FindBiometrics President Peter O’Neill recently spoke with Ted Oorbals, CEO, Biocryptology Platform. The conversation begins with a brief rundown of the company’s fascinating 10 year history and a discussion of the end-user password experience driving the demand for easy biometric access control. Oorbals and O’Neill then speak in-depth about the company’s eponymous Biocryptology Platform and its Swipe ID solution—an omni-channel biometric access control solution with the potential to be incredibly disruptive thanks to its wide range of use cases and scalable user on-boarding security. The interview concludes with a preview of what to expect at Money20/20 Europe, which takes place in Copenhagen next week.
Read our full interview with Ted Oorbals, CEO, Biocryptology Platform:
Peter O’Neill, President, FindBiometrics: Please tell our readers about the background of your company.
Ted Oorbals, CEO, Biocryptology Platform: For the last ten years, we have been developing the concept of our founder/owner who has more than 250 patents under his name in different industries from which he has created his wealth. This enabled him to develop a fingerprint solution for physical access, which started 10 years ago at his Ascari Race Resort near Marbella in Spain. At that time, he couldn’t find a sophisticated access control system for his resort, so he bought an engineering company that was already testing fingerprint technology. From that point on they started developing fingerprint access control technology and used it at the Ascari Race Resort. However, his philosophy reached further then just physical access control, he said “I want to travel all over the world and use my fingerprint to pay and identify myself wherever it is needed”.
Due to his financial position, there was no need of going to market, it was purely finding and developing concepts based on his philosophy, which led to many patents. One of the results was the launch of an online payment platform in the United States a few years ago. Building on the physical access control system and the online payment platform, we have further developed the technology and amplified the possible uses in the last few years, resulting in the Biocryptology Platform that will be launched soon. That is the history of the company until now.
FB: It is so interesting that so many great concepts and ideas come out of a frustration of looking for a product in the marketplace that doesn’t exist. Here is another example of that.
Biocryptology Platform: Absolutely. The funny thing is that the founder/owner himself has quite a lot of problems working with computers and one of those is usernames and passwords. That frustrates him a lot, and out of that came the question of how to do it without the need for a username and password, key, or code to gain access to something online or offline. So, get rid of all of that and make life simple again but still be secure.
FB: Well, Ted, we report on the fact that the password is not only a challenge but it is also insecure; not only is it frustrating for the end user but it is terribly insecure and also ripe for major large-scale attack.
Biocryptology Platform: Indeed. I think the average person at this moment has 35 places where they log in and require a username and password. In other words, there are some 17-18 places where you need to change that password every six months. How are you going to manage this when you have passwords that must be 4 to 6 digits, with capital letters, small case letters, symbols, etc.? This forces people to use the same password again and again, write it down or record it digitally, which makes it very unsafe.
I think usernames and passwords are the Achilles heel of IT.
FB: You know, I personally had that experience recently. I lost my phone and I had to redo all of my logins and it was tremendously frustrating—and I’m in the tech industry. I don’t know how the average person deals with it, and actually I don’t think they do deal with it.
Biocryptology Platform: Absolutely. Everybody does the same: people write it down, use the same password or make the computer remember it, which again is unsafe. So yes, a solution for this is desperately needed.
FB: Your solution can either be offered as an application or as a device, can you please tell us about this?
Biocryptology Platform: Yes, we started by developing the most difficult part which is the hardware. So, we created the Biocryptology Platform. We call it Biocryptology because of the architecture that we have created. We have used all knowledge gained about biometrics over the past 10 years: scalability, versatility, response time, false acceptance rates, etc. Our Biocryptology Platform addresses all common problems and limitations in those fields.
To communicate with the Biocryptology Platform, we started developing a hardware piece. We created a very secure device with electronic anti-tampering, which has the highest level of security, up to military-grade. This device has four on-boarding levels, the highest form is on-boarding through a public official, which means that you visit a governmental institution and present your ID information, your passport and all things they require. The public officer in charge then enrolls you with your personal Swipe ID device. From that moment on your Swipe ID represents you as a person, not as an identity. The Swipe ID represents you, it can only be used by you and no one else, since it is registered to you through its serial number. Even if you lose it, there is no risk because only you can use it.
The Swipe ID, by communicating with the Biocryptology database, can give you access to all online and offline situations that are connected to the platform. In addition, it can also work as a credit card, because it not just communicates with Bluetooth but also through NFC.
Although you now have an additional item in your pocket, you can get rid of a lot of other things, like your car keys, home keys, credit card, and token devices for banks, by using just one small device. We have two versions of the Swipe ID device: one is like a car fob and the other one, that we are finishing shortly, will have our technology incorporated in a thin Smartphone cover to be attached to your phone. Why we provide it as a separate device? For a higher level of security.
