Identity – Redefining the Future of Finance
Unlock On-Demand Webinar
Video Transcript
Rob MacDonald:
Hi everybody. Rob MacDonald, VP Product Marketing here for 1Kosmos. Welcome to our Identity - Redefining the Future of Finance webinar. I'm joined by Oli Platt, Product Manager from NayaOne. Oli, why don't you give us a little, how are you doing? Tell us a little bit about yourself.
Oli Platt:
Thanks for having me on today, Rob. It's great to be here and then talking to all of you. I'm Oli Platt, so working for NayaOne, really working with a large number of our existing financial clients and a large number of the FinTechs on the other side as well. So really seeing in between that awesome space of these really innovative financial organizations, the innovative tech that they want to work with and then helping them bridge that gap is really where I spend a large amount of my time. But yeah, pleasure to be here.
Rob MacDonald:
Awesome. Listen, it's awesome having you. We have recently become partners and I think you're going to talk a little bit about where we exist within the NayaOne landscape on one of your slides. But I'm really happy to be partnered with NayaOne.
For those of you that are not familiar with 1Kosmos, we do identity verification and authentication. We're very unique in the way we combine the two of those to deliver a passwordless ecosystem. Why don't you tell us just quickly for the 1Kosmos folks that joined that maybe are not familiar with NayaOne, what you do?
Oli Platt:
Yeah, of course. So now NayaOne is ultimately sandbox as a service, which really boils down to making sure that we're enabling financial firms who maybe otherwise would need to, and rightly so, go through, say, nine months of onboarding to evaluate technology and really flipping that around. So allowing them to evaluate technology upfront with relevant synthetic data, whatever's required to doing a really full end-to-end proof of concept quickly, getting the right answer, yes, we should proceed with this FinTech or no, this is not going to work at a partnership.
But getting that answer to everyone early so the FinTech doesn't waste time onboarding and spending the next 12 months of their lives selling to a big organization, and so the bank gets to the right result straight away. So that's really where we sit. And yeah, like you say, 1Kosmos is an awesome example of one of these tech providers that we're really excited about banks getting the hands on.
Rob MacDonald:
Perfect. All right, well listen, let's jump in. You've got a couple of slides here that you want to run through. Why don't you start us off and then I'll take on the last half.
Oli Platt:
Yeah, superb. So I guess really why I wanted to use this time briefly for is almost as an example of how NayaOne is frequently used. So there were three big problems that we frequently see, financial institutions that we work with, or before we work with them, really having a pain with. And the first is what tech should they be looking at? Even identifying FinTechs that maybe solve a problem. Then we're going to talk a lot about the fraud space today. So in fraud for any given use case, say, ID verification and account takeover, who should I be looking at based on what type of organization I am, how big I'm is often the first problem. The second one is the one I was just alluding to, of that there's really complex onboarding processes to get stuff into production. I'm not trying to onboard a Microsoft or an Oracle here. I'm trying to onboard a FinTech quickly to understand how I should be running a proof of concept and not in production. So let's make sure that that is right sized.
And then finally, even once I've done all my onboarding and I've spent months doing it, I can't access data, I can't access the infrastructure without a gaining permission and doing further vetting, going through further groups and councils to get access to that. So let's make sure that that is accessible instantly for the tech that's coming through. And if we just jump over to the next slide, it starts to answer how do we help with these things? And it's exactly that. So we help with the discovery, enable this quick onboarding to de-risk integration and then ultimately provide that data and that infrastructure.
Rob MacDonald:
The next one.
Oli Platt:
Yeah, I don't know, Rob. We can maybe dive into some of the particular stuff, but is there anything in there that you think it's probably worth calling out? Obviously, we're here as K panelists, they're keen to talk.
Rob MacDonald:
Yeah, no, for sure. I mean anytime we go into any organization that's interested in our technology, obviously there's always the proof of concept. They've got to stand up an environment to see if it works and if it's compatible and to do the testing and all that kind of stuff. And that's time-consuming, as you've alluded to here, and it can be expensive. So what are you seeing in terms of the benefit of what you bring to bringing banks and FinTechs together via this sandbox as a service platform that you're delivering here?
Oli Platt:
So I guess you can view... There's multiple benefits. The first is very simple and it's a time and a cost segment. So when we typically start to work with an organization and work with them slightly on their existing processes and how they can use the platform to reduce the time, we'll typically see that there's possibly are a nine to 12 month onboarding time at that point.
So it's taking them a really long time to do this. They're engaging a whole range of teams, from legal to procurement, just to get to this answer. And that has a cost that lots of organizations don't have a track of, but those who do it typically ends up being a decent sized six figure number in pounds or dollars or something around that ballpark. And the second is this, even when you're driving this and you're willing to commit that kind of money to a proof of concept or that time, you're then picking the wrong provider. So you're spending that money and then getting no actual ROI other than maybe some knowledge in the organization. So it's really those two levers that really cause these organizations to go, "We really need to fix this broken process. We're running hundreds of these things a year or 10 of these a year, but it's still costing us a million million bucks or something ridiculous."
Rob MacDonald:
I mean it's almost... People, I don't want to say people, organizations don't look at the cost involved. And it's like, "Okay, let's go test it and see what it looks like." But the part that people forget to look at or organizations forget to look at is, well, how much is that going to cost us to go even try that? And yeah, I mean you must see it all the time.
Oli Platt:
It is exactly that. And people often go, "A proof of concept that costs us 50K a time." And really what they're talking about there is frequently the amount the FinTech is charging them to run the proof of concept. And the reason FinTechs are often charging that is because, frankly if they don't charge it, they're going to do 12 months of work and they have no idea whether this is a result. So that's normally the number that's been talked about. The internal cost is this black box of spent time and cost that no one is necessarily tracking.
Rob MacDonald:
And it's the cost to the FinTech and then it's also the cost to the man-hours or people hours involved in just trying to get it stood up and tested. And then who do you bring in to validate the testing? There's all kinds of things that are associated with getting a proof of concept up and running that it could be money spent elsewhere.
Oli Platt:
Exactly.
Rob MacDonald:
You know what I mean? And maybe add more value to the business overall instead of using something like your sandbox as a service, which is a super cool service by the way. All right, we'll move on to the next one.
Oli Platt:
Yeah, yeah, please. I think why I just wanted to spend some time, particularly, with of this, based on a lot of fraud. I thought I'd briefly, we obviously, it's in this really fortunate position where we cover loads and loads of different ecosystems of different tech and different facets of the financial industry. But if we zoom in on almost just looking at fraud and some of maybe the five most common use cases that we are seeing at the moment, these five are the ones that I felt I had to call out. Everything from account takeover, you've got your transaction monitoring, your AMLs, your sanction screening.
But we're really seeing, particularly at the US market, Rob, where obviously you personally are based, we see these fraud being a really, really highly invested in the ecosystem that a lot of banks want to do a lot of innovation in. They want to leverage the FinTech ecosystem. And these five use cases are basically, I would argue the five key ones that a lot of that innovation is currently occurring in. There are some really awesome tech and it'd be remiss of me not to say, obviously you guys are one of them. And in other parts of that ecosystem and other parts of that value chain, there are absolutely other providers doing really, really cool things that banks are constantly looking at.
Rob MacDonald:
Yeah, I mean we're going to talk about identity and how we can help prevent fraud. Also, we're going to touch on, or I'm going to touch on a little bit some of the customer experience stuff, but in terms of, let's pretend like I'm not here and you're talking to just your general bank, what are some of the use cases that banks are currently exploring, in general? Like I said, we're going to talk about fraud, but what else are you seeing? Maybe it is fraud in these five things, but what else are you seeing out there, Oli?
Oli Platt:
Well, yeah, so I think it's a really cool question. So I'll park forward. So these are definitely the five killer frauds, but if you look down the left and side, you've got these... And the order is not necessarily, totally arbitrary. These top ones, the fraud, the deposits, lending, getting better customer experience to the point I think you're about to make, generative AI, these are all really, really exciting active ecosystems where there's a lot of innovation going on at the moment. And then within each of them, you can break them open and you can have a look and see that there are five or six use cases in each one. If I broke open generative AI on one side, you've got the initial testing of some of these solutions. So do they hallucinate? Do they answer questions how they should?
But on the other side, could I build a knowledge base using this piece of technology? What is the business application that can be applied to an ecosystem like this? So I would argue that, I'm not going to bore everyone here and talk through every single use case of every single ecosystem that we're seeing at the moment, but absolutely, there was definitely five or six, maybe seven ecosystems, most of which are seen on the left-hand side of the page here that each have use cases both on a technical point of view and a business point of view that are really getting broken down by banks at the moment and being explored in a real fine tooth comb level of detail.
Rob MacDonald:
Interesting. Yeah, I mean, as we move things to an online first environment, and this is what we're going to cover in a little bit here when I start talking, is how do you prove that user is who they claim to be? So you can eliminate some of that fraud so you can ensure that deposits and lending are happening to real people and that the customer experience, when we look at injecting identity into things, first thing people think is like, "Oh, that's going to cause a whole lot of roadblocks and friction and users are not going to want to do it. How do we make that experience seamless?"
And there's always been this balance of, well, if I'm going to improve the experience, I've got to make it easy, which means it's going to be less secure. It's that trickle-down effect. Are you seeing people put up resistance to improving experience just because we got to manage fraud first and that means friction?
Oli Platt:
Yeah. So I guess it's a weird one, and they're not ones you can necessarily take apart. I think a lot of the, like you guys, you do a really good job of trying to bring these two things together. Because if you try and solve fraud, and this is I think where a lot of the organizations we work with are really understanding and put a lot of their effort. If you try and solve fraud by itself, sure, maybe you could do a pretty damn good job, but the easiest way to stop all fraud is to stop onboarding customers, end of. That kills all... There's going to be zero fraud if you just get rid of all your customers.
Obviously, that is a totally illogical approach. So what we're seeing is these fraud teams and the customer experience teams in some organizations are almost trying to view it as one and the same team or at least two teams that work incredibly closely together to go, "Okay, I've got to deal with fraud, but this cannot be at the cost of increased friction." Increasing friction is not on the cards, especially in the current climate where you want to increase your deposits, you want more customers. Trading these two things off is almost not an option, even though they have competitive effects usually baked in.
Rob MacDonald:
Yeah, a hundred percent. Okay, so let's move on to the next one here. So you're talking about the technology partner selection, so let's hear a little bit about what NayaOne does there.
Oli Platt:
So I guess I just wanted to use this, in part, as a way to talk, some of the stuff you're up to. This is a typical way that we may be leveraged by an organization. So if a bank comes in and they go, look, I really want to reduce... I'm picking one of those use cases from the previous slide account takeover fraud in this circumstance. And there are probably a bunch of key challenges. I've got to work with multiple vendors, I want to run with beta test users, I want to run this in a secure environment. How can I do that?
And there's going to be a bunch of setup that's required. I want to use varied IPs, I want to have some real people behaving. I want to see what computer are trying to access an account looks like. What happens in those circumstances? There's going to be required infrastructure and data that we can provision instantly. And ultimately, this all then comes together in trying to enable the bank to make a quick decision. Can we get this product or this new capability into the market nine months quicker than it would've otherwise been in before we got hit by a load of fines, before we had some major fallout, before technology moved on.
And that's ultimately the way we often get used, from let's ideate, let's come up with a really strong use case. Let's now agree the approach, agree what we're testing on, agree what challenges we're solving. Let's set up that infrastructure, set up that data that's required to get to the outcome. And I guess one of the really typical ways this is solved is via the NayaOne marketplace. So they will select typically vendors from that marketplace and go, "Look, these are three different vendors who could potentially solve this problem." And I guess one company that is solving this problem is you guys. And you're really working on a lot of this area and you're part of the marketplace. So I thought, Rob, that this would be quite a nice segue over into maybe some of the stuff that you could do and some of a type of vendor that would probably work in, would be testable if a bank could actually understand the capabilities of.
Rob MacDonald:
And then maybe at the end of this you can quickly cover how does somebody or how does a financial institution discover 1Kosmos on the platform? And we can talk a little bit about that at the end before everybody takes off. Of course.
Okay, so let's jump in. So proving identity online is difficult. That is not a false statement. Captain Obvious - 2023. Ensuring that the user is who they claim to be on the other side of that device is not as easy as it sounds. We use very different ways of doing that. We do username, password with maybe the use of a passkey or some sort of MFA. And we're hoping that the user is who they claim to be at the time of authentication based on the layers of technology that we put in front of that for a user to try to prove identity. There are other ways that we can go about doing that.
So let's just quickly talk about current state. Identity onboarding. It's proof of a user's identity. It's expensive, it's not always accurate, it's never reusable and it's very rarely re verified, right? So it's a siloed activity. Even if you look at it from a banking perspective, you go into the bank, you give some forms of ID, you open up an online account based on that, you don't really know that that user was the person that verified their identity at the bank or even that it was the person that clicked on the email URL that you sent to try to bind the account together. So there's lots of gaps involved in that. And then when you move into authentication, again another silo. You do a username and password, it's not tied back to the identity onboarding steps that you did.
So it doesn't prove the user's identity. It doesn't typically have a very good experience. I mean, how many usernames and passwords do you use in the run of a day, Oli, at work and outside of work? We all know what that looks like. We're not going to rehash that, but we know it's not a good experience. And then there's the fraud component to it. You touched on that as being one of the big ecosystem components within financial institutions that they're trying to solve for. How do they find the bad guys at the end of the day? How do they ensure that they're catching or managing their fraud tolerances properly? But at the end of the day, that fraud capability, those signals are not tied back to any one of these previous steps. So you're looking at everything to try to catch the one instead of really being able to narrow down that search. And we're going to talk a little bit about how you can go about doing that here in a second.
So if you look at that current state of legacy onboarding, passwords have been around since the invention of time. It's the one thing that hasn't changed in security. We've changed all these other capabilities, we've added all this new technology onboard, but we really haven't done anything to digitally onboard a user in a way that's meaningful to the business. So that one time or infrequent proof of a user's identity really isn't cutting it as we move these technologies forward. And you touched a little bit on that a little bit. So data is entered manually. All of that data could be bought for pennies on the dark web and it's not something that is really secure in terms of building new accounts. And then when we look at authentication, our authentication today is purely based on hope. And that hope is that the possession of whatever that authenticator is in possession of that user that we thought it was. It's not linked back to an onboarded identity. It can be intercepted, it can be coerced, it can be shared, it can be stolen.
