Hi-tech versus fraudsters? Think again. And don't expect biometrics to save you

Tuesday 29 October 2019 10:03 CET | Editor: Simona Negru | Interview

Uri Arad, Identiq: ‘In the online criminal world there’s a level of creativity, innovation, and technological development that rivals anything we see in hi-tech’

Can you please provide us with some details related to your expertise/background and how did all this experience led you to co-found Identiq? 

Before founding Identiq, I was Head of Analytics and Research at PayPal's risk department. It was a fascinating job – PayPal has some exceptional, innovative thinkers, and a huge user base and data set to explore. They’re also a natural magnet for fraudsters, for obvious reasons. For me, that was an ideal combination. There were always new things to research. New innovations on the prevention side kept appearing as the ongoing arms race between fraudsters and fraud prevention professionals heated up.

The trend I noticed consistently was that fraudsters became better and better at appearing with a ‘clean slate’, which makes it extremely difficult to distinguish between a fraudster and a legitimate new user. When Itay (my co-founder and our CEO) approached me about creating a way for people to collaborate without exposing data – a new standard and realm of possibility for privacy, if you like – I suddenly saw how this could solve the problem I’d been struggling with for so long. 

Companies weren’t willing to share information about their users, and quite rightly so. But what if they could collaborate without sharing? Then a new user wouldn’t be really new – they’d be known and trusted by other network members. Real users have real histories, even if they don’t have history with you. My ‘new user problem’ would evaporate; and of course it wasn’t just my problem – it’s a problem all fraud prevention teams face. That was the idea that grabbed me and pulled me into founding Identiq.

Working on the technology made it even more exciting: we realised that the same solution has additional important applications beyond identity validation at signup. For example, companies could start validating credit card and bank account ownership, knowing trusted shipping addresses, and providing seamless account recovery.

In which way is Identiq‘s approach innovative and unique?

Identiq’s approach is so innovative and unique that initially I was suspicious. I thought it sounded ‘too good to be true’. Literally no one else offers a privacy-preserving peer-to-peer way to verify users, and yet that’s something that companies are ready and willing to work together to achieve. 

I consulted with cryptographic experts and academics, and encryption experts I know whose experience comes from military intelligence and technology. I checked everything multiple times. Eventually even I was convinced. It was for real. Our cryptographic protocols and multi-party computation techniques really do enable us to fill this already pressing and continually growing need.

With the combination of peer-to-peer and privacy, companies can leverage consistently fresh, holistic data, for far greater accuracy in fighting fraud and identifying good customers (who can then be provided with an ideal, smooth user experience) without compromising user privacy, contributing to future third-party breaches, or worrying about privacy regulations.

What current and emerging fraud challenges do merchants face nowadays? 

Of course there are many, but I’ll highlight two I think are most pressing. In my opinion the second, in particular, will have an increasingly dramatic impact going forward. 

One of the greatest challenges comes from the fact that merchants are forced to work in silo. Fraudsters attack multiple sites in dizzyingly quick succession. They specialise in particular industries, and they work together. Against all this, fraud prevention teams struggle to share information beyond high level trends and best practices. 

There’s good reason that collaboration on a data level hasn’t been possible until now – and that’s the second challenge. It has become increasingly clear that privacy is now a major consumer concern, backed up by game-changing regulations: GDPR, CCPA, and so on. Fraud fighting gets some exemptions, but there isn’t a single industry unaffected by the new wave of privacy law. It’s a factor in everything now – balancing innovation against privacy. And as we mentioned in our recent webinar,  that’s especially relevant in fraud prevention, where innovation is absolutely vital in order to keep up with fast-moving fraudsters who become more sophisticated all the time.

What should both businesses and consumers be aware of when it comes to the evolution/sophistication of the fraud environment?

I think the key thing to understand is the breadth and depth of the criminal ecosystem that we’re now facing (both as businesses and as consumers). Fraud is now, by and large, a professional matter. Fraudsters work in offices for businesses with hierarchies and organisation. Criminals specialise in different areas, from script writing to phishing to leveraging stolen loyalty points and much more. 

In the online criminal world there’s a level of creativity, innovation, and technological development that rivals anything we see in hi-tech or the startup world. Businesses get excited about increasing scale and efficiency with automation and AI, but the fraudsters have been doing that for years already. They don’t have to wait for approval, they don’t worry about conforming to regulations. They move fast and they’re happy to break things because, usually, the things they’re breaking don’t belong to them. 

Take the example of biometrics: many businesses are very enthusiastic about the potential of face and voice recognition for identity validation. It’s considered cutting edge. But look at deep fakes: the technology is already there to subvert this kind of biometric data and undermine its value for verification. It’s just my opinion, but my guess is that facial and voice recognition might fail for this purpose before they ever become widely adopted. The more widely they’re used, the more incentive fraudsters have to break through them; and as I say, the workarounds already exist. It’s not even that the introduction of a new defence is inevitably followed by the creation of an ingenious attack against it – the defence and the attack are actually developing in parallel. 

Could you share with us any development plans that Identiq has for 2020?

We already have some huge online names committed to the network. In 2020 their collaboration, powered by the Identiq network, will grow to full fruition. We intend to be very customer-driven when it comes to product development; after all, the whole point is that it’s a network, enabling companies to collaborate against fraud. Of course early members have the greatest impact on the direction that the product takes and it’s been very rewarding to see how enthusiastic many companies are about helping to shape the network. We’re very excited to see where their needs and our technology, and our combined ideas and energies, take us! 

For more information about Identiq, and how privacy-preserving peer-to-peer collaboration could help your business, check out our recent webinar.

About Uri Arad

Uri Arad, Identiq’s co-founder and VP Product, has been fighting fraud and fraudsters for more than a decade and has seen the fraud and identity challenge from diverse perspectives: product, risk, and R&D. He has tremendous experience building cross-functional teams, which use the latest technological developments to create innovative products that both reduce loss and improve customer experience. Uri's expertise extends both to analysing and meeting business needs, and to an in-depth understanding of the technology that makes improvement possible. He has a Master’s Degree in Computer Science from Tel Aviv University.

About Identiq

Identiq is a completely anonymous identity verification network that allows its members to validate new users, and vouch for ones they already know, without sharing any customer data or identifiable information whatsoever. Identiq is a providerless solution, enabling peer-to-peer collaboration. Companies can leverage the Identiq network to reduce false positives, increase approval rates, create a better user experience and guarantee absolute end-user privacy.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: Uri Arad, Identiq, fraud, fraud prevention, data sharing, credit card, bank account, identity validation, account recovery, encryption, criminal attacks, scams, fraudsters
Categories: Fraud & Financial Crime
Countries: World
This article is part of category

Fraud & Financial Crime