How To Verify Who Is Who in The Digital Space Without Compromising Privacy?

By Nima Schei, MD Founder and CEO, Hummingbirds AI Inc.

Digital interactions are rapidly increasing as more and more businesses across sectors have opted to turn digital and go completely contactless and users realize the benefits of accessing services and products online: computers, laptops, cell phones, all these devices are tools to interact in the digital world. These endpoints have our sensitive information such as IDs, social security and bank account numbers, access key to work, and even our biometrics stored in them. Clearly, these devices are much more than devices. They are the access gates to our digital and private lives. This is the case not only for individual users but also for organizations that have in their endpoints sensitive information about themselves and their own customers.

According to a recent report by the Ponemon Institute, 68% of organizations expressed suffering from endpoint attacks that compromised their data and the same number of companies said that the frequency of these endpoint attacks had increased compared to the previous year. Endpoints are at risk, because they are the gateways to valuable information that anyone, not just a professional hacker, could use for fraudulent purposes.

Endpoint security is a mandate for information security because of what it has and for what it can do: allow access to a wide range of services and transactions that also need to be secured.

The question that arises then is: How to constantly and reliably verify who the people behind the transaction and the device are and guarantee, along with the interaction, that they are who they say to be in order to protect the authorized user from intrusion and possible fraud without compromising privacy?

Securing data and identity with a 360° approach

In the cyber world, a simple action, such as shoulder surfing or visual hacking, is an effective way to obtain sensitive data and steal data that might open the door to impostors, identity theft, and data loss. Companies tend to forget the importance of information security approaches that really take every action into account for securing endpoints and authenticating the identity of the user.

A good strategy is to remember that vulnerabilities are not limited to being online. Potential data loss and identity theft can happen even when you are offline and can turn out to be equally dangerous. Today, a lot of emphasis is given to the cloud and cloud-operating applications when it comes to cyber solutions but companies must innovate and work against cyber threats surrounding the endpoints when the device is also not online. Information security providers need to realize that cybercrime needs a pair of “eyes to see it all” and that means both online, offline, on the device (whether a cell phone, a laptop), and around it.

However, this must be totally respectful with privacy. And with privacy we mean privacy regulations but beyond: any cyber solution must give everyone the certainty that their identity and sensitive data is protected in every way, including when it is on the cloud. We should probably ask ourselves: do we need to go to the cloud for security and privacy?

Privacy-first in a cloud-independent cyber environment

Once the data is on the cloud, users don’t know when and by whom the data is being accessed to. Transparency is the key, which is often lost between the end customers and service providers, when the user data is being shared without removing personally identifiable information. The future is privacy. According to Gartner, privacy is the main reason users would choose one product over another in this decade. Therefore, I’m very excited about the new wave of cloud-independent information security solutions that have emerged. Furthermore, the development of these technologies has paved the way for a strong establishment of edge computing as a powerful tool to build future-proof information  security solutions. Among its various advantages, the most important benefit is that all the sensitive and highly confidential information is stored encrypted on the device and not on the cloud. This essentially provides users and companies with the right to own their data and so, having the key to their privacy.

When you have data stored on the cloud, you do have access to it anytime but so do the hackers, third parties and anyone with access to the cloud. There have been dozens of incidents when third parties get access to clients’ data and share it between themselves. When it comes to visual data this issue becomes even more sensitive. In addition, you don’t want to tie the security of your organization and your most important assets to the security of your cloud provider. Again, we have seen dozens of incidents when a compromised password of an employee of the cloud provider led to massive data breaches. On the other hand, when data is encrypted and stored on the device, an additional layer of security is established. That’s why organizations are actively seeking robust information security solutions that can work in the background and independently from the cloud.

Facial Biometrics Data Security Solutions – The Way Forward

An endpoint is linked to its user and so are all the interactions and transactions performed on that device. Every day billions of transactions are done on devices around the world. They need to be continuously protected and it is the cyber security companies´ obligation to secure every single transaction to bring peace of mind to the user.

Facial Biometrics is becoming the core in the next generation of authentication tools, to verify that the right person is in front of the device and that it is who they say they are. It is a powerful way for securing transactions and endpoints from fraudsters and impostors because this “facial key” cannot be faked or stolen since they are a part of the user, and the only way to use them as an access key has to be through the users themselves. This provides a reliable guarantee to access devices, and grant permissions to certain information. It is ubiquitous, invisible, seamless, effective, and passwordless.

However, there is still a lot of room for improvement. Many applications use facial biometrics from a user´s selfie to access devices or services, but it only guarantees the authentication of a user at a specific moment in time. Besides, relying on a static picture is not robust and reliable: the number of false positives and also false negatives is still proving high and when it comes to accessing a bank account or a government service, the place for error must be the closest to zero.  And this is not the only problem when identity verification depends on a static one-moment image.

What happens if the user is being observed over the shoulder while accessing online banking? Or the device is stolen while the person is using the banking app? The transaction would not be secure, the device, the user and the data would be vulnerable. Such incidents need protection and so there’s a need for better and continuous authentication tools. A robust information security mechanism should add a continuous authentication method to offer protection not just at the beginning but throughout the interaction, protecting users at the access, as well as during interaction, letting them know when their data is in a vulnerable situation.

This is why visual AI solutions like the ones we at Hummingbird AI develop are based on video-based authentication and not just a selfie-check. Video-based solutions using computer vision are the next generation of authentication: Passwordless, privacy-first and continuous protection. They continuously make sure only the right person would have access to the device/app while protecting users’ privacy.  Together with real privacy-first and cloud-independent data protection, this unique combination results in an ideal solution to protect user and endpoint devices both from internal and external intrusion while providing guaranteed authentication in real-time.  No wonder, the infosec and identity and access management market is expected to reach $42 billion Dollars by 2025 .

Cyber security has to be thought of and executed holistically, and solutions need to be designed and developed with this view. This should not be mistaken with complexity but better and strategic use of the tools already existing in the industry. Unlike traditional security solutions, facial biometrics performed on the device offers continuous protection without creating any friction when it comes to the user experience, access authentication and identity verification, real-time device protection from impostors or any kind of external threats on a unified platform. This will enable organizations to proactively act against security breaches rather than being reactive.

Only the companies that truly put privacy first in their development and handling of solutions will succeed in providing the sustainable information security that the current cyber ecosystem needs.

About the Author

Nima Schei, MD Founder and CEO, Hummingbirds AI. Medical Doctor turned AI entrepreneur, disruptor and inventor, Nima Schei is the co-creator of BELBIC and BEL-based emotional machines with hundreds of use cases in finance and engineering. He is the founder and CEO at Hummingbirds AI, the “Black Swan” of the AI industry.

Hummingbirds AI is home of the Guacamole platforms, the innovative privacy-first Intelligent Applications for security and efficiency of modern enterprises. Nima’s speciality is creating efficient, high-growth startups and scaling businesses, with eyes to global expansion. Nima has started and scaled several startups in the US, LATAM and MENA. Being a digital nomad for a few years and living in three continents, he now lives with his wife and three rescued dogs in Miami Beach, Florida.

Nima can be reached online at [email protected] and at the company website https://hummingbirds.ai/