Navigating From Pre-Sales to Identity Fraud: A Conversation with Nir Stern

Speaker 1: 0:00

How's it going, Nir? It's really good to finally have you on the podcast. I feel like we've been trying to schedule this thing for forever at this point, but I'm really excited for our conversation. I think it'll be interesting.

Speaker 2: 0:12

Yeah, I'm sitting here. Thanks for having me.

Speaker 1: 0:15

Yeah, absolutely so, nir. You know I start everyone off with kind of telling their background right of how they got into the world that they're in right now. So you know, when I look at your LinkedIn, I see that you kind of started your career in pre-sales right Once you got out of the Israeli military, you got into pre-sales and now you're in like identity fraud and handling that sort of thing. So talk to me about how one, how you got into pre-sales right and then, if there is, I guess, any skills in pre-sales right that you learned, that paid dividends now.

Speaker 2: 1:03

Oh, great question. So yeah, as you mentioned, I started in the Israeli military as a programmer and I've been doing programming for a few years and pretty quick I've learned that I need the human interaction and you know a bit more dynamic environment and that's basically why I moved into being a pre-sale and I think most of the value I get from that period is deep understanding of the life of a salesperson and you know what it requires for them and you know how is it to work and create a relationship with a customer.

Speaker 1: 2:12

And build it and how much?

Speaker 2: 2:13

effort you build into that and as a product manager in the identity and fraud, this is what I'm doing in the past 15 years or so. That, I think, gives me a lot of understanding of you know who. I work with which is both dev, which I have experience in sales, and marketing sales, and I think that that's one of the biggest advantages of that period.

Speaker 1: 2:41

Yeah, you know, I have noticed that, at least in the cybersecurity space, it's kind of hit or miss with how people treat their salespeople in terms of, you know, like the third party vendor, right, I have seen it where companies, I mean just treat them terribly. You know, like, these salespeople are just looking for an update, right, Because they just did, you know, three months of work for you and they need to justify it to their management to keep on doing it if you need it, you know, and they just want an update to understand where they are in the process, right, To understand where we are in the process. And I never understood that and I'm very against that, you know, because, like they're people at the end of the day, you know, like, why can't we just treat them like people, respect their time, respect them and, you know, go from there and not expect anything. You know, in the back end I've experienced it, I guess, on the other side of that too, where people will gladly accept a sales call or whatever it might be right, and they'll accept a dinner, they'll accept an event, a sporting event, right, but then they don't go that extra mile and actually get this person a call with the right people on the call to look at the product you know, to make it an assessment and say like, hey, maybe this will actually work for us. We don't have a project slated for right now, you know, but you know we'll have something down the line. You know, I don't mean to talk too much, right, this episode is for you, obviously right. But you know, this kind of goes hand in hand with my selling internally episode that I did, where you know you treat the salesperson like a person you know and, yes, they may take you to dinner or lunch or something like that. Right, but the important part is you actually setting up that phone call, getting the right people on the call and actually assessing the product, actually taking a serious look at it, regardless of if you have a project slated that year for it or not. You know, to that salesperson, that's, that means the world, right, Because they're they're putting their neck out there, you know, on the line in their own company to say, hey, we need to spend resources on this. Is that something that that you noticed as well, or was it different at your companies? How was that?

Speaker 2: 5:35

Um, so yeah, absolutely, I think you know not sure if it's only in the high-tech industry or cybersecurity, but I just simply noticed that in this industry, many times, people you know will play roles, right, what your title is, what your job is, and so on and people are sometimes too attached to that role and forget that in the end, it's all human beings and we all, you know we should treat each other like that and be respectful and, you know, think, in the end, creating the relationships and creating trust is a key both and, as you mentioned, both internally and externally, because you do need to promote ideas, to sell ideas, in order to be successful, both internally and externally. And I think it's a key to remember on the other side, there is a person and don't do anything to them that you wouldn't want other people to do to you, and so on. So I relate to what you just said very, very much.

Speaker 1: 6:54

Right, so you know. Talk to me about how you transitioned into your current role with an identity fraud company. You know that sounds like it is a huge jump right To go from pre-sales into identity fraud. Talk to me about you know if there's any skills that you may have learned along the way that prepared you for this role, and you know just what you're doing, what the company is doing overall.

