As more of our financial activities shift to the digital space, quickly and securely authenticating users’ identities may be the most pressing topic in banking.
This was clear from Day 2 of FinDEVr, Finovate’s code-heavy spinoff conference for developers, which took place last Wednesday in New York. Five presenters focused on authenticating users and securing mobile apps and devices showed off their services, and in some cases their code: OutsideIQ, VIX Verify, Prevoty, FICO, and Scientiamobile.
Toronto-based OutsideIQ announced the launch of its DDIQ API — the “DD” stands for Due Diligence — which acts like a financial crime expert, CEO Dan Adamson said. The API looks at structured and unstructured data outside a bank’s walls to fill the gap between simple screening and intensive manual investigations. This can be useful for lenders, employers — anyone who wants to know more about a person or company. OutsideIQ also applies artificial intelligence and machine learning to its analysis. It provides both machine-readable and human-readable reports.
VIX Verify out of Sydney demoed GreenID, its identity verification technology. Aimed at global companies looking to onboard customers from different jurisdictions, GreenID helps normalize and standardize data to ID customers at whatever level of rigor is required. Regulations in certain countries require more information than others, and some countries don’t allow extensive access to information on their citizens. GreenID solves this by pulling data from a vast array of sources into its engine, and challenging customers only as much as is necessary. A long form may be offputting, and only a few pieces of information might actually be necessary for the matter in question. Often, customers can have typos in records, or multiple names — Mike, as well as Michael. GreenID considers all of this and produces a score to weigh whether or not a customer can be cleared for a new account, or financial transaction.
Prevoty works with payment processors, financial networks such as stock exchanges, and major retailers to monitor and protect apps and web services from attacks. Attacks can focus on three areas, said Kunal Anand, Prevoty’s CTO: the network (a companywide firewall, for example); the endpoint (a desktop or device); and an application. 80% of attacks today focus on applications, Anand said, and large customers can see as many as 5 million attacks a month. Traditional security lacks contextual awareness and relies on pattern-matching, Anand said. Prevoty instead uses language security, to detect malicious language in script-driven attacks, and embeds its security within apps. Prevoty’s code can be dropped into existing applications to fend off attacks, and served several large customers, apparently successfully, during the last two holiday shopping seasons.
FICO is well known as the company behind the score used in the majority of loan decisions — and many other situations besides that. The San Jose, Calif.-based company has moved from being something static to be checked against to being active at customer contact points in the marketplace, Shalini Raghavan, senior director, product management, said yesterday. FICO technology is now embedded in the services where quick decisions about potential fraud need to be made, at the point of sale, for example, and at the airport, when a TSA agent scans your identity document and the green light comes on (hopefully).
Where Prevoty focuses on the apps, Scientiamobile targets devices — all the mobile devices in the world, according to COO and co-founder Steve Kamerman. Scientiamobile logs device strings — what device, what operating system, what software version, what serial number, and so on — and if the string changes between transactions, the transaction may be flagged. Some string changes are fine, such as an OS update, but others are clear red flags, such as a device known to be a Samsung Galaxy S7 in Minneapolis showing up as an iPhone in Minsk. This authentication process saves FIs on fraudulent transactions, as well as phone calls and frustrated customers, Kamerman said, and is live with global corporations that include Lloyds, Amazon, Facebook, and Google.
Beyond that, some companies are taking on the identity problem with blockchain technology — Paris-based Stratumn is an example — but in any event, securing customers and the services they use by whatever channel or device, is a major challenge and it’s heartening to see the fintech developer community take it on.