Ensuring Digital Identity Trust: Interview with Johnny Ayers, Founder, President & CEO at Socure
By Edlyn Cardoza
Nowadays, customers expect an exceptional digital experience, driving firms to provide an omnichannel, frictionless customer journey. Security and risk leaders aspire to meet these constant digital expectations. Now, with the digital boom across all platforms, organizations continue to strive to strike a balance between convenience and security, often sacrificing one for the other.
The reality is, there are ways to transparently build digital identity trust without negatively impacting the digital experience for customers. Digital Identity Trust helps customers verify identity information provided by them. It uses insights from a multi-dimensional data source, including email, contact number and mobile device. Verification is essential as more organizations are moving to digital and online channels.
Ensuring digital identity trust is Socure, a leading platform in the digital identity space. It is a real-time predictive analytics platform that applies artificial intelligence and machine learning techniques with trusted online/offline data intelligence from email, phone, address, IP, device, velocity, and the broader internet to verify identities to deliver the most accurate and robust KYC, identity verification, and fraud risk prediction solutions in the market. Their customers include 4 of the top 5 banks, 12 of the top 15 issuers, the largest payroll service providers, the largest retailers, most of the top FinTech lenders, online gaming providers, crypto exchanges, eCommerce marketplaces, neobanks, and investment managers.
IBS Intelligence sat down with Johnny Ayers, Founder, President & CEO of Socure, to discuss the importance of protecting one’s identity against fraud, the future of digital identity, and the company’s plans.
Could you give us an overview of Socure’s service offering and client base?
Socure has built an end-to-end platform for verifying identities across every dimension of a consumer’s identity: name, email, phone address, date of birth, social IP device, network velocity, physical document authentication, facial biometrics and liveness detection. And so, we’re the only solution in the market that has built out internally every single part of a consumer’s identity. We’ve then built a variety of different machine learning models on top of it to deliver the most accurate, comprehensive solution in the market, delivering for our customers the ability to say yes to the most significant number of good consumers, fully automatically with the least amount of fraud. We do that no matter how identity is onboarded or channel-agnostic, and we are agnostic to whether it’s PII or physical documents, or both. So clients hire Socure because we help them onboard the largest number of good consumers safely. Here in the US, we have four of the top five banks, twelve of the top fifteen credit card issuers, and the majority of the consumer-facing FinTechs. I know publicly we’ve talked about Chime, Public, Stash, Varo, but just about every prominent FinTech in the US is utilizing Socure. We’ve become the gold standard, but identity is not just a problem in financial services. We also have some of the largest HR payroll, online gaming, and TeleHealth providers, and we’re starting to aggressively move into e-commerce marketplaces and both state and federal agencies in the US market. And we just turned nine years old in September, so we’re going on a decade, really focusing on being the first to verify 100% of good identities and eliminate identity fraud.
And with such a vast array of clients, how do you keep their private, super-sensitive information protected? Do they ever feel nervous at all about security?
We use the most potent forms of encryption of data in motion at rest. We use a variety of techniques to ensure that we’re not just protecting one bank’s data. We’re protecting hundreds and soon to be thousands, which certainly comes with enormous responsibility, which is why we look at all the security certifications we have. We have multiple years of SoC two Type 2; we have ISO 27,001 17-18, we have high trust certification and are getting 800 171 as we move into the public sector, so security is a core part of how we design products. It’s a core cultural component, and security is everyone’s problem. We fully understand appreciating the amount of data we have, and it’s been a core part of the business; given the type of data that we deal with and the duration of time that we’ve been dealing with this, we had to mature very quickly.
Everything has become digital, especially since the pandemic. How has this boosted fraud in the sector?
If you look, the US e-commerce volume grew about $200 billion in spending between 2019 and 2020, and you saw fraud nearly grow $200 billion as well. So the move from online to mobile and web has increased the surface area for fraudsters to attack. Data breaches have made data readily available, and the ability to commit fraud from home has enabled bad actors to attack a larger number of providers. Additionally, as everything moved digitally, you’ve seen venture capital plough a ton of money into digital native, digital-first companies, which has created all these new companies that are now potentially able to be attacked. And so, just the surface area is so much larger. But you’re also seeing much more sophisticated attacks. In unemployment insurance where the US government issued about a trillion dollars of benefits, you had one of the largest influxes of cash ever in a brief period of time. That is an enormous target for bad actors. You have seen a lot of reports where they believe upwards of half of all unemployment benefits went to state-sponsored attacks and, criminal enterprises. So when there’s money available, unfortunately, bad actors will attack and not all of these digital services, while they started to enable them digitally, they didn’t have the security authentication and identity controls needed to do it safely, and so there was just a tremendous amount of money stolen over the last two years.