And the experience usually is not particularly great. I don't know about you, but my spouse, we have a shared email account, and that shared email account is typically tied to a lot of our shared accounts. So I get password resets every day from whatever she's logging into next because that experience is frustrating. She can't remember the password, she just resets it to whatever and then goes in and does whatever she needs to do and the next time she goes to that same account, it's the same process over and over and over again. And it's just frustrating. So when we look at the convergence of identity and what 1Kosmos brings to the table here, is that we can do the identity onboarding and combine that with the user authentication to really, really improve fraud detection.
If you do the onboarding with proof of government documents and you're matching biometrics to the IDs and you're using verified identity attributes and then you're enrolling that private biometric that's protected by public and private keys that are stored on the device, whether it be a mobile phone or a laptop or whatever, and then you're using that step to then verify the user because you've verified the enrolled biometric. Well, you've done a lot to now look for fraud signals. Because if the biometric at the time of authentication doesn't match the biometric at the time the user was enrolled and verified, well there's something weird going on there and that should then throw up a signal saying something's going on with this account potentially. Right. Go ahead.
Oli Platt:
I was going to go, just one question there on the four piece in particular. So I was just wondering, so obviously you work with financial institutions all the time, right? Just wondering, how have you guys seen over the last maybe couple of years or recent trends that are starting to head forward? How are the financial institutions responding to emerging threats? What kind of trends are you seeing in this space in particular?
Rob MacDonald:
Yeah. Well, what's funny is that the trend that we're seeing is that they're looking at moving to a digital wallet. So having the users' identity verified and stored on a mobile device or in a mobile or on a web-based wallet. So when a user goes to authenticate, they want to make sure that it's them, that it's not somebody else. And they're taking steps in terms of how they go about verifying identity online to give users a more portable, verified credential that they can use when they go to authenticate in. And that's, I don't want to say North America is lagging behind a little bit, but North America is lagging behind a little bit in terms of what other countries and regions are doing.
Verified credentials are something that you guys know of in EMEA, even in Asia Pacific where it's really at its grassroots level here in North America, it's starting to spin up now and become a talking point. Where in your region, in the UK and in the rest of Europe, it's something that has been talked about and is in production in some cases, in different countries. So those are the things that we're starting to see spin up and being able to eliminate the possession element and use a biometric is where we're seeing financial institutions move to here in North America.
So yeah, so when we looked at verifying identity, there's lots of different ways you can do it. And as you do it, you build on the capabilities that you're able to provide from a security standpoint and a user experience standpoint. So depending upon where you are on the journey with the customer, there's a pyramid of things here that you can leverage. Typically, verifying a user online usually starts with a phone number and or email. And then as you're building the relationship with the customer and as the risk starts to increase in terms of the activities that you're doing with them, then you can start to look at increasing the way in which you verify the identity based on the use case and based on the journey with the customer themselves. So you can do things like SIM binding and identity proofing using document verification, and then verifying that documentation against sources like AAMVA, which is a repository of driver's licenses here or in the United States. ICAO for passports, right?
There's a bunch of different ways we can go about doing that to make sure that the presented document and the number that's on it is a legitimate document. And then triangulating all of that data, I'm going to talk about that here in a second. Leveraging biometrics. We have a feature here at 1Kosmos called Live ID. And that biometric, we capture that at the time of registration and then we use it to verify users at the time of authentication. And I'll talk about that here in a second. But at the end of it, as you build all of these things in, and I talked about a wallet earlier, you can store all of this data in the wallet. And then the benefit to our platform is that it's a blockchain backend. We have a distributed identity backend. We place all of that data that we capture here in control of the user, so nobody has access to it because it's stored on the blockchain.
The public and private key that they have stored in the TPM of their device is what unlocks their data on the blockchain. Nobody has access to it other than them. So any customer that buys our technology, they don't have access to the data, 1Kosmos doesn't have access to the data. Only the user that created the data at the time of onboarding has access to it. And then they can choose when they want to share it with other organizations or even within the bank itself. If they want to go to apply to a different service, they'll be asked, "Can you share your data?" It'll be a 'yes' or 'no' answer. Only they have access to it. So it's another unique component to our platform. But when you look at identity assurance, it's about either affirming or proofing. So typically, we just do a lot of affirmation.
It does give low assurance that the identity claimant is present, but maybe that's the low friction way to get started and move into more of a proofing journey where you start to scan in government issued IDs, national IDs, you provide the selfie, and the combination of all of those things gives you a triangulation of the data. And what we're able to do with that is then use the verification step. Remember we talked about that step being a one and done at the very beginning. We use that step and the reference biometric to then authenticate the user. So we're then combining those two pillars or swim lanes that we talked about earlier that we're independent and separate together. And then from a fraud perspective, you're now checking every time the user authenticates the live biometric to make sure they are who they claim to be. So then when you create an account, there's never a password sent. So what would happen is that your password is now your face, so there's no account takeover possible. You can't share that information.
So we start to eliminate a lot of those fraud capabilities or those fraud, I guess, capabilities or fraud ways in which you can do fraudulent transactions, whether that be synthetic identity through documents or stealing OTP passwords or whatever. So we start to eliminate a lot of those layers because what we're doing is we're using a verified identity at the time of authentication, and we've already done that verification check at the time of onboarding. That's how we start to eliminate a lot of those fraud capabilities.
Now I know that we're running close up on time here, Oli. I do have a quick demo that I can just show what that onboarding process looks like. It doesn't take long. So what we're doing here is we're setting up, this is an app-based journey that we're looking at here, and we just turned on touch ID and face ID. And that's what you're going to use to either log into the app or you can use it as an authentication method within the app as well. Now we're going to enroll a social security number. Do you guys have social security numbers in the UK? Do you use those?
Oli Platt:
No, we don't. So we have national insurance companies, but they're not quite the same by any stretch of the imagination.
Rob MacDonald:
Fair enough. Now we could maybe verify that number as well. The platform does have flexibility in terms of how we can ingest data, and it does vary by country because. We have national IDs and we have driver's licenses, and we have social security numbers. We have health cards here in Canada as well. We have a driver's license and a health card, so we can leverage all of that stuff. So you can enroll that social security number. And then now we're going to scan the front and back of a government document. Now in this instance, this is a driver's license from New Jersey. This is Mike Engel, the person that was I'm replacing today. So he's scanning his driver's license front and back, and we're reading the PDF 417 data on that as well to make sure that the data on the driver's license is legitimate. We do the same thing with the passport.
So now we're going to scan Mike's face. So this is scanning the information, sorry, the photo on the driver's license. And we're taking a selfie and we're comparing them together. So at the time of authentication or at the time of onboarding, we're ensuring that the user that's on the document is the user that's actually scanning it as well. So we're doing a cross-reference check there too. Now we can extract and verify the data. So what we're doing, verifying liveness. And we went and did a real-time check against the AAMVA database to make sure that Mike's driver's license was legitimate. It is. So we got a matched ID. And now we also gone and went and checked against some of the credit bureau data to make sure that which addresses... Is this information all accurate, to make sure that we're verifying it against the right identity.
So there's all these checks and balances that we do at the time of onboarding to make sure that we're verifying the right user. So again, that's how we start to eliminate synthetic identities out of these workflows. And the good news with all of this stuff is that... Let's go to the next slide here. Why is it not moving for me? Here we go. Is that there are standards that guide all of the things that we're doing here. So there's NIST in the United States, 800-63-3, there's the UKDIATF in your region. They are putting together guidelines to help determine what we should and shouldn't be doing here. And we are certified to both of these standards, just as an aside. And that helps establish identity in a digital way. Being able to proof and verify someone without seeing, you're doing this digitally, you never see this person. And being able to triangulate that data and biometrics to build that assurance that the user is who they claim to be.
And then if you look at it from an authentication standpoint, there's also guidelines around that. NIST has something that looks at how you authenticate a user, as does FIDO. So making sure that you enforce the right level of authentication based on the risk, based on the journey, based on all of those requirements to, again, try to manage that fraud. So being able to authenticate someone remotely. We do that via a public and private key match to a real biometric, and that's how we eliminate a lot of that stuff. And that identity-based authentication that we have, there are certification standards against that.
So we also have a certification that the biometric that we're capturing follows a series of guidelines and make sure that it's meeting industry standards at a minimum. We exceed a lot of those things. But having those certifications helps guide, not only companies like 1Kosmos, there are others that do this stuff as well to make sure that we're all meeting the same standards and then that the data that we're capturing can be used in a consistent way with any financial institution that adopts the technology. Does that make sense? Oli, what do you think?
Oli Platt:
No, it does, Rob. I guess the one question that it leads begging, is when these FIs do go in and implement a solution like you guys, I guess it's almost a similar question to that you asked me earlier, what benefits do they see back? What types of effect the return on implementing a solution like you do they end up seeing?
Rob MacDonald:
There's a couple things. You get an immediate reduction in fraud, so there's a cost benefit to that right off the bat.
Oli Platt:
A bad one to start with.
Rob MacDonald:
Yeah, exactly right. So if I can go in and say, "Hey, listen, I can reduce your fraud by 40%," there's real dollar value to that. And not only does bringing in something like 1Kosmos replace maybe the technology that you're already spending money on anyway, and likely at least at cost neutral, then you're still reducing fraud. So right off the bat, you're in a positive ROI situation with a technology like this because you're able to do such an immediate impact on your fraud reduction just based on some of the technology that we have here.
Then there's the user experience that goes along with that and the assurance that you have as an organization that users are who they claim to be. You can start to get deeper share of wallet because you're able to expand the capabilities of the organization. And then partnering with others as well, because we do have that verified credential, you could say, "Okay, as a financial institution, you're a high valued member. And if you go rent a car with this organization, we can give you a 20% discount if you shared the verified credential." So there's some business sharing opportunities and partnerships that are available as well that you could probably profit from too.
Those are always good. Right?
Oli Platt:
Definitely. Not bad. I think I saw a balloons traversing your screen there as well. I'm not sure where they came from, but a fantastic celebration almost. No-
Rob MacDonald:
I think that's a new Zoom feature. Anytime I do the thumbs up, balloons.
I haven't figured out how to turn that off yet. We so excited. Anyway. Yeah, it's all good.
Oli Platt:
Oh, no, that's fantastic. And I guess finally, just on the work you guys are up to, if you were speaking to a bank, an FI, what advice would you be suggesting they look at what to stay ahead in the world of identity, to stay ahead in this world of fraud that you guys operate in? What would you suggest that they would, maybe beyond just implement 1Kosmos as the obvious cheat answer for yourself, but what would you be suggesting they're up to?
Rob MacDonald:
Yeah, so as you're looking at, and this is for anything, right? As you're looking at implementing technologies, in a lot of cases, organizations get into trouble by looking at, okay, I have an immediate problem today. Can I solve that problem today with that technology? And the answer is yes. But that problem is going to change tomorrow. And is that technology flexible enough to meet where you need to go, either to meet that next problem or even strategically to the business? Can that technology be flexible enough to get you to where you need to go in your two to three to five year roadmap? We get into problems by solving those immediate problems, and now you've got to try to duct tape and make it do things that maybe it was never meant or built to do. So when you look at something like a 1Kosmos or technologies like 1Kosmos, we're delivering a framework that from a strategy standpoint to the business, you're able to go ahead and forward with.
One of the cool things with our technology is that we offer this kind of coexistence deployment where you can keep what you have running up and running and then put us right alongside of it. So when somebody goes to log into a screen, you've got the cool 1Kosmos way and the old gross way you used to do it. And what that does is it eases the onboarding and the journey for customers. They can do it at their leisure as you move to this new way of doing things. And if you can offer a solution where you're able to ease your customers into it, they're not going to... This is one thing people hate more than passwords, I say all the time, it's change, right? Nobody likes change.
So allowing people to change when they're ready for it will go a long way from a user experience and building the brand. But looking for technologies that you can grow with, distributed identity, digital wallets, biometric based authentication, that stuff is, that's on the edge. That's really advanced stuff and people may not be ready for that yet. But having a platform that can support you on that journey as you go to where the industry and market and world is going, as we get into distributed internets with Web3, you're going to have to be able to prove yourself online in the very near future. And looking towards that as your goal and then working with organizations like NayaOne to help you build that strategy and that path forward is really what organizations should be looking to do.
Oli Platt:
Fantastic.
Rob MacDonald:
Yeah. So listen, before we go, we are out of time. Tell us a little bit about how people can go on the NayaOne marketplace and explore and find out how they can test 1Kosmos or other technologies, for example.
Oli Platt:
Yeah, absolutely. So the easiest way to, if you are a bank or an FI, to getting involved with the NayaOne platform, is we've got an accessible marketplace that you're able to sign up for. You can find that on our website. If you're an FI, a bank, you'll be able to sign straight up there and you can explore all of those different technologies straight away.
Rob MacDonald:
Awesome.
Oli Platt:
From there you can obviously come in, select them and go, "Look, I would love to be connected to a company that's going to solve my identity problem." Let's look at running a proof of concept with them might look like. But yeah, it would be awesome to see some of the banks here heading that way and starting to actually dive into technology like this.
Rob MacDonald:
Absolutely. For sure. Listen, Oli, it's been great sitting and chatting with you today. For everybody that's on the line, this has been recorded. It will be available on our website, probably midday tomorrow. And if you want to share it with your friends, you're more than welcome. We'd actually appreciate it if you did that.
But anyway, it's a pleasure. And then just as a side note here at 1Kosmos, we do run a lot of different webinars. We do have another one coming up December 14th. There'll be more information on the website in the next coming days for that. It's going to be around managing coexistence to fuel strategy, something that we just talked about here at the end, Oli, and we look forward to seeing everybody there at that webinar.
So thanks again. And we appreciate everybody stopping by and hanging out with myself and Oli today. We look forward to talking to you again soon, Oli, it's a pleasure. Looking forward to doing it again.
Oli Platt:
All right, thanks for having me on, Rob.
Rob MacDonald:
Yep. Bye.
Hi everybody. Rob MacDonald, VP Product Marketing here for 1Kosmos. Welcome to our Identity - Redefining the Future of Finance webinar. I'm joined by Oli Platt, Product Manager from NayaOne. Oli, why don't you give us a little, how are you doing? Tell us a little bit about yourself.
