Fame, fortune, or both? Gradations of synthetic identity fraud, with a North Hollywood company as an example

In many cases, identity fraud is accomplished by a bad actor impersonating the identity of another person. Many people have found unauthorized credit or debit card transactions that they didn’t perform, and have had to shut down and re-open their cards as a result.

However, there are other cases in which the identity fraud is accomplished by inventing a “person” out of whole cloth. Or partial cloth; a real piece of identity, such as a legitimate U.S. social security number, is combined with fake information, such as non-existent addresses, stock photography headshots, and unverified social media accounts.

The process could be less rigorous, such as creating a Twitter bot to inflate followers (no government ID needed), or it could be more rigorous, in which the synthetic identity gains legitimate credentials such as passports (although this is becoming more difficult as facial recognition compares applicant faces to existing faces).

Synthetic identity fraud can be damaging. Henry Engler of Thomas Reuters cites a figure of $6 billion in losses to U.S. lenders from synthetic identity fraud.

But sometimes the fraud, while still fraudulent, is relatively innocuous.

Take the case of a particular web design company in North Hollywood, California. If you visit its website (which, oddly enough, is on the “org” domain), the only listed contact for the company is a guy named Eric.

It’s a whole different story on LinkedIn, however.

According to LinkedIn, the company has dozens of employees, including a vast number of co-founders, chief technology officers, and chief information officers. While some are based in Los Angeles, others are based in Chicago, Dallas, Maidenhead, Kyrgyzstan, and other exotic locations. Most remarkably, based upon some of the employee pictures, the company goes over and above in its attempts to attract female technologists. It’s a statistical anomaly!

Under normal circumstances, this remarkable string of oddities would have gone completely unnoticed. I have never interacted with any of these employees, and they don’t seem to be all that active on the LinkedIn platform. Well, with some exceptions; the Chicago-based CEO of the company has made a valuable contribution to the LinkedIn discussion.

Now most of this went under the radar, until a number of LinkedIn employees made connection requests to a particular individual. Unfortunately, this particular individual was Kris’ Rides, a cybersecurity specialist with Tiro Security.

(Before you ask whether Rides himself is a bot, I should note that he has received 40 recommendations on LinkedIn from people that appear to be real, and has amassed over 500 connections. So if Rides is a bot, he is a very effective one.)

When Rides received these connection requests (including two CTOs and two CIOs at the same company), they struck him as odd. So he shared his experience with his connections, which included other cybersecurity professionals, and people (such as me) who were connected to those other cybersecurity professionals. And they’re talking.

Pro tip: if you’re engaging in synthetic identity fraud, don’t reach out to a cybersecurity professional.

Now this story probably won’t be a trending topic on Twitter, even if the bots try to make it so, but it’s certainly gaining traction in the audience that counts: namely, technology experts who have the power to tell LinkedIn and others about questionable marketing techniques.

So what happens next? A mea culpa from Eric (or whatever his or her real name is)? Time will tell.

Are longer posts better? It depends.

I may be a writer who specializes in biometrics, but I write about other things also.

Perhaps you didn’t know this, but my favorite record album of all time is The Beatles, more commonly known as The White Album. Side 3 of that album concludes with a George Harrison song, “Long, Long, Long.”

Harrison was NOT talking about blogging when he wrote “Long, Long, Long.” Heck, we didn’t even have Usenet back in 1968. But if “Long, Long, Long” had been about blogging, most people would think that Harrison lived in a crackerbox palace.

Ain’t She Sweet, when sweet is a blog post?

For years, I’ve subscribed to the theory that blog posts need to be short and sweet, and have corrected myself when I thought that my blog posts were getting too long. After all, my first blog post in October 2003 was only two paragraphs long. My second consisted of a single sentence.

However, the vast majority of my subsequent posts were much longer, which finally led me to try to embrace succinct writing. Or try to, anyway.

Even Bredemarket’s business tactics are geared toward shorter blog posts. The reason that Bredemarket 400 is called Bredemarket 400 is because the target minimum length is 400 words. I’d certainly be open to writing a 2800 word blog post—after all, it provides me with more revenue—but so far my blog post customers have preferred the shorter length.

And the shorter length seems to fit the consumption preferences of some people. When seeking information, many people prefer a few minutes of reading to an hour of reading. Even if something is broken up into a series of posts, do you really want to read a 27-part series?

