How do you protect people’s identities in an age of intelligent terrorism, cybercrime and smart fraud? That’s undoubtedly the question, or questions, that Andrew Bud asked himself before he founded iProov, a facial verification business back in 2011.
Since the year iProov was born, the issue of online authentication has only become more pressing at every level. We meet an entrepreneur who is unafraid of the challenge of stopping them. We sit down with Andrew Bud, founder, and CEO of iProov, a company that is shifting the way we verify people, which is something, he hopes, will create a safer world.
Real Business, (RB): You were founding companies in the tech space back in 2000. That’s a millennium in techspeak. What are the issues tech and security companies face today that they didn’t face then?
Andrew Bud, (AB): The very architecture of the industry has fundamentally changed. Until perhaps ten years ago, the tech world was dominated by the twin axes of enterprise software vendors and telcos. Telcos, in particular, had enormous power as the gatekeepers to the connected world.
Since then, however, ubiquitous high-speed internet means there are no gatekeepers. This has been responsible for lowering the barriers to entry, as well as accelerating both innovation and competition.
As a result, a lot of new players have emerged, including some very bad ones.
A decade ago, hackers were mostly individuals sitting alone in their bedrooms. But that’s changed, and changed rapidly. Now we face buildings full of incredibly smart PhDs, financed by huge budgets.
RB: Going back to pre-2011, tell us about why you founded iProov and what the inspiration was?
AB: In 2008 I was the Executive Chairman of mBlox, the company I founded in 2000. At that point in time, it was the largest processor in the world of SMS mobile payments – more than £400m per year.
Our market share was high, fraud rates were low, and I had the privilege to serve on the board of the industry regulator.
Then, quite quickly, fraudsters began to exploit a weakness in the authenticated consent mechanism of the payment system, stealing from huge numbers of consumers through our network in the process.
“I found myself held to account by the press, including one memorable interview in which I was offered the choice of admitting to negligence or complicity!”
The regulator investigated and deemed our response “exemplary”, but it taught me a harsh lesson of the need for strong authentication that was simple enough to engage impatient mobile users.
When mobile apps and mobile internet exploded a couple of years later, the problem was evidently going to get worse, so it needed a solution. There wasn’t one, so I had to invent it.
RB: How does iProov work?
AB: iProov assures the genuine presence of online users, securing access to data, services and transactions. We use biometric verification to achieve this and our speciality is the detection of spoofs and replays.
“We are world leaders in detecting bogus biometrics. Fake copies of people, rather than lookalikes, are the real threat to biometric verification. Nowadays, detecting them is hard. We’ve invented a technology called the Flashmark, which uses the screen of the device to illuminate the user with a rapid sequence of colours.”
While that happens, we stream video of them to our servers, where we examine how that screen illumination is reflecting off their face (or palmprint). This tells us whether or not the user is real.
RB: Is facial verification technology the only way to prevent security breaches like false impersonation taking place?
AB: Face verification is very good indeed. Thanks to modern AI techniques, it is very reliable both at providing the right individuals with access and keeping impersonators out. It also has the great advantage of being superbly easy to use. I just look at my device and it looks back at me – what could be simpler?!
A person’s face is what links them to their government-issued photo ID, so it’s special in that way too. But we have also developed a palm print verification method, which is just as easy and secure. All a user needs to do is hover their hand over their phone for a couple of seconds.
RB: What are the biggest logistical challenges iProov is set to face in 2019 and why?
AB: Data sovereignty is a growing issue for many cloud services. Increasingly, governments are insisting that data about their citizens must only be stored in their territory. In a world of nearly 200 countries, that is a significant logistical challenge, but one we are meeting.
We intend to be able to build an iProov service hub in a local data centre in under an hour. Our aim is then to be managing a worldwide network of such hubs. We also have to analyse each authentication in real time, to detect any clues to new forms of cyber-attack and responding to any new attack accordingly.
That’s a challenge we understand – mBlox was processing 6 billion transactions a year – and one we must meet in order to stay adaptable to the endless new threats that will appear.
Share this story