Oli Platt:
Thanks for having me on today, Rob. It's great to be here and then talking to all of you. I'm Oli Platt, so working for NayaOne, really working with a large number of our existing financial clients and a large number of the FinTechs on the other side as well. So really seeing in between that awesome space of these really innovative financial organizations, the innovative tech that they want to work with and then helping them bridge that gap is really where I spend a large amount of my time. But yeah, pleasure to be here.
Rob MacDonald:
Awesome. Listen, it's awesome having you. We have recently become partners and I think you're going to talk a little bit about where we exist within the NayaOne landscape on one of your slides. But I'm really happy to be partnered with NayaOne.
For those of you that are not familiar with 1Kosmos, we do identity verification and authentication. We're very unique in the way we combine the two of those to deliver a passwordless ecosystem. Why don't you tell us just quickly for the 1Kosmos folks that joined that maybe are not familiar with NayaOne, what you do?
Oli Platt:
Yeah, of course. So now NayaOne is ultimately sandbox as a service, which really boils down to making sure that we're enabling financial firms who maybe otherwise would need to, and rightly so, go through, say, nine months of onboarding to evaluate technology and really flipping that around. So allowing them to evaluate technology upfront with relevant synthetic data, whatever's required to doing a really full end-to-end proof of concept quickly, getting the right answer, yes, we should proceed with this FinTech or no, this is not going to work at a partnership.
But getting that answer to everyone early so the FinTech doesn't waste time onboarding and spending the next 12 months of their lives selling to a big organization, and so the bank gets to the right result straight away. So that's really where we sit. And yeah, like you say, 1Kosmos is an awesome example of one of these tech providers that we're really excited about banks getting the hands on.
Rob MacDonald:
Perfect. All right, well listen, let's jump in. You've got a couple of slides here that you want to run through. Why don't you start us off and then I'll take on the last half.
Oli Platt:
Yeah, superb. So I guess really why I wanted to use this time briefly for is almost as an example of how NayaOne is frequently used. So there were three big problems that we frequently see, financial institutions that we work with, or before we work with them, really having a pain with. And the first is what tech should they be looking at? Even identifying FinTechs that maybe solve a problem. Then we're going to talk a lot about the fraud space today. So in fraud for any given use case, say, ID verification and account takeover, who should I be looking at based on what type of organization I am, how big I'm is often the first problem. The second one is the one I was just alluding to, of that there's really complex onboarding processes to get stuff into production. I'm not trying to onboard a Microsoft or an Oracle here. I'm trying to onboard a FinTech quickly to understand how I should be running a proof of concept and not in production. So let's make sure that that is right sized.
And then finally, even once I've done all my onboarding and I've spent months doing it, I can't access data, I can't access the infrastructure without a gaining permission and doing further vetting, going through further groups and councils to get access to that. So let's make sure that that is accessible instantly for the tech that's coming through. And if we just jump over to the next slide, it starts to answer how do we help with these things? And it's exactly that. So we help with the discovery, enable this quick onboarding to de-risk integration and then ultimately provide that data and that infrastructure.
Rob MacDonald:
The next one.
Oli Platt:
Yeah, I don't know, Rob. We can maybe dive into some of the particular stuff, but is there anything in there that you think it's probably worth calling out? Obviously, we're here as K panelists, they're keen to talk.
Rob MacDonald:
Yeah, no, for sure. I mean anytime we go into any organization that's interested in our technology, obviously there's always the proof of concept. They've got to stand up an environment to see if it works and if it's compatible and to do the testing and all that kind of stuff. And that's time-consuming, as you've alluded to here, and it can be expensive. So what are you seeing in terms of the benefit of what you bring to bringing banks and FinTechs together via this sandbox as a service platform that you're delivering here?
Oli Platt:
So I guess you can view... There's multiple benefits. The first is very simple and it's a time and a cost segment. So when we typically start to work with an organization and work with them slightly on their existing processes and how they can use the platform to reduce the time, we'll typically see that there's possibly are a nine to 12 month onboarding time at that point.
So it's taking them a really long time to do this. They're engaging a whole range of teams, from legal to procurement, just to get to this answer. And that has a cost that lots of organizations don't have a track of, but those who do it typically ends up being a decent sized six figure number in pounds or dollars or something around that ballpark. And the second is this, even when you're driving this and you're willing to commit that kind of money to a proof of concept or that time, you're then picking the wrong provider. So you're spending that money and then getting no actual ROI other than maybe some knowledge in the organization. So it's really those two levers that really cause these organizations to go, "We really need to fix this broken process. We're running hundreds of these things a year or 10 of these a year, but it's still costing us a million million bucks or something ridiculous."
Rob MacDonald:
I mean it's almost... People, I don't want to say people, organizations don't look at the cost involved. And it's like, "Okay, let's go test it and see what it looks like." But the part that people forget to look at or organizations forget to look at is, well, how much is that going to cost us to go even try that? And yeah, I mean you must see it all the time.
Oli Platt:
It is exactly that. And people often go, "A proof of concept that costs us 50K a time." And really what they're talking about there is frequently the amount the FinTech is charging them to run the proof of concept. And the reason FinTechs are often charging that is because, frankly if they don't charge it, they're going to do 12 months of work and they have no idea whether this is a result. So that's normally the number that's been talked about. The internal cost is this black box of spent time and cost that no one is necessarily tracking.
Rob MacDonald:
And it's the cost to the FinTech and then it's also the cost to the man-hours or people hours involved in just trying to get it stood up and tested. And then who do you bring in to validate the testing? There's all kinds of things that are associated with getting a proof of concept up and running that it could be money spent elsewhere.
Oli Platt:
Exactly.
Rob MacDonald:
You know what I mean? And maybe add more value to the business overall instead of using something like your sandbox as a service, which is a super cool service by the way. All right, we'll move on to the next one.
Oli Platt:
Yeah, yeah, please. I think why I just wanted to spend some time, particularly, with of this, based on a lot of fraud. I thought I'd briefly, we obviously, it's in this really fortunate position where we cover loads and loads of different ecosystems of different tech and different facets of the financial industry. But if we zoom in on almost just looking at fraud and some of maybe the five most common use cases that we are seeing at the moment, these five are the ones that I felt I had to call out. Everything from account takeover, you've got your transaction monitoring, your AMLs, your sanction screening.
But we're really seeing, particularly at the US market, Rob, where obviously you personally are based, we see these fraud being a really, really highly invested in the ecosystem that a lot of banks want to do a lot of innovation in. They want to leverage the FinTech ecosystem. And these five use cases are basically, I would argue the five key ones that a lot of that innovation is currently occurring in. There are some really awesome tech and it'd be remiss of me not to say, obviously you guys are one of them. And in other parts of that ecosystem and other parts of that value chain, there are absolutely other providers doing really, really cool things that banks are constantly looking at.
Rob MacDonald:
Yeah, I mean we're going to talk about identity and how we can help prevent fraud. Also, we're going to touch on, or I'm going to touch on a little bit some of the customer experience stuff, but in terms of, let's pretend like I'm not here and you're talking to just your general bank, what are some of the use cases that banks are currently exploring, in general? Like I said, we're going to talk about fraud, but what else are you seeing? Maybe it is fraud in these five things, but what else are you seeing out there, Oli?
Oli Platt:
Well, yeah, so I think it's a really cool question. So I'll park forward. So these are definitely the five killer frauds, but if you look down the left and side, you've got these... And the order is not necessarily, totally arbitrary. These top ones, the fraud, the deposits, lending, getting better customer experience to the point I think you're about to make, generative AI, these are all really, really exciting active ecosystems where there's a lot of innovation going on at the moment. And then within each of them, you can break them open and you can have a look and see that there are five or six use cases in each one. If I broke open generative AI on one side, you've got the initial testing of some of these solutions. So do they hallucinate? Do they answer questions how they should?
But on the other side, could I build a knowledge base using this piece of technology? What is the business application that can be applied to an ecosystem like this? So I would argue that, I'm not going to bore everyone here and talk through every single use case of every single ecosystem that we're seeing at the moment, but absolutely, there was definitely five or six, maybe seven ecosystems, most of which are seen on the left-hand side of the page here that each have use cases both on a technical point of view and a business point of view that are really getting broken down by banks at the moment and being explored in a real fine tooth comb level of detail.
Rob MacDonald:
Interesting. Yeah, I mean, as we move things to an online first environment, and this is what we're going to cover in a little bit here when I start talking, is how do you prove that user is who they claim to be? So you can eliminate some of that fraud so you can ensure that deposits and lending are happening to real people and that the customer experience, when we look at injecting identity into things, first thing people think is like, "Oh, that's going to cause a whole lot of roadblocks and friction and users are not going to want to do it. How do we make that experience seamless?"
And there's always been this balance of, well, if I'm going to improve the experience, I've got to make it easy, which means it's going to be less secure. It's that trickle-down effect. Are you seeing people put up resistance to improving experience just because we got to manage fraud first and that means friction?
Oli Platt:
Yeah. So I guess it's a weird one, and they're not ones you can necessarily take apart. I think a lot of the, like you guys, you do a really good job of trying to bring these two things together. Because if you try and solve fraud, and this is I think where a lot of the organizations we work with are really understanding and put a lot of their effort. If you try and solve fraud by itself, sure, maybe you could do a pretty damn good job, but the easiest way to stop all fraud is to stop onboarding customers, end of. That kills all... There's going to be zero fraud if you just get rid of all your customers.
Obviously, that is a totally illogical approach. So what we're seeing is these fraud teams and the customer experience teams in some organizations are almost trying to view it as one and the same team or at least two teams that work incredibly closely together to go, "Okay, I've got to deal with fraud, but this cannot be at the cost of increased friction." Increasing friction is not on the cards, especially in the current climate where you want to increase your deposits, you want more customers. Trading these two things off is almost not an option, even though they have competitive effects usually baked in.
Rob MacDonald:
Yeah, a hundred percent. Okay, so let's move on to the next one here. So you're talking about the technology partner selection, so let's hear a little bit about what NayaOne does there.
Oli Platt:
So I guess I just wanted to use this, in part, as a way to talk, some of the stuff you're up to. This is a typical way that we may be leveraged by an organization. So if a bank comes in and they go, look, I really want to reduce... I'm picking one of those use cases from the previous slide account takeover fraud in this circumstance. And there are probably a bunch of key challenges. I've got to work with multiple vendors, I want to run with beta test users, I want to run this in a secure environment. How can I do that?
And there's going to be a bunch of setup that's required. I want to use varied IPs, I want to have some real people behaving. I want to see what computer are trying to access an account looks like. What happens in those circumstances? There's going to be required infrastructure and data that we can provision instantly. And ultimately, this all then comes together in trying to enable the bank to make a quick decision. Can we get this product or this new capability into the market nine months quicker than it would've otherwise been in before we got hit by a load of fines, before we had some major fallout, before technology moved on.
And that's ultimately the way we often get used, from let's ideate, let's come up with a really strong use case. Let's now agree the approach, agree what we're testing on, agree what challenges we're solving. Let's set up that infrastructure, set up that data that's required to get to the outcome. And I guess one of the really typical ways this is solved is via the NayaOne marketplace. So they will select typically vendors from that marketplace and go, "Look, these are three different vendors who could potentially solve this problem." And I guess one company that is solving this problem is you guys. And you're really working on a lot of this area and you're part of the marketplace. So I thought, Rob, that this would be quite a nice segue over into maybe some of the stuff that you could do and some of a type of vendor that would probably work in, would be testable if a bank could actually understand the capabilities of.
Rob MacDonald:
And then maybe at the end of this you can quickly cover how does somebody or how does a financial institution discover 1Kosmos on the platform? And we can talk a little bit about that at the end before everybody takes off. Of course.
Okay, so let's jump in. So proving identity online is difficult. That is not a false statement. Captain Obvious - 2023. Ensuring that the user is who they claim to be on the other side of that device is not as easy as it sounds. We use very different ways of doing that. We do username, password with maybe the use of a passkey or some sort of MFA. And we're hoping that the user is who they claim to be at the time of authentication based on the layers of technology that we put in front of that for a user to try to prove identity. There are other ways that we can go about doing that.
So let's just quickly talk about current state. Identity onboarding. It's proof of a user's identity. It's expensive, it's not always accurate, it's never reusable and it's very rarely re verified, right? So it's a siloed activity. Even if you look at it from a banking perspective, you go into the bank, you give some forms of ID, you open up an online account based on that, you don't really know that that user was the person that verified their identity at the bank or even that it was the person that clicked on the email URL that you sent to try to bind the account together. So there's lots of gaps involved in that. And then when you move into authentication, again another silo. You do a username and password, it's not tied back to the identity onboarding steps that you did.
So it doesn't prove the user's identity. It doesn't typically have a very good experience. I mean, how many usernames and passwords do you use in the run of a day, Oli, at work and outside of work? We all know what that looks like. We're not going to rehash that, but we know it's not a good experience. And then there's the fraud component to it. You touched on that as being one of the big ecosystem components within financial institutions that they're trying to solve for. How do they find the bad guys at the end of the day? How do they ensure that they're catching or managing their fraud tolerances properly? But at the end of the day, that fraud capability, those signals are not tied back to any one of these previous steps. So you're looking at everything to try to catch the one instead of really being able to narrow down that search. And we're going to talk a little bit about how you can go about doing that here in a second.
So if you look at that current state of legacy onboarding, passwords have been around since the invention of time. It's the one thing that hasn't changed in security. We've changed all these other capabilities, we've added all this new technology onboard, but we really haven't done anything to digitally onboard a user in a way that's meaningful to the business. So that one time or infrequent proof of a user's identity really isn't cutting it as we move these technologies forward. And you touched a little bit on that a little bit. So data is entered manually. All of that data could be bought for pennies on the dark web and it's not something that is really secure in terms of building new accounts. And then when we look at authentication, our authentication today is purely based on hope. And that hope is that the possession of whatever that authenticator is in possession of that user that we thought it was. It's not linked back to an onboarded identity. It can be intercepted, it can be coerced, it can be shared, it can be stolen.
