Prepare yourself for an exhilarating dialogue with Nir Stern, a man who has brilliantly navigated his way from a pre-sales career to the intriguing world of identity fraud. We kick off with an exploration of Nir's career transition, shedding light on the often overlooked world of salespeople and the art of cultivating customer relationships. Nir shares his wealth of knowledge, providing wisdom on how businesses can foster a culture of trust and respect with their sales teams, both internally and externally.
How about a glimpse into the future of identity verification? Nir Stern talks us through the rising necessity of identity proofing to mitigate fraud and account takeover risks. He shares insights on the power of machine learning models, hinting at a user experience so streamlined that it could be seamless in just four to eight seconds. The conversation then shifts to the creation of highly trusted credentials that enable users to share claims without divulging personal data. Nir also dishes out intriguing details about the potential of Apple devices' wallets for secure credential storage!
As we steer the dialogue towards blockchain, Nir weights in on the risks of blockchain technology bans, and the role of governments and large organizations in crafting blockchain standards. We close out the episode by introducing you to AU10TIX and offering a sneak peek into the wealth of resources available on our website and LinkedIn page. If you're a tech enthusiast, salesperson, or just curious about identity fraud, this episode is loaded with profound insights that are sure to keep you hooked!
Affiliate Links:
NordVPN: https://go.nordvpn.net/aff_c?offer_id=15&aff_id=87753&url_id=902
Follow the Podcast on Social Media!
Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast
Patreon: https://www.patreon.com/SecurityUnfilteredPodcast
YouTube: https://www.youtube.com/@securityunfilteredpodcast
TikTok: Not today China! Not today
1
00:00:00
Speaker 1: How's it going, Nir?
00:00:01
It's really good to finally have you on the podcast.
00:00:03
I feel like we've been trying to schedule this thing for
00:00:06
forever at this point, but I'm really excited for our
00:00:10
conversation.
00:00:11
I think it'll be interesting.
00:00:12
Speaker 2: Yeah, I'm sitting here.
00:00:13
Thanks for having me.
00:00:15
Speaker 1: Yeah, absolutely so, nir.
00:00:17
You know I start everyone off with kind of telling their
00:00:21
background right of how they got into the world that they're in
00:00:25
right now.
00:00:26
So you know, when I look at your LinkedIn, I see that you
00:00:30
kind of started your career in pre-sales right Once you got out
00:00:34
of the Israeli military, you got into pre-sales and now
00:00:38
you're in like identity fraud and handling that sort of thing.
00:00:43
So talk to me about how one, how you got into pre-sales right
00:00:48
and then, if there is, I guess, any skills in pre-sales right
00:00:58
that you learned, that paid dividends now.
00:01:03
Speaker 2: Oh, great question.
00:01:04
So yeah, as you mentioned, I started in the Israeli military
00:01:14
as a programmer and I've been doing programming for a few
00:01:23
years and pretty quick I've learned that I need the human
00:01:32
interaction and you know a bit more dynamic environment and
00:01:40
that's basically why I moved into being a pre-sale and I
00:01:50
think most of the value I get from that period is deep
00:01:59
understanding of the life of a salesperson and you know what it
00:02:03
requires for them and you know how is it to work and create a
00:02:10
relationship with a customer.
00:02:12
Speaker 1: And build it and how much?
00:02:13
Speaker 2: effort you build into that and as a product manager
00:02:18
in the identity and fraud, this is what I'm doing in the past 15
00:02:23
years or so.
00:02:24
That, I think, gives me a lot of understanding of you know who
00:02:29
.
00:02:29
I work with which is both dev, which I have experience in sales
00:02:33
, and marketing sales, and I think that that's one of the
00:02:37
biggest advantages of that period.
00:02:41
Speaker 1: Yeah, you know, I have noticed that, at least in
00:02:46
the cybersecurity space, it's kind of hit or miss with how
00:02:51
people treat their salespeople in terms of, you know, like the
00:02:58
third party vendor, right, I have seen it where companies, I
00:03:05
mean just treat them terribly.
00:03:07
You know, like, these salespeople are just looking for
00:03:10
an update, right, Because they just did, you know, three months
00:03:14
of work for you and they need to justify it to their
00:03:18
management to keep on doing it if you need it, you know, and
00:03:22
they just want an update to understand where they are in the
00:03:25
process, right, To understand where we are in the process.
