As a company that championed the concept of “digital identity” more than a decade ago, Prove Identity takes verification seriously, even when it doesn't.
Case in point: As CEO Roger Desai told Karen Webster in an interview, proof shows how many times a would-be scammer (Mr. Desai) sent an email to an employee saying he was stuck in a phone jam. It is said that there is a joke circulating within the company about recording only the slightest. And they have to buy a gift card for him.
Of course, this is a joke with a serious side. Because criminals are stepping up their brazen attempts to impersonate business managers, owners, vendors, and even employees. For companies in all types of industries, this issue is ever-present and ultimately leads to the imperative of trusting interactions in the digital economy, especially when they are not in front of someone.
Even Desai, who leads an identity verification and verification platform, has become a target for bad actors who use artificial intelligence and distort it to commit identity fraud.
“Someone sent me a website with a two-second clip of my voice…and it made me sing,” Desai said. “This technology is rapidly gaining popularity and is fairly inexpensive.”
He said deepfakes are a growing threat to businesses, adding that mobile phones are often used for fraud and therefore need to be the basis for identity verification. With business identity fraud on the rise, new approaches are needed to authenticate the sender of invoices, phone calls, and even text messages.
“Most companies' digital front doors are not very secure,” he said.
What brought about the change?
The lack of security has pushed business fraud to such a lucrative level that sending fake invoices brings in billions of dollars a year in Europe, making it more profitable and more lucrative than drugs or money laundering. It has proven to be a lucrative trade.
“These scams include individuals pretending to be bank fraud departments, the government, needy relatives, well-known companies, technical support professionals, and more,” the FTC said.
Massive breaches, such as the Change Healthcare hack, exposed vast amounts of transactional data. According to Desai, this provides fodder for fraudsters looking for “reproducible” relationships, fodder for corporate impersonation schemes, fake invoices and even employee details to create synthetic IDs. That's what it means.
Part of the reason these scams are so lucrative and successful is the fact that business transactions tend to be highly “repeatable” interactions, Desai said. For example, an employee of a company that does business with ABC Carpet several times a month may unknowingly receive yet another bill (although their bank account details have been subtly changed). , or you might not be suspicious if you see a message like this on your phone: Send payments for a little fictitious business.
Before the ruse was discovered, the scammers had several payments redirected to their own accounts and then disappeared into the clouds.
Distinctive solution
Desai said the solution, whether the communication is through tweets, bots or invoices, is that “these things need to be signed. By signing, you authenticate the vendor or the person you're doing business with. And you can confirm that it's yours.” trust. “
With automatic verification, if you receive an email from someone claiming to be your boss, for example, you won't have to spend time calling the person you're doing business with to verify that the contact is indeed legitimate. he said.
Specifically, he said the signature is a cryptographic signature associated with the mobile device. Across platforms, the onboarding process is similar to that found across vendor management systems, such as those offered through Prove, which has a real-time registry of phone ID tokens associated with phone numbers through Identity Manager.
Again using the ABC Carpet example, Desai said the carpet company representative and the invoice sent can be identified via the phone number registered at the beginning of the relationship.
He told Webster that in the same way that financial institutions onboard individuals who open bank accounts and allow them to authenticate with one-time passwords, they “onboard vendor relationships in the same way.” There has to be something that you can reach out and “touch” and then “redo” the authentication…thus, you have a lineage of trust. ”
“If you can register all the phone numbers of people you trust and communicate with, you can automatically authenticate them every time,” he said.
This level of automation creates a strong digital front door that Desai said will “keep bad people out and make it easier for good people to get in.”