And the experience usually is not particularly great. I don't know about you, but my spouse, we have a shared email account, and that shared email account is typically tied to a lot of our shared accounts. So I get password resets every day from whatever she's logging into next because that experience is frustrating. She can't remember the password, she just resets it to whatever and then goes in and does whatever she needs to do and the next time she goes to that same account, it's the same process over and over and over again. And it's just frustrating. So when we look at the convergence of identity and what 1Kosmos brings to the table here, is that we can do the identity onboarding and combine that with the user authentication to really, really improve fraud detection.
If you do the onboarding with proof of government documents and you're matching biometrics to the IDs and you're using verified identity attributes and then you're enrolling that private biometric that's protected by public and private keys that are stored on the device, whether it be a mobile phone or a laptop or whatever, and then you're using that step to then verify the user because you've verified the enrolled biometric. Well, you've done a lot to now look for fraud signals. Because if the biometric at the time of authentication doesn't match the biometric at the time the user was enrolled and verified, well there's something weird going on there and that should then throw up a signal saying something's going on with this account potentially. Right. Go ahead.
Oli Platt:
I was going to go, just one question there on the four piece in particular. So I was just wondering, so obviously you work with financial institutions all the time, right? Just wondering, how have you guys seen over the last maybe couple of years or recent trends that are starting to head forward? How are the financial institutions responding to emerging threats? What kind of trends are you seeing in this space in particular?
Rob MacDonald:
Yeah. Well, what's funny is that the trend that we're seeing is that they're looking at moving to a digital wallet. So having the users' identity verified and stored on a mobile device or in a mobile or on a web-based wallet. So when a user goes to authenticate, they want to make sure that it's them, that it's not somebody else. And they're taking steps in terms of how they go about verifying identity online to give users a more portable, verified credential that they can use when they go to authenticate in. And that's, I don't want to say North America is lagging behind a little bit, but North America is lagging behind a little bit in terms of what other countries and regions are doing.
Verified credentials are something that you guys know of in EMEA, even in Asia Pacific where it's really at its grassroots level here in North America, it's starting to spin up now and become a talking point. Where in your region, in the UK and in the rest of Europe, it's something that has been talked about and is in production in some cases, in different countries. So those are the things that we're starting to see spin up and being able to eliminate the possession element and use a biometric is where we're seeing financial institutions move to here in North America.
So yeah, so when we looked at verifying identity, there's lots of different ways you can do it. And as you do it, you build on the capabilities that you're able to provide from a security standpoint and a user experience standpoint. So depending upon where you are on the journey with the customer, there's a pyramid of things here that you can leverage. Typically, verifying a user online usually starts with a phone number and or email. And then as you're building the relationship with the customer and as the risk starts to increase in terms of the activities that you're doing with them, then you can start to look at increasing the way in which you verify the identity based on the use case and based on the journey with the customer themselves. So you can do things like SIM binding and identity proofing using document verification, and then verifying that documentation against sources like AAMVA, which is a repository of driver's licenses here or in the United States. ICAO for passports, right?
There's a bunch of different ways we can go about doing that to make sure that the presented document and the number that's on it is a legitimate document. And then triangulating all of that data, I'm going to talk about that here in a second. Leveraging biometrics. We have a feature here at 1Kosmos called Live ID. And that biometric, we capture that at the time of registration and then we use it to verify users at the time of authentication. And I'll talk about that here in a second. But at the end of it, as you build all of these things in, and I talked about a wallet earlier, you can store all of this data in the wallet. And then the benefit to our platform is that it's a blockchain backend. We have a distributed identity backend. We place all of that data that we capture here in control of the user, so nobody has access to it because it's stored on the blockchain.
The public and private key that they have stored in the TPM of their device is what unlocks their data on the blockchain. Nobody has access to it other than them. So any customer that buys our technology, they don't have access to the data, 1Kosmos doesn't have access to the data. Only the user that created the data at the time of onboarding has access to it. And then they can choose when they want to share it with other organizations or even within the bank itself. If they want to go to apply to a different service, they'll be asked, "Can you share your data?" It'll be a 'yes' or 'no' answer. Only they have access to it. So it's another unique component to our platform. But when you look at identity assurance, it's about either affirming or proofing. So typically, we just do a lot of affirmation.
It does give low assurance that the identity claimant is present, but maybe that's the low friction way to get started and move into more of a proofing journey where you start to scan in government issued IDs, national IDs, you provide the selfie, and the combination of all of those things gives you a triangulation of the data. And what we're able to do with that is then use the verification step. Remember we talked about that step being a one and done at the very beginning. We use that step and the reference biometric to then authenticate the user. So we're then combining those two pillars or swim lanes that we talked about earlier that we're independent and separate together. And then from a fraud perspective, you're now checking every time the user authenticates the live biometric to make sure they are who they claim to be. So then when you create an account, there's never a password sent. So what would happen is that your password is now your face, so there's no account takeover possible. You can't share that information.
So we start to eliminate a lot of those fraud capabilities or those fraud, I guess, capabilities or fraud ways in which you can do fraudulent transactions, whether that be synthetic identity through documents or stealing OTP passwords or whatever. So we start to eliminate a lot of those layers because what we're doing is we're using a verified identity at the time of authentication, and we've already done that verification check at the time of onboarding. That's how we start to eliminate a lot of those fraud capabilities.
Now I know that we're running close up on time here, Oli. I do have a quick demo that I can just show what that onboarding process looks like. It doesn't take long. So what we're doing here is we're setting up, this is an app-based journey that we're looking at here, and we just turned on touch ID and face ID. And that's what you're going to use to either log into the app or you can use it as an authentication method within the app as well. Now we're going to enroll a social security number. Do you guys have social security numbers in the UK? Do you use those?
Oli Platt:
No, we don't. So we have national insurance companies, but they're not quite the same by any stretch of the imagination.
Rob MacDonald:
Fair enough. Now we could maybe verify that number as well. The platform does have flexibility in terms of how we can ingest data, and it does vary by country because. We have national IDs and we have driver's licenses, and we have social security numbers. We have health cards here in Canada as well. We have a driver's license and a health card, so we can leverage all of that stuff. So you can enroll that social security number. And then now we're going to scan the front and back of a government document. Now in this instance, this is a driver's license from New Jersey. This is Mike Engel, the person that was I'm replacing today. So he's scanning his driver's license front and back, and we're reading the PDF 417 data on that as well to make sure that the data on the driver's license is legitimate. We do the same thing with the passport.
So now we're going to scan Mike's face. So this is scanning the information, sorry, the photo on the driver's license. And we're taking a selfie and we're comparing them together. So at the time of authentication or at the time of onboarding, we're ensuring that the user that's on the document is the user that's actually scanning it as well. So we're doing a cross-reference check there too. Now we can extract and verify the data. So what we're doing, verifying liveness. And we went and did a real-time check against the AAMVA database to make sure that Mike's driver's license was legitimate. It is. So we got a matched ID. And now we also gone and went and checked against some of the credit bureau data to make sure that which addresses... Is this information all accurate, to make sure that we're verifying it against the right identity.
So there's all these checks and balances that we do at the time of onboarding to make sure that we're verifying the right user. So again, that's how we start to eliminate synthetic identities out of these workflows. And the good news with all of this stuff is that... Let's go to the next slide here. Why is it not moving for me? Here we go. Is that there are standards that guide all of the things that we're doing here. So there's NIST in the United States, 800-63-3, there's the UKDIATF in your region. They are putting together guidelines to help determine what we should and shouldn't be doing here. And we are certified to both of these standards, just as an aside. And that helps establish identity in a digital way. Being able to proof and verify someone without seeing, you're doing this digitally, you never see this person. And being able to triangulate that data and biometrics to build that assurance that the user is who they claim to be.
And then if you look at it from an authentication standpoint, there's also guidelines around that. NIST has something that looks at how you authenticate a user, as does FIDO. So making sure that you enforce the right level of authentication based on the risk, based on the journey, based on all of those requirements to, again, try to manage that fraud. So being able to authenticate someone remotely. We do that via a public and private key match to a real biometric, and that's how we eliminate a lot of that stuff. And that identity-based authentication that we have, there are certification standards against that.
So we also have a certification that the biometric that we're capturing follows a series of guidelines and make sure that it's meeting industry standards at a minimum. We exceed a lot of those things. But having those certifications helps guide, not only companies like 1Kosmos, there are others that do this stuff as well to make sure that we're all meeting the same standards and then that the data that we're capturing can be used in a consistent way with any financial institution that adopts the technology. Does that make sense? Oli, what do you think?
Oli Platt:
No, it does, Rob. I guess the one question that it leads begging, is when these FIs do go in and implement a solution like you guys, I guess it's almost a similar question to that you asked me earlier, what benefits do they see back? What types of effect the return on implementing a solution like you do they end up seeing?
Rob MacDonald:
There's a couple things. You get an immediate reduction in fraud, so there's a cost benefit to that right off the bat.
Oli Platt:
A bad one to start with.
Rob MacDonald:
Yeah, exactly right. So if I can go in and say, "Hey, listen, I can reduce your fraud by 40%," there's real dollar value to that. And not only does bringing in something like 1Kosmos replace maybe the technology that you're already spending money on anyway, and likely at least at cost neutral, then you're still reducing fraud. So right off the bat, you're in a positive ROI situation with a technology like this because you're able to do such an immediate impact on your fraud reduction just based on some of the technology that we have here.
Then there's the user experience that goes along with that and the assurance that you have as an organization that users are who they claim to be. You can start to get deeper share of wallet because you're able to expand the capabilities of the organization. And then partnering with others as well, because we do have that verified credential, you could say, "Okay, as a financial institution, you're a high valued member. And if you go rent a car with this organization, we can give you a 20% discount if you shared the verified credential." So there's some business sharing opportunities and partnerships that are available as well that you could probably profit from too.
Those are always good. Right?
Oli Platt:
Definitely. Not bad. I think I saw a balloons traversing your screen there as well. I'm not sure where they came from, but a fantastic celebration almost. No-
Rob MacDonald:
I think that's a new Zoom feature. Anytime I do the thumbs up, balloons.
I haven't figured out how to turn that off yet. We so excited. Anyway. Yeah, it's all good.
Oli Platt:
Oh, no, that's fantastic. And I guess finally, just on the work you guys are up to, if you were speaking to a bank, an FI, what advice would you be suggesting they look at what to stay ahead in the world of identity, to stay ahead in this world of fraud that you guys operate in? What would you suggest that they would, maybe beyond just implement 1Kosmos as the obvious cheat answer for yourself, but what would you be suggesting they're up to?
Rob MacDonald:
Yeah, so as you're looking at, and this is for anything, right? As you're looking at implementing technologies, in a lot of cases, organizations get into trouble by looking at, okay, I have an immediate problem today. Can I solve that problem today with that technology? And the answer is yes. But that problem is going to change tomorrow. And is that technology flexible enough to meet where you need to go, either to meet that next problem or even strategically to the business? Can that technology be flexible enough to get you to where you need to go in your two to three to five year roadmap? We get into problems by solving those immediate problems, and now you've got to try to duct tape and make it do things that maybe it was never meant or built to do. So when you look at something like a 1Kosmos or technologies like 1Kosmos, we're delivering a framework that from a strategy standpoint to the business, you're able to go ahead and forward with.
One of the cool things with our technology is that we offer this kind of coexistence deployment where you can keep what you have running up and running and then put us right alongside of it. So when somebody goes to log into a screen, you've got the cool 1Kosmos way and the old gross way you used to do it. And what that does is it eases the onboarding and the journey for customers. They can do it at their leisure as you move to this new way of doing things. And if you can offer a solution where you're able to ease your customers into it, they're not going to... This is one thing people hate more than passwords, I say all the time, it's change, right? Nobody likes change.
So allowing people to change when they're ready for it will go a long way from a user experience and building the brand. But looking for technologies that you can grow with, distributed identity, digital wallets, biometric based authentication, that stuff is, that's on the edge. That's really advanced stuff and people may not be ready for that yet. But having a platform that can support you on that journey as you go to where the industry and market and world is going, as we get into distributed internets with Web3, you're going to have to be able to prove yourself online in the very near future. And looking towards that as your goal and then working with organizations like NayaOne to help you build that strategy and that path forward is really what organizations should be looking to do.
Oli Platt:
Fantastic.
Rob MacDonald:
Yeah. So listen, before we go, we are out of time. Tell us a little bit about how people can go on the NayaOne marketplace and explore and find out how they can test 1Kosmos or other technologies, for example.
Oli Platt:
Yeah, absolutely. So the easiest way to, if you are a bank or an FI, to getting involved with the NayaOne platform, is we've got an accessible marketplace that you're able to sign up for. You can find that on our website. If you're an FI, a bank, you'll be able to sign straight up there and you can explore all of those different technologies straight away.
Rob MacDonald:
Awesome.
Oli Platt:
From there you can obviously come in, select them and go, "Look, I would love to be connected to a company that's going to solve my identity problem." Let's look at running a proof of concept with them might look like. But yeah, it would be awesome to see some of the banks here heading that way and starting to actually dive into technology like this.
Rob MacDonald:
Absolutely. For sure. Listen, Oli, it's been great sitting and chatting with you today. For everybody that's on the line, this has been recorded. It will be available on our website, probably midday tomorrow. And if you want to share it with your friends, you're more than welcome. We'd actually appreciate it if you did that.
But anyway, it's a pleasure. And then just as a side note here at 1Kosmos, we do run a lot of different webinars. We do have another one coming up December 14th. There'll be more information on the website in the next coming days for that. It's going to be around managing coexistence to fuel strategy, something that we just talked about here at the end, Oli, and we look forward to seeing everybody there at that webinar.
So thanks again. And we appreciate everybody stopping by and hanging out with myself and Oli today. We look forward to talking to you again soon, Oli, it's a pleasure. Looking forward to doing it again.
Oli Platt:
All right, thanks for having me on, Rob.
Rob MacDonald:
Yep. Bye.
Robert MacDonald
VP Product Marketing
1Kosmos
Oli Platt
Product Manager
NayaOne
During this webinar, Robert MacDonald, 1Kosmos VP of Product Marketing, and Oli Platt, NayaOne Product Manager, discussed how identity will reshape security and experience across the financial industry:
- Organizations will leverage Data Triangulation to validate identity at any time, anywhere, and on any device
- The incorporation of genuine biometrics coupled with Liveness Detection is indispensable in thwarting deepfakes and other deceptive techniques.
- The utilization of identity-based authentication will serve as a robust defense against unauthorized account access and fraudulent transactions.
