1,600 people. The UK saw more than 277,000 identity fraud cases in 2022. Across Europe, 8% of Europeans claim to have suffered identity theft. Mexico also faces challenges with digital identity theft, which is growing by 52%.

Fraud Attempts: Types and Elaboration

During the session, Mikel Sánchez explained various types of fraud attempts, providing detailed insights into how fraudsters operate. He covered methods such as using photocopies, where attackers capture a photograph of a genuine ID document, modify personal data using photo editing software, and print the altered document on different media. Another method is photos to screen, which involves attackers using edited photos displayed on screens (computer, smartphone, etc.) and capturing an image of the fake document shown on the screen. Photo impersonation involves fraudsters printing a photo of their face, cutting it out, and placing it over the victim’s photo on the document to match biometric data during verification processes. Manipulation of printed information includes altering personal data on documents by overlapping or replacing certain elements, such as MRZ codes or other critical data fields.

Other sophisticated fraud attempts include creating high-quality fake documents using polycarbonate materials, often generating multiple identities with the same face but different names. Facial impersonation involves attackers using fake facial images and techniques like displaying a fake selfie photo on a screen or using a high-quality mask. Deepfakes and injection attacks involve creating synthetic identities using deepfake technology and injecting these images into the verification system, making them appear real during onboarding. Additionally, synthetic voices generated through voice-generative AI are used to mimic real individuals, deceiving voice-based authentication systems. These varied methods highlight the need for robust and sophisticated detection technologies to combat identity fraud effectively.

Finding a Best-In-Class Algorithm

Despite the challenges, there is good news. In 2022, less than 1.5% of all successful digital attacks were due to compromised biometrics. To ensure the effectiveness of biometric algorithms, institutions like the National Institute of Standards and Technology (NIST) conduct regular tests involving millions of deepfake attack attempts. These benchmarks help financial institutions identify top-performing algorithms and build a robust, secure, modern tech stack. Veridas is proud to be among the world elite in this sector, with NIST ranking its algorithm second among nearly 150 submitted facial biometrics engines.

This session underscored the critical importance of continuous innovation and collaboration in the fight against identity fraud. By leveraging advanced technologies and focusing on user experience, the industry can make significant strides in protecting identities and fostering trust in the digital age.

Questo aggiornamento mira a rinnovare e migliorare il regolamento eIDAS originale per adattarlo ai progressi tecnologici e alle nuove esigenze del mercato digitale dell’UE.

A differenza dei portafogli tradizionali, che contengono carte fisiche e contanti, i portafogli digitali operano nello spazio virtuale. Spesso utilizzano metodi di autenticazione biometrica, come il riconoscimento facciale, per verificare l’identità dell’utente, garantendo la massima sicurezza.

Questi portafogli consentono agli utenti di effettuare transazioni online e di persona in modo fluido, eliminando la necessità di carte fisiche o contanti.

Integrando la tecnologia biometrica, i portafogli digitali migliorano la sicurezza aggiungendo un ulteriore livello di protezione contro l’accesso non autorizzato.

Ciò non solo semplifica il processo di autenticazione, ma riduce anche il rischio di frodi o furto di identità. I portafogli digitali stanno rivoluzionando il modo in cui gestiamo le finanze, offrendo convenienza, velocità e tranquillità agli utenti di tutto il mondo.

Benefici di un Portafoglio Digitale

Un portafoglio digitale per l’identità offre un approccio rivoluzionario all’identificazione personale, memorizzando in modo sicuro le informazioni biometriche e identificative degli individui in formato digitale sui loro smartphone o altri dispositivi.

In primo luogo, migliora la sicurezza sostituendo le tradizionali carte d’identità fisiche, soggette a smarrimento o furto, con equivalenti digitali crittografati, proteggendo i dati personali.

In secondo luogo, semplifica i processi di autenticazione, consentendo un accesso rapido e conveniente a vari servizi, dalla banca all’assistenza sanitaria, con un semplice scansione biometrica.

Inoltre, promuove l’inclusione fornendo un mezzo affidabile di identificazione per individui senza accesso a documenti tradizionali, emancipando popolazioni marginalizzate.

Inoltre, riduce gli oneri amministrativi e i costi per le imprese e i governi facilitando la verifica dell’identità in modo fluido.

In definitiva, un portafoglio digitale per l’identità non solo migliora la sicurezza e la comodità, ma favorisce anche l’efficienza e l’accessibilità nel nostro mondo sempre più digitale.

Cos’è un’identità del portafoglio digitale?

