Rewatch our CIPHR Connect partner TrustID on CIPHR’s stand at the CIPD HR Software Show (filmed on 13 June 2018)
Gavin explored how electronic identity checks make right to work processes more efficient, consistent and reliable. He also shares evidence of how technology has helped organisations identify fraudulent applicants and support compliance audits.
CIPHR Connect is an ecosystem of trusted business applications that integrate seamlessly with CIPHR’s powerful HR and recruitment solutions.
If you have any questions about CIPHR Connect and are a current CIPHR customer, please contact your account manager. If you are new to CIPHR, call us on 01628 814 242 or email firstname.lastname@example.org.
So, why do you need to do document checks? Well, firstly, it’s a legal requirement under the Immigration Act. So, you have right to work checks where you have to check the validity of the nationality of that person in order for them to work. But the Immigration Act also covers right to rent, right to a license, and multiple other factors which I won’t go into because I’ll be here all day. But really, as a result of that, there’s criminal and civil sanctions. And one of the big things that has come out of illegal working is on the gov.uk website. They actually issue a quarterly list of companies who have failed to pay their fines. So, to actually appear on that list is quite a risk in itself to a company’s reputation.
So, what’s the reasoning behind right to work in the first place? So, whatever your view on immigration and the Immigration Act, this is what the government state is the reason and the driver for bringing right to work in the first place. So, the ability to work is a key driver of illegal migration. So, where you have good economies such as the UK, it will always be an attractive option for people to come to the UK to work, and to work illegally. But unscrupulous businesses will undercut those who are legitimate and have an unfair advantage. Then, there is tax evasion, the negative impact on wages with other workers, and exploitative working conditions. So, these all fit hand-in-hand, and actually it follows to draw a Venn diagram with an identity document in the middle. You’d have all of these different bits around it, in addition to things like accounts of fraud, modern slavery, trafficking, a multitude of other different cross-cutting things.
So, what’s the right to work check? Well, basically, it’s a check on a specified document on a specified list which is acceptable for showing permission to work. So, the lists are available in the gov.uk website. Primarily, you’re talking things like passports, identity cards, visas, biometric residence permits, and then the secondary list is things like birth certificates, certificates from HMRC, things with your National Insurance number on. And the guidance from the government is three-step. It’s very simple: obtain the original, check the validity in the presence of the holder, and you make him retain a clear copy, and record the date of the check. Now, that can be quite time-consuming. And TrustID, and there are other companies as well, that have realised that that can be very time-consuming for HR professionals, and especially checking the validity of a document. So, they’re somewhere in the region of around 3,500 to 4,000 different issued travel documents in circulation in the world at any one time. So, nobody can be a master at knowing exactly what an Estonian passport is like in comparison to a British passport. But verification solutions can take that pain away from you and validate the documents so they have the ability to validate lots of different documents. But what’s really interesting on this is that, a point that people miss is that right to work checks need to be done on everyone. So, regardless of whether you’re a British citizen or not, they have to be done on every one out of fairness. And it’s discriminatory to accept somebody who’s British and not check their documents in exactly the same way as you would from any other person from an EU member state or outside the EU.
So, what’s the overall picture with illegal working? So, one of my roles within TrustID is to look at the intelligence that we gather from all of our clients. And we’ve got clients from a multitude of different sectors who are using ID validation technology to do right to work checks, right to rent checks in a security environment, in accounts of fraud environment, whether that’s in the NIHS or financial services. But specifically, in relation to right to work, I had a look at the clients that are conducting checking in a right-to-work environment, and we saw that we have a like a top five high-risk areas of sub sectors within right to work, and they’re in that order. So, the highest risk area that we’ve got at the moment is construction, followed by general, I’d say, generic recruitment processes, then umbrella payroll companies, medical recruitment, and hotel/hospitality companies. So, we specifically separate medical recruitment because there’s a bigger safeguarding risk than there would be under normal HR recruitment. But what’s interesting about that is that you’ve got some sectors there, certainly construction and the hotel/hospitality industry, that you’ve got a very high turnover of staff, possibly not from the UK, possibly lowly-paid, where you don’t need an awful lot of qualifications. And then you start to see those type of sectors appearing where we see more and more of counterfeit and false documents.