- Embracing a distributed ledger system will offer multiple advantages, including safeguarding Personally Identifiable Information (PII) and eliminating potential data vulnerabilities.
The finance industry has undergone a profound transformation in recent years, driven by digital technology to combat new and advanced threats while trying to improve customer engagement.
But with rampant ATO attacks and synthetic identity fraud plaguing the industry worldwide, it is time to invest in the next phase in this evolution – identity.
Identity will play a crucial role in financial services, providing a range of benefits that help to secure transactions, improve customer experience, and ensure regulatory compliance.
Robert MacDonald
VP Product Marketing
1Kosmos
Oli Platt
Product Manager
NayaOne
Video Transcript
Rob MacDonald:
Hi everybody. Rob MacDonald, VP Product Marketing here for 1Kosmos. Welcome to our Identity - Redefining the Future of Finance webinar. I'm joined by Oli Platt, Product Manager from NayaOne. Oli, why don't you give us a little, how are you doing? Tell us a little bit about yourself.
Oli Platt:
Thanks for having me on today, Rob. It's great to be here and then talking to all of you. I'm Oli Platt, so working for NayaOne, really working with a large number of our existing financial clients and a large number of the FinTechs on the other side as well. So really seeing in between that awesome space of these really innovative financial organizations, the innovative tech that they want to work with and then helping them bridge that gap is really where I spend a large amount of my time. But yeah, pleasure to be here.
Rob MacDonald:
Awesome. Listen, it's awesome having you. We have recently become partners and I think you're going to talk a little bit about where we exist within the NayaOne landscape on one of your slides. But I'm really happy to be partnered with NayaOne.
For those of you that are not familiar with 1Kosmos, we do identity verification and authentication. We're very unique in the way we combine the two of those to deliver a passwordless ecosystem. Why don't you tell us just quickly for the 1Kosmos folks that joined that maybe are not familiar with NayaOne, what you do?
Oli Platt:
Yeah, of course. So now NayaOne is ultimately sandbox as a service, which really boils down to making sure that we're enabling financial firms who maybe otherwise would need to, and rightly so, go through, say, nine months of onboarding to evaluate technology and really flipping that around. So allowing them to evaluate technology upfront with relevant synthetic data, whatever's required to doing a really full end-to-end proof of concept quickly, getting the right answer, yes, we should proceed with this FinTech or no, this is not going to work at a partnership.
But getting that answer to everyone early so the FinTech doesn't waste time onboarding and spending the next 12 months of their lives selling to a big organization, and so the bank gets to the right result straight away. So that's really where we sit. And yeah, like you say, 1Kosmos is an awesome example of one of these tech providers that we're really excited about banks getting the hands on.
Rob MacDonald:
Perfect. All right, well listen, let's jump in. You've got a couple of slides here that you want to run through. Why don't you start us off and then I'll take on the last half.
Oli Platt:
Yeah, superb. So I guess really why I wanted to use this time briefly for is almost as an example of how NayaOne is frequently used. So there were three big problems that we frequently see, financial institutions that we work with, or before we work with them, really having a pain with. And the first is what tech should they be looking at? Even identifying FinTechs that maybe solve a problem. Then we're going to talk a lot about the fraud space today. So in fraud for any given use case, say, ID verification and account takeover, who should I be looking at based on what type of organization I am, how big I'm is often the first problem. The second one is the one I was just alluding to, of that there's really complex onboarding processes to get stuff into production. I'm not trying to onboard a Microsoft or an Oracle here. I'm trying to onboard a FinTech quickly to understand how I should be running a proof of concept and not in production. So let's make sure that that is right sized.
And then finally, even once I've done all my onboarding and I've spent months doing it, I can't access data, I can't access the infrastructure without a gaining permission and doing further vetting, going through further groups and councils to get access to that. So let's make sure that that is accessible instantly for the tech that's coming through. And if we just jump over to the next slide, it starts to answer how do we help with these things? And it's exactly that. So we help with the discovery, enable this quick onboarding to de-risk integration and then ultimately provide that data and that infrastructure.
Rob MacDonald:
The next one.
Oli Platt:
Yeah, I don't know, Rob. We can maybe dive into some of the particular stuff, but is there anything in there that you think it's probably worth calling out? Obviously, we're here as K panelists, they're keen to talk.
Rob MacDonald:
Yeah, no, for sure. I mean anytime we go into any organization that's interested in our technology, obviously there's always the proof of concept. They've got to stand up an environment to see if it works and if it's compatible and to do the testing and all that kind of stuff. And that's time-consuming, as you've alluded to here, and it can be expensive. So what are you seeing in terms of the benefit of what you bring to bringing banks and FinTechs together via this sandbox as a service platform that you're delivering here?
Oli Platt:
So I guess you can view... There's multiple benefits. The first is very simple and it's a time and a cost segment. So when we typically start to work with an organization and work with them slightly on their existing processes and how they can use the platform to reduce the time, we'll typically see that there's possibly are a nine to 12 month onboarding time at that point.
So it's taking them a really long time to do this. They're engaging a whole range of teams, from legal to procurement, just to get to this answer. And that has a cost that lots of organizations don't have a track of, but those who do it typically ends up being a decent sized six figure number in pounds or dollars or something around that ballpark. And the second is this, even when you're driving this and you're willing to commit that kind of money to a proof of concept or that time, you're then picking the wrong provider. So you're spending that money and then getting no actual ROI other than maybe some knowledge in the organization. So it's really those two levers that really cause these organizations to go, "We really need to fix this broken process. We're running hundreds of these things a year or 10 of these a year, but it's still costing us a million million bucks or something ridiculous."
Rob MacDonald:
I mean it's almost... People, I don't want to say people, organizations don't look at the cost involved. And it's like, "Okay, let's go test it and see what it looks like." But the part that people forget to look at or organizations forget to look at is, well, how much is that going to cost us to go even try that? And yeah, I mean you must see it all the time.
Oli Platt:
It is exactly that. And people often go, "A proof of concept that costs us 50K a time." And really what they're talking about there is frequently the amount the FinTech is charging them to run the proof of concept. And the reason FinTechs are often charging that is because, frankly if they don't charge it, they're going to do 12 months of work and they have no idea whether this is a result. So that's normally the number that's been talked about. The internal cost is this black box of spent time and cost that no one is necessarily tracking.
Rob MacDonald:
And it's the cost to the FinTech and then it's also the cost to the man-hours or people hours involved in just trying to get it stood up and tested. And then who do you bring in to validate the testing? There's all kinds of things that are associated with getting a proof of concept up and running that it could be money spent elsewhere.
Oli Platt:
Exactly.
Rob MacDonald:
You know what I mean? And maybe add more value to the business overall instead of using something like your sandbox as a service, which is a super cool service by the way. All right, we'll move on to the next one.
Oli Platt:
Yeah, yeah, please. I think why I just wanted to spend some time, particularly, with of this, based on a lot of fraud. I thought I'd briefly, we obviously, it's in this really fortunate position where we cover loads and loads of different ecosystems of different tech and different facets of the financial industry. But if we zoom in on almost just looking at fraud and some of maybe the five most common use cases that we are seeing at the moment, these five are the ones that I felt I had to call out. Everything from account takeover, you've got your transaction monitoring, your AMLs, your sanction screening.
But we're really seeing, particularly at the US market, Rob, where obviously you personally are based, we see these fraud being a really, really highly invested in the ecosystem that a lot of banks want to do a lot of innovation in. They want to leverage the FinTech ecosystem. And these five use cases are basically, I would argue the five key ones that a lot of that innovation is currently occurring in. There are some really awesome tech and it'd be remiss of me not to say, obviously you guys are one of them. And in other parts of that ecosystem and other parts of that value chain, there are absolutely other providers doing really, really cool things that banks are constantly looking at.
Rob MacDonald:
Yeah, I mean we're going to talk about identity and how we can help prevent fraud. Also, we're going to touch on, or I'm going to touch on a little bit some of the customer experience stuff, but in terms of, let's pretend like I'm not here and you're talking to just your general bank, what are some of the use cases that banks are currently exploring, in general? Like I said, we're going to talk about fraud, but what else are you seeing? Maybe it is fraud in these five things, but what else are you seeing out there, Oli?
Oli Platt:
Well, yeah, so I think it's a really cool question. So I'll park forward. So these are definitely the five killer frauds, but if you look down the left and side, you've got these... And the order is not necessarily, totally arbitrary. These top ones, the fraud, the deposits, lending, getting better customer experience to the point I think you're about to make, generative AI, these are all really, really exciting active ecosystems where there's a lot of innovation going on at the moment. And then within each of them, you can break them open and you can have a look and see that there are five or six use cases in each one. If I broke open generative AI on one side, you've got the initial testing of some of these solutions. So do they hallucinate? Do they answer questions how they should?
But on the other side, could I build a knowledge base using this piece of technology? What is the business application that can be applied to an ecosystem like this? So I would argue that, I'm not going to bore everyone here and talk through every single use case of every single ecosystem that we're seeing at the moment, but absolutely, there was definitely five or six, maybe seven ecosystems, most of which are seen on the left-hand side of the page here that each have use cases both on a technical point of view and a business point of view that are really getting broken down by banks at the moment and being explored in a real fine tooth comb level of detail.
Rob MacDonald:
Interesting. Yeah, I mean, as we move things to an online first environment, and this is what we're going to cover in a little bit here when I start talking, is how do you prove that user is who they claim to be? So you can eliminate some of that fraud so you can ensure that deposits and lending are happening to real people and that the customer experience, when we look at injecting identity into things, first thing people think is like, "Oh, that's going to cause a whole lot of roadblocks and friction and users are not going to want to do it. How do we make that experience seamless?"
And there's always been this balance of, well, if I'm going to improve the experience, I've got to make it easy, which means it's going to be less secure. It's that trickle-down effect. Are you seeing people put up resistance to improving experience just because we got to manage fraud first and that means friction?
Oli Platt:
Yeah. So I guess it's a weird one, and they're not ones you can necessarily take apart. I think a lot of the, like you guys, you do a really good job of trying to bring these two things together. Because if you try and solve fraud, and this is I think where a lot of the organizations we work with are really understanding and put a lot of their effort. If you try and solve fraud by itself, sure, maybe you could do a pretty damn good job, but the easiest way to stop all fraud is to stop onboarding customers, end of. That kills all... There's going to be zero fraud if you just get rid of all your customers.
Obviously, that is a totally illogical approach. So what we're seeing is these fraud teams and the customer experience teams in some organizations are almost trying to view it as one and the same team or at least two teams that work incredibly closely together to go, "Okay, I've got to deal with fraud, but this cannot be at the cost of increased friction." Increasing friction is not on the cards, especially in the current climate where you want to increase your deposits, you want more customers. Trading these two things off is almost not an option, even though they have competitive effects usually baked in.
Rob MacDonald:
Yeah, a hundred percent. Okay, so let's move on to the next one here. So you're talking about the technology partner selection, so let's hear a little bit about what NayaOne does there.
Oli Platt:
So I guess I just wanted to use this, in part, as a way to talk, some of the stuff you're up to. This is a typical way that we may be leveraged by an organization. So if a bank comes in and they go, look, I really want to reduce... I'm picking one of those use cases from the previous slide account takeover fraud in this circumstance. And there are probably a bunch of key challenges. I've got to work with multiple vendors, I want to run with beta test users, I want to run this in a secure environment. How can I do that?
And there's going to be a bunch of setup that's required. I want to use varied IPs, I want to have some real people behaving. I want to see what computer are trying to access an account looks like. What happens in those circumstances? There's going to be required infrastructure and data that we can provision instantly. And ultimately, this all then comes together in trying to enable the bank to make a quick decision. Can we get this product or this new capability into the market nine months quicker than it would've otherwise been in before we got hit by a load of fines, before we had some major fallout, before technology moved on.
And that's ultimately the way we often get used, from let's ideate, let's come up with a really strong use case. Let's now agree the approach, agree what we're testing on, agree what challenges we're solving. Let's set up that infrastructure, set up that data that's required to get to the outcome. And I guess one of the really typical ways this is solved is via the NayaOne marketplace. So they will select typically vendors from that marketplace and go, "Look, these are three different vendors who could potentially solve this problem." And I guess one company that is solving this problem is you guys. And you're really working on a lot of this area and you're part of the marketplace. So I thought, Rob, that this would be quite a nice segue over into maybe some of the stuff that you could do and some of a type of vendor that would probably work in, would be testable if a bank could actually understand the capabilities of.
Rob MacDonald:
And then maybe at the end of this you can quickly cover how does somebody or how does a financial institution discover 1Kosmos on the platform? And we can talk a little bit about that at the end before everybody takes off. Of course.
Okay, so let's jump in. So proving identity online is difficult. That is not a false statement. Captain Obvious - 2023. Ensuring that the user is who they claim to be on the other side of that device is not as easy as it sounds. We use very different ways of doing that. We do username, password with maybe the use of a passkey or some sort of MFA. And we're hoping that the user is who they claim to be at the time of authentication based on the layers of technology that we put in front of that for a user to try to prove identity. There are other ways that we can go about doing that.
So let's just quickly talk about current state. Identity onboarding. It's proof of a user's identity. It's expensive, it's not always accurate, it's never reusable and it's very rarely re verified, right? So it's a siloed activity. Even if you look at it from a banking perspective, you go into the bank, you give some forms of ID, you open up an online account based on that, you don't really know that that user was the person that verified their identity at the bank or even that it was the person that clicked on the email URL that you sent to try to bind the account together. So there's lots of gaps involved in that. And then when you move into authentication, again another silo. You do a username and password, it's not tied back to the identity onboarding steps that you did.
So it doesn't prove the user's identity. It doesn't typically have a very good experience. I mean, how many usernames and passwords do you use in the run of a day, Oli, at work and outside of work? We all know what that looks like. We're not going to rehash that, but we know it's not a good experience. And then there's the fraud component to it. You touched on that as being one of the big ecosystem components within financial institutions that they're trying to solve for. How do they find the bad guys at the end of the day? How do they ensure that they're catching or managing their fraud tolerances properly? But at the end of the day, that fraud capability, those signals are not tied back to any one of these previous steps. So you're looking at everything to try to catch the one instead of really being able to narrow down that search. And we're going to talk a little bit about how you can go about doing that here in a second.