Un’identità digitale del portafoglio è una rappresentazione digitale sicura dell’identità di un individuo memorizzata su un dispositivo come uno smartphone o un computer.

Queste identità utilizzano dati biometrici come scansioni facciali, insieme a credenziali tradizionali come password o PIN, per autenticare gli utenti. Pensateci come una versione virtuale della vostra patente di guida o del passaporto fisico, ma molto più versatile e sicura.

Con un’identità digitale del portafoglio, gli utenti possono accedere comodamente a vari servizi e effettuare transazioni online o di persona senza bisogno di documenti fisici.

Questa tecnologia semplifica processi come il commercio elettronico, la bancaria e i viaggi, migliorando sia la comodità che la sicurezza.

Inoltre, incorporando l’autenticazione biometrica, le identità digitali del portafoglio riducono significativamente il rischio di furto d’identità e frodi rispetto ai metodi tradizionali.

In sostanza, rappresentano il futuro dell’identificazione, offrendo una soluzione senza soluzione di continuità e robusta per gli stili di vita digitali moderni.

Dove conservi la tua identità digitale?

Dove conservi la tua identità digitale è di fondamentale importanza per salvaguardare la tua presenza online. La tua identità digitale comprende dati biometrici unici, come tratti facciali e informazioni personali, che devono essere conservati in database o sistemi altamente sicuri.

Questi repository impiegano avanzate tecniche di crittografia per prevenire l’accesso non autorizzato e le minacce informatiche.

Un metodo diffuso è quello di conservare i dati biometrici come vettori o modelli anziché dati grezzi. Questi formati sono rappresentazioni matematiche derivate dalle caratteristiche biometriche e crittografate per rendere virtualmente impossibile il recupero delle informazioni originali.

Inoltre, possono essere impiegati ulteriori livelli di sicurezza, come i fattori di autenticazione doppi come la combinazione della biometria con una password o un codice PIN.

Soluzioni innovative utilizzano anche metodi di conservazione decentralizzati, che distribuiscono la tua identità digitale su una rete di nodi, migliorando la sicurezza e riducendo il rischio di un singolo punto di fallimento.

I portafogli digitali per l’identità offrono una sicura conservazione digitale per gestire la tua identità digitale. Integrando con i portafogli digitali per l’identità, gli utenti possono accedere e gestire in modo sicuro la propria identità digitale mantenendo la privacy e la sicurezza.

Abbracciando queste sofisticate tecniche di conservazione, la tua identità digitale rimane sicura, preservando la tua privacy e sicurezza in un mondo sempre più digitale.

Perché hai bisogno di un’identità digitale?

Un’identità digitale è come un passaporto virtuale per il mondo digitale, ed è cruciale nel panorama tecnologico odierno.

Un’identità digitale offre una sicurezza e una comodità senza pari. Sfruttando dati biometrici come impronte digitali o riconoscimento facciale, garantisce che tu sia chi dici di essere, ostacolando il furto di identità e le frodi.

Inoltre, semplifica le tue interazioni online, rendendo le transazioni, l’accesso ai servizi e persino il voto più efficienti e sicuri. Le identità digitali danno anche potere alle persone, consentendo loro di avere maggiore controllo sulle proprie informazioni personali, permettendo la condivisione selettiva dei dati e migliorando la privacy.

In sostanza, un’identità digitale è la tua impronta digitale, essenziale per navigare nel mondo moderno in modo sicuro e senza intoppi. Che si tratti di operazioni bancarie, assistenza sanitaria o semplicemente l’accesso alla tua piattaforma di social media preferita, avere un’identità digitale è un must nell’era digitale di oggi.

Cos’è il portafoglio EUDI?

Il portafoglio EUDI (Identità Digitale UE) è un’applicazione all’avanguardia nel campo della tecnologia biometrica, che sta rivoluzionando il modo in cui le persone interagiscono con i servizi digitali.

Il portafoglio EUDI memorizza e gestisce in modo sicuro le identità digitali degli utenti, sfruttando l’autenticazione biometrica per una maggiore sicurezza.

Questo innovativo portafoglio consente agli utenti di accedere a una vasta gamma di servizi online in modo fluido, dai servizi bancari e sanitari ai portali governativi, tutto con una semplice scansione dell’impronta digitale o il riconoscimento facciale.

Ciò che distingue il portafoglio EUDI è la sua conformità agli standard UE per l’identità digitale, garantendo una robusta protezione delle informazioni personali degli utenti e promuovendo l’interoperabilità tra varie piattaforme e servizi.

