This is a transcript of our interview with Dean Nicolls, VP Marketing at Jumio
You can watch the original video interview here
Boris: Hello ladies and gentlemen and welcome to our interview with Dean Nicolls. Dean is a VP of marketing at Jumio corporation and in this role he is helping Jumio become the number one global brand in digital identity verification.
Jumio is the leading ID credentials authentication company that helps businesses reduce fraud, meet regulations and increase revenue while providing a fast seamless customer experience. Dean, thank you for taking your time and for coming to our interview today.
Boris: Can you tell me a short story about Jumio? Why there was a need for your solution?
Dean: Well we started back about 10 years ago and the ways that people did their identity verification back then were mostly based on database lookups. There wasn’t really methods of doing identity verification that provided higher levels of identity assurance, so me saying that I’m Dean Nicolls when I’m filling an online form, well nowadays virtually anyone can say they’re Dean Nicolls and they can provide my address, my phone number and my social security number because all of that information is on the Dark Web.
So the reason we came into being is that companies were looking for higher levels of identity assurance and what they were getting just frankly a database ping. So that was the reason that we came into being and the idea was why not connect to a government-issued ID. And part of that is we think that’s most reliable trust anchor and then you take that and you corroborate that with a selfie, coupled with live detection and then we feel like we have a really good solution for determining if, in fact, I am what I claim to be online.
Boris: Alright, so your company is obviously at the forefront of artificial intelligence, biometrics, ML and according to Gartner you are a category leader in identity proofing and authentication. Can you explain what Jumio offers to the industry? How it differs from other software providers? And what are some examples of your customers' use cases?
Dean: Ok, so I’ll start with your last question. So we normally get involved in when people are creating new accounts online, so this is often in financial services but it spans a lot of other industries as well. So we’re very much involved in sharing economy, the gig economy, we’ve also involved in healthcare and telcos and a variety of other emerging use cases.
But again, where we are often used is when people are creating accounts online and they need to establish trust with strangers, we need to know of some levels of assurance that that person is who they say they are. So the use cases typically people will buy for one of three reasons, they will buy our service for compliance, for KYC and AML compliance to make sure that the people are saying who they say they are or they’re doing it for risk mitigation to make sure to reduce fraud.
And the third one, perhaps the most important, is around user conversions and how can we get more. If we bring 100 people to our website to create accounts how can we end up with 100 new accounts at the end of the funnel, when in fact in most cases they are losing 40 or 50% of those people because the onboarding process is too clunky or too time-consuming or onerous on the end-users.
So those are often the use cases where we get involved, some of the key differentiators that make us different are that first and foremost we created this whole category of leveraging an ID and a selfie that we’ve been doing for the last 10 years and that actually gives us a number of advantages.
One of the advantages is because we’ve seen over 250 million identity verification transactions, we’re actually able to build a really rigorous AI algorithm that helps us better detect fraud as well. So what that means is that smaller providers they might see for example maybe 30 IDs from Lithuania, we’ll see 20.000 on a daily basis and that kind of volume allows us to see which IDs are fraudulent and which ones are legitimate, and build better and stronger algorithms.
So one of our key differentiators is really round our accuracy and that is also fueled by what we call informed AI. Another differentiator is our global reach, so we support more than 4000 IDs across the globe so if you’re a growing company and you have aspirations of growing outside of your country or outside of your state, we can support those IDs whether they be passports, whether they be driver license or IDs, even IDs that are maybe 5 years or 10 years old, we can support them all.
And I think a third area is really round conversions so even our website which we just re-launched this week, we have the tagline: “loved by users, loathed by fraudsters”. As much time as we spend building a really good fraud detection and KYC solution, we’re spending as just as many cycles making sure the process is simple and easy on the end-user so that we end up with more conversions at the end of the funnel. That provides maybe a few examples of I think how we are different than some of the other players out there.
Boris: Ok, fantastic. We are in the midst of a major crisis. The most disruptive period to our society in a piece-time history. And the impact on the public and our healthcare system has been devastating, and our economy is facing the prospect of recession much deeper and more painful than in 2008. The pandemic is having serious implications for businesses across the globe as they adapt to the new normal of operations and it’s important to establish trust remotely and fighting increasing cyber fraud.
I saw that Jumio recently launched a free AI power identity verification service for COVID19 relief, can you perhaps elaborate more on this topic and how you guys are helping your customers and society as the whole during this time? What tips do you have for risk managers to help them stay the course during this time?
Dean: So the things that we are seeing during this time there are two things going on. With branch offices are getting shutting down, for example, if you are a bank, people can’t onboard new customers because often they haven’t digitized their operations so when their branch office is closed they’re effectively getting shut down. So we can help financial services companies onboard more customers by simply having an online onboarding process and we could help facilitate their digital transformation efforts.
Perhaps, more importantly, is the area of telehealth and telemedicine, so in this case, again people aren’t going down to their clinic or to their doctors’ office. Everything is being done online, they’re having consultations through Zoom meetings like we’re having right now. So in light of this and also in light of the fact that you are starting to see a fraud creep up as a result of the pandemic as people are losing jobs, people are turning to fraud and the rate of fraud is increasing.
So in light of these trends we launched what we call “Jumio go for good”, it’s initiative that provides any organization that’s involved with COVID relief, whether it be banks who are trying to give out loans to small businesses to keep them afloat. Or healthcare organizations that are providing telehealth services or even universities that are trying to keep the lights on or keep students enrolled in classes in test-taking. If you are involved in any kind of COVID relief and we have a pretty broad definition of that, we’re going to provide you free identity verification services until essentially the situation subsides but that’s only able to tell in the foreseeable future.