So if you look at that current state of legacy onboarding, passwords have been around since the invention of time. It's the one thing that hasn't changed in security. We've changed all these other capabilities, we've added all this new technology onboard, but we really haven't done anything to digitally onboard a user in a way that's meaningful to the business. So that one time or infrequent proof of a user's identity really isn't cutting it as we move these technologies forward. And you touched a little bit on that a little bit. So data is entered manually. All of that data could be bought for pennies on the dark web and it's not something that is really secure in terms of building new accounts. And then when we look at authentication, our authentication today is purely based on hope. And that hope is that the possession of whatever that authenticator is in possession of that user that we thought it was. It's not linked back to an onboarded identity. It can be intercepted, it can be coerced, it can be shared, it can be stolen.
And the experience usually is not particularly great. I don't know about you, but my spouse, we have a shared email account, and that shared email account is typically tied to a lot of our shared accounts. So I get password resets every day from whatever she's logging into next because that experience is frustrating. She can't remember the password, she just resets it to whatever and then goes in and does whatever she needs to do and the next time she goes to that same account, it's the same process over and over and over again. And it's just frustrating. So when we look at the convergence of identity and what 1Kosmos brings to the table here, is that we can do the identity onboarding and combine that with the user authentication to really, really improve fraud detection.
If you do the onboarding with proof of government documents and you're matching biometrics to the IDs and you're using verified identity attributes and then you're enrolling that private biometric that's protected by public and private keys that are stored on the device, whether it be a mobile phone or a laptop or whatever, and then you're using that step to then verify the user because you've verified the enrolled biometric. Well, you've done a lot to now look for fraud signals. Because if the biometric at the time of authentication doesn't match the biometric at the time the user was enrolled and verified, well there's something weird going on there and that should then throw up a signal saying something's going on with this account potentially. Right. Go ahead.
Oli Platt:
I was going to go, just one question there on the four piece in particular. So I was just wondering, so obviously you work with financial institutions all the time, right? Just wondering, how have you guys seen over the last maybe couple of years or recent trends that are starting to head forward? How are the financial institutions responding to emerging threats? What kind of trends are you seeing in this space in particular?
Rob MacDonald:
Yeah. Well, what's funny is that the trend that we're seeing is that they're looking at moving to a digital wallet. So having the users' identity verified and stored on a mobile device or in a mobile or on a web-based wallet. So when a user goes to authenticate, they want to make sure that it's them, that it's not somebody else. And they're taking steps in terms of how they go about verifying identity online to give users a more portable, verified credential that they can use when they go to authenticate in. And that's, I don't want to say North America is lagging behind a little bit, but North America is lagging behind a little bit in terms of what other countries and regions are doing.
Verified credentials are something that you guys know of in EMEA, even in Asia Pacific where it's really at its grassroots level here in North America, it's starting to spin up now and become a talking point. Where in your region, in the UK and in the rest of Europe, it's something that has been talked about and is in production in some cases, in different countries. So those are the things that we're starting to see spin up and being able to eliminate the possession element and use a biometric is where we're seeing financial institutions move to here in North America.
So yeah, so when we looked at verifying identity, there's lots of different ways you can do it. And as you do it, you build on the capabilities that you're able to provide from a security standpoint and a user experience standpoint. So depending upon where you are on the journey with the customer, there's a pyramid of things here that you can leverage. Typically, verifying a user online usually starts with a phone number and or email. And then as you're building the relationship with the customer and as the risk starts to increase in terms of the activities that you're doing with them, then you can start to look at increasing the way in which you verify the identity based on the use case and based on the journey with the customer themselves. So you can do things like SIM binding and identity proofing using document verification, and then verifying that documentation against sources like AAMVA, which is a repository of driver's licenses here or in the United States. ICAO for passports, right?
There's a bunch of different ways we can go about doing that to make sure that the presented document and the number that's on it is a legitimate document. And then triangulating all of that data, I'm going to talk about that here in a second. Leveraging biometrics. We have a feature here at 1Kosmos called Live ID. And that biometric, we capture that at the time of registration and then we use it to verify users at the time of authentication. And I'll talk about that here in a second. But at the end of it, as you build all of these things in, and I talked about a wallet earlier, you can store all of this data in the wallet. And then the benefit to our platform is that it's a blockchain backend. We have a distributed identity backend. We place all of that data that we capture here in control of the user, so nobody has access to it because it's stored on the blockchain.
The public and private key that they have stored in the TPM of their device is what unlocks their data on the blockchain. Nobody has access to it other than them. So any customer that buys our technology, they don't have access to the data, 1Kosmos doesn't have access to the data. Only the user that created the data at the time of onboarding has access to it. And then they can choose when they want to share it with other organizations or even within the bank itself. If they want to go to apply to a different service, they'll be asked, "Can you share your data?" It'll be a 'yes' or 'no' answer. Only they have access to it. So it's another unique component to our platform. But when you look at identity assurance, it's about either affirming or proofing. So typically, we just do a lot of affirmation.
It does give low assurance that the identity claimant is present, but maybe that's the low friction way to get started and move into more of a proofing journey where you start to scan in government issued IDs, national IDs, you provide the selfie, and the combination of all of those things gives you a triangulation of the data. And what we're able to do with that is then use the verification step. Remember we talked about that step being a one and done at the very beginning. We use that step and the reference biometric to then authenticate the user. So we're then combining those two pillars or swim lanes that we talked about earlier that we're independent and separate together. And then from a fraud perspective, you're now checking every time the user authenticates the live biometric to make sure they are who they claim to be. So then when you create an account, there's never a password sent. So what would happen is that your password is now your face, so there's no account takeover possible. You can't share that information.
So we start to eliminate a lot of those fraud capabilities or those fraud, I guess, capabilities or fraud ways in which you can do fraudulent transactions, whether that be synthetic identity through documents or stealing OTP passwords or whatever. So we start to eliminate a lot of those layers because what we're doing is we're using a verified identity at the time of authentication, and we've already done that verification check at the time of onboarding. That's how we start to eliminate a lot of those fraud capabilities.
Now I know that we're running close up on time here, Oli. I do have a quick demo that I can just show what that onboarding process looks like. It doesn't take long. So what we're doing here is we're setting up, this is an app-based journey that we're looking at here, and we just turned on touch ID and face ID. And that's what you're going to use to either log into the app or you can use it as an authentication method within the app as well. Now we're going to enroll a social security number. Do you guys have social security numbers in the UK? Do you use those?
Oli Platt:
No, we don't. So we have national insurance companies, but they're not quite the same by any stretch of the imagination.
Rob MacDonald:
Fair enough. Now we could maybe verify that number as well. The platform does have flexibility in terms of how we can ingest data, and it does vary by country because. We have national IDs and we have driver's licenses, and we have social security numbers. We have health cards here in Canada as well. We have a driver's license and a health card, so we can leverage all of that stuff. So you can enroll that social security number. And then now we're going to scan the front and back of a government document. Now in this instance, this is a driver's license from New Jersey. This is Mike Engel, the person that was I'm replacing today. So he's scanning his driver's license front and back, and we're reading the PDF 417 data on that as well to make sure that the data on the driver's license is legitimate. We do the same thing with the passport.
So now we're going to scan Mike's face. So this is scanning the information, sorry, the photo on the driver's license. And we're taking a selfie and we're comparing them together. So at the time of authentication or at the time of onboarding, we're ensuring that the user that's on the document is the user that's actually scanning it as well. So we're doing a cross-reference check there too. Now we can extract and verify the data. So what we're doing, verifying liveness. And we went and did a real-time check against the AAMVA database to make sure that Mike's driver's license was legitimate. It is. So we got a matched ID. And now we also gone and went and checked against some of the credit bureau data to make sure that which addresses... Is this information all accurate, to make sure that we're verifying it against the right identity.
So there's all these checks and balances that we do at the time of onboarding to make sure that we're verifying the right user. So again, that's how we start to eliminate synthetic identities out of these workflows. And the good news with all of this stuff is that... Let's go to the next slide here. Why is it not moving for me? Here we go. Is that there are standards that guide all of the things that we're doing here. So there's NIST in the United States, 800-63-3, there's the UKDIATF in your region. They are putting together guidelines to help determine what we should and shouldn't be doing here. And we are certified to both of these standards, just as an aside. And that helps establish identity in a digital way. Being able to proof and verify someone without seeing, you're doing this digitally, you never see this person. And being able to triangulate that data and biometrics to build that assurance that the user is who they claim to be.
And then if you look at it from an authentication standpoint, there's also guidelines around that. NIST has something that looks at how you authenticate a user, as does FIDO. So making sure that you enforce the right level of authentication based on the risk, based on the journey, based on all of those requirements to, again, try to manage that fraud. So being able to authenticate someone remotely. We do that via a public and private key match to a real biometric, and that's how we eliminate a lot of that stuff. And that identity-based authentication that we have, there are certification standards against that.
So we also have a certification that the biometric that we're capturing follows a series of guidelines and make sure that it's meeting industry standards at a minimum. We exceed a lot of those things. But having those certifications helps guide, not only companies like 1Kosmos, there are others that do this stuff as well to make sure that we're all meeting the same standards and then that the data that we're capturing can be used in a consistent way with any financial institution that adopts the technology. Does that make sense? Oli, what do you think?
Oli Platt:
No, it does, Rob. I guess the one question that it leads begging, is when these FIs do go in and implement a solution like you guys, I guess it's almost a similar question to that you asked me earlier, what benefits do they see back? What types of effect the return on implementing a solution like you do they end up seeing?
Rob MacDonald:
There's a couple things. You get an immediate reduction in fraud, so there's a cost benefit to that right off the bat.
Oli Platt:
A bad one to start with.
Rob MacDonald:
Yeah, exactly right. So if I can go in and say, "Hey, listen, I can reduce your fraud by 40%," there's real dollar value to that. And not only does bringing in something like 1Kosmos replace maybe the technology that you're already spending money on anyway, and likely at least at cost neutral, then you're still reducing fraud. So right off the bat, you're in a positive ROI situation with a technology like this because you're able to do such an immediate impact on your fraud reduction just based on some of the technology that we have here.
Then there's the user experience that goes along with that and the assurance that you have as an organization that users are who they claim to be. You can start to get deeper share of wallet because you're able to expand the capabilities of the organization. And then partnering with others as well, because we do have that verified credential, you could say, "Okay, as a financial institution, you're a high valued member. And if you go rent a car with this organization, we can give you a 20% discount if you shared the verified credential." So there's some business sharing opportunities and partnerships that are available as well that you could probably profit from too.
Those are always good. Right?
Oli Platt:
Definitely. Not bad. I think I saw a balloons traversing your screen there as well. I'm not sure where they came from, but a fantastic celebration almost. No-
Rob MacDonald:
I think that's a new Zoom feature. Anytime I do the thumbs up, balloons.
I haven't figured out how to turn that off yet. We so excited. Anyway. Yeah, it's all good.
Oli Platt:
Oh, no, that's fantastic. And I guess finally, just on the work you guys are up to, if you were speaking to a bank, an FI, what advice would you be suggesting they look at what to stay ahead in the world of identity, to stay ahead in this world of fraud that you guys operate in? What would you suggest that they would, maybe beyond just implement 1Kosmos as the obvious cheat answer for yourself, but what would you be suggesting they're up to?
Rob MacDonald:
Yeah, so as you're looking at, and this is for anything, right? As you're looking at implementing technologies, in a lot of cases, organizations get into trouble by looking at, okay, I have an immediate problem today. Can I solve that problem today with that technology? And the answer is yes. But that problem is going to change tomorrow. And is that technology flexible enough to meet where you need to go, either to meet that next problem or even strategically to the business? Can that technology be flexible enough to get you to where you need to go in your two to three to five year roadmap? We get into problems by solving those immediate problems, and now you've got to try to duct tape and make it do things that maybe it was never meant or built to do. So when you look at something like a 1Kosmos or technologies like 1Kosmos, we're delivering a framework that from a strategy standpoint to the business, you're able to go ahead and forward with.
One of the cool things with our technology is that we offer this kind of coexistence deployment where you can keep what you have running up and running and then put us right alongside of it. So when somebody goes to log into a screen, you've got the cool 1Kosmos way and the old gross way you used to do it. And what that does is it eases the onboarding and the journey for customers. They can do it at their leisure as you move to this new way of doing things. And if you can offer a solution where you're able to ease your customers into it, they're not going to... This is one thing people hate more than passwords, I say all the time, it's change, right? Nobody likes change.
So allowing people to change when they're ready for it will go a long way from a user experience and building the brand. But looking for technologies that you can grow with, distributed identity, digital wallets, biometric based authentication, that stuff is, that's on the edge. That's really advanced stuff and people may not be ready for that yet. But having a platform that can support you on that journey as you go to where the industry and market and world is going, as we get into distributed internets with Web3, you're going to have to be able to prove yourself online in the very near future. And looking towards that as your goal and then working with organizations like NayaOne to help you build that strategy and that path forward is really what organizations should be looking to do.
Oli Platt:
Fantastic.
Rob MacDonald:
Yeah. So listen, before we go, we are out of time. Tell us a little bit about how people can go on the NayaOne marketplace and explore and find out how they can test 1Kosmos or other technologies, for example.
Oli Platt:
Yeah, absolutely. So the easiest way to, if you are a bank or an FI, to getting involved with the NayaOne platform, is we've got an accessible marketplace that you're able to sign up for. You can find that on our website. If you're an FI, a bank, you'll be able to sign straight up there and you can explore all of those different technologies straight away.
Rob MacDonald:
Awesome.
Oli Platt:
From there you can obviously come in, select them and go, "Look, I would love to be connected to a company that's going to solve my identity problem." Let's look at running a proof of concept with them might look like. But yeah, it would be awesome to see some of the banks here heading that way and starting to actually dive into technology like this.
Rob MacDonald:
Absolutely. For sure. Listen, Oli, it's been great sitting and chatting with you today. For everybody that's on the line, this has been recorded. It will be available on our website, probably midday tomorrow. And if you want to share it with your friends, you're more than welcome. We'd actually appreciate it if you did that.
But anyway, it's a pleasure. And then just as a side note here at 1Kosmos, we do run a lot of different webinars. We do have another one coming up December 14th. There'll be more information on the website in the next coming days for that. It's going to be around managing coexistence to fuel strategy, something that we just talked about here at the end, Oli, and we look forward to seeing everybody there at that webinar.