On the other side, the app, that is also suitable for many uses, has a security level that is high enough for online banking. When talking about Internet banking, a piece of hardware cannot compete with other common solutions, because of the cost of the hardware. Therefore most banks search a solution for identification through an app to be installed on one’s mobile phone. For that reason, we scaled down the military-grade security level, since that is not required by most banks, and we make our access solutions also available through an app that communicates with our central database. This makes it much easier for everyone to adopt it and to use our system, the app can easily be downloaded from the app store. However, people (or banks) still have the possibility to upgrade to the highest security level by using the Swipe ID hardware device, if they so wish.
FB: I really like that you have different identification security levels. You have thought the process through extremely well. It is part of the conversation that we have at a lot of the FinTech and financial services conferences that I attend, one of the topics that comes up is always that we need these different levels. Now your product has those levels already established, so I think that is a definite advantage. You mentioned some of the other advantages of the technology and it seems very well thought through, is that based on your ten years of physical access work?
Biocryptology Platform: Definitely, and also it is the result of hitting your head against the wall many times and adapting your strategy. If there is no urge or pressure to go to market or to make money, then it allows you to continuously search for what the consumer wants, how the market develops, what are the problems that need to be addressed, and finally come up with the perfect solution to be launched commercially. By constantly analyzing the market and finding different types of technologies, there comes a time that you have created the ideal architecture and product scheme that solves all the needs of the market, not just some or most of those needs. In addition, we feel that Biocryptology comes at the right time: we don’t see it as a coincidence that this month a study done by Oxford University and Mastercard reveals that 93 percent of the people want to get rid of their usernames and passwords by using a biometric solution.
The problem I foresaw with biometrics was that you would have to enroll at many different places: your local gym, your employer, the hospital, library: all the different places where there would be a biometric solution. That would mean that at the end of the day there would be many, many places where you enrolled and you wouldn’t know what data was exactly being stored about you, and what biometric data was stored: was it a biometric template, the biometric image? And you probably wouldn’t know whether your data would be stored highly secure in all those different databases either.
For consumers it is very difficult to find the safest way for identity based access. So what we have tried to do is create one solution for all, and make it very simple for everyone to access, by creating one centralized system that is very well secured and which doesn’t store biometric data, just vectorised representations. Through our architecture, we secure all the information of the clientele and we give them full control on where their identity data is used and where they have logged in, so they are in control of their own identity. We think this is very important as well as providing the clients with one universal platform with just one time enrollment where we can guarantee the security of it instead of enrolling yourself, and having your biometric data all over the place. I feel that we have created a very important and disruptive solution that is capable of becoming the global standard for online and offline access control.
FB: Ted, you mentioned the financial services marketplace, are there other vertical markets where you see your product being offered?
Biocryptology Platform: Yes, the cloud storage industry, the real estate and construction industry, car manufacturers, and of course the banking/financial industry. But also big platforms (like gambling), commercial platforms, loyalty program platforms, dating platforms and many more. We all remember the hack with Yahoo where 300 million people lost their username and passwords and the public were only informed two years later. In those two years, hackers could have already used that information for many illicit purposes. This leads to one simple conclusion: if you don’t have a username and password they can’t steal it from you either so you increase security. Thus, by using your biometric data through the biocryptology platform, I am convinced that we can make those platforms far more secure.
FB: Hacks like that, resulting in your data being available to criminals, are just not acceptable today.
Biocryptology Platform: But it is still happening and that is the problem, because at the end of the day how many hacks take place that we are not informed about? Although you are obliged to communicate with your users that you have been hacked, how many organisations actually do so, keeping in mind the damage it causes to their image? This is a serious problem, we need to give people back the control over their identity. I think that is one of the most important steps.
FB: I understand that you will be at Money20/20 Copenhagen next week and I look forward to seeing you there and having an opportunity discussing your technology further but I think you are really in the sweet spot.
Biocryptology Platform: We think so as well, and as I said before, we make our platform and technology very accessible: you decide how to use our platform. We will be at Money20/20 presenting our solution to banks. We have already presented it to many top 100 banks and we received very good feedback on their needs, wishes and doubts as regards to biometrics, including information about the budgets they have available. You will understand that banks that have primarily clients that show low use of their accounts, aren’t willing to invest a lot of money to make those accounts very safe. But at the end of the day they are all looking for one system for all clients. We have created this system by offering 4 on-boarding levels: At level one you can on-board online by yourself for private use, use it for all websites that are connected to our platform and use it to open your car or the front door of your home. One level higher is where your identity will be checked by a third party, like your membership-club, your gym, your favorite restaurant or soccer stadium. At the third level, the identity check is supplemented by an online Identity Verification Service, checking for example your ID document. Depending on the compliance level of the country involved, we have third party suppliers that offer an open API structure connecting to our system, and that controls the identity based on the documentation that the user presents. And the ultimate level is level four, that offers the highest security, where the identity is checked by a public official at the moment that the user presents him/herself at the institution involved.
FB: Thank you very much for speaking with us today and I look forward to seeing you in Copenhagen at Money20/20 Europe.
Biocryptology Platform: Thank you very much and I am also looking forward to see you there.
To learn more about Biocryptology Platform visit its company website.