IDmission is having quite a year. Seeing a growing array of market opportunities, the identity verification specialist announced the appointment of a new Chief Revenue Officer in June, positioning itself for accelerated growth. On the product side of things, IDmission added a biometric access control solution to its portfolio in the summer. And the company also attained some major milestones with respect to industry standards: its passive biometric liveness detection solution achieved ISO/IEC 30107-3 compliance in early summer, and IDmission went on to join the select handful of companies to have reached Level 2 compliance in iBeta’s rigorous Presentation Attack Detection evaluation program just a few weeks ago.
As all of this activity would suggest, there was much to discuss when IDmission CEO Ashim Banerjee spoke with FindBiometrics President & CEO Peter O’Neill in an exclusive interview. They started out with a look back at IDmission’s roots in the payments tech space of the late oughts, and the important role that India’s sprawling biometric ID program played in the genesis of IDmission. From there, the conversation turned to what the company’s product lineup looks like today, the importance of its iBeta Level 2 achievement, its target vertical markets, and more.
Read on to hear from the chief exec of one of the fast-rising leaders in biometric identity…
Peter O’Neill, President & CEO, FindBiometrics: Can you please tell us about the genesis of the company? I think you started back in 2011, is that correct?
Ashim Banerjee, CEO, IDmission: That’s correct, Peter. The genesis actually goes back a little bit further than that. So, if you don’t mind, I’ll take a little walk into history. Before, I had a previous start-up that I was part of called Infonox that was in the payments business. And we sold Infonox to TSYS, Total System, back in 2008. And as part of that transaction, I ended up becoming the chief information officer for TSYS Acquiring.
We were approached by Visa in 2008. They said, “There’s this big thing happening in India.” And of course, I grew up in India, so I was interested. India at that time was just starting off creating what is now the world’s largest biometric database.
Peter O’Neill: Aadhaar.
Ashim Banerjee: Aadhaar. Now it’s called Aadhaar, but at that time the name Aadhaar didn’t even exist. It was simply called the UIDAI, the Unique Identity Authority of India, and they had just started off and Visa wanted us to help them architect it so that Visa could sit at the nexus of identity and payments in there. So, I got very interested. I went over with them to India several times and that’s how I got interested in identity because I realized that at that time there were about 3 billion people who didn’t have any formal way of identifying themselves. And it’s about the same today.
So after Aadhaar was created, the Indian population had this base where they had all the 10 fingerprints, the iris scan, the face, and some basic demographic data was available in what is now called the KYC, Know Your Customer database. So, I got very interested in identity as part of that project.
Once I realized that there was such a large missing section of the population that had no identity, no easy way to establish identity, number one. And number two: remember 2008, 2009, the first iPhone had just come out — it was not difficult to look over the horizon and see that more and more things would be done by people on these smartphones that had a lot of computing power in your pocket.
So I left TSYS in 2011, we founded IDmission and went about creating a technology platform that would enable access to financial services with the identity component taken care of in the platform. We decided to be able to establish people’s identities, either with government issued ID documents and/or with biometrics and/or with connections to government or third-party databases like Aadhaar, where they are available. So, rather a long story Peter, but that’s how the company got started.
Peter O’Neill: That’s really fascinating. We’ve been following the identity space for 20 years.
I remember back very clearly the Aadhaar program and when it was initially starting, we did interviews with the UIDAI team in India at the time. And my goodness, when you think about it, Ashim, that’s a relatively short period of time to have come so far in one country. And that’s sort of led the charge globally, I would think.
Ashim Banerjee: That’s right. Several countries now have followed suit. Pakistan created its own version of it called NADRA, then I know Sri Lanka created a national biometric database. We are working with the Mexicans in helping them build up their national database, there are lots of countries doing it now.
But you see what happens, Peter, with these gigantic projects, is that they are rather difficult to implement and you have to take a very long view of them. Which many countries fail to do, so they end up with multiple databases and all that unnecessary stuff. I think the Indians were able to create this technology stack that linked payments to identity to other things that ended up working quite well.
Peter O’Neill: Thank you for telling us about the genesis of the company. Please tell us about your current product lineup.
Ashim Banerjee: So, it’s been nine years, Peter. Over the years, we’ve sort of tailored our products based on the customers that we are able to acquire and their demands. Currently our identity products fall into three categories. First is IDmission Identity, which is a pure identity product and does identity management and identity proofing, using Government Issue IDs, and a biometric.