So thanks again. And we appreciate everybody stopping by and hanging out with myself and Oli today. We look forward to talking to you again soon, Oli, it's a pleasure. Looking forward to doing it again.
Oli Platt:
All right, thanks for having me on, Rob.
Rob MacDonald:
Yep. Bye.
Hi everybody. Rob MacDonald, VP Product Marketing here for 1Kosmos. Welcome to our Identity - Redefining the Future of Finance webinar. I'm joined by Oli Platt, Product Manager from NayaOne. Oli, why don't you give us a little, how are you doing? Tell us a little bit about yourself.
Oli Platt:
Thanks for having me on today, Rob. It's great to be here and then talking to all of you. I'm Oli Platt, so working for NayaOne, really working with a large number of our existing financial clients and a large number of the FinTechs on the other side as well. So really seeing in between that awesome space of these really innovative financial organizations, the innovative tech that they want to work with and then helping them bridge that gap is really where I spend a large amount of my time. But yeah, pleasure to be here.
Rob MacDonald:
Awesome. Listen, it's awesome having you. We have recently become partners and I think you're going to talk a little bit about where we exist within the NayaOne landscape on one of your slides. But I'm really happy to be partnered with NayaOne.
For those of you that are not familiar with 1Kosmos, we do identity verification and authentication. We're very unique in the way we combine the two of those to deliver a passwordless ecosystem. Why don't you tell us just quickly for the 1Kosmos folks that joined that maybe are not familiar with NayaOne, what you do?
Oli Platt:
Yeah, of course. So now NayaOne is ultimately sandbox as a service, which really boils down to making sure that we're enabling financial firms who maybe otherwise would need to, and rightly so, go through, say, nine months of onboarding to evaluate technology and really flipping that around. So allowing them to evaluate technology upfront with relevant synthetic data, whatever's required to doing a really full end-to-end proof of concept quickly, getting the right answer, yes, we should proceed with this FinTech or no, this is not going to work at a partnership.
But getting that answer to everyone early so the FinTech doesn't waste time onboarding and spending the next 12 months of their lives selling to a big organization, and so the bank gets to the right result straight away. So that's really where we sit. And yeah, like you say, 1Kosmos is an awesome example of one of these tech providers that we're really excited about banks getting the hands on.
Rob MacDonald:
Perfect. All right, well listen, let's jump in. You've got a couple of slides here that you want to run through. Why don't you start us off and then I'll take on the last half.
Oli Platt:
Yeah, superb. So I guess really why I wanted to use this time briefly for is almost as an example of how NayaOne is frequently used. So there were three big problems that we frequently see, financial institutions that we work with, or before we work with them, really having a pain with. And the first is what tech should they be looking at? Even identifying FinTechs that maybe solve a problem. Then we're going to talk a lot about the fraud space today. So in fraud for any given use case, say, ID verification and account takeover, who should I be looking at based on what type of organization I am, how big I'm is often the first problem. The second one is the one I was just alluding to, of that there's really complex onboarding processes to get stuff into production. I'm not trying to onboard a Microsoft or an Oracle here. I'm trying to onboard a FinTech quickly to understand how I should be running a proof of concept and not in production. So let's make sure that that is right sized.
And then finally, even once I've done all my onboarding and I've spent months doing it, I can't access data, I can't access the infrastructure without a gaining permission and doing further vetting, going through further groups and councils to get access to that. So let's make sure that that is accessible instantly for the tech that's coming through. And if we just jump over to the next slide, it starts to answer how do we help with these things? And it's exactly that. So we help with the discovery, enable this quick onboarding to de-risk integration and then ultimately provide that data and that infrastructure.
Rob MacDonald:
The next one.
Oli Platt:
Yeah, I don't know, Rob. We can maybe dive into some of the particular stuff, but is there anything in there that you think it's probably worth calling out? Obviously, we're here as K panelists, they're keen to talk.
Rob MacDonald:
Yeah, no, for sure. I mean anytime we go into any organization that's interested in our technology, obviously there's always the proof of concept. They've got to stand up an environment to see if it works and if it's compatible and to do the testing and all that kind of stuff. And that's time-consuming, as you've alluded to here, and it can be expensive. So what are you seeing in terms of the benefit of what you bring to bringing banks and FinTechs together via this sandbox as a service platform that you're delivering here?
Oli Platt:
So I guess you can view... There's multiple benefits. The first is very simple and it's a time and a cost segment. So when we typically start to work with an organization and work with them slightly on their existing processes and how they can use the platform to reduce the time, we'll typically see that there's possibly are a nine to 12 month onboarding time at that point.
So it's taking them a really long time to do this. They're engaging a whole range of teams, from legal to procurement, just to get to this answer. And that has a cost that lots of organizations don't have a track of, but those who do it typically ends up being a decent sized six figure number in pounds or dollars or something around that ballpark. And the second is this, even when you're driving this and you're willing to commit that kind of money to a proof of concept or that time, you're then picking the wrong provider. So you're spending that money and then getting no actual ROI other than maybe some knowledge in the organization. So it's really those two levers that really cause these organizations to go, "We really need to fix this broken process. We're running hundreds of these things a year or 10 of these a year, but it's still costing us a million million bucks or something ridiculous."
Rob MacDonald:
I mean it's almost... People, I don't want to say people, organizations don't look at the cost involved. And it's like, "Okay, let's go test it and see what it looks like." But the part that people forget to look at or organizations forget to look at is, well, how much is that going to cost us to go even try that? And yeah, I mean you must see it all the time.
Oli Platt:
It is exactly that. And people often go, "A proof of concept that costs us 50K a time." And really what they're talking about there is frequently the amount the FinTech is charging them to run the proof of concept. And the reason FinTechs are often charging that is because, frankly if they don't charge it, they're going to do 12 months of work and they have no idea whether this is a result. So that's normally the number that's been talked about. The internal cost is this black box of spent time and cost that no one is necessarily tracking.
Rob MacDonald:
And it's the cost to the FinTech and then it's also the cost to the man-hours or people hours involved in just trying to get it stood up and tested. And then who do you bring in to validate the testing? There's all kinds of things that are associated with getting a proof of concept up and running that it could be money spent elsewhere.
Oli Platt:
Exactly.
Rob MacDonald:
You know what I mean? And maybe add more value to the business overall instead of using something like your sandbox as a service, which is a super cool service by the way. All right, we'll move on to the next one.
Oli Platt:
Yeah, yeah, please. I think why I just wanted to spend some time, particularly, with of this, based on a lot of fraud. I thought I'd briefly, we obviously, it's in this really fortunate position where we cover loads and loads of different ecosystems of different tech and different facets of the financial industry. But if we zoom in on almost just looking at fraud and some of maybe the five most common use cases that we are seeing at the moment, these five are the ones that I felt I had to call out. Everything from account takeover, you've got your transaction monitoring, your AMLs, your sanction screening.
But we're really seeing, particularly at the US market, Rob, where obviously you personally are based, we see these fraud being a really, really highly invested in the ecosystem that a lot of banks want to do a lot of innovation in. They want to leverage the FinTech ecosystem. And these five use cases are basically, I would argue the five key ones that a lot of that innovation is currently occurring in. There are some really awesome tech and it'd be remiss of me not to say, obviously you guys are one of them. And in other parts of that ecosystem and other parts of that value chain, there are absolutely other providers doing really, really cool things that banks are constantly looking at.
Rob MacDonald:
Yeah, I mean we're going to talk about identity and how we can help prevent fraud. Also, we're going to touch on, or I'm going to touch on a little bit some of the customer experience stuff, but in terms of, let's pretend like I'm not here and you're talking to just your general bank, what are some of the use cases that banks are currently exploring, in general? Like I said, we're going to talk about fraud, but what else are you seeing? Maybe it is fraud in these five things, but what else are you seeing out there, Oli?
Oli Platt:
Well, yeah, so I think it's a really cool question. So I'll park forward. So these are definitely the five killer frauds, but if you look down the left and side, you've got these... And the order is not necessarily, totally arbitrary. These top ones, the fraud, the deposits, lending, getting better customer experience to the point I think you're about to make, generative AI, these are all really, really exciting active ecosystems where there's a lot of innovation going on at the moment. And then within each of them, you can break them open and you can have a look and see that there are five or six use cases in each one. If I broke open generative AI on one side, you've got the initial testing of some of these solutions. So do they hallucinate? Do they answer questions how they should?
But on the other side, could I build a knowledge base using this piece of technology? What is the business application that can be applied to an ecosystem like this? So I would argue that, I'm not going to bore everyone here and talk through every single use case of every single ecosystem that we're seeing at the moment, but absolutely, there was definitely five or six, maybe seven ecosystems, most of which are seen on the left-hand side of the page here that each have use cases both on a technical point of view and a business point of view that are really getting broken down by banks at the moment and being explored in a real fine tooth comb level of detail.
Rob MacDonald:
Interesting. Yeah, I mean, as we move things to an online first environment, and this is what we're going to cover in a little bit here when I start talking, is how do you prove that user is who they claim to be? So you can eliminate some of that fraud so you can ensure that deposits and lending are happening to real people and that the customer experience, when we look at injecting identity into things, first thing people think is like, "Oh, that's going to cause a whole lot of roadblocks and friction and users are not going to want to do it. How do we make that experience seamless?"
And there's always been this balance of, well, if I'm going to improve the experience, I've got to make it easy, which means it's going to be less secure. It's that trickle-down effect. Are you seeing people put up resistance to improving experience just because we got to manage fraud first and that means friction?
Oli Platt:
Yeah. So I guess it's a weird one, and they're not ones you can necessarily take apart. I think a lot of the, like you guys, you do a really good job of trying to bring these two things together. Because if you try and solve fraud, and this is I think where a lot of the organizations we work with are really understanding and put a lot of their effort. If you try and solve fraud by itself, sure, maybe you could do a pretty damn good job, but the easiest way to stop all fraud is to stop onboarding customers, end of. That kills all... There's going to be zero fraud if you just get rid of all your customers.
Obviously, that is a totally illogical approach. So what we're seeing is these fraud teams and the customer experience teams in some organizations are almost trying to view it as one and the same team or at least two teams that work incredibly closely together to go, "Okay, I've got to deal with fraud, but this cannot be at the cost of increased friction." Increasing friction is not on the cards, especially in the current climate where you want to increase your deposits, you want more customers. Trading these two things off is almost not an option, even though they have competitive effects usually baked in.
Rob MacDonald:
Yeah, a hundred percent. Okay, so let's move on to the next one here. So you're talking about the technology partner selection, so let's hear a little bit about what NayaOne does there.
Oli Platt:
So I guess I just wanted to use this, in part, as a way to talk, some of the stuff you're up to. This is a typical way that we may be leveraged by an organization. So if a bank comes in and they go, look, I really want to reduce... I'm picking one of those use cases from the previous slide account takeover fraud in this circumstance. And there are probably a bunch of key challenges. I've got to work with multiple vendors, I want to run with beta test users, I want to run this in a secure environment. How can I do that?
And there's going to be a bunch of setup that's required. I want to use varied IPs, I want to have some real people behaving. I want to see what computer are trying to access an account looks like. What happens in those circumstances? There's going to be required infrastructure and data that we can provision instantly. And ultimately, this all then comes together in trying to enable the bank to make a quick decision. Can we get this product or this new capability into the market nine months quicker than it would've otherwise been in before we got hit by a load of fines, before we had some major fallout, before technology moved on.
And that's ultimately the way we often get used, from let's ideate, let's come up with a really strong use case. Let's now agree the approach, agree what we're testing on, agree what challenges we're solving. Let's set up that infrastructure, set up that data that's required to get to the outcome. And I guess one of the really typical ways this is solved is via the NayaOne marketplace. So they will select typically vendors from that marketplace and go, "Look, these are three different vendors who could potentially solve this problem." And I guess one company that is solving this problem is you guys. And you're really working on a lot of this area and you're part of the marketplace. So I thought, Rob, that this would be quite a nice segue over into maybe some of the stuff that you could do and some of a type of vendor that would probably work in, would be testable if a bank could actually understand the capabilities of.
Rob MacDonald:
And then maybe at the end of this you can quickly cover how does somebody or how does a financial institution discover 1Kosmos on the platform? And we can talk a little bit about that at the end before everybody takes off. Of course.
Okay, so let's jump in. So proving identity online is difficult. That is not a false statement. Captain Obvious - 2023. Ensuring that the user is who they claim to be on the other side of that device is not as easy as it sounds. We use very different ways of doing that. We do username, password with maybe the use of a passkey or some sort of MFA. And we're hoping that the user is who they claim to be at the time of authentication based on the layers of technology that we put in front of that for a user to try to prove identity. There are other ways that we can go about doing that.
So let's just quickly talk about current state. Identity onboarding. It's proof of a user's identity. It's expensive, it's not always accurate, it's never reusable and it's very rarely re verified, right? So it's a siloed activity. Even if you look at it from a banking perspective, you go into the bank, you give some forms of ID, you open up an online account based on that, you don't really know that that user was the person that verified their identity at the bank or even that it was the person that clicked on the email URL that you sent to try to bind the account together. So there's lots of gaps involved in that. And then when you move into authentication, again another silo. You do a username and password, it's not tied back to the identity onboarding steps that you did.
So it doesn't prove the user's identity. It doesn't typically have a very good experience. I mean, how many usernames and passwords do you use in the run of a day, Oli, at work and outside of work? We all know what that looks like. We're not going to rehash that, but we know it's not a good experience. And then there's the fraud component to it. You touched on that as being one of the big ecosystem components within financial institutions that they're trying to solve for. How do they find the bad guys at the end of the day? How do they ensure that they're catching or managing their fraud tolerances properly? But at the end of the day, that fraud capability, those signals are not tied back to any one of these previous steps. So you're looking at everything to try to catch the one instead of really being able to narrow down that search. And we're going to talk a little bit about how you can go about doing that here in a second.