But what if posts aren’t read by people?

Which brings me to a comment that I made toward the end of a recent, short blog post.

Perhaps you’ve seen my post “Rhonda Salvestrini and her secret salesperson.” As I concluded that post, I inserted the following:

And yes, Rhonda, this blog post has far fewer than 3,000 words…

Most of the people who read the post may not have had any idea why I said that. But Rhonda certainly knew, because in the interview that formed the basis for my post, Salvestrini briefly referred to a preferred blog post length of 3,000 words or more. She didn’t really go into detail about WHY longer blog posts are better, since this was outside of the scope of the interview.

So I looked up the topic.

One of the items that came up in my search was a Neil Patel post entitled “Why 3,000+ Word Blog Posts Get More Traffic (A Data-Driven Answer).”

Yes, friends, the reason that longer blog posts are better is derived from…science. (No, I won’t post the song. You can find it yourself.)

By dm4244 – Own work, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=63061280

You see, short blog posts can be great if a human is reading them. (Or perhaps not. We’ll come back to this later, when I give you 70 reasons why longer posts can be better in some cases.)

But in many cases, HUMANS AREN’T THE ONES READING BLOG POSTS. At least not directly.

Perhaps I’m going out on a limb here, but I suspect that most of you don’t wake up every morning and say to yourselves, “I’d better go check the Bredemarket web site and see if there’s a new blog post.” That’s NOT how this website, or many websites, get the majority of their traffic. In many cases, people visit a particular blog post because they’re searching for an answer to a question.

A question that they asked a search engine.

As a result, the people aren’t reading the blog posts. THE SEARCH ENGINE is reading them.

And how do search engines find content? Patel’s post links to another post that discusses long-tail search engine optimization. In brief, this post asserts (and Patel agrees) that more descriptive phrases are more beneficial than single words.

Let’s use an example, and say that you’re looking for a writer who specializes in biometrics. If you search for “biometrics,” you will get a lot of results that don’t really pertain to what you’re seeking. Perhaps “biometric writing” might be better, but, as I found out (iguana food, you know), that presented a number of results about a particular biometric modality. “A writer who specializes in biometrics,” while not yielding perfect results (yet), appears to provide results that are much closer to what you’re seeking.

Back to Neil Patel. His post includes a graphic (I don’t have permission to reproduce it here, so you’ll have to find it) that asserts that 70% of search traffic is long-tail traffic. And it stands to reason that longer posts will tend to have more of those longer phrases that are search engine gold. (Don’t try shorter posts that use keyword stuffing; Google’s on to that.)

In summary, posts often AREN’T read by people, but by search engines that are seeking the phrases for which searchers desire the answers to questions.

Why not go to seventy different sites to answer your question?

But Patel asserts that there are other advantages to longer posts. One of these is the fact that a comprehensive post on a particular topic will serve the reader better, since it can answer all of his or her questions.

How many of you groaned when you saw my question above about visiting seventy different sites? If you want a comprehensive answer to your question, I’m sure that most people would prefer to read one comprehensive well-written post instead of reading seventy different posts.

Here’s part of what Patel said on this particular topic:

You’re perceived as an authority in your industry. Your audience appreciates comprehensive posts that delve into intricacies of their pain points. They won’t need to jump on 10 different websites to get the same information.

Yeah, Patel referenced ten sites while I referenced seventy. My pain points are truly painful.

A few moments ago, I made the statement that “short blog posts can be great if a human is reading them.” This is sometimes true, and sometimes not true, depending upon what the human wants to know.

  • If the human’s question is fairly simple—for example, “When did the Cuban Missile Crisis occur?”—then a short post with a single sentence may be sufficient.
  • But what if the human asks a more complex question—for example, “WHY did the Cuban Missile Crisis occur?”—many people aren’t going to be satisfied with a one-sentence answer. This article devotes over 2,500 words to the topic.

So, who’s right on blog post length?

If you’ve come to this post to find the definitive answer on blog post length, I’m going to have to disappoint you.

Blog posts are designed to do one of the following three things:

Regardless of attention span, SEO, or anything else, a blog post will be as long as it needs to be to satisfy its purpose. (Yes, I’m channeling Abraham Lincoln here.)

