Jumio CEO: Outfoxing The Cyberfraudsters In Real Time
The Equifax breach lingers like the remnants of a bad lunch, making us all feel queasy about which data has been compromised and who just might be developing new ways to trick us out of money or privacy — now and in the future.
Among the front row seat observers in the battle for payments security is Stephen Stuut, CEO of online mobile payments and identity verification company Jumio. Stuut, as part of our latest Commanders in Chief series, weighed in on the rapidly evolving landscape in which digital identity is part of a tug-of-war played between bad guys and the rest of us.
PYMNTS: How would you define your company’s approach to innovation?
SS: Our approach to innovation is two-pronged. First, we’re looking to expand our global footprint. We currently verify credentials issued by over 200 countries, including the government IDs issued outside the U.S. [and] including Chinese identifications, but we’re looking to continually expand this list.
Once [the] ID scanning step [is] complete, we are using biometric facial recognition and unique liveness detection techniques to compare the user’s selfie against the picture on the ID supplied.
Jumio’s liveness detection technique has the capability to differentiate between a real person and a fraudster using high-resolution printouts or even a prerecorded video. The field of biometrics and machine learning is evolving fast, and we plan to stay at its forefront.
The third tier of technical innovation involves people — not just APIs. We employ a large team of verification experts to visually inspect suspect verification requests. While APIs and machine learning have lessened the demands of this team, there’s no substitute for live human beings to keep us one step ahead of the ever-evolving fraudster.
We are innovating in each of these areas — more IDs recognized, better use of biometrics, and improved processing for verification experts to improve our industry-leading accuracy rates.
The second and overlooked area of innovation is in the area of user experience. Conventional identification verification processes require an applicant looking to open a bank account or an online gaming account, for instance, to fax or mail a copy of his [or] her ID document to the enterprise branch. In many cases, applicants have to physically travel to the nearest branch to submit ID documents.
While this is time consuming, there is also the risk of the document going into the hands of someone who might use it to carry out fraudulent activities in the name of the user without his [or] her knowledge or consent. Furthermore, delay in application processing leads to about 75 percent drop off in online applications, and businesses witness a decline in conversion rates. That’s why a big part of our product roadmap is about simplifying and expediting this process. Scanned automatically by the applications in a hassle-free manner, the photo ID gets verified in a matter of seconds.
PYMNTS: Where do you look for innovative ideas, and why?
SS: There are three places we look for innovation: our customers, our team and cyber criminals.
We’re fortunate to serve a large and varied customer base. Our platform recorded breakthrough acceptance with the authentication of over 50 million identities. The customer base includes customers as varied as Conbase, AirBnB, EasyJet, National Crime Check and a large number of banks and financial institutions around the globe.
The second place we look for innovation is our own computer vision team, charged with finding new and innovative ways to improve and quicken the speed of verification.
We also keep a close eye on emerging cyber threats and data breaches. A large number of banks and online sites still rely on knowledge-based authentication. You know the ones. These are the sites that ask you for the last four digits of your social security number, your favorite pet’s name and your place of birth. Guess what? These methods are being rendered utterly useless with data breaches like the one just perpetrated against Equifax. This means that Jumio must stay one step ahead of the cyber-criminals, and this means that the cyber-baddies themselves have also become a rich source of product inspiration and innovation.
PYMNTS: What is the most innovative thing you’ve ever done?
SS: I think the most innovative thing we’ve done at Jumio is our development of liveness detection. Jumio’s cutting-edge platform boasts the right mix of digital ID authentication with advanced biometric facial recognition using liveness detection for digital identity confirmation and document verification capabilities.
Liveness detection technology scans the user’s face within five seconds and dismisses a fraudster’s attempt to gain ID authentication approval by just holding in front of the screen a static ID card that may have been stolen from the original ID holder. The user can position his photo ID at any angle within the camera view while taking the picture of the photo ID. The template-matching algorithms embedded in the Face Match technology automatically, [and] repositions the photo ID within the template frame by making necessary modifications in photo size or position. The user then has to take a selfie of his face. Using the platform’s biometric face recognition tool, ID experts cross-verify the photo of the user scanning the photo ID with that printed in the ID. The generation of the match score confirms if the individual holding the card is the actual owner of the ID card.
