As you know, we’ve created a set of recommended guidelines for gathering, handling and inspecting digital media used to make business decisions.
This week we’ll discuss the fifth guideline, Processing.
What is Processing?
Processing is a method of performing some type of operation on an image. Unlike tampering that we discussed a couple of weeks ago, the processing of digital media is not definitively associated with fraud or any kind of malicious intent. Processing can occur totally inadvertently as a result of internal operations, poorly maintained chain of custody and/or tracking changes to the media.
- Resizing / compressing
- Reformatting
- Removal of metadata like time or location
Resizing
Resizing can sometimes be done to improve the speed in which the image can be uploaded to a system when sent via text or email. Resizing also saves storage space making it an appealing operation.
Reformatting or Removal of Metadata
Reformatting can happen when:
- converting digital media (photos, videos or documents) from one format to another
- photos are embedded and sent via email (images that are attached to an email are generally safe from reformatting)
- certain types of file-sharing or file transfer applications are used
- cropping elements of photos that may (or may not be relevant) to the context of the photo
Since the source of reformatting can be difficult to track in these instances, we suggest that businesses follow a constrained and well-understood set of photo gathering procedures to avoid inadvertent processing.
Impact of Processed Images in the Insurance Process
While processing of digital media is not always associated with fraud, caution should be taken with any photos that appear to be processed. If the source of processing cannot be root-caused or eliminated, the photos should not be assumed to be business quality.
How Attestiv Helps Control Processing
Although there is no “one size fits all” solution for eliminating processed images, we recommend the following:
- Pinpoint and eliminate inadvertent processing
By using fingerprinting and validating the fingerprint at various points in the image capture and transport process, it is possible to pinpoint exactly where the processing is happening and potentially replace any processes failing preserve the integrity of the image - Move legitimate processing to the point of fingerprinting
Attestiv allows for secure sizing/formatting of the image at point of capture — for instance, resizing the photo because of a low bandwidth network environment. Consider having an application adjust the resolution of the camera based on available bandwidth prior to taking the photo. This establishes a chain of custody for the legitimately resized image and minimizes the window for fraudulent edits. - Importing the processed image
While only recommended in cases where the image traverses a secured and trusted device and network, a processed image can be imported into the Attestiv system, but will maintain a lesser yellow status for the fingerprint, rather than a green status verifying provenance from the point of capture. Because the yellow status represents a lower confidence level, it should be used only in cases where processing or editing after the point of capture is absolutely necessary or unpreventable
While none of these are simple solutions, eliminating undesirable processing is a critical aspect of ensuring business quality digital media.
| Category | Risk | Remediation | Attestiv Platform Solution |
|---|---|---|---|
| Processing | Legitimate alterations to media appear fraudulent | Eliminate source of undesirable processing of media | Multiple options - Elimination - Move to point of fingerprinting - Import secure edits |
Attestiv offers a suite of solutions to implement, enforce and audit best practices for digital media intake. Attestiv can be customized and implemented discretely via APIs to build a set of best practices around digital media intake that are sustainable, consistent and tamper-resistant, as part of an incremental business improvement process.
Join us next week as we discuss the last guideline #6 – Contextual Anomalies.
