Business Quality Digital Media Guideline #5: Processing

Share on linkedin
Share on twitter
Share on facebook
Share on email
Share on print
As you know, we’ve created a set of recommended guidelines for gathering, handling and inspecting digital media used to make business decisions. This week we’ll discuss the fifth guideline, Processing.

What is Processing?

Processing is a method of performing some type of operation on an image. Unlike tampering that we discussed a couple of weeks ago, the processing of digital media is not definitively associated with fraud or any kind of malicious intent. Processing can occur totally inadvertently as a result of internal operations, poorly maintained chain of custody and/or tracking changes to the media.

Examples of processing can include:
  1. Resizing / compressing
  2. Reformatting
  3. Removal of metadata like time or location

Resizing

Resizing can sometimes be done to improve the speed in which the image can be uploaded to a system when sent via text or email. Resizing also saves storage space making it an appealing operation.

Reformatting or Removal of Metadata

Reformatting can happen when:

  • converting digital media (photos, videos or documents) from one format to another
  • photos are embedded and sent via email (images that are attached to an email are generally safe from reformatting)
  • certain types of file-sharing or file transfer applications are used
  • cropping elements of photos that may (or may not be relevant) to the context of the photo 
photo showing on a mobile phone that is about to get cropped
a photo of golf clubs being embedded into a new email

Since the source of reformatting can be difficult to track in these instances, we suggest that businesses follow a constrained and well-understood set of photo gathering procedures to avoid inadvertent processing.

Impact of Processed Images in the Insurance Process

While processing of digital media is not always associated with fraud, caution should be taken with any photos that appear to be processed. If the source of processing cannot be root-caused or eliminated, the photos should not be assumed to be business quality.

How Attestiv Helps Control Processing

Although there is no “one size fits all” solution for eliminating processed images, we recommend the following:

  1. Pinpoint and eliminate inadvertent processing
    By using fingerprinting and validating the fingerprint at various points in the image capture and transport process, it is possible to pinpoint exactly where the processing is happening and potentially replace any processes failing preserve the integrity of the image
  2. Move legitimate processing to the point of fingerprinting
    Attestiv allows for secure sizing/formatting of the image at point of capture — for instance, resizing the photo because of a low bandwidth network environment. Consider having an application adjust the resolution of the camera based on available bandwidth prior to taking the photo. This establishes a chain of custody for the legitimately resized image and minimizes the window for fraudulent edits.
  3. Importing the processed image
    While only recommended in cases where the image traverses a secured and trusted device and network, a processed image can be imported into the Attestiv system, but will maintain a lesser yellow status for the fingerprint, rather than a green status verifying provenance from the point of capture. Because the yellow status represents a lower confidence level, it should be used only in cases where processing or editing after the point of capture is absolutely necessary or unpreventable

While none of these are simple solutions, eliminating undesirable processing is a critical aspect of ensuring business quality digital media.

Category Risk Remediation Attestiv Platform Solution
Processing Legitimate alterations to media appear fraudulent Eliminate source of undesirable processing of media Multiple options - Elimination - Move to point of fingerprinting - Import secure edits

Attestiv offers a suite of solutions to implement, enforce and audit best practices for digital media intake. Attestiv can be customized and implemented discretely via APIs to build a set of best practices around digital media intake that are sustainable, consistent and tamper-resistant, as part of an incremental business improvement process.

Join us next week as we discuss the last guideline #6 – Contextual Anomalies.

Attestiv

Attestiv

Sign up for our Newsletter

Nicos Vekiarides

Nicos Vekiarides

Nicos Vekiarides is the Chief Executive Officer & co-founder of Attestiv. He has spent the past 20+ years in enterprise IT and cloud, as a CEO & entrepreneur, bringing innovative new technologies to market. His previous startup, TwinStrata, an innovative cloud storage company where he pioneered cloud-integrated storage for the enterprise, was acquired by EMC in 2014. Before that, he brought to market the industry’s first storage virtualization appliance for StorageApps, a company later acquired by HP.

Nicos holds 6 technology patents in storage, networking and cloud technology and has published numerous articles on new technologies. Nicos is a partner at Mentors Fund, an early-stage venture fund, a mentor at Founder Institute Boston, where he coaches first-time entrepreneurs, and an advisor to several companies. Nicos holds degrees from MIT and Carnegie Mellon University.

Mark Morley

Mark Morley is the Chief Operating Officer of Attestiv.

He received his formative Data Integrity training at Deloitte. Served as the CFO of Iomega (NYSE), the international manufacturer of Zip storage devices, at the time,  the second fastest-growing public company in the U.S.. He served as the CFO of Encore Computer (NASDAQ) as it grew from Revenue of $2 million to over $200 million. During “Desert Storm”, Mark was required to hold the highest U.S. and NATO clearances.

Mark authored a seminal article on Data Integrity, that was published in the online Wall Street Journal. Additionally, he served as EVP, General Counsel and CFO at Digital Guardian, a high-growth cybersecurity company.

Earlier in his career, he worked at an independent insurance agency, Amica Mutual Insurance Company as a claims representative, and later, was the CEO of the Bermuda captive insurance subsidiary of a NYSE company. Also, he was the president of WorldPath Health, an international healthcare company.