Extra Layer of Login Security using Face Recognition AI in Payments Portals

According to a global survey conducted by FIS, a financial services technology firm, Indians are among the most frequent victims of online banking frauds. In fact, around 18% of Indians surveyed reported a fraud in the preceding year. This was a higher percentage than any other country’s respondents. In comparison, only 8% of people from Germany reported a fraud followed by 6% in the UK.

Have you ever wondered, if anyone knows your Net-banking credentials or payment app pin can transact from any amount from your account. More over you will never know who actually did this?

India being the country with one of the highest digital frauds need a simple yet effective solution for it’s prevention.

Idea

We are all familiar with Face Recognition (FR) . How our phone automatically unlocks instantaneously using FR. But why do we not see FR used in any Banking platform, Payment Gateway or in payments app?

In project Zombie-dropIn, we have tried to integrate Java Spring security with Face Recognition AI model.

Obviously, we have made this feature as optional. User can enroll if he wants an extra security.

What we did?

If user enrolls for this FR security, we ask for his image. His image is converted into feature vectors and stored in our database. We do not store user’s image.

User , if opted, provide his image every time he/she logs in.

Sample Sign-In Page

While Logging in, his provided image is processed and 120 features vectors are calculated. These feature vectors are compared with initially provided image to check Authenticity of user

If User is not authenticated, a mail with intruder’s photo is triggered to user.

Email with intruder Image

Architecture

Basic Architecture of Face Recognition with existing System

Client sends login Request to Authentication Server. Here we are using spring security with basic authentication. Credentials of user is verified. Authentication server further sends Image to Face Recognition service, to verify with original user’s image.

Face Recognition Service is running a simple ResNet model, trained to extract image feature vectors. Images feature vectors are compared using mean square distance which should be under a threshold, to check the similarity of images.

Any failure in image recognition or credentials lead to user login failure. Any Login failure attempt due to Face recognition triggers a mail to user whose mail-Id is used to login.

Conclusion

Simple approach of Face recognition during login helps in reduction of digital fraud. However extra overhead is added as to verify the image before login (A little delay in Login API is seen).

Even due to it’s simplicity, only few payment services have employed this technique.