So we created a little microsite which you can access from in our website, it’s all about “Jumio go for good”, essentially you fill out a short form, tell us who you are and how you’re helping COVID relief and we’re essentially going to onboard you with a free service to do identity verification.
Boris: That is very good. Advancing AI, DeepFake, and fraud, in general, makes us all concerning, especially considering the upcoming elections in the US. Now we are also facing a perspective of the health surveillance state, the governments of many countries are spying on their citizens to prevent the spread of the disease. What is your view on that?
Dean: So I’m obviously not pro surveillance from spreading the disease so I think that technology can help a lot and I think technology companies can play a large role in disseminating the information, the right kind of information, during this crisis. I do think that when it comes to DeepFakes which you started with, that is posing a challenge to people creating new accounts because again what we find is that as we develop new fraud measures, the fraudsters will come up with new innovative ways to get around our systems.
And one of those ways they kind of innovate is through DeepFakes so normally we just used to require when someone provides a picture of their ID and then take a selfie. But what we discovered is that fraudsters instead of using a selfie they were using a picture of a picture.
More recently what we discovered is they are using DeepFakes of videos. I can potentially record a video of Boris and I can literally create and take a two-dimensional picture of Boris from your LinkedIn page and I can actually make your eyes and lips move with software that’s right off the shelf.
And we’re finding is we needed to implement something we call license detection to make sure that the person’s selfie is, in fact, a real selfie and the person is physically present when they’re creating that account. So I do think technology can play a role in terms of ensuring we’re rooting out the bad actors, but at the same time, I think technology and services we’re talking about that telehealth can really allow doctors to better triage patients during COVID without making them come down to a clinic. They can assess their symptoms online and technology can play a role in facilitating those non-face-to-face interactions.
Boris: Fantastic, so what are the major trends in identity verification space and what will we expect from you guys in the future?
Dean: I think there are a few trends going on, so first of all in terms of fraud one of the things we’re seeing a lot more of is account takeovers. This is also being fueled by large scale data breaches which we hear about almost every week being fueled by the Dark Web and there is this new kind of threat factor called credential stuffing.
What credential stuffing does is essentially if you are a fraudster you can literally buy tens of thousands usernames and passwords off the Dark Web for fractions of a penny each. What you can then do is leverage bots and you can, essentially because people are using the same passwords over multiple sites they will essentially try to log into ten thousand or twenty thousand websites hoping that the person reuses their credential or their password.
And then once they can access that account they can take over, they can do a password reset, they can do other damage. So in addition to verifying people upfront, we also offer an authentication service that’s also tied to a biometric and the real value with that is often when you think about your bank and if you think about when you have a high-risk transaction like you’re going to send 15.000 dollars to the Cayman Islands.
You’d like to think if it’s an a typical high risk transaction that there are other measures in places to make sure that Boris is Boris and he’s the one in fact initiating that wire transfer.
Still today many financial institutions might ask you before you authorize that 15.000 dollars that’s draining your account, what is your mothers’ maiden name or what was your first car.
Knowledge-based authentication questions, unfortunately, the fraudsters already have that information so if I can take over your account and the measures to protect that account are weak and they leverage knowledge-based identification the fraudsters can drain your account quite quickly. So again I think this speaks to why biometric-based authentication, as opposed to just a simple username password are coming in play. So those are a couple of trends that are staying, I think specifically in identity verifications space I think there are two areas we’re innovating on.
One is how can we make the process faster, so instead of taking 30 seconds how can we do it in 7 seconds which is a very difficult technology problem to do. And we actually launched a fully automated solution that does that. The second is how can you make sure that the answers we’re getting back are as accurate as possible when we’re talking about accuracy we’re typically talking about two things: how well do we let the good guys sail through the process because we identified them as good customers and how well do we catch the bad actors?
So I think improving our scoring algorithms and improving all the different ways we capture fraud signals that allow us to render a yes or no decision or accept or reject any giving a person to provide back to the institution. I think those are the ones we’re going to iterate on, one is improving the speed and second is improving the accuracy of our solution.
Boris: Thank you, and the last question is how can we at Global Risk Community can contribute to the process of a better understanding of this complex world of risk from your perspective?
Dean: I think, it’s 2020 and if you’re still relying on the ways you did identity proofing 20 years ago you need to reassess. So if you’re pinging a database and asking “is this person Boris” based on a name or an address without any corroborative information like a government issue ID or a biometric. How can you have any confidence in the person you are onboarding is that person, so you need to understand the kind of measures you are kind of putting in place and what level of assurance do you have that person claims who they are to be.
I think even if you are only protecting your accounts of your users with simply a username or a password that is holy insufficient in today's world. If you decide not to use, I’m obviously advocating biometric authentication, but even two factor SMS authentication is at least a step in the right direction.
You need to look essentially and be aware of all the threats that are out there so reading up on blogs and understanding what threats are out there that are a risk to your institution is pretty important to stay abreast of these threats and if you’re aware of that you realize pretty quickly that account takeovers is a major threat and synthetic fraud is a major threat that is emerging. And you simply need to educate yourself on what is the threat, how real is the threat and how do you mitigate against that with systems and processes.
Boris: Dean, thank you very much for your interview and I wish you great success with growing your company and I hope that our members will find this interview very useful.
Dean: Thank you Boris, appreciate the time.