Once a user verifies their identity with Persona, the software performs 269 distinct verification checks and scours the internet and government sources for potential matches, such as by matching your face to politically exposed persons (PEPs), and generating risk and similarity scores for each individual. IP addresses, browser fingerprints, device fingerprints, government ID numbers, phone numbers, names, faces, and even selfie backgrounds are analyzed and retained for up to three years. The information the software evaluates on the images themselves includes “Selfie Suspicious Entity Detection,” a “Selfie Age Inconsistency Comparison,” similar background detection, which appears to be matched to other users in the database, and a “Selfie Pose Repeated Detection,” which seems to be used to determine whether you are using the same pose as in previous pictures. In short, the software “flags you as a ‘suspicious entity’ based on your face alone,” the researchers write. An act that may prove dangerous, as Persona’s software has reportedly made significant mistakes when attempting to estimate the age of users in the past. When paired with AML reporting, such suspicious analysis can quickly lead to the unjust termination of bank accounts. And that seems to be exactly what Persona was built to do. In addition to facial recognition, Persona’s software is able to perform checks on financial data — including running checks on sanctions lists, running checks on cryptocurrency activity via the blockchain analysis firms Chainalysis and TRM Labs, and an interface to file suspicious activity reports (SARs) directly with US and Canadian federal agencies.

🤯