Resources for Computer Vision Teams:

LinkedIn – Connect with Heather.
Computer Vision Insights Newsletter – A biweekly newsletter to help bring the latest machine learning and computer vision research to applications in people and planetary health.
Computer Vision Strategy Session – Not sure how to advance your computer vision project? Get unstuck with a clear set of next steps. Schedule a 1 hour strategy session now to advance your project.
Foundation Model Assessment – Foundation models are popping up everywhere – do you need one for your proprietary image dataset? Get a clear perspective on whether you can benefit from a domain-specific foundation model.

Transcript:

[INTRODUCTION]

[00:00:03] HC: Welcome to Impact AI, brought to you by Pixel Scientia Labs. I’m your host, Heather Couture. On this podcast, I interview innovators and entrepreneurs about building a mission-driven, machine-learning-powered company. If you like what you hear, please subscribe to my newsletter to be notified about new episodes. Plus, follow the latest research in computer vision for people in planetary health. You can sign up at pixelscientia.com/newsletter.

[INTERVIEW]

[0:00:34.8] HC: Today, I’m joined by guest Vyacheslav Zholudev, co-founder and CTO of Sumsub, to talk about user verification and fraud detection. Vyacheslav, welcome to the show.

[0:00:45.6] VZ: Yeah, thanks Heather, thanks for having me.

[0:00:48.3] HC: Vyacheslav, could you share a bit about your background and how that led you to create Sumsub?

[0:00:52.7] VZ: Yes. My background, I’m a computer scientist, I also hold a Ph.D. in computer science. I think the fact that I found funny about myself is that I was lucky enough to know what I was going to do in my life since the first grade in the school and for some reason, my father, like, I think I should thank my father here, he say, “Hey son, the computers are the future so focus on them.” And for some reason, I listen to him and never struggled with you know, choosing in direction I want to go.

Although, my father had nothing to do with computers long time, but here I am, and yeah, how I found Sumsub, I mean, there’s no, let’s say, straightforward story to that. It’s not something that I was you know, wandering around and saying “Okay, here, we have a problem with KOSC identity verification.” It kind of happened continuously back in 2010 or ’11, I had a pet project, which was dealing with creating algorithms for, let’s say, Photoshop detection, for detecting whether the image was forged or not, right? So, it was just a pet project but then later on, it became more serious, and then in 2015, we would – my co-founders realized that this is just a part of a big story of user verification or having trust in a user when this user gets onboarded, and that’s when we peeled into KYC and that’s when we actually saw product market fit. We saw the problem direct, trying to solve and that’s how things went rolling.

[0:02:40.8] HC: So, what does Sumsub do today and why is it important for safe digital features?

[0:02:46.5] VZ: Sure, two or three years ago, I would say that Sumsub is an online verification platform or identity verification platform or maybe KYC platform, now your customer platform for those who don’t know this term and I can give you like a simple example here. If you’re opening a bank account, and a couple of years ago, probably, you would have to go to some store or office, install your documents there and maybe a couple of days later, hopefully, your account is open.

Nowadays, because many new banks, contemporary banks, they just require you online registration. So, you’ll upload your passport, your selfie, maybe proof of address, and some sort of utility bill, and then hopefully, your account is opened, right? So those things shifted towards online sphere and especially, when COVID started, nobody was allowed to go to the offices so of course, of this quality stuff and developed this online identity verification.

But nowadays, we consider ourself as a broader thing, let’s say, when one verification platform comp wants a tool kit, where we don’t limit ourselves only to use the onboarding, we realize that life happens to the user after he or she got onboarded. The users make transactions and online banking when they rent a car-sharing company, the make rides, right? So, therefore, we always try to cover this part of the life cycle for an end user and wanted or advanced transactions and all the actions that happen after the user onboard.

[0:04:29.3] HC: What role does machine learning play in this technology?

[0:04:32.7] VZ: It’s actually everywhere. As I mentioned, we started with creating anti-Photoshop software, and then of course, computer vision part of the machine learning was really important for us. Then when we pivoted into KYC and of course, we needed to extract data from government-issued ID documents, so that’s one application. Then you need to strike face and compare a face against a selfie, then the liveness checks become prominent, and therefore, you need to prove that the real person sitting in front of the computer, not a printout image or prerecorded video, a mask, or a deepfake, right?