Speaker 2: 7:27

Sure. So a little bit over 15 years ago I was, as I mentioned, I was pre-sale, and then I was interviewing to a company called Actimize, which was later acquired by NICE and they're developing fraud detection systems for mainly financial institutions, and so I was interviewing for a pre-sale role and one of the founders he told me well, you need to be a product manager, and he was one of the smartest people I ever worked with and he explained to me why he think I'll be great in that and I took that role. I ended up being a product manager in that company and it was back when online payments just started, like bill payments in the US, and P2P and ACH and so on, and frauds were unbelievable. So the fraudster did the well, the first one to adopt it and many of the banks didn't have any solutions. So we developed these systems that basically look abnormally, based on the history of the payments and other types of indications that these are risky or fraudulent transactions, and I did that for seven years. So I learned a lot about everything about, I guess, identity and digital identities and authentication and fraud and rates management and all of that. So that's where I think I got most of my initial understanding on that world. From there I moved to a company called Trustier that was acquired by IBM. They were focused more on the cyber side of identity and fraud so everything around financial malware, old front desktops and mobiles and phishing scams and so on and as it was acquired by IBM, we were a part of IBM security and very much integrated into the identity management of IBM solutions. So I learned a lot about the identity piece when working there and then for me it was very clear transition actually into authentic, such as dealing with identity proofing, which kind of merged between two worlds of risk and fraud and identity. And yeah, it's really great. We have a lot of very diverse and large customers from many industries and that's how I got here basically.

Speaker 1: 10:36

Hmm, so talk to me about identity proofing. What is identity proofing and how does it help prevent fraud?

Speaker 2: 10:46

So identity proofing in a very high level is part of KYC know your customer A process where, basically, organization is traditionally required to know who they deal with on the digital channels. So in the past, when you wanted to open a bank account, for example, you would go to the branch, you would show them your ID, they would copy it, they will look in your face, see that it's through the URIV, they will log in all the details and so on, and they were required to do it because of regulations. With the transition to the digital world and with all the new regulations around anti-money laundering and anti-terries financing, there were more and more regulations that require those organizations to go through this know your customer process and the very key part of it is identity proofing, where basically, you need to prove you are who you claim you are using a photo ID. Now it all started originally from that specific need, which is more around compliance and regulation rather than fraud, but as the technology improved and companies like us that were able to create this process fully automated. So it's all based on machine learning models that are doing everything from taking the picture in the best quality, identifying the identity there, classifying the ID, extracting all the data from the ID, running multiple forgery tests on it, comparing the self-eutility. All of that is fully automated and happens within four to eight seconds. The user experience became relatively smooth so it's not like it used to be that you had actually manual reviews. People would repeat manually behind the scenes, so you could wait minutes, even hours until you get a response. So now it's been four to eight seconds. So more and more companies are using our technology as a strong factor of authentication instead of traditional ones that are basically not very effective. So, instead of using one-time password on SMS or email, which any sophisticated fraud or can bypass easily using social engineering in many cases, many of our customers use us whenever there is a risk for account takeover or risk activity, they only require their users to go through an identity proofing to really show who they are. So that's basically where it's at.

Speaker 1: 13:59

So in the, I guess, the security architecture of this, what a user go through your identity proofing process and they're issued potentially a like a PKI certificate, right where then they can sign emails and do everything else with that certificate. Or is that something that is not currently incorporated with the product or anything?

Speaker 2: 14:30

Our basic offering is a process in which we end up giving a response to our customers saying whether or not we were able to verify the identity of that end user. From that point on, it's the responsibility of our customer to decide what they want to do. It could be okay we will re-credential you, we will allow you to transfer, I don't know, $50,000 in ACH, we will allow you to recover your account after it was hijacked, and so on and so on. Or it could be very simple things like you know we will allow you to get a scooter because you need to prove us that you're a wear team, or to rent an apartment in Airbnb, and so on. So there are different use cases, different verified moments, as we call it, where our customers will use our technology and then do something based on our response. The reason you technology in the industry called very fabled credentials, where, basically, the whole idea is that, instead of us, as consumers, to show and share our details with different organizations unnecessarily, we will create a very fabled credential, that's, different types of credentials that are cryptographically stored on a wallet on our mobile device, and then all we share is claims with the organization. So if I want to go and buy alcohol using Uber, eat or whatever, all they need to for me to show is that I'm citizen of the US, for example, and over 21. So I will share my claims and all they will get is yes, he's a citizen of the US. Yes, is over 21. It was certified by a cynics who is a partner, and that's it First user experiences must match. Much smoother because you don't need to go through showing an idea, so on. But more important maybe than any user, you don't share any of your information unnecessarily. Also for the organization, they don't need to keep it. So we do support all of that process as well.

