Swipe Right for Identity Verification
August 22, 2019
It should come as no surprise to anyone who has used an online dating app that 53% of people lie in their online dating profiles.
According to eHarmony, “20% of women… admitted to using an older photo from when they were younger and thinner,” and “more than 40% of men said they lied about their jobs in an effort to sound more successful.”
Even the slightest misrepresentation of a real person in an online dating profile can be problematic for many reasons, but even worse are the fake profiles that are used deliberately to catfish or scam an innocent user.
The number of sensitive personal data breaches has snowballed in recent years, enabling cybercriminals to easily worm their way into online dating apps using stolen names, birthdates, and photos, but in a world where 3.48 billion people now use social media, the proliferation of digital “oversharing” has made it even easier for cybercriminals to impersonate a user or at the very least leverage their credentials to create fake profiles and initiate online dating fraud.
According to the FBI, romance scams cost victims in the U.S. and Canada nearly $1B in the last three years (more than any other type of Internet fraud), and despite warnings from the FTC, there were 50% more catfishing victims last year than there were three years ago.
Some online dating communities have built-in authenticity checks that use complex algorithms to detect fake profiles, and dating apps like Zoosk, Bumble, and Badoo incorporate some form of verification (e.g. comparing a real-time selfie to profile photos), but as cybercriminals get smarter, these methods can quickly become outdated. The best way to vet dating app users is to verify their identities against authoritative data to ensure that their account information and profile photos match the data on their ID document(s).
As online dating has evolved – trending toward mobile interfaces that have gained favor with new generations of daters – they aren’t just collecting a ton of data to round out a user’s profile, they’re now connecting potential matches in real-time via mobile geolocation technology. This, coupled with poor security measures, have resulted in data breaches which can have lasting effects on user safety.
In the last 18 months alone, four popular dating apps (Grindr, Romeo, Recon, and 3fun) experienced data breaches, in which their users’ personal data was exposed, including their real-time locations. In the case of 3fun, more than 1.5 million users had their exact location and their personal data exposed because of a vulnerability in the app.
Data breaches are detrimental to a user’s digital identity, as well as a major invasion of their privacy. Online dating apps have a duty to keep private information private, and to handle it responsibly and ethically, not just for the sake of their users, but also to demonstrate compliance with global data protection regulations.
The Role of Government and Cyber Education
Given the extreme consequences of online dating, governments are starting to get more involved to protect their citizens from financial, mental, and emotional distress.
This summer, the U.K. education secretary Damian Hinds announced plans to introduce online safety, relationship, and computing guidance in schools to help children and young adults navigate the world of fake profiles, targeted ads, and other digital issues that are frequently experienced in online dating.
Across the pond, Utah’s legislators are proposing a new law that would require dating apps that ban a user for catfishing to notify anyone with whom the fake account holder has interacted with through the app, and dating app behemoths like Match Group (Match.com, OkCupid, PlentyOfFish, and Tinder) are fully in support of passing this law.
There’s no shortage of cyber education organizations in the U.S. that create course materials around cyberbullying, sharing digital content, and more, but because cyber education isn’t federally mandated, it’s up to the dating apps themselves to implement security features to protect their users from both digital and physical harm.
Online dating is projected to become a $3.2B industry by 2020, with most users today spending an average of $243 annually for membership registrations, renewals, upgraded messaging, and more. Though already a booming business, online dating apps could be even more profitable if they invested in progressive identity proofing mechanisms to increase the value of membership.
How Identity Verification Helps
There are roughly 8,000 online dating apps worldwide, 2,000 of which are based in North America. If every online dating app committed to verifying its member base, there’d be more than 59 million users to verify globally. With that kind of volume, it’s understandable why dating apps are reticent to explore more in-depth verification options––they worry it might add more friction to the user onboarding process. But, as consumers spend more of their time and money on mobile apps and experiences, some friction with identity verification is becoming increasingly necessary to prevent fraud in every digital interaction, including online dating.
Dating apps that use identity verification techniques like selfie matches and facial recognition are more likely to weed out bad actors and bots, but those methods can’t be wholly effective because users aren’t verified against public data. This can be difficult to deploy without dedicated internal resources, but automated verification technologies can make it easier for online dating apps to vet new members with a fair amount of friction, and provide extraordinary security and user experience in the process. Even better if a platform can verify personal data and then encrypt it, or at least safeguard it.
Good identity verification tools not only match a selfie to a driver’s license or ID card, they also scan the government-issued ID for authenticity. Some verification platforms go a step further in tying multiple data points to an individual as an added layer of assurance (e.g. background check data for criminal history, utility bill data to verify an address, etc.)
Identity verification is typically performed once to register an account, but some verification platforms can provide verification subscriptions to ensure that a user continues to meet a platform’s requirements on an ongoing basis, and to alert the platform of any status changes.
It’s also a good idea for online dating apps to pair some type of authentication (e.g. two-factor and multi-factor, not KBV) that can be performed many times, with a one-time identity verification mechanism. Combining these two technologies enables frequent validation of a digital dater’s identity. Biometric liveness selfies can also be helpful for preventing fraudulent users from registering for dating apps, but ideally, this method should be combined with other verification techniques given its susceptibility to presentation attacks like spoofing.
Online dating apps need to do everything in their power to prevent fraud and protect their online communities. Those that aspire to achieve a greater level of assurance when it comes to identity verification, and still offer a seamless onboarding and sign-in process, will be uniquely positioned to win the lion’s share of new customers by demonstrating dedication to user safety and privacy and becoming a trusted service for anyone looking for love, friendship, or something in between.