We can talk about them later, and you compare the faces, then you need to search faces under certain circumstances, then you need probably to analyze user behavior and distinguish bots from real people or maybe from human people that are trying to register multiple accounts under VPNs and using some other techniques, maybe searching images with the same background, extracting data from utility bills and structure them as well.

So, basically, it’s everywhere. I can’t imagine that our company could exist without machine learning and different algorithms in this area.

[0:05:53.1] HC: Generative AI has been in the headlines a lot lately with large language models like ChatGPT and text image models like Stable Diffusion. How do the latest generative AI advancements impact user verification?

[0:06:05.5] VZ: That’s as very good question and unfortunately for us, it sort of like it affects the user verification in a negative way, in a way that it became relatively easy to create forged documents, also deepfakes, so people that look like real people but they don’t exist or the person is kind of generated from a stolen ID document, so it became really a problem two or three years ago.

It was really expensive I would say, and difficult to create a deepfake that looks realistic. Nowadays, you can do it with a click of a button on your smartphone. That became a problem. At the same time, it’s a cat and mouse game and of course, this cat and mouse game was present in different areas of user verification as well and so it’s a game between fraudsters and people that try to pose as them. Yeah, so things become more challenge to me.

[0:07:04.8] HC: What are the implications of deepfakes? So, how did they affect our society right now? [0:07:09.4] VZ: Yeah. So, since this online user verification become more and more prominent, then more and more services offer this in our everyday lives, online user verification more and more. So, at the same time, became much easier to create those deepfakes and therefore became easier to pass this verification with fake documents and then with AI-generated face, and of course, it negatively impacts businesses because businesses attract more fraud and of course, fraud is not good for businesses.

So, therefore, do you, in case you’re so set, unless you really try to oppose this, this new phenomenon and that’s what we are trying to do at some Sumsub. We have a very strong machine learning team and we’re really focusing a lot nowadays on fighting those deepfakes, trying new and new ways how we can protect ourselves and our customers against them, trying to find new ways how fraudsters try to create those deepfakes because if you know how they play, you can play against them.

So, combinations of many techniques, approaches, staying creative, and yeah, it’s challenging times.

[0:08:29.4] HC: How do you approach using machine learning to detect them and as a human, are there ways we can detect them?

[0:08:35.3] VZ: There are multiple ways, multiple approaches you can take there but the first thing to note is that humans have become more and more useless there because the deepfakes are so good that humans kind of really realize that this is a deepfake in front of them and of course, there are websites like this person doesn’t exist, you can go there, read all the page, and see a new person every time, they look super realistic but they just don’t exist, they are deepfakes.

So, we are focusing on machine learning approaches there. Of course, we use our engineers, for example, also to create synthetic data or creating those deepfakes. Of course, there are not so many software programs yet that can generate realistic deepfakes. So, therefore, you can use them to generate materials that you can use to learn your machine learning models because every software leaves some sort of artifacts that you can use and train your machine learning model for so that success when detecting can be able to generate images. Also, for let’s say, more for the scenarios that should be more secured, you can complicate the procedure of passing the lion’s test. It’s not just about taking a selfie but about making some gesture that can hide your face for a little bit and of course, if it’s a deepfake, then there will be special artifacts generated by this movement. So, this kind of thing you can do. Also, you can – since we have lots of clients and lots of end users passing verification through us, we can use some sort of additional signals to detect the, for example, a virtual camera is being used.

A virtual camera is being used then most likely our ability is relatively high that deepfake is being played using this virtual camera, then you can kind of go manually through those cases and many cases, you can still say, “Okay, maybe it’s a deepfake.” You can see like a sort of like a background that is never changing for several people, things like that. So, it helps you to collect better training data.

Some other signals and behavioral signals can be used to also, let’s say, require a more complicated way of passing awareness. So, there is no one hard kind of like waterproof solution I would say but there are lots of things that we can do, definitely one of the best right now in the market that are fighting this good fight against deepfakes.

[0:11:21.0] HC: You mentioned artifacts. Are these usually things that, if you know what to look for a person could pick up or are they much more subtle things that perhaps deep learning models need to learn those patterns and be able to identify them?

[0:11:34.3] VZ: Yeah, if we’re talking about like, holding about a hand holding over your face, then the artifacts are pretty – they can then, people can detect this, although, utilizing people, there is good maybe for labeling data but not for real-time use because it is just not scalable, right? When we’re talking about just taking selfie and maybe just like a slight movement of the head, then those artifacts are much, much small, and very often, they are not visible like human or they’re probably visible by an expert, right?