So, taking those documents within those sub sectors, I did a split on what type of documents were actually produced. And you can see there that over 45% were passports. Passports seemed to be the most common document that we get produced and seen by our clients, closely followed by ID cards. And when I say ID cards, that is… Oh, I’m sorry. I’ll move away from speaker there without standing in front of you. I’ll stand across here. So, when I say ID cards, that’s gonna be EU ID cards, EU member state ID cards, and visas. We see an awful lot of paper residence permit cum visas that are pasted into passports that are genuine. So, you generally have genuine passports that have expired, and that person in order to validate their stay in the UK, has then gone to a counterfeiter to get a counterfeit visa. So, a counterfeit visa generally in a genuine passport. And then, 10.5% Biometric Residence Permits and biometric… Does anybody know what a BRP is, Biometric Residence Permits? They’re small driving license-sized documents, got a biometric chip that you can extract the data from, really, really secure document. But actually from a counterfeiting point of view, really easy to counterfeit, because all the counterfeiter needs to do is buy up 500 blank, old, stowed phone cards from China for about a penny and then just print both sides, just to give it that air of authenticity. So, whereas the paper visas actually require more of a counterfeiting process because you need hot foil presses and various different printing processes to go in there, the Biometric Residence Permits, genuine ones have superseded paper residence permits but actually, conversely, they’re actually easier to counterfeit. So as paper visas will fall away and Biometric Residence Permits are now the genuine document, expect that change to occur and more counterfeit BRPs to be in existence.
So, I’ve deliberately on this side, excluded UK nationality from here and there’s a reason why, which I’ll come on to later. But the most common nationalities relating to false passports and ID cards, again in that order, France, Nigeria, Portugal, Netherlands, and India, really seeing a big, strong presence of French documentation at the moment with a lot of people from places like Eritrea. And bizarrely enough, a friend of mine works professionally in a modern slavery environment and Eritrea is one of the top five countries for modern slavery and trafficking. So, there’s clearly a link there somewhere between right-to-work, illegal migration, and trafficking. Nigeria, 10%, one of the common things that we’ll see on Nigerian documents is genuine passport with a biometric page taken out and replaced. And of course, when it’s scanned on a desktop scanner, it’s scanning the biometric chip and it extracts the image of the original holder, who’s generally a 12-year-old girl and then you’ve got an image of the 45-year-old male sitting next to her. But actually, these are the things that the fraudsters do and the counterfeiters do to try and circumvent the system and try and make a document seem more authentic than actually what it is. And then, you’ve got Portugal, Netherlands, and India. Now, what’s interesting with those particular countries is that they’re old-style colonial countries going back to the imperialistic days. And generally, because there’s a language similarity, so we will see a lot of people from India purporting to be Portuguese because of the link with Gullah. We’ll see a lot of people from places like Congo, Algeria purporting to be French just purely because there’s the language similarity there. So, part of this work is actually remembering your old-style history and going back to the imperialistic days.
And there we go British documentation. So, actually, British documentation is the biggest proportion that we will see. And again, that goes back to treating British people or people who have got British documents exactly the same as you would from any other country. Because the evidence that we’ve seen shows that it’s actually the largest proportion of documents in terms of nationality that you’ll come across and that’s because you’ve got a bigger pool of documents. Biometric Residence Permits that you’ll see are British-issued. You’ll also see British passports but you’ll also see visas and residence permits as well. So, you’ve got a bigger pool of British-issued documents that you’ll see in relation to, for instance, from India, there’ll only be a passport. So, I’ve been looking at the intelligence probably for about the last two years now, and it’s consistently the same in relation to a right-to-work environment that the false documents that are seen are actually generally poor quality, but it allows for more validation technology solutions and options to be deployed by you, guys. So, I certainly wouldn’t want to travel on some other documents that I see. You’d be impounded or sitting in a cell for several days. But the quality for us, and we see documents every day so it’s easy for us to tell, is generally poor. But for people in an HR environment who may not come across counterfeit documents that often, they may bypass and get through in there.
So, I’m just gonna move on to what the actual solutions provide and what we do as TrustID. So, when we speak to a client, it’s very much of a consultative approach. So, we will look at a client’s risk and establish what that is. Is it a compliance issue? Is it really a security issue or is there a commercial issue in relation to brand reputation? How are you going to mitigate that risk, we’ll therefore determine what validation level of checking documents you’ll need. So, not everybody will want and need the all singing-dancing system that’s got bells attached. Some people in a certain sector may actually want a lesser option. And the client considerations go beyond that because it’s around ease-of-use and the operational processes. How would you integrate a TrustID system into a wider HR system to make your life easier to actually take that burden away from doing the steps that are directed from the government into just one check in seconds. And probably, one of the biggest factors is cost. Is it affordable? And what level of support are you gonna get from that company? What level of support will you get from us? So, from TrustID’s purposes, we’ve got a document help desk where clients can ring in any time during office hours and that help desk is run by people who have been in border force. I’ve had training from Immigration Service. We’ve got people who are ex-military as well, and these are people that have seen documents every single day.