This particular post is roughly 1,200 words long, which is too long for a “succinct” blog post and too short for a Patel-optimized blog post. But I don’t feel like padding it to get to an optimum word length, and I don’t feel like cutting anything.

I especially don’t want to cut the George Harrison song.

Rhonda Salvestrini and her secret salesperson

I just listened to an interview of Rhonda Salvestrini, conducted by Sumair Abro. During the interview, Salvestrini made the following point:

Content for your business is one of the best ways to drive organic traffic. It’s your secret salesperson because it’s out there working for you 24/7. And it’s evergreen, so not only is it working…day in and day out…it’s available years down the road.

Rhonda Salvestrini
By Luke Rauscher – James Bond (Daniel Craig) figure at Madame Tussauds London, CC BY 2.0, https://commons.wikimedia.org/w/index.php?curid=86705881

Excellent point. In my 17 years of online writing, I’m consistently surprised when someone contacts me about something that I wrote years ago. The Internet, for better or worse, never forgets.

So if you’re reading this quote in 2029, and the quote inspires you, let Rhonda know.

And if you’re reading this in 2020 or 2021 and are looking for a writing coach to give your enterprise a voice, Rhonda is available to assist you.

(If you’d prefer to outsource the writing rather than doing it yourself, Bredemarket can help.)

Finally, if you want to hear the rest of the conversation between Salvestrini and Abro, here it is. Both the interviewee and the interviewer share many other insights on content creation.

And yes, Rhonda, this blog post has far fewer than 3,000 words, which kinda sorta limits its repurposing.

Or maybe not.

Words matter, or the latest from the Security Industry Association on problematic security terms

I may have accidentally hit upon a post series.

In my previous installment of “Words Matter,” published a little over a month ago on November 12, I described how Simon A. Cole made a distinction between words such as “decision,” “interpretation,” and “findings” when talking about how forensic results are described. The passage of time, and the perceptions that change over time, affect how words are used.

There are other examples of how perceptions change over time. Those of us who were alive in the 1960s may remember how the cigarette advertisement phrase “you’ve come a long way, baby” was initially perceived as a liberating, feminist phrase.

Similarly, those of us who were alive in the 1960s may remember that the Washington Redskins were infamous for being the last NFL team in the modern era to add a black player to its roster. The fact that the Washington Redskins were the Washington REDSKINS was not a matter of concern for most people. (Now is the time for a confession: even today, I own a Washington Redskins keychain and a Washington Redskins cup. But I don’t flaunt my ownership of these items.)

Let’s move to the tech world, in which terms that were OK with most people a few years ago are now questionable. The Security Industry Association has compiled a list of some common security terms which, in the SIA’s view, exhibit “language bias.”

Now I’ll be the first to admit that the SIA’s view is not a universal view. There are a number of people who would reply “get over it” if someone objected to one of these terms. (At the same time, there are a number of people who wonder why these terms were ever adopted in the first place.)

I’ll confess that, with the exception of master/slave, I hadn’t really thought about the offensiveness of these terms. And I wondered if the proposed replacement terms would prove to be clunky and unusable.

Well, in my opinion, the SIA did a pretty good job in proposing some new terms that are workable without being offensive. Take the SIA’s proposed replacement for master/slave, for example. The SIA’s proposal to remove the “language bias” that references slavery in the United States and other nations is to substitute the word “primary” or “commander” for “master,” and “secondary” or “responder” for “slave.” The replacement terms convey the security meaning well.

Here are some other proposed terminology changes from the SIA:

  • Change “blacklist” to “blocklist.” Heck, this is just a one letter change.
  • Change “whitelist” to “allowlist.” Perhaps it seems a teeny bit clumsy on first reading, but this would definitely work.
  • Change “black hat” and “white hat” to “bad hat” and “good hat,” or alternatively to “malicious hacker” and “ethical hacker.” Incidentally, the alternative terminology effectively dodges another issue that is unrelated to race or sex bias, namely whether “hacker” and “malicious hacker” are synonyms.
  • For connectors, change “male” and “female” to “plug” and “socket.” This probably conveys the meaning better than the original terms did.