What types of checks does your identity (ID) verification solution run?
Socure uniquely looks at every dimension of the person’s name, email, phone address, date of birth, social IP device, behavioural velocity, physical documents, image, video, so from a single session or a single identity, we generate over 17,000 features. So, when an API call comes into Socure for name, email, phone address, date of birth, our service generates 17,000 data points about that identity across every one of them. IP to phone, phone to address, name to email, email to phone, email to address, address to date of birth, your name to all past addresses, there’s this massive amount of features that we can calculate across our graph, using third party data providers and internally derived. Those are the main kind of PII elements that we are deriving insights on the back of.
How is Socure helping BNPL providers with ID verification?
Buy now, pay later has definitely been a very hot area. I think what we’re seeing is that they have a couple of different types of fraud related to identity fraud; if they don’t have controls like Socure in place, you can scale identity attacks very large, very fast. So, where they may have disputes or first-party fraud that are onesie twosie, with identity fraud if you buy a whole bunch of stolen data and a BNPL provider doesn’t have best in class identity controls in place, fraud losses can spike fast. This is because you can use thousands of different stolen identities to attack at once in a fully automated way. So our ability to stop identity theft and be more accurate than anyone else in the market, in verifying and classifying whether the identity is the identity in question or not, is enabling buy now, pay later providers to solve that problem and then focus on their credit and first-party and dispute problems which are more like onesie twosie attacks. Fraud never stops. It just never goes away; it just moves, so the idea is if we can solve this problem for them, they can then focus their analytical team, their risk team, and their operation team on all these other problems. That’s why folks are coming to Socure. From a KYC perspective, you can verify the most significant number of people, and from the identity fraud classification side, you have built a model that looks at every dimension, and don’t need to build all these individual tools because Socure already built them and Socure’s better than all of them. Socure solves this identity problem, and we’re enabling buy now, pay later to focus on their credit problem, their dispute problem, and other types of risks that aren’t identity-related. And it’s not just buy now, pay later. It’s lending, its credit card, it’s digital banking, it’s crypto, and it’s a lot of investment management applications, as the barred inter financial services have come way down with digital and mobile. Many of these apps have scaled not to hundreds or thousands of apps, but hundreds of thousands or millions, and you have to have Socure in place, or you have to throw vast amounts of people at the problem, or you have a lot of false positives.
Recently, Socure has raised $450 million in Series E, turning it into the highest-valued company in the identity verification space. What does this funding bring for Socure?
I think that there are a couple of things that we’re going to execute with this funding. The first is taking our best-in-class identity verification and fraud prediction service into several new verticals. So if you think about highly regulated high transaction volume, high-value customers, expensive fraud losses, and real-time decisioning, there’s verticals like online gaming, Telehealth, insurance, e-commerce marketplaces, car rentals, house rentals, secondary markets and then state and federal agencies. There’s a very aggressive go to market attack plan that we’ve built where we’re taking our best in class services where we’ve proven with the most heavily regulated financial institutions in the country, that are the most secure, the most privacy-conscious, and have the highest bar of entry, as our bedrock or our foundation as we’re now moving into these other parallel verticals, upon which they’ve all built on the financial services rails. Secondarily, as we look into the product perspective, we’re heading down on being the first to verify 100% of good identities and perfectly classify identity fraud. We’re also looking at how once we are the establisher of trusted ID, we can then move on, going further into the customer lifecycle of authentication, account takeover, device binding; there’s a bunch of additional use cases that we can solve, not just new account opening, but over the course of their life cycle with the customer. Additionally, as we solve identity, we’re being asked to move into payment risk, first-party fraud, and as we use this kind of identity graph, what else can we build on top of the identity graph to enable our customers to transact safely in money movement, in particular.
As the year is coming to an end, what does Socure have planned in their pipeline? What should your clients be looking forward to in the future?
When we look at the core, I think the first is folks should continue to look to Socure for the most accurate identity verification and fraud prediction service in the US. We will continue to invest in building out and expanding upon those 17,000 features that we are building into our verification and classification models. They should continue to see us investing more heavily in our predictive document authentication service, which we’ve proven to be the most accurate document authentication solution in the market. They should look to see Socure adding more risk services related to first-party fraud and payment risk expanding beyond just identity. They should expect to see Socure moving quickly into the authentication space and ongoing identity verification through persistent identifiers in creating credentials. There are several fascinating things where, once you solve the identity problem for enterprises, we can actually go to the consumer, and folks can look to potentially verify, sign up and then authenticate themselves and do an application or an ecosystem of applications with Socure. There’s a fascinating road map that we’re excited to build and build with many of our partners.