That for example, knows that they probably shouldn’t look into a series of frames and look at their retina and see how reflection changes in the retina that an experienced person of course would know such details and therefore, won’t be able to distinguish deepfake from a real person. [0:12:28.3] HC: So, aside from deepfakes, what about other types abroad? How do you distinguish a real person and an AI?

[0:12:36.0] VZ: I think deepfakes are definitely the number one problem here and other types of fraud are simply connected maybe to social engineering or money mules, where actually these are real people that are selling their identity for a small reward typically come to a certain place, an office somewhere, they’re being paid, and they submit their old documents and real face. The documents are okay.

The documents are correct and valid and faces, their real face. Nonetheless, the intention is a fraudulent one, so therefore, it’s important to find those cases as well, and of course, machine learning can help here as well. You can look into signals of course and it provides fingerprints and location. They can look at you at the same background because very often there is an office with a whiteboard let’s say in the background or maybe some curtains or an open window.

So, you know you can use machine learning to search for those case as well, and then if you realize there is a big enough cluster where those users probably had a suspicion that this is a money mule network and that’s one of our like products, new product selection dealing exactly with that. In this particular case, we kind of just decline those users right away because I mean, these are valid users but that is something that our clients should be aware of and we provide means of how they can react and investigate those cases.

[0:14:14.3] HC: With any of the types of models that you trained to detect fraud or deepfakes or other types of easy verification, how do you ensure that your model has continued to perform well over time especially as AI technology is advancing so rapidly and bringing up new challenges for you?

[0:14:30.3] VZ: Yeah, that’s a very good question because on a bigger scale, it’s very easy to lose this moment when your model starts to degrade or maybe there is just one fraudster who figures out how to bypass our deepfake detection rates, new types of deepfakes, and on the low input that we have because it’s just a very small fraction, so therefore, it becomes more complicated to detect those cases. However, there is several ways how you can find this sort of behavior. First of all, of course, we get feedback from our clients as well, right? And typically, we can detect new types of attacks, pretty quickly thanks to our clients, thanks to our quality control team, and of course, we have maybe some other signals that say, “Okay, the behavior is this user is suspicious” because of, I don’t know, their IP address.

Maybe there are some other signals, derive fingerprints, maybe they move their mouths too quickly, or copy-paste some stuff, right? There are some signals that of course don’t indicate that something is wrong with the user that indicated that something is probably suspicious. So, therefore, those cases can go to conditional quality control, which respectively, and if something fishy is spotted then we can collect those cases and bring it to the machine learning team and then they can react to that.

Yeah, so I think that these are approaches – and of course, we have numbers and we have numbers let’s say when our clients give us feedback and we’re wrong and probably a fraudster. We get those signals and we wanted to or this metric goes up and applying to something. That is happening and therefore, we react then. Usually, of course, it’s a cat and mouse game and we need to react quickly and so far, the combination of many, many techniques including the ones that I mentioned, allow us to be ahead of the game let’s say.

[0:16:34.7] HC: As AI has been advancing so rapidly, ethical concerns have been a much greater focus recently. How about bias manifest with models trained to detect fraud or deepfakes?

[0:16:45.9] VZ: What do you mean by bias?

[0:16:47.7] HC: Are there ways that bias might come up? For example, maybe you’re models are more accurate for people of a certain race or a certain part of the world or any type of bias like that?

[0:16:58.9] VZ: So, initially I would start the, of course, the fraudulent cases are much rarer than normal cases. So therefore, typically it’s very hard to train the models unless it’s – there’s one class that’s much larger than another one but again, about the advice that you mentioned is that actually, the good thing is that, unlike many other competitors in the market, we work with the whole world and let’s say equally as much as possible.

By equally good I mean that the conversion rates in many countries are the maximum that they can achieve. So for example, we work with Chinese alphabets, with Arabic symbols, with like to really render just their little documents and therefore, since we’re good in like performing in those regions, we also have clients that by nature are global and their users coming from around the globe and therefore, our with training data and they typically don’t have biased return rates or whatever.

So, for us, it is not a big deal. Of course, there is some sort of bias but it always will be data point here is not to make it super huge and super obvious and it’s not, thanks to the fact that we’re working really well within. So, for us, it’s yeah, not a big deal I would say.

