BLOG | VIDA DIGITAL IDENTITY

The Difference Between Verification and Validation, and the Threat of Deepfake

Written by VIDA | Jun 5, 2024 8:26:00 AM

The difference between verification and validation is often difficult to understand in the realm of digital identity. Usually, when registering for an app on a mobile phone, there is a prompt to perform verification and then validation. What is the difference between these two concepts?

Read this article to learn about the definitions, purposes, and processes of verification and validation.

Definitions of Verification and Validation

1. Verification

Verification has several definitions depending on the context. According to the Indonesian Dictionary (KBBI), verification is the examination of the truth of a report, statement, money calculation, and so on. Essentially, verification is the process of comparing two or more things to ensure the accuracy and correctness of information. Verification can also be defined as confirmation carried out by providing objective evidence.

In the context of research, verification means the process of determining the truth of a statement through empirical methods and scientific testing to ensure its accuracy. Researchers perform verification to ensure that the output data matches the tested data.

Data verification, on the other hand, is the examination of data accuracy. Data verification is conducted to prove that data collection meets all requirements, thereby minimizing errors during data input in various research methods. A simple example of verification we often encounter daily is when creating a password. Applications usually ask you to enter the password twice to ensure there are no mistakes in the data entered.

In mobile banking usage, verification is the process of ensuring that the user registering for the mobile banking service is indeed the legitimate account owner. This process involves validating various digital credentials, such as an ID card, biometric data, or other relevant information.

2. Validation

Validation is the process of ensuring that the verified data or information meets certain standards or requirements. Validation is usually conducted after data collection to ensure the truth and accuracy of the data in its context.

Examples of validation use include:
   - Document Validation: Checking official identity documents such as an ID card or passport against official data sources to ensure their authenticity.
   - Transaction Data Validation: Ensuring that all information related to a transaction, such as payment details and shipping addresses, is accurate and legitimate before processing the transaction.
   - System and Software Validation: In software development, validation involves testing applications to ensure that all features work according to specifications and that there are no significant bugs or errors.
   - Medical Validation: In the medical context, validation means ensuring that diagnostic or treatment procedures meet health standards and provide accurate and reliable results.

Differences Between Verification and Validation in Digital Identity

1. Timing of Actions
The most noticeable difference between verification and validation lies in the timing of their actions. Verification is conducted in real-time and occurs when a new user registers for an application (customer onboarding process). At this stage, new users are granted application access after entering and matching their personal data.

Validation occurs when the user is about to perform an action on the application. This process is carried out after the system records the user's personal data. Validation aims to ensure that the data used during the action or transaction is legitimate.

2. Type of Actions
Verification generally involves entering personal data such as an ID card, phone number, or email address. Methods used include OTP codes, biometric verification, PINs, or passwords.

Validation does not require personal data because the application system has already recorded it during user registration. However, validation also uses similar methods such as OTP codes, biometric verification, PINs, or passwords.

3. Examples of Verification and Validation Implementation
Verification: Users register for an application (onboarding process) and enter personal data. The system sends a verification code to the user's phone number or email address.

Validation: Users enter a PIN, password, or facial biometrics when making an e-commerce transaction.

The Importance of Verification and Validation in Digital Identity

Despite the differences between verification and validation, both are crucial steps in ensuring the security and reliability of digital services. Without proper verification and validation processes, applications are vulnerable to cybercrime, such as identity fraud, malware, hacking, data and money theft, and other security breaches.

Without strong verification processes, unauthorized parties can easily access users' personal information or damage someone's reputation using false identities. Not only personal data, but bank accounts can also be breached if fraudsters have personal data.

When an application experiences data breaches, user trust will be lost. Financial losses will also affect the company, as costs incurred are not only for refunding users' money but also for investigation, additional operations, and mitigation.

Deepfake Fraud During Verification and Validation Processes

Deepfake crime originates from the use of deepfake, which is fake photos, voices, or videos reproduced from real faces or voices. Before becoming a criminal loophole, deepfake circulated on social media as entertainment, such as face swap apps or the use of artificial figures in films. However, deepfake evolves into a crime when the same technique is used to access an application without permission.

VIDA data shows that 90% of business professionals do not know how to protect their companies from deepfake. Since 2022, deepfake fraud has increased tenfold in Southeast Asia due to the abundance of deepfake software available.

Deepfake attacks generally occur during the digital identity verification process in an application. This is very fatal. When deepfake fraudsters succeed in breaching the verification system, it is highly likely that the validation system can also be breached. Thus, despite the clear difference between verification and validation, both remain targets for deepfake breaches.

Despite the differences between verification and validation, both are vulnerable to the same attacks, namely presentation attacks and injection attacks.

1. Presentation Attack
In the example of biometric verification, a presentation attack is an attempt to deceive by presenting fake biometrics. These biometrics could be photos, masks, or other disguises to trick the biometric system. The goal is illegal access to the security system. Deepfake technology can create very realistic images or videos taken from real people.

2. Injection Attack
This attack is more sophisticated than a presentation attack. This attack involves injecting code or malicious commands into the biometric system to gain unauthorized access and manipulate the system. For example, fraudsters inject deepfake audio into the voice recognition system in the verification system. Like a presentation attack, this attack aims to gain illegal access to the security system.

By understanding the difference between verification and validation, especially in the context of digital identity, we can better ensure that every step taken in the digital process is accurate and secure. Verification provides an immediate layer of security by ensuring that the entered data is correct, while validation ensures that the data meets the necessary standards for transactions.