Saturday, November 11, 2017

Innov8tif Participates in SAS FinTech Challenge 2017-18 as Sandbox Technology Provider

Innov8tif is pleased to announce our participation in SAS FinTech Challenge 2017-18, as a technology provider in the technology sandbox. The sandbox stack comprises:


SAS, the world's largest privately held software company, is the primary organizer of SAS FinTech Challenge ("The Challenge") - a competition to encourage students and academics in Malaysia to contribute ideas and develop innovative solutions to enhance the banking experience and solve organizational business pain points. The Challenge is supported by Malaysia Digital Economy Corporation, and five mentoring banks:
  1. CIMB Bank
  2. Hong Leong Bank
  3. Maybank
  4. Public Bank
  5. RHB Bank
These five banks, are Malaysia's top five largest banks by assets. Fintech related competition, challenge or hackathon is nothing new in Southeast Asia; but, a challenge that attracted five large commercial banks into the same platform, is unseen before. Innov8tif is as excited with our participation in The Challenge, if not more, as the organizer and other participating institutions.

Throughout our participation in The Challenge as sandbox technology provider, Innov8tif is committed to provide instructor-led workshops to the shortlisted teams, on:
  • Joget Workflow hands-on knowledge to develop low-code workflow that automates domain specific processes in any digital transformation initiative, and
  • creative usage of Innov8tif eKYC components to support real-time ID capture in blazing fast speed with BlinkID and automation of facial sighting process with FaceID.
As an industry player in the fintech solution provider space, Innov8tif aims to bring awareness on the new evolution in low-code and computer vision technologies, to the bright undergraduates who will soon join the workforce - and probably continue to contribute in fintech ecosystem too.

Friday, September 29, 2017

Joget Workflow v6 Exclusive Preview held in Malaysia with Overwhelming Interest

Joget, Inc. R&D team has been working on - the best ever Joget Workflow major product upgrade, for about 2 years now. I am personally extremely excited with what Joget Workflow v6 has to offer. It is realising a true low-code RAD (rapid application development) platform.

Today, Joget Lab Malaysia hosted a seminar in Klang Valley Malaysia for the preview of Joget Workflow v6 new features. Joget v6 will have a dual pronged focus: User Experience (UX), and App Maintainability & Performance.

User Experience (UX)

  • Enhanced App User Experience for Desktop and Mobile
  • Customizable App Center
  • Dashboard Capabilities
  • Unobtrusive Admin and Design Interface
  • Design Apps Anytime, Anywhere with Support for Touch Devices
  • Excel-Like Functionality With the Spreadsheet Element
  • Improved User Experience with AJAX Support in Multi-Paged Forms


App Maintainability and Performance

  • Enhanced Configuration Options for Codeless Apps
  • Improved Performance with Userview Caching
  • Database Connection Monitoring and Leak Detection
  • Improved JSON Tool for Integration
  • Simpler Email Configuration with Platform-Wide Settings
  • Enhanced Security with Multi-Factor Authentication (MFA)

We are glad to have Mr. Hugo - the Joget's VP of Technical Consultancy, to walkthrough with us the above described new features in live demo. Nothing beats a live demo! 

Joining us earlier today, are the active enterprise customers of Joget Workflow in Malaysia, as well as network of  Accredited Partners.

Stay tuned to our Facebook page updates. A video that demonstrates v6 new features will soon be published by Joget, Inc. And Joget Workflow v6 is scheduled to be released in Q4-2017, upon full compliance with HP Fortify source code security scan. The best is coming! #waitforit

Thursday, September 28, 2017

Innov8tif at BankTech Asia Manila Series

BankTech Asia is a series of annual events where banking meets technology. Last week, on 19th-20th Sep, BankTech Asia 2017 Manila Series was held in Philippines, and Innov8tif is honoured to be invited by MDEC as a speaker for panel discussion titled "Evolution of the ASEAN Payments Landscape".