00:03:30
And I never understood that and I'm very against that, you know
00:03:34
, because, like they're people at the end of the day, you know,
00:03:37
like, why can't we just treat them like people, respect their
00:03:40
time, respect them and, you know , go from there and not expect
00:03:45
anything.
00:03:45
You know, in the back end I've experienced it, I guess, on the
00:03:49
other side of that too, where people will gladly accept a
00:03:55
sales call or whatever it might be right, and they'll accept a
00:04:00
dinner, they'll accept an event, a sporting event, right, but
00:04:06
then they don't go that extra mile and actually get this
00:04:11
person a call with the right people on the call to look at
00:04:15
the product you know, to make it an assessment and say like, hey
00:04:19
, maybe this will actually work for us.
00:04:21
We don't have a project slated for right now, you know, but you
00:04:26
know we'll have something down the line.
00:04:29
You know, I don't mean to talk too much, right, this episode is
00:04:33
for you, obviously right.
00:04:36
But you know, this kind of goes hand in hand with my selling
00:04:41
internally episode that I did, where you know you treat the
00:04:46
salesperson like a person you know and, yes, they may take you
00:04:51
to dinner or lunch or something like that.
00:04:53
Right, but the important part is you actually setting up that
00:04:57
phone call, getting the right people on the call and actually
00:05:01
assessing the product, actually taking a serious look at it,
00:05:05
regardless of if you have a project slated that year for it
00:05:09
or not.
00:05:10
You know, to that salesperson, that's, that means the world,
00:05:14
right, Because they're they're putting their neck out there,
00:05:17
you know, on the line in their own company to say, hey, we need
00:05:21
to spend resources on this.
00:05:22
Is that something that that you noticed as well, or was it
00:05:29
different at your companies?
00:05:30
How was that?
00:05:35
Speaker 2: Um, so yeah, absolutely, I think you know not
00:05:46
sure if it's only in the high-tech industry or
00:05:49
cybersecurity, but I just simply noticed that in this industry,
00:05:55
many times, people you know will play roles, right, what your
00:06:00
title is, what your job is, and so on and people are sometimes
00:06:04
too attached to that role and forget that in the end, it's all
00:06:07
human beings and we all, you know we should treat each other
00:06:13
like that and be respectful and, you know, think, in the end,
00:06:21
creating the relationships and creating trust is a key both and
00:06:26
, as you mentioned, both internally and externally,
00:06:29
because you do need to promote ideas, to sell ideas, in order
00:06:33
to be successful, both internally and externally.
00:06:36
And I think it's a key to remember on the other side,
00:06:43
there is a person and don't do anything to them that you
00:06:47
wouldn't want other people to do to you, and so on.
00:06:49
So I relate to what you just said very, very much.
00:06:54
Speaker 1: Right, so you know.
00:06:57
Talk to me about how you transitioned into your current
00:07:01
role with an identity fraud company.
00:07:03
You know that sounds like it is a huge jump right To go from
00:07:11
pre-sales into identity fraud.
00:07:15
Talk to me about you know if there's any skills that you may
00:07:18
have learned along the way that prepared you for this role, and
00:07:23
you know just what you're doing, what the company is doing
00:07:25
overall.
00:07:27
Speaker 2: Sure.
00:07:27
So a little bit over 15 years ago I was, as I mentioned, I was
00:07:32
pre-sale, and then I was interviewing to a company called
00:07:41
Actimize, which was later acquired by NICE and they're
00:07:47
developing fraud detection systems for mainly financial
00:07:56
institutions, and so I was interviewing for a pre-sale role
00:08:00
and one of the founders he told me well, you need to be a
00:08:05
product manager, and he was one of the smartest people I ever
00:08:09
worked with and he explained to me why he think I'll be great in
00:08:12
that and I took that role.
00:08:14
I ended up being a product manager in that company and it
00:08:19
was back when online payments just started, like bill payments
00:08:26
in the US, and P2P and ACH and so on, and frauds were
00:08:33
unbelievable.
00:08:33
So the fraudster did the well, the first one to adopt it and
00:08:39
many of the banks didn't have any solutions.
00:08:42
So we developed these systems that basically look abnormally,
00:08:48
based on the history of the payments and other types of
00:08:54
indications that these are risky or fraudulent transactions, and
00:09:00
I did that for seven years.