PYMNTS: What do you wish you had more time to do?
SS: As a CEO, I wish I could spend more time with our customers and get a better, deeper understanding of their pain points. One of the areas we’re trying to understand [is] the accuracy of our solution in correctly pinpointing fraudulent and non-fraudulent transactions.
Given the high cost of false positives, I want to really know where we’re strong and where we can improve, but we can only get this level of detail with direct and regular feedback from our customers.
PYMNTS: What keeps you up at night? What concerns you most in the payment solutions space?
SS: My biggest concern is the number and sophistication of today’s online cyber threats. Rising online cyber threats are increasing the rate of fraudulent activities not only in financial services but also [in the] online gaming, travel, sharing economy and retail industries. As technologies advance, fraudsters are deploying more sophisticated techniques to steal consumers’ personal credentials, spoof identification verification methods with static IDs and open fake accounts or conduct fraudulent monetary transactions.
They’re getting smarter, so we must stay one step ahead.
PYMNTS: What trends and changes are you watching that are affecting the industry and your role?
SS: Our industry and our market dominance have paralleled the growth of smartphones. Just consider these stats about smartphone adoption.
The average consumer checks his or her smartphone 46 times a day, and in the U.S., people do this a collective 8 billion times every 24 hours (Source: App Annie).
The mobile industry generates $3.1 trillion in annual revenue — a whopping 4.2 percent of global GDP (App Annie). This figure will likely balloon to $3.7 trillion by 2020 (GSMA)
Now, consider the impact this has on the identity market. The smartphone is fast becoming the gateway for accessing services — from opening a bank account to activating credit cards to making purchases online using payment cards in today’s decentralized, mobility driven online world.
To facilitate this, financial institutions have devised [know your customer] KYC procedures, which are often complex and time-consuming. [This was] partly due to the steps involved in mapping the digital identity of the customer to their real world identity. These legacy customer verification methods such as email, fax, knowledge-based authentication or even the physical presence have been a tinderbox of unfavorable customer experiences and lost business opportunities.
We believe that customer verification processes should do more than just meet the letter of the law. In fact, the method by which you verify the identity of your customer can and should be an important differentiator between you and your competitors.
So, while we’re paying close attention to compliance mandates including the Anti-Money Laundering Rule, part of FINRA’s Bank Secrecy Act, and KYC mandates, we’re paying equal attention to the growth patterns and trends within the smartphone/mobile markets.
PYMNTS: What person or company do you think “gets” innovation and why — and, conversely, who or what has missed it and why?
SS: I think a company that really gets it is Airbnb. Airbnb’s mission statement is “to live in this world where one day you can feel like you’re home anywhere, and not in a home, but truly home, where you belong. To live in this world where you can be home, you have to provide hospitality and hosts provide hospitality.” And, at the heart of this mission is trust.
On the other end of the spectrum, I think U.S.-based banks are lagging in adopting modern, mobile-based verification platforms. In fact, U.K.-based challenger banks — a vibrant group of banking businesses that are disrupting established banks by driving innovation and improving customer service levels — are years ahead of their U.S. counterparts.
PYMNTS: What advice would you give a young innovator in this space, and why would you tell them to heed it?
SS: I think most young innovators already appreciate and value the importance of the smartphone and friction-free experiences. This mindset will automatically disqualify broad swaths of stodgy, outdated and manual verification processes. They already get the importance of limiting the friction during the sign-up process, but also understand the importance of stopping fraudsters at the front gate.
So, my guidance is on how to select the best trusted identity as a service platform. Naturally, I think Jumio is the best, most battle-hardened solution on the market. But, I understand that young entrepreneurs are likely to trust a CEO, so that’s why they need to conduct their own bake-off, ideally with real data. You should seed the list with actual fraudulent transactions to see which solutions catch them and which ones let them skate through.