Speaker 1: 17:01

This is.

Speaker 2: 17:02

We have a cooperation with Microsoft Entry ID. They developed a system, so they are use cases where the end game of our process is creating this very subtle credential that can be used in the future.

Speaker 1: 17:22

That's interesting. So you're saying that other entities will basically authenticate a user against your service or whatnot to provide them access to whatever service they're offering, right?

Speaker 2: 17:37

So in the end, in the future, I believe that will take a few years, probably because this is relatively new trend in the industry, but we do see more and more companies investing a lot around that Very public credentials, many of the new digital ideas of those standards. So the mobile driving license in the US is following the very public credentials standards, the IEDAS in the EU and so on. So in the future, all of us, instead of having multiple type of IDs in our physical wallets, like driving license and in some countries like Israel, you have an ID and also you have your student card and so on you have in your mobile. You have multiple IDs. It could be from government issues, but also from different type of commercial organizations that you will be able to share and use and prove your credentials. For example, it could be to prove that you are a certified nurse or a doctor, or, and so on. So think of all the different claims that you may need to use in your day to day. In the future, the world will be in your wallet and we'll just be able to share them in the most secure way, without the need to carry on different type of certificates and so on.

Speaker 1: 19:12

That's interesting. I wonder if they will go that route with passports as well, right, because I personally, I really like getting that passport stamp. I don't know, it's something, there's something satisfying about it, like I'll go to a place just to get the stamp rather than like anything else. But it makes me, I don't know, it makes me slightly nervous, right, as a security professional, to have that on a digital device. It makes me wonder if there's someone out there that can I don't know hack into it and then use that to impersonate me. Is there? Let's just talk about Apple devices specifically, right, because all of that would go into the wallet and the wallet is supposed to be secured to some extent. Is there? Is there protections or native protections around the wallet or those identifications that enhance the security in some way?

Speaker 2: 20:21

So, yeah, I think that the key here, that is, it's all encrypted graphically, so none of the data is available. If you try to somehow act, attack the app or anything like that, and it's all. All the certificates are out there in the blockchain and you need to have to access that. You need to have access to the back end. So there are multiple measurements that are being taken in order to prevent any type of you know, trying to hack or create forged ideas. Now there are multiple vendors and multiple type of wallets and so on and, as I mentioned, this is still early stages, but security is a key there. That's the key. You know, tpi and all these things.

Speaker 1: 21:27

Yeah, I feel like it's not just early early stages for you guys, it's early stages for that entire industry. Yeah, you know, like it's. It's almost like the entire industry has to reinvent themselves, you know, with the new and emerging in tech and whatnot. It's really interesting. You mentioned that the encryption key is stored on the blockchain. So what, why did you guys decide to store it on the blockchain? Right Versus I don't know an internal server? Right that's like heavily secured and whatnot, versus you know any other option? Right Like potentially, I don't know. Right Like AWS, kms has a key service or Azure has their key service. Right Like what made you go down the blockchain route? Because that's a very interesting route that you don't normally see, right now at least.

Speaker 2: 22:26

So so, just to be clear, this architecture is not ours. It's. That's the very far potential standard that is being built, and you're absolutely right, it doesn't have to be built that way. If you're everything I mentioned, if you want to, as an organization, for example, to build your own digital identity that will be used only for your employees or only for your consumers, you don't need to do that. The main reason to have the blockchain is if you want to create a digitality that is following the standard, and then the point is that it will be able to be used with anyone who support that standard, and some with the claim and you want to show again Uber Eats or whatever, that you want to buy alcohol on your 21 and whatnot, the digital idea on your wallet, on your mobile phone, will provide a claim he is over 21, a citizen, and the signature that they will look in the blockchain will show this was authenticated by a company called Authentics and they were certified. Therefore, you can trust them. So to make sure that it was not graded by someone that is not certified, and so that's, I believe, the main reason, and this way, it's fully accessible and you don't need to know. That's also a very key aspect of the very farmed relationship. Not only you don't know who the person is behind it, just if they can provide a claim or not, you also don't know who provided it to them, because it's all about data privacy. So I think that's kind of the main objectives of choosing blockchain for that.