Centralizzando le identità digitali all’interno di un’applicazione sicura e facile da usare, il portafoglio EUDI semplifica le interazioni online e rafforza la fiducia nelle transazioni digitali.

Rappresenta un passo significativo verso un futuro digitale più sicuro, conveniente e inclusivo per tutti i cittadini dell’UE.

È sicuro utilizzare l’identità digitale?

Gli ID digitali sono effettivamente sicuri da utilizzare quando implementati correttamente. L’autenticazione biometrica, come il riconoscimento facciale, aggiunge un ulteriore livello di sicurezza, rendendo difficile per individui non autorizzati accedere alla tua identità digitale.

Tuttavia, come per qualsiasi tecnologia, la sicurezza degli ID digitali dipende da vari fattori, tra cui metodi di crittografia, pratiche di archiviazione dati e protezioni della privacy degli utenti.

Quando progettati con robuste misure di sicurezza e rispetto delle normative sulla privacy, gli ID digitali offrono significativi vantaggi in termini di comodità e protezione contro il furto di identità e frodi.

Tuttavia, è essenziale scegliere fornitori affidabili come Veridas e rimanere vigili contro potenziali minacce come attacchi di phishing o violazioni dei dati.

Nel complesso, con le giuste protezioni in atto, gli ID digitali sono un modo sicuro ed efficiente per navigare nel mondo digitale, offrendo tranquillità e una maggiore protezione per le informazioni personali degli utenti.

È un portafoglio digitale più sicuro di una carta?

I portafogli digitali offrono una sicurezza potenziata rispetto alle carte tradizionali grazie alle loro caratteristiche di autenticazione biometrica.

La tecnologia biometrica garantisce che solo gli utenti autorizzati possano accedere al portafoglio. Ciò riduce significativamente il rischio di transazioni non autorizzate o furto di identità, poiché le carte fisiche possono essere smarrite, rubate o copiate.

Inoltre, i portafogli digitali spesso utilizzano la tokenizzazione, che sostituisce le informazioni sensibili della carta con un token digitale unico, aumentando ulteriormente la protezione dei dati finanziari da potenziali violazioni.

Inoltre, i portafogli digitali offrono opzioni di autenticazione multi-fattore, aggiungendo ulteriori livelli di protezione.

Al contrario, le carte fisiche si affidano principalmente a codici PIN o firme, che sono suscettibili a furto o osservazione. Pertanto, l’integrazione dell’autenticazione biometrica rende i portafogli digitali un’opzione più sicura e protetta per condurre transazioni, offrendo agli utenti la tranquillità riguardo alla sicurezza delle proprie informazioni finanziarie.

Qual è la differenza tra il pagamento mobile e il portafoglio digitale?

Il pagamento mobile e i portafogli digitali sono due concetti interconnessi ma distinti nel campo della tecnologia biometrica.

Il pagamento mobile si riferisce al processo di utilizzo di un dispositivo mobile, come uno smartphone o un smartwatch, per effettuare transazioni.

Questa tecnologia sfrutta la comunicazione in prossimità (NFC) o codici QR (Quick Response) per facilitare transazioni sicure presso i punti vendita.

D’altro canto, un portafoglio digitale è un’applicazione software che conserva in modo sicuro informazioni di pagamento e credenziali per vari metodi di pagamento, inclusi carte di credito/debito, carte fedeltà e persino criptovalute.

Mentre i pagamenti mobili avvengono attraverso il dispositivo mobile, i portafogli digitali fungono da deposito dei dati di pagamento, consentendo agli utenti di gestire e accedere comodamente alle proprie informazioni finanziarie.

L’autenticazione biometrica, come il riconoscimento facciale, può migliorare la sicurezza sia nei pagamenti mobili che nei portafogli digitali, garantendo transazioni sicure e senza soluzione di continuità.

Oggi le organizzazioni affrontano una sfida critica nella gestione delle identità, derivante dall’ampio ecosistema di servizi digitali e dalla proliferazione dei metodi di autenticazione che gli utenti devono navigare per accedervi. In questo contesto, Veridas sta rivoluzionando la gestione delle identità offrendo una soluzione di portafoglio incentrata sulle vere identità delle persone, aderendo rigorosamente ai principi non negoziabili di accessibilità universale e applicazione sia in ambienti digitali che fisici.

Cos’è un Portafoglio d’Identità?