00:09:02
So I learned a lot about everything about, I guess,
00:09:06
identity and digital identities and authentication and fraud and
00:09:09
rates management and all of that.
00:09:14
So that's where I think I got most of my initial understanding
00:09:19
on that world.
00:09:20
From there I moved to a company called Trustier that was
00:09:24
acquired by IBM.
00:09:25
They were focused more on the cyber side of identity and fraud
00:09:31
so everything around financial malware, old front desktops and
00:09:36
mobiles and phishing scams and so on and as it was acquired by
00:09:44
IBM, we were a part of IBM security and very much
00:09:48
integrated into the identity management of IBM solutions.
00:09:52
So I learned a lot about the identity piece when working
00:09:58
there and then for me it was very clear transition actually
00:10:07
into authentic, such as dealing with identity proofing, which
00:10:11
kind of merged between two worlds of risk and fraud and
00:10:15
identity.
00:10:15
And yeah, it's really great.
00:10:21
We have a lot of very diverse and large customers from many
00:10:29
industries and that's how I got here basically.
00:10:36
Speaker 1: Hmm, so talk to me about identity proofing.
00:10:40
What is identity proofing and how does it help prevent fraud?
00:10:46
Speaker 2: So identity proofing in a very high level is part of
00:10:53
KYC know your customer A process where, basically, organization
00:11:01
is traditionally required to know who they deal with on the
00:11:08
digital channels.
00:11:09
So in the past, when you wanted to open a bank account, for
00:11:13
example, you would go to the branch, you would show them your
00:11:15
ID, they would copy it, they will look in your face, see that
00:11:20
it's through the URIV, they will log in all the details and
00:11:24
so on, and they were required to do it because of regulations.
00:11:33
With the transition to the digital world and with all the
00:11:39
new regulations around anti-money laundering and
00:11:43
anti-terries financing, there were more and more regulations
00:11:51
that require those organizations to go through this know your
00:11:58
customer process and the very key part of it is identity
00:12:02
proofing, where basically, you need to prove you are who you
00:12:06
claim you are using a photo ID.
00:12:08
Now it all started originally from that specific need, which
00:12:15
is more around compliance and regulation rather than fraud,
00:12:20
but as the technology improved and companies like us that were
00:12:31
able to create this process fully automated.
00:12:34
So it's all based on machine learning models that are doing
00:12:39
everything from taking the picture in the best quality,
00:12:43
identifying the identity there, classifying the ID, extracting
00:12:48
all the data from the ID, running multiple forgery tests
00:12:51
on it, comparing the self-eutility.
00:12:53
All of that is fully automated and happens within four to eight
00:12:57
seconds.
00:12:58
The user experience became relatively smooth so it's not
00:13:04
like it used to be that you had actually manual reviews.
00:13:08
People would repeat manually behind the scenes, so you could
00:13:10
wait minutes, even hours until you get a response.
00:13:13
So now it's been four to eight seconds.
00:13:16
So more and more companies are using our technology as a strong
00:13:21
factor of authentication instead of traditional ones that
00:13:24
are basically not very effective.
00:13:28
So, instead of using one-time password on SMS or email, which
00:13:34
any sophisticated fraud or can bypass easily using social
00:13:38
engineering in many cases, many of our customers use us whenever
00:13:42
there is a risk for account takeover or risk activity, they
00:13:47
only require their users to go through an identity proofing to
00:13:51
really show who they are.
00:13:51
So that's basically where it's at.
00:13:59
Speaker 1: So in the, I guess, the security architecture of
00:14:03
this, what a user go through your identity proofing process
00:14:09
and they're issued potentially a like a PKI certificate, right
00:14:15
where then they can sign emails and do everything else with that
00:14:19
certificate.
00:14:20
Or is that something that is not currently incorporated with
00:14:24
the product or anything?
00:14:30
Speaker 2: Our basic offering is a process in which we end up
00:14:39
giving a response to our customers saying whether or not
00:14:44
we were able to verify the identity of that end user.
00:14:49
From that point on, it's the responsibility of our customer
00:14:53
to decide what they want to do.
00:14:54
It could be okay we will re-credential you, we will allow
00:14:59
you to transfer, I don't know, $50 in ACH, we will allow
00:15:06
you to recover your account after it was hijacked, and so on
00:15:13
and so on.