Speaker 1: 24:23

Hmm, that's really interesting, you know, because you always hear about, I guess, different governments or different politicians wanting to, you know, outlaw the blockchain or crypto, right to some extent. And me, as a tech person, I try to think through that problem of how they would actually be able to accomplish it, and it seems like an impossible, unsurmountable task. Right, because you would have to have so much buy-in from the other 200 plus countries in the world, right, and then you'd also have to have something on everyone's mobile device or, you know, digital device, whatever it might be right, that is looking for the blockchain and, you know, block that to some extent. I mean, that's such a that is such an extreme feat to take. I just don't see that happening. Does you know, I guess, does anyone in the industry? Right, because you said that this is a standard, this is, you know, what's being developed, what everyone is going to be using that's in this space. Does anyone ever, you know, I guess, worry about that or have that in the back of their mind, or is it? You know, kind of like what I just said, right, where it's like, yeah, they talk about it, but it's such an unsurmountable task that, you know, you kind of take a calculated risk and it's like well, I don't think that they'll ever be able to accomplish that.

Speaker 2: 26:09

I believe that, while the different cryptocurrencies are based on blockchain, there should be a very high level of blockchain there should be a very clear separation between the technology and how you use it, and while I can see why some politicians or countries wanna put different type of restrictions, regulations on cryptocurrencies because while there is a lot of benefits and positives out times of this whole cryptocurrency world, there are there were different risks as well, so I can understand why there are a lot of discussions around that, but when it goes to blockchain basically the technology, and you can build different, you know, type of applications and great things on top of it that have nothing to do with the currency then I don't think that there is any risk that I'm aware of. The technology itself will be banned in any way, and specifically on very far-off credentials, and you know it's part of the W3C, and I know many countries, including the US, are following that with different type of ideas. Maybe they don't comply with it completely, but they all try to come up with some kind of unified way for, you know, developing standard for people to be able to digitally, safely and securely identify themselves, and that technology seems like you know great fit for that. So I think that's where it will go to in the end.

Speaker 1: 28:15

It's an interesting space, so you know, if you had to kind of guess or make a prediction right, where do you think it'll go in the next? You know, five to 10 years, where do you see this space going and growing?

Speaker 2: 28:31

That's very, very, very hard to tell because it's moving super fast and also because I think one of the main drivers for where this industry goes is so, on one hand, is the legitimate players of the governments and the large organizations. You know the Apple and Microsoft and Google of the world, and also e-commerce, like Amazon and but very, very important, you know, impact is the bad guys, and they evolved faster than anyone. They they adapt new technologies faster than anyone, and a lot is going on now around. You know deep-fake and generative AI's, and I think that this is going to change dramatically the way that organizations and even you know people, how, what terms, what technology they use to verify that whoever they interact with is really the person that they can be. We are now having this, you know, online interview, but Very, very shortly you could have this discussion with someone that looks exactly like me my voice but it will be fake, and now you know it could be someone for your bank or someone for your work, or so I think there will be a need to have all the right technology to make sure that whoever you interact with is really the person, and not to trust our standard ways of looking at the person, hearing their voice, anymore. So I think that's going to drive a lot of the changes in this market.

Speaker 1: 30:48

Well, you know near before I let you go, why don't you tell my audience where they can find you if they wanted to reach out to you, where they can learn more about your company and any other social media sites or links that they should know about?

Speaker 2: 31:08

Sure. So yeah, my name is Nier Stern. I work for Authentics, so Authentics is AU10TIX, so you could go visit our website and get a lot of information on what Authentics does and ask to be contacted with and me personally. I believe the best way is to email LinkedIn. I usually very responsive and also on LinkedIn you can find a lot of different types of articles and blogs that I published.

Speaker 1: 31:44

Yeah, awesome. Well, thanks, nier, I really appreciate you coming on and I hope everyone enjoyed this episode.