Mr. Tiensoon, our COO, represented Innov8tif for the panel discussion with other payment industry leaders - Mr. Danny Leong of GHL Systems, Mr. Lim of iPay88 and Mr. Vincent Chan of Macro Kiosk. This session was moderated by Mr. Vincent Fong from Knowledge Group.

Some of the key points discussed during this forum were:

  • Past, present and future of payments
  • Emerging trends and case studies

Crystal Ball?


While every panelist agreed that smarpthone had and is playing a vital role in the evolution of payment technologies and trends, but the emerging trends are evolving so quickly that, almost no one can assure what exactly the future big waves would be. There are technologies that "came and gone off", quickly, due to lack of adoption, or untimely emergence. Nevertheless, artificial intelligence (AI) is a clear sign for what's foreseeable, and the world is certainly going to be more cashless than ever. Mr. Tiensoon made the following remarks about what AI has to offer for payment industry.

Nowadays, I think nothing “new” you hear this year could escape from the word AI – artificial intelligence, which comprises keywords such as machine learning, deep neural network, robotic. Chatbot is a good example of AI-powered product that has reached a matured state in recent years.
In eKYC, as the onboarding processes have to be as automated as possible, ideally, AI will definitely play a key role. The mobile OCR (scanning with smartphone camera in layman description) of ID card that we have deployed to most of the telcos in Malaysia, is an example of computer vision technology. Another application of computer vision – is facial recognition, to automate the sighting process remotely without customer’s physical presence at branch. And, both ID card scanning and facial recognition technologies can get better, with machine learning. As the machine learns from more examples, it knows better at differentiating and recognizing the patterns and contents of a specific ID card. 
In China, facial recognition is applied in every imaginable use case in fintech. You have cash withdrawal ATM that performs facial recognition as the 2nd factor of authentication; you have Alipay that uses facial recognition as part of eKYC process; and now you have KFC Hangzhou that welcomes payment with a smile!

Embracing Competition

In business, there shall be no permanent enemy. Or, in Chinese proverb - "one more friend is one less enemy". Alipay has become so huge, so successful and widely adopted in China, that it is now going global. It is not hard to spot the "Alipay" sign in major international airports popular among Chinese tourists, especially in duty-free shops and tax refund counter. Two panelists in this forum - GHL and iPay88, are good examples of how their businesses are benefitting from Alipay's global expansion into Southeast Asia. GHL has partnered Alipay to offer Malaysian in-store merchants and online merchants an alternative payment method, while iPay88 supports Alipay as an additional payment method through its gateway.


eKYC

The moderator also asked Tiensoon's opinion about eKYC challenges in ASEAN: "We are seeing a lot of interests in cross-border remittance in the payment industry. Payment gateways and new fintech companies are jumping onto the remittance bandwagon. What are the eKYC challenges witnessed in ASEAN in general?". And he shared Innov8tif's view as follows:

For fintech companies and mobile wallets to flourish in the remittance pie at large scale, customers onboarding must ultimately be self-service. Self-service customer onboarding is an area that garners the highest interest within the banking and fintech area this year. Which also means, the KYC process must be evolved into eKYC (electronic KYC). And the new paradigm shift, is posting a new set of challenges not just to the banks and fintech companies, but ultimately the regulators – Central Bank in this context. 
Using Malaysia as example. As the citizens are already equipped with national ID which has a chip containing thumbprint for verification purpose, the Central Bank requires that KYC is independently done by each bank or financial company providing money services. And as this method has been recognized for so many years, as the only reliable and trusted KYC method, it becomes a stumbling stone now in the digital customer self-onboarding age. The only way that a customer can complete the stringent KYC process, is to have his/her MyKad verified with fingerprint verification, which, requires presence of specialized hardware. And it is making it very challenging for any new fintech company to compete in the mobile wallet and remittance pie, when it comes to customer acquisition. Bank Negara Malaysia (Central Bank of Malaysia) is planning to regulate eKYC processes for remittance transactions, with the new standards to be finalised by October this year.
In Singapore, the government is already rolling out a new digital ID service known as MyInfo. And it is already in the piloting stage with UOB, DBS, OCBC, and Standard Chartered Bank. Customers with a voluntary enrolment into MyInfo database, will be able to sign up a new bank account, 100% online, without needing to submit any additional supporting document.
In Thailand, the Bank of Thailand is staying ahead in the eKYC game. A set of new regulations has already been released to facilitate eKYC. The guideline in Thailand requires “same standard” of face-to-face relationship in eKYC as the traditional KYC. And electronic method is permitted to conduct face-to-face interaction. Which means, a video call is all that’s required! Banks and fintech companies can expand market reach without investing into heavy capex as seen in traditional branch expansion model.
In Philippines, the proof-of-ID comprises too many types of possible documents. Fortunately, the House Committee on Population has recently approved the bill pushing for national ID system. It would be interesting to see, if Philippines would be the first country in ASEAN to have a nationwide national ID system that allows online validation.
Out of ASEAN, China and India are the 2 countries that already have the most eKYC-friendly national ID system in place. For this reason, the fintech sector is booming more rapidly than one would expect. 
Payment industry has always been a key and interesting industry to watch in the financial sector. As it involves the flow of money, it is highly regulated by very stringent guidelines and regulations around the world. Yet, this is a fast-evolving and highly competitive industry that requires creative use and adoption of technologies, while at the same time staying within the compliance parameters and regulator's radar.

Tuesday, April 4, 2017

Is Facial Recognition Technology Reliable for ID Verifications? 3 Common Spoofing Attacks Your Must Know

Facial recognition technology, a high-tech scene in sci-fi movies years and decades ago, has now reached a state of maturity for real-life business use cases. We have previously blogged about how facial recognition technology is applied in banking and financial use cases in China.


One of the most talked-about concerns for the implementation of facial recognition technology to fully replace human sighting process, is its reliability. The assessment of reliability can be measured in 2 aspects:
  • How likely it is to determine a face belonging to the same person as shown in a photo, as negative result. Technically, this is also termed as false negative.
  • How likely it is to determine a face that is not belonging to the person shown in a photo, as positive result! Technically, this is also termed as false positive. This can also be an issue of "spoofing attack".

False negative is largely harmless to business risk. User/customer can simply reattempt the facial comparison again, and s/he may succeed in the next try. False negative could also be contributed by ageing of subjects and complex possibilities of lighting conditions. 

Facial Recognition as Added Information Security Measure; Not the Only Measure

But false positive (erroneously indicates a given condition has been met when it is not) is the subject that concerns business risk and compliance. When a person can be granted access to one's monetary asset simply through positive match of facial comparison against ID photo, this process itself is already presenting major loopholes even if human sighting is practiced instead of facial recognition technology.

Never the less, facial recognition technology in real-life business use cases is expected to be intelligent enough to identify spoofing attacks, and counter masquerade. 

Following are the 3 major types of spoofing attack you should take into consideration, while evaluating facial recognition technology for facial ID verification use case.

1. Face Swapping with Photo Print

The use of facial photographs of a valid user to spoof face recognition is the most common attack method. In fact, this is also the easiest and least complicated spoofing technique among all.

When I was using the Face Unlock feature in my HTC One X in year 2012, my phone could easily be unlocked with a photo of mine.

Facial recognition API is to match 2 facial images, and determine the likelihood of these 2 images representing the same person. Thus, if you are just invoking a facial comparison API (e.g. Amazon Rekognition, Microsoft Face API) to fulfill facial ID verification, your solution is definitely vulnerable to the least sophisticated spoofing attack.

Counter Attack: Liveness check must be incorporated into the client that captures live face photo. The user of selfie camera must proof that he/she is indeed, a live person. The least sophisticated liveness check - is eye blink. But a blink isn't enough. Photo editing software can easily create high resolution and high quality animated image that simulates eye blink. 

