FindBiometrics President Peter O’Neill recently spoke with Will Summerlin, Founder and CEO, Pinn. The interview begins with an overview of the company’s background, as well as the authentication challenges it was founded to address, and Summerlin provides some insight into the company’s security offerings. The conversation shifts to talk of the rise in behavioral biometrics, their role in a frictionless user experience, and the importance of user choice when it comes to how someone wants to authenticate. Moving on to a discussion of the vertical markets, Summerlin emphasizes Pinn’s industry-agnostic nature, outlining the various arenas in which its technology is applicable. The interview concludes with a preview of what we can expect to see from Pinn at next week’s Money20/20 conference in Las Vegas, as well as the company’s outlook for the coming year.
Read our full interview with Will Summerlin, Founder and CEO, Pinn:
Peter O’Neill, President, FindBiometrics: Can you please tell our readers about the background of the company?
Will Summerlin, Founder and CEO, Pinn: We spoke to dozens of customers – hundreds of people who would be considered industry experts – and one of the things we heard consistently from all of them was that authentication as a stand-alone component is still very much broken. Basically, there are three fundamental problems that companies are struggling with when it comes to authentication. The first problem is user experience. Generally, the authentication experience involves a large amount of friction. I’m sure you’ve used OTPs or something similar, god forbid a physical token; it’s a fairly poor user experience. It adds a lot of friction to the customer journey. That was the first frustration they had.
The second was security. Any multi-factor authentication is better than no multi-factor authentication. But even then, if you look at the Reddit hack as an example, fairly unsophisticated hackers bypassed 2FA with very little effort. OTPs can be phished and NIST has deprecated SMS 2FA due to the intercept problem. So, while usability and user experience are poor, security is also poor. Legacy authentication creates a lose-lose situation.
The third challenge that companies have is customizability. If you look at the legacy 2FA players like Duo or Symantec, they force users to download a third-party authentication app. When you introduce a third-party app, you’re annoying the customer by saying to access to your bank account, you need to download another app. It reduces the brand value of the customer and creates an all-around poor user experience.
We saw all that happening and heard it first-hand from companies who were spending tens of millions of dollars on authentication products, and at the same time, we saw this revolution happening with biometrics. Device-security elements are starting to enable secure biometrics as secure enclaves and trusted execution environments become prominent in mobile devices. That’s allowing us to enroll and process biometrics in a more secure way. Innovation is moving physical biometrics forward with technologies like palm recognition becoming increasingly popular. We’re starting to realize the potential of behavioral biometrics and machine learning. We saw all this happening, and we thought that there has to be an opportunity here to incorporate all these new innovative capabilities into an authentication platform that puts user experience and security first, and creates a frictionless way for people to authenticate, but does it in a way that gives the customer the ability to customize the experience to fit them. That’s how we got to the point we’re at. Ultimately, it was a 101, textbook approach of listening to customers, listening to their frustrations and adapting until we found the right fit.
Peter O’Neill, President, FindBiometrics: A lot of what you’re describing, such as user experience has been a key component in banking, airports and any other enterprise. Thank you for the background, can you tell us a little about where Pinn is now, and about your AuthX platform?
Will Summerlin, Founder and CEO, Pinn: In the lifecycle of startups, we’re past the “validation” stage and into the “growth” stage. We have a number of customers across different industries, offices in California and Georgia, and a growing list of partners. In the last couple of months, we’ve raised our Series A and grown our team quite a bit. Looking forward, we believe financial services and healthcare will be two of the first industries to modernize authentication. We’re starting to work with a large number of companies and partners in both of those industries. The question now is how do we make secure and frictionless authentication accessible to everyone who needs it.
Peter O’Neill, President, FindBiometrics: Can you talk a little bit about your offerings and where you fit in right now? What are you supplying to these industries?
Will Summerlin, Founder and CEO, Pinn: In many cases, we’re augmenting legacy systems. If you take financial services as an example, and customer authentication within that, they usually have passwords and some form of secondary authentication. That form of secondary authentication is either a security question, SMS-based 2FA, or the worst of them all – a physical token. Our platform, available via white labeled SDKs and APIs, is designed to augment the legacy systems with modern authenticators like PKI, palm recognition, and behavioral biometrics. We check the integrity of the device and have a PKI implementation where we actually store a private key in the secure enclave of the device to prevent spoofing and tampering. That’s the first part. The second is physical biometrics, such as facial recognition, palm recognition (where you hold your palm in front of a camera), Touch ID, iris, and others. The third is behavioral biometrics where we analyze how fast a person is typing, how hard they’re pressing the screen, etc. All of those capabilities go in to the SDK. Then we have a policy component where a customer can orchestrate adaptive authentication policies based on the risk level of the user’s action. For example, if I was logging in to my bank account just to see my balance, I might only need to do facial recognition. But then if I wanted to wire one hundred thousand dollars, I would need to use facial recognition, palm recognition and my behavior would have to meet a certain threshold.