00:15:13
Or it could be very simple things like you know we will
00:15:17
allow you to get a scooter because you need to prove us
00:15:20
that you're a wear team, or to rent an apartment in Airbnb, and
00:15:26
so on.
00:15:26
So there are different use cases, different verified
00:15:31
moments, as we call it, where our customers will use our
00:15:34
technology and then do something based on our response.
00:15:39
The reason you technology in the industry called very fabled
00:15:43
credentials, where, basically, the whole idea is that, instead
00:15:50
of us, as consumers, to show and share our details with
00:15:56
different organizations unnecessarily, we will create a
00:16:01
very fabled credential, that's, different types of credentials
00:16:05
that are cryptographically stored on a wallet on our mobile
00:16:11
device, and then all we share is claims with the organization.
00:16:16
So if I want to go and buy alcohol using Uber, eat or
00:16:21
whatever, all they need to for me to show is that I'm citizen
00:16:27
of the US, for example, and over 21.
00:16:29
So I will share my claims and all they will get is yes, he's a
00:16:35
citizen of the US.
00:16:35
Yes, is over 21.
00:16:38
It was certified by a cynics who is a partner, and that's it
00:16:42
First user experiences must match.
00:16:44
Much smoother because you don't need to go through showing an
00:16:47
idea, so on.
00:16:48
But more important maybe than any user, you don't share any of
00:16:51
your information unnecessarily.
00:16:53
Also for the organization, they don't need to keep it.
00:16:56
So we do support all of that process as well.
00:17:01
Speaker 1: This is.
00:17:02
Speaker 2: We have a cooperation with Microsoft Entry ID.
00:17:06
They developed a system, so they are use cases where the end
00:17:12
game of our process is creating this very subtle credential
00:17:17
that can be used in the future.
00:17:22
Speaker 1: That's interesting.
00:17:23
So you're saying that other entities will basically
00:17:27
authenticate a user against your service or whatnot to provide
00:17:33
them access to whatever service they're offering, right?
00:17:37
Speaker 2: So in the end, in the future, I believe that will
00:17:45
take a few years, probably because this is relatively new
00:17:49
trend in the industry, but we do see more and more companies
00:17:54
investing a lot around that Very public credentials, many of the
00:17:58
new digital ideas of those standards.
00:18:01
So the mobile driving license in the US is following the very
00:18:05
public credentials standards, the IEDAS in the EU and so on.
00:18:08
So in the future, all of us, instead of having multiple type
00:18:14
of IDs in our physical wallets, like driving license and in some
00:18:21
countries like Israel, you have an ID and also you have your
00:18:26
student card and so on you have in your mobile.
00:18:29
You have multiple IDs.
00:18:31
It could be from government issues, but also from different
00:18:35
type of commercial organizations that you will be able to share
00:18:41
and use and prove your credentials.
00:18:44
For example, it could be to prove that you are a certified
00:18:49
nurse or a doctor, or, and so on .
00:18:53
So think of all the different claims that you may need to use
00:18:58
in your day to day.
00:18:59
In the future, the world will be in your wallet and we'll just
00:19:02
be able to share them in the most secure way, without the
00:19:06
need to carry on different type of certificates and so on.
00:19:12
Speaker 1: That's interesting.
00:19:13
I wonder if they will go that route with passports as well,
00:19:19
right, because I personally, I really like getting that
00:19:22
passport stamp.
00:19:23
I don't know, it's something, there's something satisfying
00:19:28
about it, like I'll go to a place just to get the stamp
00:19:31
rather than like anything else.
00:19:33
But it makes me, I don't know, it makes me slightly nervous,
00:19:40
right, as a security professional, to have that on a
00:19:45
digital device.
00:19:45
It makes me wonder if there's someone out there that can I
00:19:50
don't know hack into it and then use that to impersonate me.
00:19:54
Is there?
00:19:55
Let's just talk about Apple devices specifically, right,
00:19:59
because all of that would go into the wallet and the wallet
00:20:02
is supposed to be secured to some extent.
00:20:05
Is there?
00:20:07
Is there protections or native protections around the wallet or
00:20:11
those identifications that enhance the security in some way
00:20:18
?
00:20:21
Speaker 2: So, yeah, I think that the key here, that is, it's
00:20:23
all encrypted graphically, so none of the data is available.
00:20:31
If you try to somehow act, attack the app or anything like
00:20:36
that, and it's all.
00:20:38
All the certificates are out there in the blockchain and you
00:20:42
need to have to access that.