Sophisticated live face detection should support a series of liveness check, including head movement. Examples: movement of landmark features such as opening of mouth and turning of head from left to right, and nodding.

2. Screen Replay

Screen replay spoofing can be done through recorded video played on a smartphone or any screen panel.

Counter Attack: Liveness check at the client side isn't sufficient to counter this attack. However, realising the fact that screen replay involves the capturing of image from device camera to another display screen, the face comparison API can be incorporated with sophisticated neural network and deep learning to identify every little difference that could be presented by the display screen. 

3. Mask or 3D Printed Facial Feature

We are referring to the spoofing attempt with high quality mask. One that you can relate to in CSI. 

Counter Attack: Similar to countering screen play spoofing, deep learning and neural networks are required in facial comparison to identify patterns and features of a mask, and isolate them from passing through liveness check. Deep neural network is a key area in machine learning, for complex problems that can't be represented by linear relationships.

Continuous Learning

Cognitive algorithm with machine learning capability will "learn" continuously, from experience. It can get to a stage where it becomes continently better than human - consistency is the key and main differentiator.

The FaceID product from our technology partner - Megvii Technology Inc, is reportedly isolating hundreds of suspicious transactions for a mobile payment platform. And the blacklist database has accumulated experiences beyond the 3 major spoofing techniques described above. 

"Once you stop learning, you start dying" - Albert Einstein. This quote is now applicable to machines too.

Monday, March 13, 2017

3 Methods to Read MyKad

MyKad, or sometime mis-spelled as "my card", is the Malaysian identity card issued to citizens aged 12 and above. The permanent residents, Malaysian Arm Forces personnel and Malaysian Police personnel are also issued identity card of similar features, known respectively as MyPR, MyTentera and MyPolis.

Method 1: Read Data from MyKad Chip

This is the most reliable method in digital process. To read MyKad data from the chip or smart card, you will need the following components:


  1. The reader hardware. Some commercially available options are listed at mobilemykad.com
  2. A software specially programmed to support MyKad reading on an identified operating system - such as Windows, Android, iOS. 


Pros:
  • Reliable and accurate data retrieval, as long as the chip, reader and software are working correctly.
  • Less susceptible to fraud. It's easy to print a fraudulent card that looks similar to the genuine copy, but it is technically more challenging to produce a fraudulent smart card.
  • Quick. It only take a few seconds to retrieve personal identification details from a MyKad.
  • You can retrieve more demographic data than those printed on the card, such as religion, place of birth.
Cons:
  • A hardware reader is required. This may introduce further considerations such as hardware wear-and-tear.
  • When a chip is worn-out or broken, it will not be readable.


Method 2: Scan Data from Card Surface

This method is technically known as OCR (optical character recognition). You can read up more about how OCR works, from our previous post. In a nutshell, OCR involves an image processing process, to recognise and extract printed text from a photo/image of the card surface.

Pros:

  • Can be very portable. If you are using mobile device camera as the input for OCR, you can complete the whole scanning operation within a mobile device (e.g. Android, iOS) without requiring another hardware. Click here to find out a commercially available technology that supports MyKad OCR on mobile.
  • Supports pre-filling. By scanning the details printed on card surface, you can save the data entry time by a few minutes. User only needs to check the pre-filled details and make necessary correction, instead of 100% data entry.
Cons:
  • Do not expect it to be always-accurate. OCR is to support pre-filling of a form, not to be expected as the ultimate data for submission. Some noises such as lighting reflection, can affect accuracy of the recognition process.
  • No authenticity check. With technology today, it is entirely possible for a fraudulent card to be printed at the same, or very similar quality to the genuine card. OCR scanning is not able to differentiate between a genuine or a fraudulent card. 


Method 3: Read with Human Eyes!

Good old method? :)) LOL

Pros:
  • No additional technology cost to be invested. 
  • Human eyes are good at recognising and differentiating watermarks.
Cons:
  • Susceptible to human data entry errors.
  • Many times slower than machine (e.g. chip reading and OCR scanning).