Un portafoglio di identità digitale è un repository portatile di credenziali che funziona in qualsiasi ambiente digitale e fisico. Può essere riutilizzato su vari servizi rimanendo sovrano, restituendo il controllo dei dati all’utente. Nel mondo fisico, un portafoglio serve come simbolo di accreditamento. Contiene diverse credenziali che ci permettono di accedere a vari servizi come carte di credito, biglietti per i trasporti, tessere di club sportivi o accreditamenti di lavoro, tutti collegati alla nostra vera identità, dimostrata con documenti ufficiali o credenziali di identità nel mondo fisico.

Veridas Nexus offre una soluzione parallela basata sulla verifica online dell’identità di una persona. Durante questo processo, l’autenticità del documento o della credenziale di identità viene confermata e collegata all’utente attraverso un selfie.

Questa verifica, necessaria solo una volta, segna l’inizio di un’esperienza veramente trasformativa. Con la loro vera identità confermata, gli utenti possono accumulare credenziali digitali nel loro portafoglio, permettendo un accesso rapido e confortevole a vari servizi. Ad esempio, per accedere a siti web aziendali o governativi non sarebbe necessario un nome utente e una password; invece, l’accesso potrebbe essere garantito direttamente attraverso un selfie. Allo stesso modo, negli spazi fisici, l’ingresso a strutture o servizi come i trasporti pubblici potrebbe essere garantito tramite riconoscimento facciale, eliminando la necessità di portare credenziali fisiche.

Primo Portafoglio Operativo in Spagna

Veridas Nexus sarà il primo portafoglio di identità digitale operativo in Spagna, guidando due progetti nel settore dell’Amministrazione Pubblica. Entrambi mirano a semplificare il modo in cui i cittadini interagiscono con l’amministrazione, contribuendo a una trasformazione digitale sicura ed efficace.

In entrambe le iniziative, Nexus consentirà l’accesso a vari servizi digitali dell’amministrazione per tutti i cittadini. L’accessibilità è sempre stata una premessa non negoziabile per Veridas nella progettazione del portafoglio, che aiuterà a ridurre il divario digitale in modi precedentemente non raggiunti. Il design dell’interfaccia è stato sviluppato in collaborazione con diversi gruppi sociodemografici per soddisfare tutti i tipi di esigenze, rendendo la tecnologia più avanzata il più accessibile possibile a ogni cittadino. Inoltre, considera la delega autorizzata delle credenziali, permettendo a persone legalmente autorizzate di svolgere procedure per conto di altri in casi di malattia, vecchiaia o disabilità.

Veridas Nexus si conforma scrupolosamente anche al quadro normativo europeo per la protezione dei dati (GDPR) e al recente accordo sul Regolamento sull’Intelligenza Artificiale (AIR), basandosi sul consenso esplicito degli utenti per condividere i loro dati in casi specifici e garantendo loro il pieno controllo sugli stessi. Inoltre, rientra nel regolamento eIDAS 2, che dovrebbe entrare in vigore nel corso di quest’anno secondo la roadmap stabilita dagli Stati Membri.

Con il lancio di Veridas Nexus, stiamo assistendo all’alba di una nuova era nella gestione dell’identità, caratterizzata da sicurezza, convenienza e interoperabilità. Veridas Nexus non è solo un prodotto; è il futuro di come interagiamo con il mondo che ci circonda.

Quali sono i vantaggi dell’utilizzo di Veridas Nexus?

Questo portafoglio di identità non solo semplifica il processo di accreditamento, ma introduce anche un livello di sicurezza e convenienza senza precedenti. Con ‘Veridas Nexus’, le organizzazioni possono migliorare la qualità delle loro relazioni con gli utenti, riducendo i costi e migliorando i processi attuali.

I vantaggi dell’adozione di Veridas Nexus includono:

1. Miglioramento delle relazioni utente-ente: Veridas Nexus avvicina le organizzazioni ai loro utenti, offrendo un modo sicuro e conveniente per portare la loro identità e ottimizzando l’accesso a vari servizi e prodotti.
2. Nuove opportunità di business: Facilitando l’interazione con gli utenti e raggiungendo un pubblico più ampio e integrato, Veridas Nexus apre nuove possibilità di business, dalla creazione di comunità digitali alla capitalizzazione di nuovi asset.
3. Sovranità sui dati personali: Veridas Nexus consente agli utenti di controllare come e quando i loro dati vengono accessi, garantendo privacy e sicurezza.
4. Accessibilità universale: Progettato per chiunque, indipendentemente dalle conoscenze tecnologiche, Veridas Nexus garantisce che la gestione dell’identità sia semplice e accessibile per tutti.