[0:18:19.5] HC: Are there any specific things that your team is doing to monitor the potential for bias or to tackle it if you find cases of it?

[0:18:26.9] VZ: Sure, so let’s say probably of course, if we are selling just the technology we’d spend more attention in providing like super detailed metrics for our potential customers and since we’re doing it like just a bigger operated service, we like measure our success in the past rates and the conversion rates happiness and satisfaction of our clients and our clients comparing may be us to some other vendors.

They obviously want vendors that they run in parallel and so far, we are just satisfied with what we’re seeing and like we’re even open about the conversion rates for each particular region and we’re open about that in terms that we put this version of that in our website and honestly, very often it’s the problem when some regions have lower conversion rates or approval rates and that’s the metrics that we’re monitoring very closely.

The problem is not with the like race or the age with the users but about the documents that particular countries have and some countries don’t have, let’s say, ID cards or passports for 50% of the population. So instead, they have paper-based documents that are damaged very often, so they are not made of plastic. So, therefore, they get worn down over time relatively quickly and the conversion drops happen mostly because of those bad documents.

And therefore, we’re finding ways how we can increase those conversions. For example, providing a way how users can authenticate using some sort of tech sphere number, like [inaudible 0:20:11.4] for example for BDN or CPO like in Brazil and that’s what increases conversion. So, that is the focus for us, so yeah, sorry that I’m just don’t give in here an exact answer to your question but I just wanted to again, tell you how we reason and what we pay attention to.

[0:20:30.9] HC: Is there any advice you could offer to other leaders of AI-powered startups?

[0:20:35.2] VZ: Yeah, so usually I’m kind of not really in a position to give advice but there are of course, a couple of things that I believed in, and for example, especially in machine learning you should never settle, right? So because new and new things are coming up, so it is very important to not stop learning, explore new techniques, and see what’s going on in your field because this is a field that evolves super rapidly.

Also, I would say that if you are dealing risk, some sort of anti-fraud solution, you should always think like a hacker. So, you shouldn’t say, “Okay, maybe this like it will have a shortcut here because the hacker won’t figure this out.” I don’t know, let’s say a weak place is there but no. There will be guys that will figure it out and then you will regret that you took a shortcut at some point. So, think like a hacker and don’t compromise the security.

Don’t think that some things won’t be revealed, they will. Those are a couple of things I can mention for sure.

[0:21:45.3] HC: And finally, where do you see the impact of Sumsub in three to five years?

[0:21:49.1] VZ: Yeah, that’s a very hard question because in the kind of world that nowhere will turn next week but yeah, however, there is some things that are more pragmatic I would say and there are lots of work in three, and five years just developing the platform that we’re doing right now. There will be a never-ending fight between ill-minded people and people that try to protect you and protect themselves against fraud.

But also, we want to function a bit more to society I would say but open sourcing more real products. I mean, machine learning models. In fact, we started to doing solely, you can find out models on hiding face. Also, we’re trying to contribute to education. We’ll start computer vision courses, constructing in University of Bremen next semester and that is actually fine because I did my Ph.D. there and now we’re having lectures there and security incidents.

So yeah, we want to contribute more to society, we want to develop our platform further. Sure, there is lots of work in being on one verification platform and the compliance toolkit in there and the world is constantly changing and from more and more electronic I use right now are appearing. So, the problem with identity is not solved yet, whatever it means, even kind of formulate what the problem of identity is.

But one thing is known for sure, it’s not solved and we’re in the process of figuring out what needs to be done in the long run, so here everyone, it’s not a sprint. It’s a marathon, I would say and we are up for it.

[0:23:32.0] HC: This has been great. Vyacheslav, I appreciate your insights today. I think this will be valuable to many listeners. Where can people find out more about you online?

[0:23:40.2] VZ: Yeah, just going to sumsub.com or to LinkedIn, that’s where I’m relatively active and yeah, I think that’s enough.

[0:23:52.1] HC: Perfect, thanks for joining me today.

[0:23:53.8] VZ: Yeah, thanks for having me.

[0:23:53.8] HC: All right everyone, thanks for listening. I’m Heather Couture, and I hope you join me again next time for Impact AI.

[END OF INTERVIEW] [0:24:06.2] HC: Thank you for listening to Impact AI. If you enjoyed this episode, please subscribe and share with a friend. And if you’d like to learn more about computer vision applications for people in planetary health, you can sign up for my newsletter at pixelscientia.com/newsletter.

[END]