Method 4: NFC/Mifare Scanning?

Even though MyKad has an embedded Mifare chip, but it is meant for Touch 'n Go use case - not as the medium to store the personal identification details. So, there isn't a feasible method 4 ;)

Wednesday, March 1, 2017

Mobile SFA (Sales Force Automation) for FMCG

FMCG (fast moving consumer goods) sector is probably the next industry after banking and financial, which can benefit tremendously from optimised sales processes using modern mobile technologies. Following are some examples of optimisation which are ultimately driving cost saving and increased revenues.
  • Submit an order from sales staff to HQ to trigger invoicing and fulfilment 8 hours sooner than before; 
  • Collect invoice payment more effectively, by 1 week sooner; and
  • Process a fulfilment 2 working days sooner than before.

EMAS Verticalised for FMCG 

In late 2015, we have inked a partnership with Asoft Digital - a software company that developed IP (Intellectual Property) in ERP (Enterprise Resource Planning) system and commands a customer base among the Malaysia's FMCG distributors, to verticalise EMAS (Enterprise Mobility Application Software) as mobile SFA for Asoft's clients.

With a mature platform base, it didn't take us long to complete the first version of this partnership product, named as Asoft SFA.

Soon after sealing our partnership, Asoft has secured an order from the 1st customer - a FMCG distributor with nationwide sales network. Beginning from 2016 Q1, we have started rolling out Asoft SFA to a pilot user group. And in less than a year, the mobile SFA product is now rolled-out to sales staffs of two major FMCG distributors, helping businesses to shorten sales turnaround time and ageing of accounts receivable while saving tens of thousands of pieces paper. Some highlights of Asoft SFA features are:

  • Sales summary: Presenting to salesmen a quick overview of sales performance they have achieved, for the month and for the year so that they can keep track against their sales forecast.
  • Sales order: Allowing salesmen to submit their orders to HQ directly from mobile app in the most natural way that most salesmen are trained and accustomed to.
  • Sales return: Allows returns to be keyed in in a similar manner with sales order.
  • Ageing report: Ageing retrieved from the backend system is presented directly on the SFA app to allow salesmen to view an updated version of their customer’s ageing. Eliminates the need for paper ageing report as per with traditional practices.
  • Stock report: Allows salesmen to get a feel of what are the inventory levels back in the warehouse, without the need to make that telephone call to an office clerk.
  • Customer receipt: Payment collection receipts can be printed via a paired portable Bluetooth printer and synchronised into ERP backend.

Lessons Learnt

Rome is not built overnight, and not every journey is constantly rosy. Following are some lessons we have learnt through this strategic partnership that is working out very well.
  1. Domain knowledge is always important: Never under-estimate the importance of domain knowledge, no matter how similar a use case is to another industry. At a quick glimpse, how much difference could a FMCG sales ordering form be, from a consumer e-commerce catalog? Well, a thought process that is applicable to consumer's usage pattern, is not entirely applicable to a B2B process. The partnership with Asoft is continuously a reliable source of domain expertise, as they are dealing with the actual users.
  2. Handling of offline mode: The user experience of offline mode that we have designed for financial institution and telecommunication company, is also not entirely applicable to FMCG sales ordering. In the use case of customer acquisition for financial/credit products, a relatively high degree of realtime-ness is expected. But for FMCG sales ordering, batch processing is proven to be more practical.
  3. Sales ordering form: A FMCG salesman is accustomed to traditional paper-based order form that helps "get the job done" quickly - especially to a person who is using the same form, repetitively, day in and day out. Often, if little thought is put into the design of an electronic form, user will find him/herself spending more time than the traditional method, and it creates resistance in change. The only way to mitigate change management challenge, is to convince and proof to the the users that, the mobile form is not only helping the company, but the users too.
  4. Fraud management: What's stopping a user from printing a payment collection receipt multiple times, with varying amount in the copy issued to customer, and the copy generated for the Company? Interesting, and a real-world issue that we have mitigated.
A business partnership is only, and will only be sustainable, when it is a win-win partnership for the long term. 