“A Veridas, crediamo che la gestione dell’identità debba essere sicura, semplice e accessibile per tutti. Veridas Nexus rappresenta una svolta tecnologica e un passo verso un futuro in cui le interazioni tra il mondo fisico e digitale sono fluide e prive di attriti,” afferma Eduardo Azanza, CEO di Veridas. “Questo portafoglio segna l’inizio di un’era in cui un’unica identità verificata apre infinite possibilità, dando agli utenti il controllo totale dei propri dati e consentendo alle organizzazioni di creare nuovi business basati sulla fiducia. Veridas Nexus è la nostra visione di un futuro in cui la sicurezza, l’efficienza e la sovranità sull’identità trasformano le nostre interazioni, stabilendo nuovi standard accessibili per tutti.”

This award recognizes Leire’s outstanding contributions to the biometrics industry, where her work in merging legal integrity with technological innovation has set new privacy and data protection standards.

Leire is celebrated alongside notable awardees Melissa Conley from TSA, Heather Haller from FBI, and Caitlin Kneapler from DHS, all of whom have significantly enhanced global security. The awards ceremony will take place at the SIA GovSummit on May 21 in Washington, D.C., an event that brings together top government and private sector professionals to discuss critical security issues.

SIA serves as the leading trade association for global security solution providers. With over 1,400 member companies, SIA plays a critical role in promoting industry growth through advocacy, the development of open standards, and hosting high-level conferences such as ISC expos and the Securing New Ground conference.

Below is a short interview with Leire:

1. What inspired you to pursue a career in legal and compliance within the biometric technology field?

   “The thrill of entering a sector where the laws are still being shaped truly drew me in. I was captivated by the challenge and opportunity to innovate in legislation, especially at the intersection of technology and law. In biometric technology, where advancements happen rapidly, regulations are critical to understand and adapt to these technologies. This field requires not just knowing the limits but creatively defining the “how to” and “how not to”—guiding how technologies can be integrated responsibly into our lives while ensuring that tech development and regulation advance hand in hand.”

2. Can you describe the journey to founding the Legal and Compliance department at Veridas?

   “When I joined Veridas in 2017, it was immediately evident that to innovate responsibly with biometric technologies; we required a strong legal framework that was deeply integrated with every facet of our operations. Establishing the Legal and Compliance department became a foundational and unifying step for the company. From the outset, every department at Veridas understood and embraced the importance of embedding compliance, privacy, and legal considerations into the development of our technologies. This collective commitment has been crucial in building trust and ensuring that our products always uphold the highest privacy and security standards.”

3. What challenges have you faced in your role, and how have you overcome them?

   “One of the overarching challenges—and indeed a challenge for any jurist in this field—is mastering the technology we need to regulate. It’s essential to step beyond traditional legal boundaries and deeply understand the technologies at their core. You cannot effectively regulate what you do not fully comprehend. My approach has been continuously learning about our technologies, maintaining proactive relationships with international regulators, and dynamically adapting policies.”

4. How do you ensure Veridas complies with international laws on data protection (GDPR, CCPA AIA,…) and artificial intelligence?

   “Compliance for us is not just about meeting legal requirements; it’s about exceeding them to assure our users and customers. We implement rigorous data protection measures and regularly review our compliance frameworks in light of new legislation. Education and training within our team are also crucial.”

5. As a woman in technology, what has been your experience in this male-dominated industry?

   “It has been both challenging and rewarding. Diversity in tech is crucial for creating balanced and innovative solutions. I focus on mentoring young women in the field, advocating for diversity and inclusion, enriching our industry and promoting better decision-making processes. At Veridas, I feel fortunate; the team of men and women alike have always supported me. This sense of equality within our company has been instrumental in allowing me to contribute my best work and help lead the way forward.”

6. What role do you believe biometric technology will play in the future of identity verification?

   “Biometric technology is not only transforming identity verification by making it more secure and accessible but is also playing a pivotal role in enhancing inclusivity across various sectors. We are already seeing significant impacts where technology ensures that everyone, including those who have traditionally faced marginalization, such as people with disabilities, can assert their identity conveniently and securely. For example, in Mexico, pensioners can now give proof of life from home using voice biometrics. In Spain, residents of the San José Residence in Navarra for people with disabilities experience greater autonomy and comfort by being able to open their own bedroom door using facial biometrics. These examples underline biometrics’ potential to close the disability gap, promising a future where technology empowers all individuals without compromising their privacy.”

