Interviewed By The Asian Banker Live
Deepak Dutt, founder and chief executive officer of Zighra, a mobile security start-up harnessing crowdsourced user information and implicit authentication techniques to fight fraud, shares the nature of his company and how it works with banks and non-banks to make security invisible through AI.
Deepak Dutt: We are an AI-powered continues to authentication and fraud protection platform. So the part of it that we do is a very sophisticated AI engine that brings in information from different layers, like from the sensor layer, from these device networks, social biometric, and even location layer. So we take an even look at on how people hold their phones and how they the pressure they apply on it. So, bringing all these together to create a highly personalised user model on the device and use that for continuous authentication and also for threat detection like account take over fraud, remote attacks, and even automated bot attacks.
So, AI is at the heart of everything. As I’ve said, bringing in different aspects like one of the layers that we bring in is the behavioural biometric layer that includes the way you hold the phone, the way you walk, the way you drive your car. It’s all behavioural pieces, but then we look at the sensors of the phone, we look at what are the unique senses of fingerprints that are available on the phone. Then we can take a look at what the network information is coming from, what it is connected to from a device-to-device perspective. Take a look at biometrics is there, people are using biometrics in then we can take that, feed into the AI engine because now all these together form that unique model. It’s not one piece but it’s multiple layers. This is the pattern that we’ve been granted by the US Patent and Trademark Office (PTO).
Absolutely, so as I’ve mentioned, we’ve been given a pattern in the space and what’s very different about us is we can do this entire thing on device. So running AI-based algorithms, running advance machine learning behavioural authentication algorithms on the device, keeping users’ data securely on the device then providing the level of privacy, and giving a very high level of accuracy. I think that’s very unique about us and we can deploy the server, we can deploy it on appliance and such, but the entire unique capability of running everything on the device and scoring on the device is very particular to us.
So, for example we provide our software development kits (SDKs) in Android and IOS to mobile banking applications, mobile wallets, mobile commerce applications and then providing this level of continuous verification that they are dealing with the right user and not a bot or such.
Yes. We were working with some other leading financial institutions in Canada, some of the leading financial institutions in the UK, and now working with some of the mobile commerce providers or mobile payment providers in the US now. So looking at getting into the US in the big way.
Absolutely, see our entire goal is to validate the right user, validate the right device, and validate the right buyer behaviours to secure the transaction. So, that’s been our goal in an invisible way and implicit way. If it’s explicit then that does not really come into our paradigm. And as you can see the banks that are being hacked, the banks and other organisations are all seeing tons of bot attacks that are happening, be on their mobile, be on the web, be on the APIs, they’re getting hit in a big way. And what’s happening with the next generation of bots, now they are human powered bots. Then the next level we are seeing, AI powered bots. That means they are training AI to behave like humans. So, existing mechanisms that were able to detect between humans and bots are not being efficient enough.
So, that’s where highly personalise user models become very important. And Zighra does it to a very high accurate level that we can detect if it’s the user or not the user, even if it’s an AI powered bot. So, I think there is a lot of relevance of what we are doing as we get into more and more threats and such. But by bringing this additional dimensional layer of security in, we can provide a very high level of confidence.
So we provide solutions, all six layers, the model we create is like bringing all the information together not one by one; all fits in. So when we created that model, it so we know it’s the user kind of thing. And it’s for any sensor-based device. The patent that we were granted and the second one, we are just announcing soon, is about running all sensor-based device, be it smart phones, be it wearables, be it connected cars, be any IOT device, this is in fact for all those kind of sensor-based devices and at the very simplest level, we can now start correlating these two together.
You might not need the device, you mean mobile phones are not needed anymore. It could be any kind of sensor device. As I’ve said, it could be wearables, could be connected glasses, it could be a car, the next device that you can be do banking for you. So, I think that’s where we will see a lot of impact from sensor-based devices. Because, ‘til date, we are already dealing with user device authentication, which is a three billion password problem that we actually saw. But connected devices are now 300 billion that is really going very big. So now how do we authenticate between devices? How do you authenticate device to device? Now this is something that is cracking. What we’ve done is actually lay a very strong IP foundation to enable us to do that. And that’s where we see ourselves playing from all perspective, device to human, device to device, and device to the crowd.
Absolutely. So with the banks, there are more in a bit of banks that want to really stay under the curve. Depending on what kind of attacks they are getting hit with. So they are getting hit with bot attacks and they’re looking for a solution. And they look it from a holistic factor. And there are some people who are very innovative to the sense that they know the existing solutions that will fail. Because they are already seeing, envisioning, saying if I could buy this, does this solve my problem for 12 months. But how about – They are recognising how these bots are behaving now. And they understand the implication of a technology like ours. So they now try to bring us into the organisation. And kind of, quickly testing things out with us and sure how it is, you know, advance to the state of the art. Once we get there, it’s an easier conversation to have and from our perspective, we remain like a complimentary layer. So we remain in that layer and we are already bringing in other pieces of information from the different layers including biometric. And sure we’ll take it. Right, we’ll bring it into our engine, create that model and then detect for anomalies and from the accusations, right? So I think this is a layer that can provide a higher level of confidence and security not only to financial institutions but any kind of payment providers that you see around us today.
Zighra started back in 2009. At the University of Waterloo working with some of the early professors there, bringing together technologies like AI, behavioural biometrics sensor. I know it takes in very early days. Now, we wanted to make security invisible. That’s the context of which we were born. So we said, how do we make that happen? How do we bring the power of biological systems to humans? And seemlessly authenticate everybody. That means, whatever they are doing in their applications on their phones, we should be able to create a signature on thatWe started in the mobile space. In 2015, we took it out of academia, started working with some other larger financial institutions, went through the Barclay’s Acceleration Programs. Working to get into the European ecosystem as well and now we’re growing.
So, we are ten people now and now you’ll see us growing rapidly in the next little while and this was the year after –
So we did a million dollars seed funding last year and now we are looking for significant raise in the next several months especially in the last six months, we’ve got two key patrons that have given us a very solid IP foundation and with which we are now licencing deals, we are now doing tons of transactions and now we are getting a credibility built in the market place. So you will see us growing exponentially in the next little while.
So, our entire vision is to make security invisible. So how do we become the intellect side for all kinds of sensor-based devices? Now as I’ve said, we’ve got the IP foundation and how do we see ourselves embedded to every single device that’s out there. And our idea is to now be a billion-dollar company in the next little while and I think we’ve got the right foundation for it. It’s how we can kind of monetise on that very fast and really take it on the growth curve.
So we’re looking right now in North America, in Europe and Asia is also big with us. So these are three market segments we are playing strongly right now. We are also in the Middle East and such but these are the key market segments that we see ourselves playing again. There were sensor-based devices are big, gonna be huge. India’s a great market, China’s a great market, and the number of transactions that come in, and we want to secure every single transaction, with every single user interactions. It could be us as the sole provider. It could be in collaboration. It could be licensed-system technology out and that’s the way we kinda see our vision kinda growing.