The Critical Need for Identity Verification in Messaging and Video Calls

Identity verification shouldn’t be overlooked on communication platforms: The revelation this week that US national security officials mistakenly included a journalist in discussions of highly classified plans to launch air strikes against the Houthis almost beggars belief.

When Unauthorized Participants Slip Through the Cracks

The chats were held spanning two days between eighteen users over the encrypted messaging service Signal. Somehow the mobile number of the editor of Atlantic magazine was inadvertently added to the group and he then participated in the chats which discussed information about weapons, targets and timings of strikes against the Houthis.

The editor himself doubted the group was authentic given the nature of who the participants were, what they were discussing and the fact he was privy to it, i.e. imminent war plans being shared with a magazine editor.

This is an example, albeit extreme, of the dangers of using messaging apps and conferencing tools for commercial or government use without adequate identity verification of participants. Whilst Signal provides end-to-end encryption of audio, video and text, adding a participant, whether deliberately or inadvertently, requires just a mobile phone number.

Deepfake Scams Hitting Communication Platforms

And in a variation of this theme in Singapore this month, the Singapore Police Force, Monetary Authority or Singapore and Cyber Security Authority of Singapore issued a warning to members of the public to scams involving AI deepfakes being used on WhatsApp and Zoom to defraud corporates.

The scams involve the scammers sending unsolicited WhatsApp messages containing deepfakes of high-ranking company executives to employees and inviting them to Zoom meetings. The deepfakes would then be used on the Zoom calls to impersonate the executives, i.e. video and audio, and persuade the employees to transfer corporate funds to external accounts under the control of the fraudsters.

We have, therefore, two examples of the vulnerabilities of messaging and conferencing platforms. One where the identity verification is non-existent and the other where AI can fool human audio and visual identification.

The Role of Identity Verification in Securing Messaging and Video Calls

ValidSoft solves both of these problems either jointly or standalone. Our world-leading voice biometric authentication solution VoiceID™ can be integrated into messaging and conferencing platforms to ensure only authorized personnel are present and participating. And it can do this continuously. The threat of deepfakes is also negated through the integrated deepfake detection module that can detect deepfake audio regardless of the Generative AI tool that produced it.

Where voice biometrics may not be part of an organization’s fraud defenses but deepfake detection is still required, as in the case of Singapore, the same deepfake detection module can be deployed as a standalone solution, Voice Verity^®, which provides the identical protection against deepfake audio but without the requirement of any enrolment or consent as it is not a biometric solution.

Real identity verification can only be provided by biometric authentication, not proxies such as passwords, OTPs, or certificates. And when it comes to detecting AI, only AI can discern what humans can’t. So, whether it’s providing the ultimate in identity verification on your messaging and conferencing platforms, or simply enhancing what you have against the threat of deepfakes on these platforms, ValidSoft has the solution.