Typically, in most parts of the world, the preferred biometric is the selfie, the face biometric. But in some countries, for example Mexico, to open a bank account you need two biometrics: fingerprint and the face. We support four biometrics, fingerprint, face, voice, and iris, and we support identity documents from pretty much every country around the world. We have close to 4,000 types of documents in our library. We can accept driver’s licenses, voter registration cards, national ID cards, all kinds of different ID documents from pretty much every country in the world.
IDmission Identity is an ID proofing and identity management service. Typically, sold as an SDK – a Software Development Kit that sits inside somebody else’s mobile or web application, as well as an API, so that’s the first set of products.
The second set of products we call OnBo. We have a lot of customers who are greenfield, who are still using paper-based processes or are using antiquated web processes. So, we offered them the ability to use OnBo, which has an app building component in it. It’s a no-code app builder, as well as a business process creation and execution engine. You can, without writing a single line of code, drag and drop the data elements that you want to collect into a form and that becomes an app.
You can apply all the various validations and all the various corrections that you need to do to make sure the data is good. The data elements include ID capture, selfie capture, fingerprint capture, all the goodies that the platform generally supports. And it connects to a server, sends all the data over, where a workflow can be deployed. You can say that, “Okay, now, first off recollect the data, I’m going to go to Thomson Reuters or whatever it is to verify the identity, and I’m going to come back here and then make a workflow decision on it.”
I could have a manual review to make sure all the documentation is complete and accurate and all of that. And when all that is done, finally, the data – the clean data – is deposited into the system of record for whoever the financial institution is that we’re doing this on behalf of. So that’s OnBo.
And the third, set of products that we offer, is called Ada which is a general purpose ABIS, an Automated Biometric Identification System, which allows enrollment of biometrics, including all the four biometrics we support. And because we enroll, we can then authenticate for a subsequent service and deduplication.
And this is really important, Peter, because very few people in the space are offering biometric deduplication which allows us to ensure that one human is only one customer for a financial institution. They cannot change their name and steal someone else’s identity because their face is still their face. So, we can take their face and match it against all the other faces in the database.
This is something, of course, that we learned from our initial experiences with national identity systems like Aadhaar, because deduplication is crucial. You have to make sure that one person is only represented once. We have offered that core to all our product offerings, so either using the Identity suite of products or the OnBo suite of products, you can use Ada, which is the ABIS product to enroll identities, to deduplicate and to authenticate subsequently.
Peter O’Neill: We just reported on your recent news that you achieved compliance with the iBeta Level 2 Presentation Attack Detection assessment. Please tell us about this.
Ashim Banerjee: Remember that we started off talking about when the iPhone had just been created, right? So, this whole idea of having a super computer in your pocket enables you to do a lot of things from anywhere. This is where the concept of omni-channel came about, I should be able to do anything from anywhere at any time.
And of course you can’t do anything related to financial services without a lot of security associated with it. And security typically comes from the biometrics and the biometrics typically come from your face. Which is all great, except that you have to be able to tell the difference between somebody’s face as being physically present versus somebody presenting a printout of a picture, a high quality picture, or a low-quality picture, or a mask, or an electronic image captured on a desktop or on a phone or a video or different kinds of busts, 3D printed busts, and so on.
That’s really the key because I can literally go onto Facebook or something on the Internet and find a picture for anybody, especially celebrities. So, I don’t want to end up allowing people to create accounts for Brad Pitt or Angelina Jolie and things like that.
So you’ve got to make sure that at the time of presentation, you’re able to detect and tell the difference between a live person versus a presentation attack. Which is, somebody’s trying to spoof the system with some kind of an artifact, and that’s what that was all about. It’s very fascinating… We decided to do it with the machine learning artificial intelligence core piece of software. The trouble with choosing AI for these kinds of things, is that it requires a lot of data to train it.
So, we started off with about 10,000 images and we thought we had it decently good, and then we found all kinds of cases where you were able to break through using an artifact. Then we went up to 100,000 images and then we thought it was good, I still was able to break through. Now at a million images, we are pretty confident that it’s good, we have a million images of different kinds; lots of peoples of different races, of different nationalities, different age groups, both genders, children, old people taken from different parts of the world, both live and fake.
And it’s interesting that without us knowing it, Peter, one of our customers took our software to Madame Tussauds in Singapore. And of course, Madame Tussauds is known for its very, very lifelike waxworks, and we were delighted to see that we were able to identify all of them as being attacks and not real people.