Another interesting aspect is the audit capability. In certain markets, namely APAC, banks are embracing a concept known as transaction signing. Basically, this is the ability to create non-repudiation around a specific transaction – to prove that you were the person who wired $100,000. While it’s possible to do limited transaction signing with legacy authentication technologies, our platform, with biometrics, PKI, and behavior, brings an entirely new level of intelligence to this concept. We provide forensic information about the human who’s conducting the transaction. We look at things like the biometric cues and scores, the equal error rate of the biometrics for this specific person given the type of data that we trained on, how many times this specific devices has been used, and much more. We’re providing all of this data via APIs that can be integrated with SIMs and fraud tools.
Peter O’Neill, President, FindBiometrics: I think it’s fascinating that you are using so many different biometric modalities, and then behavioral on top of it. Why do you think we are seeing such growth and importance in behavioral biometrics?
Will Summerlin, Founder and CEO, Pinn: I think that the ultimate goal is to make authentication frictionless. We have, however, seen something that is rather interesting. If authentication is too frictionless, it freaks out the end-user because they aren’t seeing it. If I open my banking app and can wire one hundred thousand dollars without authenticating, even if there’s behavioral authentication in the background, I’m going to be uncomfortable. There is a fine balance between making the experience completely frictionless and still having visible security. We’ve found that behavioral biometrics is finding a fit supplementing the primary authenticators. It’s not going to replace them, but I think it’s going to augment them. If we can authenticate a user with facial recognition and in the background analyze all of these behavioral attributes, then the user still feels secure because there is still some visible security, but in reality, there is more than they can actually see; there’s some invisible security as well.
We’ve seen a lot of banks embrace behavioral biometrics but I think most are still struggling to figure out how it fits in their larger authentication strategy. Our philosophy is very simple: we’re going to provide all of the authentication capabilities and we’re going work with customers to figure out how to use them, but ultimately, the decision comes down to them. It’s customizable authentication. If they feel that facial recognition and behavior are the way they want to go, that’s fantastic, it’s in the platform. If they want to make it adaptive and include things like palm, we have that as well. So, our philosophy is to provide them with capabilities and let them decide how to use them.
Peter O’Neill, President, FindBiometrics: We hear it all the time at the Money20/20 shows that we attend, that providing choice really is critical, so you certainly have that area covered. You mentioned banking and healthcare – healthcare being a market that we also see as a tremendous growth market over the next five years – what other vertical markets are you focusing on?
Will Summerlin, Founder and CEO, Pinn: Because we have an open platform, we’re really industry-agnostic from a technology standpoint. For financial services, we ensure that we’re compliant with PSD2 and GDPR because a lot of our financial services customers have a large presence in Europe. For healthcare, we ensure HIPAA compliance and guidance. For other industries, we have partners who can help ensure compliance. We’ve actually had companies in completely different verticals approach us and start using our technology. One example is a company in the cryptocurrency space. They have the same problem as a bank. Ultimately, they are protecting a large number of assets and their customers trust them to protect those assets. They needed better ways to authenticate those customers. We are currently focused on customer authentication, that’s really our core bread and butter, but we’re starting to partner with larger companies who have a presence in employee access. They’re integrating our authentication capabilities with their platforms so that they can use this type of authentication to provide an additional layer of security. Strong authentication could be required when a DevOps person is accessing a database, an executive is downloading financials from Box, or an engineer is committing code to GitHub.
Peter O’Neill, President, FindBiometrics: You’re going to be at Money 20/20 next month in Las Vegas, is that correct?
Will Summerlin, Founder and CEO, Pinn: That’s correct. I’ll be speaking at the reverse VC pitch on Monday – looking forward to it! If people are interested in meeting, please reach out to firstname.lastname@example.org or @pinntech on Twitter.
Peter O’Neill, President, FindBiometrics: What’s next for Pinn? Where are you heading with the company?
Will Summerlin, Founder and CEO, Pinn: Last year was about laying down the foundation and this year is about making secure and frictionless authentication available to everyone who needs it. Most companies, whether in healthcare, financial services or other industries, are modernizing their approach to authentication. We see that as a huge opportunity for Pinn and we think it’s going to be a really exciting year for the industry in general.
Peter O’Neill, President, FindBiometrics: Thank you very much for talking with us about your excellent year. I think you’re really in the sweet spot in the identity space, so congratulations on that. I look forward to seeing you at Money 20/20 in Las Vegas.
Will Summerlin, Founder and CEO, Pinn: Thank you Peter. It has been my pleasure and I will see you at Money 2020!