Now the Security Industry Association is just one entity, and I’m sure that other entities are coming up with other terms that replace the older terms. As of today, Wikipedia lists 11 different replacement pairs for master/slave alone, including primary/secondary (BIND), primary/replica (Amazon and Microsoft, among others), provider/consumer (OpenLDAP), and others. There are also multiple alternatives to blacklist/whitelist, including the aforementioned blocklist/allowlist, and other pairs such as deny list/allow list and block list/allow list (with spaces).

All of these suggestions are going to float around and compete with each other, and various trade associations, governments, and other entities are going to adopt one or more of these, causing people who do business with these associations/governments/entities to adopt them also. And there will be the usual debate in those places where standards, like sausages, are made.

After all of these standards battles are complete, which set of terms will prevail?

That’s easy.

LOS ANGELES – MARCH 14: Guest arrives for the 2019 iHeartRadio Music Awards on March 14, 2019 in Los Angeles, California. (Photo by Glenn Francis/Pacific Pro Digital Photography). By Toglenn (Glenn Francis) – This file has been extracted from another file: Taylor Swift 2 – 2019 by Glenn Francis.jpg, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=81523364

The terminology adopted by Taylor Swift will be the terminology that will be adopted by the rest of the world.

Sorry, SIA, but the general population cares much more about what Taylor Swift believes. Perhaps if SIA changed its acronym to TAYLOR, things would be different.

Swift (not to be confused with the Society for Worldwide Interbank Financial Telecommunication) is today’s Oprah Winfrey, and unlike Winfrey is referenced by cybersecurity practitioners.

And she can write a catchy chorus.

(Past illustrations) Improving, or not improving, a company’s Internet presence

(This past illustration describes something that I performed in my career, either for a Bredemarket client, for an employer, or as a volunteer. The entity for which I performed the work, or proposed to perform the work, is not listed for confidentiality reasons.)

PROBLEM

A company that had been around for years had obviously not adopted a comprehensive Internet/social media strategy. The company’s website had broken links and outdated information. The company had multiple social media accounts on multiple platforms. On one social media platform, the company’s old account had more followers than the new account, and the old account linked to the company website while the new one did not.

SOLUTION

I sent a cold email to the company, pointing out a few of these errors, and offering to provide them a quote to analyze 68 web and social media pages related to the company and its principals.

After one follow-up email, it was obvious that the company was not interested.

RESULTS

A month later, the company’s website had broken links and outdated information. The company had multiple social media accounts on multiple platforms. On one social media platform, the company’s old account had more followers than the new account, and the old account linked to the company website while the new one did not.

You know you’re a writer when you mispronounce words

I returned to my Bredemarket podcast after a brief absence and recorded this episode late this morning. While recording the episode, I made reference to the Mayo Clinic.

After recording and publishing the episode, I began wondering if I had pronounced “Mayo” correctly. When I spoke the word during the episode, it sounded more like an ancient civilization than a condiment.

By Daniel Schwen – Own work, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=7647000

So, because the Internet knows everything, I searched for the proper pronunciation of “Mayo Clinic” and located this YouTube video.

Yep…it’s a condiment.

By jules – rolls royce mayonnaise, CC BY 2.0, https://commons.wikimedia.org/w/index.php?curid=35344899

And this was not a simple five second video. The video is a minute long and constantly repeats “Mayo Clinic,” reminding me over and over of my mistake.

And that, my friends, is how you can identify a writer. Writers can’t pronounce things.

Is “social distancing” socially distant? It depends.

I’m attending a webinar, organized by The Economist and sponsored by Onfido. The webinar’s title is “A whole new (contactless) world: The rise of digital identity.”

The keynote interview just finished, and the interviewee was Anne Chow of AT&T Business.

In the course of the interview, Chow observed that she does not care for the term “social distancing,” and would prefer to use the term “physical distancing.” She noted that our social links are what are keeping us together as we are distant from each other.

However, this is more or less true depending upon who you are. Some people are just fine or mostly fine with electronic interactions with coworkers and others, while others are truly bothered by it.

For example, there are those who are comfortable with Zoom and Teams and Meet and WebEx and all of the other conferencing platforms, as well as asynchronous communications methods (including old fashioned email).

Then there are others. For example, some people refuse to use telehealth and insist on seeing physical doctors, and refuse to use phone trees and start pressing “0” the first chance they get. (And some of them don’t like absentee ballots, but that’s a different issue.)