So if you look at that current state of legacy onboarding, passwords have been around since the invention of time. It's the one thing that hasn't changed in security. We've changed all these other capabilities, we've added all this new technology onboard, but we really haven't done anything to digitally onboard a user in a way that's meaningful to the business. So that one time or infrequent proof of a user's identity really isn't cutting it as we move these technologies forward. And you touched a little bit on that a little bit. So data is entered manually. All of that data could be bought for pennies on the dark web and it's not something that is really secure in terms of building new accounts. And then when we look at authentication, our authentication today is purely based on hope. And that hope is that the possession of whatever that authenticator is in possession of that user that we thought it was. It's not linked back to an onboarded identity. It can be intercepted, it can be coerced, it can be shared, it can be stolen.
And the experience usually is not particularly great. I don't know about you, but my spouse, we have a shared email account, and that shared email account is typically tied to a lot of our shared accounts. So I get password resets every day from whatever she's logging into next because that experience is frustrating. She can't remember the password, she just resets it to whatever and then goes in and does whatever she needs to do and the next time she goes to that same account, it's the same process over and over and over again. And it's just frustrating. So when we look at the convergence of identity and what 1Kosmos brings to the table here, is that we can do the identity onboarding and combine that with the user authentication to really, really improve fraud detection.
If you do the onboarding with proof of government documents and you're matching biometrics to the IDs and you're using verified identity attributes and then you're enrolling that private biometric that's protected by public and private keys that are stored on the device, whether it be a mobile phone or a laptop or whatever, and then you're using that step to then verify the user because you've verified the enrolled biometric. Well, you've done a lot to now look for fraud signals. Because if the biometric at the time of authentication doesn't match the biometric at the time the user was enrolled and verified, well there's something weird going on there and that should then throw up a signal saying something's going on with this account potentially. Right. Go ahead.
Oli Platt:
I was going to go, just one question there on the four piece in particular. So I was just wondering, so obviously you work with financial institutions all the time, right? Just wondering, how have you guys seen over the last maybe couple of years or recent trends that are starting to head forward? How are the financial institutions responding to emerging threats? What kind of trends are you seeing in this space in particular?
Rob MacDonald:
Yeah. Well, what's funny is that the trend that we're seeing is that they're looking at moving to a digital wallet. So having the users' identity verified and stored on a mobile device or in a mobile or on a web-based wallet. So when a user goes to authenticate, they want to make sure that it's them, that it's not somebody else. And they're taking steps in terms of how they go about verifying identity online to give users a more portable, verified credential that they can use when they go to authenticate in. And that's, I don't want to say North America is lagging behind a little bit, but North America is lagging behind a little bit in terms of what other countries and regions are doing.
Verified credentials are something that you guys know of in EMEA, even in Asia Pacific where it's really at its grassroots level here in North America, it's starting to spin up now and become a talking point. Where in your region, in the UK and in the rest of Europe, it's something that has been talked about and is in production in some cases, in different countries. So those are the things that we're starting to see spin up and being able to eliminate the possession element and use a biometric is where we're seeing financial institutions move to here in North America.
So yeah, so when we looked at verifying identity, there's lots of different ways you can do it. And as you do it, you build on the capabilities that you're able to provide from a security standpoint and a user experience standpoint. So depending upon where you are on the journey with the customer, there's a pyramid of things here that you can leverage. Typically, verifying a user online usually starts with a phone number and or email. And then as you're building the relationship with the customer and as the risk starts to increase in terms of the activities that you're doing with them, then you can start to look at increasing the way in which you verify the identity based on the use case and based on the journey with the customer themselves. So you can do things like SIM binding and identity proofing using document verification, and then verifying that documentation against sources like AAMVA, which is a repository of driver's licenses here or in the United States. ICAO for passports, right?
There's a bunch of different ways we can go about doing that to make sure that the presented document and the number that's on it is a legitimate document. And then triangulating all of that data, I'm going to talk about that here in a second. Leveraging biometrics. We have a feature here at 1Kosmos called Live ID. And that biometric, we capture that at the time of registration and then we use it to verify users at the time of authentication. And I'll talk about that here in a second. But at the end of it, as you build all of these things in, and I talked about a wallet earlier, you can store all of this data in the wallet. And then the benefit to our platform is that it's a blockchain backend. We have a distributed identity backend. We place all of that data that we capture here in control of the user, so nobody has access to it because it's stored on the blockchain.
The public and private key that they have stored in the TPM of their device is what unlocks their data on the blockchain. Nobody has access to it other than them. So any customer that buys our technology, they don't have access to the data, 1Kosmos doesn't have access to the data. Only the user that created the data at the time of onboarding has access to it. And then they can choose when they want to share it with other organizations or even within the bank itself. If they want to go to apply to a different service, they'll be asked, "Can you share your data?" It'll be a 'yes' or 'no' answer. Only they have access to it. So it's another unique component to our platform. But when you look at identity assurance, it's about either affirming or proofing. So typically, we just do a lot of affirmation.
It does give low assurance that the identity claimant is present, but maybe that's the low friction way to get started and move into more of a proofing journey where you start to scan in government issued IDs, national IDs, you provide the selfie, and the combination of all of those things gives you a triangulation of the data. And what we're able to do with that is then use the verification step. Remember we talked about that step being a one and done at the very beginning. We use that step and the reference biometric to then authenticate the user. So we're then combining those two pillars or swim lanes that we talked about earlier that we're independent and separate together. And then from a fraud perspective, you're now checking every time the user authenticates the live biometric to make sure they are who they claim to be. So then when you create an account, there's never a password sent. So what would happen is that your password is now your face, so there's no account takeover possible. You can't share that information.
So we start to eliminate a lot of those fraud capabilities or those fraud, I guess, capabilities or fraud ways in which you can do fraudulent transactions, whether that be synthetic identity through documents or stealing OTP passwords or whatever. So we start to eliminate a lot of those layers because what we're doing is we're using a verified identity at the time of authentication, and we've already done that verification check at the time of onboarding. That's how we start to eliminate a lot of those fraud capabilities.
Now I know that we're running close up on time here, Oli. I do have a quick demo that I can just show what that onboarding process looks like. It doesn't take long. So what we're doing here is we're setting up, this is an app-based journey that we're looking at here, and we just turned on touch ID and face ID. And that's what you're going to use to either log into the app or you can use it as an authentication method within the app as well. Now we're going to enroll a social security number. Do you guys have social security numbers in the UK? Do you use those?
Oli Platt:
No, we don't. So we have national insurance companies, but they're not quite the same by any stretch of the imagination.
Rob MacDonald:
Fair enough. Now we could maybe verify that number as well. The platform does have flexibility in terms of how we can ingest data, and it does vary by country because. We have national IDs and we have driver's licenses, and we have social security numbers. We have health cards here in Canada as well. We have a driver's license and a health card, so we can leverage all of that stuff. So you can enroll that social security number. And then now we're going to scan the front and back of a government document. Now in this instance, this is a driver's license from New Jersey. This is Mike Engel, the person that was I'm replacing today. So he's scanning his driver's license front and back, and we're reading the PDF 417 data on that as well to make sure that the data on the driver's license is legitimate. We do the same thing with the passport.
So now we're going to scan Mike's face. So this is scanning the information, sorry, the photo on the driver's license. And we're taking a selfie and we're comparing them together. So at the time of authentication or at the time of onboarding, we're ensuring that the user that's on the document is the user that's actually scanning it as well. So we're doing a cross-reference check there too. Now we can extract and verify the data. So what we're doing, verifying liveness. And we went and did a real-time check against the AAMVA database to make sure that Mike's driver's license was legitimate. It is. So we got a matched ID. And now we also gone and went and checked against some of the credit bureau data to make sure that which addresses... Is this information all accurate, to make sure that we're verifying it against the right identity.
So there's all these checks and balances that we do at the time of onboarding to make sure that we're verifying the right user. So again, that's how we start to eliminate synthetic identities out of these workflows. And the good news with all of this stuff is that... Let's go to the next slide here. Why is it not moving for me? Here we go. Is that there are standards that guide all of the things that we're doing here. So there's NIST in the United States, 800-63-3, there's the UKDIATF in your region. They are putting together guidelines to help determine what we should and shouldn't be doing here. And we are certified to both of these standards, just as an aside. And that helps establish identity in a digital way. Being able to proof and verify someone without seeing, you're doing this digitally, you never see this person. And being able to triangulate that data and biometrics to build that assurance that the user is who they claim to be.
And then if you look at it from an authentication standpoint, there's also guidelines around that. NIST has something that looks at how you authenticate a user, as does FIDO. So making sure that you enforce the right level of authentication based on the risk, based on the journey, based on all of those requirements to, again, try to manage that fraud. So being able to authenticate someone remotely. We do that via a public and private key match to a real biometric, and that's how we eliminate a lot of that stuff. And that identity-based authentication that we have, there are certification standards against that.
So we also have a certification that the biometric that we're capturing follows a series of guidelines and make sure that it's meeting industry standards at a minimum. We exceed a lot of those things. But having those certifications helps guide, not only companies like 1Kosmos, there are others that do this stuff as well to make sure that we're all meeting the same standards and then that the data that we're capturing can be used in a consistent way with any financial institution that adopts the technology. Does that make sense? Oli, what do you think?
Oli Platt:
No, it does, Rob. I guess the one question that it leads begging, is when these FIs do go in and implement a solution like you guys, I guess it's almost a similar question to that you asked me earlier, what benefits do they see back? What types of effect the return on implementing a solution like you do they end up seeing?
Rob MacDonald:
There's a couple things. You get an immediate reduction in fraud, so there's a cost benefit to that right off the bat.
Oli Platt:
A bad one to start with.
Rob MacDonald:
Yeah, exactly right. So if I can go in and say, "Hey, listen, I can reduce your fraud by 40%," there's real dollar value to that. And not only does bringing in something like 1Kosmos replace maybe the technology that you're already spending money on anyway, and likely at least at cost neutral, then you're still reducing fraud. So right off the bat, you're in a positive ROI situation with a technology like this because you're able to do such an immediate impact on your fraud reduction just based on some of the technology that we have here.
Then there's the user experience that goes along with that and the assurance that you have as an organization that users are who they claim to be. You can start to get deeper share of wallet because you're able to expand the capabilities of the organization. And then partnering with others as well, because we do have that verified credential, you could say, "Okay, as a financial institution, you're a high valued member. And if you go rent a car with this organization, we can give you a 20% discount if you shared the verified credential." So there's some business sharing opportunities and partnerships that are available as well that you could probably profit from too.
Those are always good. Right?
Oli Platt:
Definitely. Not bad. I think I saw a balloons traversing your screen there as well. I'm not sure where they came from, but a fantastic celebration almost. No-
Rob MacDonald:
I think that's a new Zoom feature. Anytime I do the thumbs up, balloons.
I haven't figured out how to turn that off yet. We so excited. Anyway. Yeah, it's all good.
Oli Platt:
Oh, no, that's fantastic. And I guess finally, just on the work you guys are up to, if you were speaking to a bank, an FI, what advice would you be suggesting they look at what to stay ahead in the world of identity, to stay ahead in this world of fraud that you guys operate in? What would you suggest that they would, maybe beyond just implement 1Kosmos as the obvious cheat answer for yourself, but what would you be suggesting they're up to?
Rob MacDonald:
Yeah, so as you're looking at, and this is for anything, right? As you're looking at implementing technologies, in a lot of cases, organizations get into trouble by looking at, okay, I have an immediate problem today. Can I solve that problem today with that technology? And the answer is yes. But that problem is going to change tomorrow. And is that technology flexible enough to meet where you need to go, either to meet that next problem or even strategically to the business? Can that technology be flexible enough to get you to where you need to go in your two to three to five year roadmap? We get into problems by solving those immediate problems, and now you've got to try to duct tape and make it do things that maybe it was never meant or built to do. So when you look at something like a 1Kosmos or technologies like 1Kosmos, we're delivering a framework that from a strategy standpoint to the business, you're able to go ahead and forward with.
One of the cool things with our technology is that we offer this kind of coexistence deployment where you can keep what you have running up and running and then put us right alongside of it. So when somebody goes to log into a screen, you've got the cool 1Kosmos way and the old gross way you used to do it. And what that does is it eases the onboarding and the journey for customers. They can do it at their leisure as you move to this new way of doing things. And if you can offer a solution where you're able to ease your customers into it, they're not going to... This is one thing people hate more than passwords, I say all the time, it's change, right? Nobody likes change.
So allowing people to change when they're ready for it will go a long way from a user experience and building the brand. But looking for technologies that you can grow with, distributed identity, digital wallets, biometric based authentication, that stuff is, that's on the edge. That's really advanced stuff and people may not be ready for that yet. But having a platform that can support you on that journey as you go to where the industry and market and world is going, as we get into distributed internets with Web3, you're going to have to be able to prove yourself online in the very near future. And looking towards that as your goal and then working with organizations like NayaOne to help you build that strategy and that path forward is really what organizations should be looking to do.
Oli Platt:
Fantastic.
Rob MacDonald:
Yeah. So listen, before we go, we are out of time. Tell us a little bit about how people can go on the NayaOne marketplace and explore and find out how they can test 1Kosmos or other technologies, for example.
Oli Platt:
Yeah, absolutely. So the easiest way to, if you are a bank or an FI, to getting involved with the NayaOne platform, is we've got an accessible marketplace that you're able to sign up for. You can find that on our website. If you're an FI, a bank, you'll be able to sign straight up there and you can explore all of those different technologies straight away.
Rob MacDonald:
Awesome.
Oli Platt:
From there you can obviously come in, select them and go, "Look, I would love to be connected to a company that's going to solve my identity problem." Let's look at running a proof of concept with them might look like. But yeah, it would be awesome to see some of the banks here heading that way and starting to actually dive into technology like this.
Rob MacDonald:
Absolutely. For sure. Listen, Oli, it's been great sitting and chatting with you today. For everybody that's on the line, this has been recorded. It will be available on our website, probably midday tomorrow. And if you want to share it with your friends, you're more than welcome. We'd actually appreciate it if you did that.
But anyway, it's a pleasure. And then just as a side note here at 1Kosmos, we do run a lot of different webinars. We do have another one coming up December 14th. There'll be more information on the website in the next coming days for that. It's going to be around managing coexistence to fuel strategy, something that we just talked about here at the end, Oli, and we look forward to seeing everybody there at that webinar.
So thanks again. And we appreciate everybody stopping by and hanging out with myself and Oli today. We look forward to talking to you again soon, Oli, it's a pleasure. Looking forward to doing it again.
Oli Platt:
All right, thanks for having me on, Rob.
Rob MacDonald:
Yep. Bye.