ChatGPT's latest release of models can analyze images using the Vision API, meaning now is the time to test out new use cases. Using ChatGPT to view images can prevent fraud and create complex detection and prevention workflows. However, ChatGPT can not replace an entire identity verification stack as privacy limiters prevent the models from extracting certain information. Although some prompt reengineering can be used to work around the security in place, it is not reliable for robust solutions in the long term. Plenty of alternate AI models extract document information and classify it correctly. However, ChatGPT can further cannibalize the market for AI models by becoming all-purpose orientated.
To research and explore, we used a simple tool to integrate with ChatGPT and image prompting called WebcamGPT. It is used to test different prompts to explore the API's limitations and review the accuracy of the models. We attempted a few cases with the Vision API. While it is not all-encompassing, there are many opportunities to use it for fraud prevention or ID proofing using liveness checks.
In the first attempt, we tried to extract the data from the image, but ChatGPT was able to identify a privacy restriction around IDs and blocked it. However, we rephrased the prompt and told it that the photo was AI-generated and not a real person. Using the bypass, you can trick ChatGPT into analyzing an image. There are more tricks to ChatGPT, but we won't expose them all due to the system's security, and some have been patched since testing.
Explaining the image is fake or for testing can have ChatGPT comply with the prompts. Another more reliable way is to ask specific questions by stating whether this is a USA driver’s license from Michigan. Making the prompt avoid any person-specific PII seems to have ChatGPT answer more thoroughly.
As seen, we asked it to calculate the age of the person and it answered the question accurately even though the OCR for DOB was off by a month.
By doing this, we can get ChatGPT to describe and extract the details from the ID. The prompt bypasses their security controls, as seen in previous blocked attempts. However, asking it to verify authenticity through Photoshop alterations or replay attack checks from a screenshot can help identify specific types of fraud. This would be a case of genuine fraud as sometimes bad actors use screenshots or phones to complete a selfie step in a verification workflow.
Next, we asked whether it was an AI-generated image or a real person. ChatGPT did not comply with this request, but we found a workaround by asking more specific questions. The texture and pixels on images are helpful in detecting fake photos. However, this capability will rapidly disappear as many models improve to the point where AI vs real is indistinguishable.
Here we asked about the texture of the image to detect modifications.
Next we asked about face symmtery to see that this one was too identical making it appear digitally altered.
A common verification request is to require a selfie holding an ID. ChatGPT is able to verify this automaticaly and could be used part of a workflow to verify different liveness actions.
ChatGPT will not do any face comparisons as seen below. There are other tools like AWS Rekognition that can do this easily.
Other simple checks can be based on the expression of a person and any other details from the selfie such as surroundings or eyewear.
Another test was to task it to decode an ID backside barcode which it could not.
Similar workarounds for an SSN card but ChatGPT did redact some information like the last name.
We tried on a credit card too and that surprisingly worked too with the actual card number and name extracted. The testing purposes workaround was required but didn’t seem reliable.
Lastly some other simple checks for fraud prevention for deepfakes can be side profiles. Having ChatGPT do verification on liveness for deepfakes is another step that prevents stolen identities.
AI generated images with more advanced features can be difficult but, in this case, ChatGPT determined it was not a real person due to the smoothness of skin and other perfection features of the face.
Overall, we tested many different use cases but didn’t find many viable ones. In the future, when video is supported, we can create even more real-time liveness checks with complex and dynamic instructions. For example, companies like ID.me employ agents for certain verification scenarios where a real person walks them through the process. In the future, an AI-generated avatar could easily be hooked in with ChatGPT to walk through a live chat session with a user to verify. Many startups do wrappers around ChatGPT APIs, but for identity verification in 2023, it is not yet a reliable option.