So, we are quite happy with it and then of course, we submitted it all to iBeta. It took us a couple of months, we got certified and we are very pleased to be in this position now, to be able to offer our customers this technology that is truly valuable in the sense that it gives them a lot of confidence that they are not being spoofed.
Peter O’Neill: And speaking of your customers, what vertical markets are you focusing on? I’ve heard you mention government space, I’ve heard you mentioned financial services. Tell us a little bit more about where you’re focusing.
Ashim Banerjee: Well, to start off Peter, because of my background, I came from payments, so I focused on financial services and financial services is the obvious focus for identity, because identity is very important. You don’t want to give someone else’s money to someone else and all that. So, we started off with a focus on financial services. We have large customers in the money transfer space, in banking, in pensions, in insurance but clearly identity is a horizontal. It’s not a vertical.
We don’t feel obligated to restrict ourselves to the financial services vertical. And in fact, we are actively working on products that will be offered outside of financial services. In particular, we are very bullish on this whole concept of enterprise employee and access management where employees today access sensitive areas or sensitive virtual systems using a login and a password typically, or a key card if it’s a physical system.
We believe that there’s a very strong play for adding a biometric second factor to these access management systems and thereby create a multifactor authentication for much stronger security in the access management space. So yeah, we will continue to look at other verticals that make sense for us, but up until a few months ago, we were focused on financial services.
Peter O’Neill: You’ve raised a couple of interesting points. We also see the access market as a growth area, for sure. And I think, given the rise in breaches and fraud with COVID and the pandemic crisis that we’re in the middle of, we’re getting asked so many questions from companies that all of a sudden are thrown into trying to provide identity proofing for their remote employees. And in other vertical markets like tele-health, actually the whole healthcare industry is now trying to catch up. We always saw Health Care about four to five years behind financial services, regarding ID systems. But right now, they’re being forced to come up with solutions immediately. How are you seeing the actual pandemic affect your business? And are you seeing the same things we are?
Ashim Banerjee: Yes, yes, absolutely. The pandemic affected our business, like everybody else in the world, we couldn’t avoid it. We found, Peter, that financial services in the way we do it for our customers, were being offered in one of two ways. Either in a face-to-face situation, where there is an agent of the financial institution that is interacting with the customer – an agent or an employee or whatever. And then of course the self-service where the customer is doing it entirely on their own, using their smartphone.
In March and April, we saw the face-to-face interactions collapse completely as you’d expect as Europe was shut down, USA shut down and all of that, but we saw the self-service activities rise at the same time. So, the face-to-face stuff came back in the May, June, July timeframe, but the self-service stuff kept rising. That’s the first obvious observation.
The second thing that we observed is that our customers who used to be and still are major face-to-face customers, or who use the market with agents, are determined to sort of try to reduce that dependency on the face-to-face transaction. So, they are all creating a self-service strategy, whereas many of them didn’t have one, before February.
We are seeing this migration from face-to-face services to self-services accelerating. It was always happening, but it’s significantly accelerating.
And before I forget, Peter, one more point on the access control market that we talked about briefly. The approach that we are taking is that you have a supercomputer in your pocket and what we are interested in doing is offering biometric second factor multifactor authentication to existing access control systems, without the need to add any hardware at all. Because you can always use your phone to verify your identity and that’s kind of the approach that we’re taking.
Peter O’Neill: What’s next for your company?
Ashim Banerjee: We are investing very heavily in artificial intelligence and machine learning. We have a whole practice that we call AI in KYC, where we are spending more and more effort in using machines to make decisions on quality, authenticity, and evidence of tampering, and so on, for every step of the data collection process. So that’s one place in the data collection process where we feel that machine learning has a great deal to contribute.
And the second part of it is in the data examination process. After loads and loads of data is collected. Everybody eventually, if you succeed, becomes a big data company. You end up with lots and lots of data. And really most of it is just data and everyone wants to, but almost nobody succeeds in moving down the well-known chain, data, information, knowledge, wisdom… it’s been written about for decades.
But now, with these very powerful tools of machine learning and AI, we believe we can use it, apply it to the data we already have, and present our customers with both good and bad behaviors that we observe from the way the data is collected and trends over time. We feel that there is a lot of growth to be had and a lot of additional value to be created using machine learning and artificial intelligence on the data collection side, as well as the data examination side.
Peter O’Neill: Well, Ashim, thank you very much for carving out some time for us today. I always appreciate speaking with someone who has been in the industry as long as I have.
Ashim Banerjee: Not at all, Peter. My pleasure.