Friday, February 10, 2017

Facial Recognition Use Cases in Banking & Financial Industry - How are the Chinese Leading in AI Tech Adoption?

When speaking about AI (artificial intelligence) and deep learning technologies, the Chinese are not just innovating at rocket speed, but the businesses are rapidly adopting these technologies in real-life business use cases to optimise customer experience and expanding market reach. Let's have a look at how the Chinese banking and financial industries are using facial recognition in business operations governed by stringent security requirements.

1. Remote, or Self-Service ID Verification

When a customer has already completed the know-your-customer (KYC) process, the bank would already have the customer's ID photo (either extracted from the ID card, or a facial photo captured during KYC). As the customer repeatedly progresses his banking and financing needs with a bank or financial institutions, why can't the customer apply for a new product or service, from the comfort of his/her couch at home/office?

Alipay (an asset of Alibaba's Ant Financial and world's largest mobile payment platform since 2014 Q2), China Merchants Bank (as of 2015, it ranks third of all Chinese companies for net cash), China CITIC Bank (China's seventh-largest lender in terms of total assets), Bank of Jiangsu and Ping An Bank are using facial recognition API to accomplish remote ID verification, either through the convenience of a mobile app, or a self-service kiosk/ATM/VTM.

China Merchants Bank's Self-Service ATM equipped with Facial Recognition Technology for ID Verification

Remote ID Verification from Mobile App

Some of these case studies are cited to have only 0.001 error rate at 98% True Positive Rate. If you assigned a human to perform 10,000 verifications in a day, how many mistakes do you think a human would have done?

2. To Replace Password, or, To Serve as 2FA (Two Factor Authentication)

The Alipay app has a feature that enables users to enrol his/her facial photo as biometric login. Instead of keying in the password, the app recognises the user's face, and logs the user into his/her account upon successful verification. 

Screenshot from TechNode

In use cases where an even more stringent security requirement is to be met, facial recognition can serve as part of the 2FA (Two Factor Authentication) process. Imagine ATM machines fitted with camera that performs facial ID verification, in addition to the ATM card PIN number. Why not? 

China Merchants Bank is using facial recognition to realise card-less withdrawal at ATM machine. Instead of relying on ATM card and PIN, customers can also perform cash withdrawal through a combination of facial verification plus one-time-pin delivered to mobile phone.

Photo from Xinhuanet

3. Human-Aided KYC (Know-Your-Customer)

Another use case that has been widely implemented, is to rely on machine to determine the "yes" or "no" of customer's facial sighting process, over-the-counter, aided by banking staff. This process has been around in airport immigration check-points for some time. Instead of trusting on human to make the decision of facial verification, robot is entrusted instead - not susceptible to mood, fraud, and careless mistake.

4. Smile to PAY!

At CeBIT 2015, Alibaba's Jack Ma demonstrated "smile to pay"! The app validates mobile payments by matching a photo taken by the user at the point of purchase to a stored profile photo. 

Photo from CNBC

How Does Automated Facial Recognition System Prevent Attacks?

In facial recognition, the first most prominent attack to be mitigated, is the attack against live face by using photo, video or mask as impersonation. A proven facial recognition technology for ID verification should include a client component that performs detection and cropping of face, and intelligent enough to differentiate between a live face and otherwise through combination of the following capabilities:
  • live face detection
  • face movement tracking
  • facial landmark detection
  • facial landmark movement tracking (e.g. mouth movement, eye blink, head movement)
  • fundamental facial feature analysis
  • photo analysis (mathematical analytics to detect photo/video/mask)
The next time when you see someone looking at his smartphone and moving his head, opening his mouth, he may not be Snapchatting; he could be performing a banking transaction or applying a financing facility!