And it doesn’t matter how good the technologies get, whether you’re talking about 5G (or 6G or 7G), Internet of Things, or Edge Computing. It won’t be the same.

So how do we construct a hybrid world that allows those who need physical interaction to co-exist with those who do not?

Bredemarket’s four goals for 2021 (the 12/4/2020 11:00 am edition)

These goals were subsequently revised on 1/8/2021 at 9:30am.

This is the time of year when companies and people publish end of year posts. Frankly, I don’t really feel like writing an end of year post for 2020, so instead I will share my goals for Bredemarket for 2021.

Goal 1: Help my clients to communicate and reach (and understand) their goals. My chief goal, of course, is to help my clients reach THEIR OWN goals. Bredemarket aims to thoughtfully and strategically provide marketing and writing services that align with client needs.

If I may briefly look back at 2020 in a positive light, I have helped clients establish themselves as subject matter experts, I have helped them to attract customers in the best possible way, and I have helped them to win business. I’m not sure how much additional business I’ve won for any of these firms, but hopefully I’m helping them lay the groundwork for securing future opportunities.

Part of my services involves determining WHAT clients actually need. Some of my clients simply ask for a blog post, but there’s often a need to dig deeper. For example, several small businesspeople and I were recently discussing how to use the “five whys” to elicit underlying needs from clients. What is this deliverable (white paper, blog post on 2021, whatever) supposed to accomplish?

Goal 2: Pursue multiple income streams. This is really an internal goal for Bredemarket, but it affects my approach.

While I know WHAT I want to do—I’m not going to quit marketing and writing and start selling nutritional supplements—I’m exploring HOW I want to do it. In some cases I’m approaching potential clients directly, while in others I’m using one of several intermediaries to do it.

There are advantages and disadvantages to direct vs. intermediary solicitation, but it’s wise to have multiple options. Some options may perform better at some times, while others perform better at other times. We’ll see what happens.

Goal 3: Eat my own iguana food. This very post originated from this particular goal. I’m preparing to pitch clients on writing 2021 blog posts for them, so I thought it best if I wrote my own.

Some of my other recent activities, such as my establishment of LinkedIn Showcase Pages for identity and technology, also satisfy this goal (and originated from another pitch idea).

Goal 4: Have fun. Years ago, when I was working for a large company (it might have been the original pre-Solutions/Mobility Motorola), I told a group of people at work that I was going to “play” with something. Use of the term “play” in relation to work did not sit well with some of the group, who thought I wasn’t taking things seriously. Others in the group knew exactly what I was talking about.

When work is fun, and you can approach it with a sense of play, it not only isn’t work, but you’re more energized about doing it. Obviously not everything can be play, but when there are opportunities to enjoy what I do, I’m going to take advantage of them.

Goal 5: Be prepared to change. This is the point where perceptive readers interject, “But John, the title only mentions FOUR goals! You goofed!”

Consider this fifth goal an added bonus! (And I’m, um, playing with your perceptions…)

If I can briefly refer back to 2020 again, it has been a year of pivots for most of us. For me, I had to pivot early in 2020 when COVID forced my employer to re-evaluated its business lines, then I pivoted again a month later when I had to start working from home, and then I pivoted three months after that, etc., etc. You’ve probably had to pivot a few times yourself.

So I recognize that these goals as of December 4, 2020 at 11:00 am may change as soon as December 5, 2020 at 9:00 am. “But,” as Stuart Smalley would say, “that’s…OK.”

What are YOUR goals for 2021? Oh, and can I help you express them? And what do you want to accomplish by expressing them?

Why?

Why?

Why?

Why?

Why?

Identity assurance levels (IALs) and digital identity

There is more and more talk about digital identity, especially as COVID-19 accelerates the move to contactless and remote transactions. However, there are many types of digital identity, ranging from a Colorado, Louisiana, or Oklahoma digital driver’s license to your Facebook, Google, or Microsoft ID to the online equivalent of my old Radio Shack Battery Club card.

All of these different types of digital identities suggest that some identities are more rigorous than others. For example, I’ve lost track of how many digital identities I’ve created with Google over the years, but if California ever gets around to implementing a digital driver’s license, I’ll only have one of them. (And I won’t be able to get another license in Nevada.)

In this particular case, the government IS here to help.