7. What does winning the Women in Biometrics Award mean to you and your future goals?

   “Winning this award is an incredible honor that validates our efforts in ethical technology implementation. It reinforces my commitment to continue advocating for responsible biometric solutions that respect user privacy and contribute positively to society. Looking forward, I aim to influence further global standards and legislation around biometrics and digital identity.”

8. How do you balance the need for innovation with the imperative of privacy in the development of new biometric technologies?

   “Innovation and privacy are not adversaries; when approached wisely, they complement and enhance each other. At Veridas, we commit to designing biometric solutions that embed privacy from the start, adhering to the principles of privacy-by-design and privacy-by-default. This approach means integrating strong data protection features from the product’s initial design phase and throughout its lifecycle. Moreover, understanding the technology thoroughly dispels misconceptions and enables us to leverage its benefits effectively. I believe it is our duty as leaders in the industry to demystify how biometric technologies work, ensuring that both the public and regulators can make informed decisions about their use.”

9. What key trends do you anticipate in biometric technology regulations over the next few years?

   “As biometric technologies continue integrating into our daily lives, I foresee a significant shift towards more comprehensive and ethically-focused regulations. We are moving beyond basic data protection to address how these technologies can be used responsibly. The future of biometric regulation will likely include stricter enforcement on ethical practices, ensuring technologies are secure, private, inclusively designed, and environmentally responsible. This shift is about embracing a holistic view of what it means to use technology ethically, considering the wider impacts on society.”

10. Can you share an example of a project at Veridas that you found particularly challenging or rewarding?

    “One of the most rewarding projects has been aligning our practices with the Artificial Intelligence Act (AIA). This regulatory framework is crafted at a pivotal time when we (developers, regulators, and citizens) have a robust understanding of biometric technologies, which allows us to discuss risks and applications from a well-informed and ethical standpoint. The AIA explicitly recognizes our right to use biometrics voluntarily for identity verification while setting clear boundaries against its use for indiscriminate surveillance. Working on this has reflected our commitment to ethical practices and positioned Veridas at the forefront of compliance and innovation in biometric technologies.”

11. How do you foster a culture of compliance and ethical practice within Veridas?

    “At Veridas, fostering a culture of compliance isn’t just a policy; it’s a core part of our identity that permeates every level of the organization, from the newest developer to the CEO. We approach compliance as an integral aspect of our product design and business model. We don’t just sell technology; we sell technology crafted from the deepest commitment to compliance. This means starting from ‘how yes’—always looking for ways to enable and empower through our solutions while adhering to ethical and compliance standards.”

12. Looking ahead, how do you plan to influence the broader conversation about biometrics and privacy?

    “I plan to continue engaging in dialogue at international forums and with regulatory bodies to advocate for fair and responsible biometric practices. Sharing our experiences and challenges at Veridas helps shape a more informed discussion about the future of biometrics. Additionally, contributing to industry publications and participating in standard-setting organizations will influence how biometric technologies are perceived and regulated globally.”

13. How do the GDPR and the AIA work together to enhance European privacy and identity protection?

    “The GDPR and the AIA form a formidable partnership in establishing benchmarks for privacy and responsible technology use across Europe. The GDPR serves as the foundation for data protection, mandating transparency, consent, and the protection of individual rights. Meanwhile, the AIA extends beyond mere ethical considerations to provide a comprehensive framework that evaluates the risks associated with implementing various types of artificial intelligence, including biometric systems. This approach ensures holistic protection of fundamental rights and ethics in the digital age. Together, they ensure AI-driven technologies respect privacy and foster trust, vital for maintaining user confidence. This regulatory synergy is crucial for the sustainable growth of European tech and serves as a model that could influence similar frameworks internationally. As we’ve seen with GDPR’s impact on privacy laws in Latin America, the principles set by the GDPR and AIA could inspire analogous regulatory developments in the U.S., guiding the ethical implementation of AI across diverse legal landscapes.”

14. How do you see the GDPR and AIA collaboration influencing Veridas’s strategy and product development?

    “At Veridas, we’re not just complying with regulations; we’re utilizing them to define clear boundaries—’ this yes and this no’—which help us create trusted solutions that enable individuals to prove who they are simply by being who they are. Our adherence to these strict standards of compliance under both GDPR and the newly integrated AIA provides us with a distinct competitive edge, as it assures our clients of our commitment to responsible and innovative technology. This dual compliance is more than a legal requirement; it’s a cornerstone of our value proposition in the European and global markets.”