So, these are the three main validation technology solutions that we provide. So the top one, you’ll see the desktop scanner which is the kind of thing that you’ll see at border control and it will be the highest form of validity. So, what you’ll do with a biometric document, you can put it into the reader. It will read it within about a second and a half to two seconds and it’ll extract all the data from the chip and cross check it against the data that’s held on the actual page that you can see. And that’s really good for an environment where you’ve got to see genuine documents being produced to you there and then. Because what it does, it takes that training burden away from staff and having to flick through every single page, and looking at a document in real in-depth in a time-consuming way, when you can just put it on a machine and it will validate it for you. So, the middle option that we’ve got there is our cloud browser and that’s really good for checking PDF copies of documents. So, you can still do a form of validation even on a copy document, but you’ve gotta be aware that there’s a sliding scale of validation here, in terms of what your solution is. So, on a PDF document, you’re obviously not gonna be able to open any kind of chip data, so you’ll only be reliant on the data that you’ve got in front of you. But what we found is with clients, certainly, and again, in a right-to-work environment where they’ve already got people on file, they may have a combination of solutions deployed. So, they may onboard new people with a desktop scanner, but actually do retrospective checks on existing employees using the cloud because they’ve already seen that document. And the third option is a mobile app and that’s really good for, for instance, cleaners. So, when you’ve got gangmasters who are going onto sites and cleaning companies who are gonna be seeing people go from one site to another, to another, to another, you can validate that it’s that person on site rather than relying on, “Oh, it’s Bob who’s turned up again,” and they’ve turned up again in another venue, and another venue. And you’ve got different foremen or gangmasters who don’t actually know who Bob was from the day one of onboarding to the third job that they’ve done. So, it’s really quite a good mobile solution. And on the right-hand side is the report that’s generated from all of those solutions, and I’ll go on to that in a bit more in-depth.
So, this is an example PDF of what will be the output from scanning a physical document on a desktop scanner. And you’ll notice that on the right-hand side, you’ll see there’s three images of the passport. So, it’s taken a photograph of the actual front page. It’s taken another image under infrared, and it’s taken another image under ultraviolet. So, what you’re doing is the security features within the infrared aspects of the document and likewise with the ultraviolet features. And you’ll also see that there’s two thumbnail images of the holder. And what it’s done is it’s OCR’d on the document. It’s seen the image of the person on the actual document page, then it extracts it, the document image from within the chip, so you can make a visual comparison. And you’ve got lots of nice green ticks which is what you want to see, which means it’s checked all the validation checks that it’s been through. You’ll also notice, it’s quite hard to read but down on the bottom left-hand side, it will say, “Operator” and that’s quite a good internal tool because it tells you who has scanned that document, who’s accepted it as genuine, and on what time and date. And that should fulfill your requirement under the Immigration Act in terms of copying, examining because you’re validating, and recording the date and the time. So, the Immigration Service are quite happy for you to either keep paper copies or electronic copies as long as you keep a copy. And the benefit with the desktop system is that you can automatically program it, so that all of those PDFs go into one computer file.
Moving on to the cloud solution, and you’ll recall that I said, “It’s about validation techniques and a sliding scale of validation.” You’ll see that there’s actually less on the report on the cloud solution because all it’s done is it’s validated on the actual PDF document, and what it’s checking is the machine-readable zone of that document. So, that machine-readable zone, it’s an international standard and you’ve got set algorithms that generate random check digits, and that’s what it’s checking on. So, it’s a lesser form of validation.
So really, what are the benefits of it? Well, ultimately, it reduces the risk to a business. It reduces that risk of that civil and criminal liability and the civil penalties, it protects your brand and it also protects against internal fraud. So, the actual desktop system has got an audit and so you can see and you can monitor what members of staff are checking and who they’re checking, or when they’re checking. You’ve got a lower level of compliance, so you don’t need to have people getting up, going to the photocopier, copying documents, sitting back down, poring over a document to see if it’s genuine or not, having to go online to see if there’s other resources that you can compare to. That process is far quicker than the manual inspection and photocopy that you would have on a document. And as a result of that, it reduces any kind of training requirement that you may have around ID documents because you’ve always got new issues of documents coming out daily for all around the world. So, you know, it’s impossible to completely be trained once and then you’re an expert. Like I said, it gives you that more efficient internal audit and ultimately it gives you a quicker and less painful enforcement visit. So, if the Immigration Service come knocking on your door because they wanna do an audit and say, “Where are all your HR files? Where are all your documents that you’ve stored for right to work purposes?” You can say, “They’re there.” So, rather than the Immigration Service taking three days to go through your processes and it being a really painful process, maybe half a day. Ladies and gents, that’s the end of my presentation. Is there any other questions?