The U.S. National Institute of Standards and Technology has defined “identity assurance levels” (IALs) that can be used when dealing with digital identities. It’s helpful to review how NIST has defined the IALs. (I’ll define the other acronyms as we go along.)

Assurance in a subscriber’s identity is described using one of three IALs:

IAL1: There is no requirement to link the applicant to a specific real-life identity. Any attributes provided in conjunction with the subject’s activities are self-asserted or should be treated as self-asserted (including attributes a [Credential Service Provider] CSP asserts to an [Relying Party] RP). Self-asserted attributes are neither validated nor verified.

IAL2: Evidence supports the real-world existence of the claimed identity and verifies that the applicant is appropriately associated with this real-world identity. IAL2 introduces the need for either remote or physically-present identity proofing. Attributes could be asserted by CSPs to RPs in support of pseudonymous identity with verified attributes. A CSP that supports IAL2 can support IAL1 transactions if the user consents.

IAL3: Physical presence is required for identity proofing. Identifying attributes must be verified by an authorized and trained CSP representative. As with IAL2, attributes could be asserted by CSPs to RPs in support of pseudonymous identity with verified attributes. A CSP that supports IAL3 can support IAL1 and IAL2 identity attributes if the user consents.

Interestingly, the standard assumes that pseudonymous identity can be proofed…but this requires that SOMEONE know the actual identity.

And in practice, the “physical presence” requirement of IAL3 can be met by either being “in-person,” or in a “supervised remote” case. (This is needed to make sure that I don’t register with someone else’s face, for example.)

So when considering the robustness of any digital identity scheme, it’s necessary to ascertain whether the digital identity can reliably be mapped to a real life identity. This doesn’t necessarily mean that IAL1 is bad per se; in some cases, such as my old Radio Shack Battery Club example, a robust mapping to a real life identity is NOT necessary.

But in other cases, such as a need to gain entrance to a nuclear power plant, that reliable mapping IS essential.

Someone once said that I look like this guy. By US Embassy London – https://www.flickr.com/photos/usembassylondon/27595569992/, Public Domain, https://commons.wikimedia.org/w/index.php?curid=49663171

Biometric writing, and four ways to substantiate a claim of high biometric accuracy

I wanted to illustrate the difference between biometric writing, and SUBSTANTIVE biometric writing.

A particular company recently promoted its release of a facial recognition application. The application was touted as “state-of-the-art,” and the press release mentioned “high accuracy.” However, the press release never supported the state-of-the-art or high accuracy claims.

By Cicero Moraes – Own work, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=66803013

Concentrating on the high accuracy claim, there are four methods in which a biometric vendor (facial recognition, fingerprint identification, iris recognition, whatever) can substantiate a high accuracy claim. This particular company did not employ ANY of these methods.

  • The first method is to publicize the accuracy results of a test that you designed and conducted yourself. This method has its drawbacks, since if you’re administering your own test, you have control over the reported results. But it’s better than nothing.
  • The second method is for you to conduct a test that was designed by someone else. An example of such a test is Labeled Faces in the Wild (LFW). There used to be a test called Megaface, but this project has concluded. A test like this is good for research, but there are still issues; for example, if you don’t like the results, you just don’t submit them.
  • The third method is to have an independent third party design AND conduct the test, using test data. A notable example of this method is the Facial Recognition Vendor Test series sponsored by the U.S. National Institute of Standards and Technology. Yet even this test has drawbacks for some people, since the data used to conduct the test is…test data.
  • The fourth method, which could be employed by an entity (such as a government agency) who is looking to purchase a biometric system, is to have the entity design and conduct the test using its own data. Of course, the results of an accuracy test conducted using the biometric data of a local police agency in North America cannot be applied to determine the accuracy of a national passport system in Asia.

So, these are four methods to substantiate a “high accuracy” claim. Each method has its advantages and disadvantages, and it is possible for a vendor to explain WHY it chose one method over the other. (For example, one facial recognition vendor explained that it couldn’t submit its application for NIST FRVT testing because the NIST testing design was not compatible with the way that this vendor’s application worked. For this particular vendor, methods 1 and 4 were better ways to substantiate its accuracy claims.)

But if a company claims “high accuracy” without justifying the claim with ANY of these four methods, then the claim is meaningless. Or, it’s “biometric writing” without substantiation.