00:20:44
You need to have access to the back end.
00:20:45
So there are multiple measurements that are being
00:20:50
taken in order to prevent any type of you know, trying to hack
00:20:58
or create forged ideas.
00:21:04
Now there are multiple vendors and multiple type of wallets and
00:21:12
so on and, as I mentioned, this is still early stages, but
00:21:19
security is a key there.
00:21:20
That's the key.
00:21:21
You know, tpi and all these things.
00:21:27
Speaker 1: Yeah, I feel like it's not just early early stages
00:21:30
for you guys, it's early stages for that entire industry.
00:21:34
Yeah, you know, like it's.
00:21:36
It's almost like the entire industry has to reinvent
00:21:39
themselves, you know, with the new and emerging in tech and
00:21:43
whatnot.
00:21:44
It's really interesting.
00:21:45
You mentioned that the encryption key is stored on the
00:21:50
blockchain.
00:21:51
So what, why did you guys decide to store it on the
00:21:56
blockchain?
00:21:56
Right Versus I don't know an internal server?
00:22:00
Right that's like heavily secured and whatnot, versus you
00:22:06
know any other option?
00:22:07
Right Like potentially, I don't know.
00:22:09
Right Like AWS, kms has a key service or Azure has their key
00:22:16
service.
00:22:17
Right Like what made you go down the blockchain route?
00:22:20
Because that's a very interesting route that you don't
00:22:22
normally see, right now at least.
00:22:26
Speaker 2: So so, just to be clear, this architecture is not
00:22:32
ours.
00:22:32
It's.
00:22:33
That's the very far potential standard that is being built,
00:22:38
and you're absolutely right, it doesn't have to be built that
00:22:43
way.
00:22:43
If you're everything I mentioned, if you want to, as an
00:22:48
organization, for example, to build your own digital identity
00:22:54
that will be used only for your employees or only for your
00:22:57
consumers, you don't need to do that.
00:23:00
The main reason to have the blockchain is if you want to
00:23:03
create a digitality that is following the standard, and then
00:23:08
the point is that it will be able to be used with anyone who
00:23:14
support that standard, and some with the claim and you want to
00:23:19
show again Uber Eats or whatever , that you want to buy alcohol
00:23:24
on your 21 and whatnot, the digital idea on your wallet, on
00:23:32
your mobile phone, will provide a claim he is over 21, a citizen
00:23:38
, and the signature that they will look in the blockchain will
00:23:43
show this was authenticated by a company called Authentics and
00:23:47
they were certified.
00:23:48
Therefore, you can trust them.
00:23:49
So to make sure that it was not graded by someone that is not
00:23:53
certified, and so that's, I believe, the main reason, and
00:24:00
this way, it's fully accessible and you don't need to know.
00:24:03
That's also a very key aspect of the very farmed relationship.
00:24:07
Not only you don't know who the person is behind it, just if
00:24:11
they can provide a claim or not, you also don't know who
00:24:14
provided it to them, because it's all about data privacy.
00:24:18
So I think that's kind of the main objectives of choosing
00:24:21
blockchain for that.
00:24:23
Speaker 1: Hmm, that's really interesting, you know, because
00:24:26
you always hear about, I guess, different governments or
00:24:31
different politicians wanting to , you know, outlaw the
00:24:36
blockchain or crypto, right to some extent.
00:24:39
And me, as a tech person, I try to think through that problem
00:24:45
of how they would actually be able to accomplish it, and it
00:24:50
seems like an impossible, unsurmountable task.
00:24:54
Right, because you would have to have so much buy-in from the
00:24:59
other 200 plus countries in the world, right, and then you'd
00:25:05
also have to have something on everyone's mobile device or, you
00:25:09
know, digital device, whatever it might be right, that is
00:25:14
looking for the blockchain and, you know, block that to some
00:25:18
extent.
00:25:19
I mean, that's such a that is such an extreme feat to take.
00:25:24
I just don't see that happening .
00:25:26
Does you know, I guess, does anyone in the industry?
00:25:31
Right, because you said that this is a standard, this is, you
00:25:35
know, what's being developed, what everyone is going to be
00:25:40
using that's in this space.
00:25:40
Does anyone ever, you know, I guess, worry about that or have
00:25:46
that in the back of their mind, or is it?
00:25:49
You know, kind of like what I just said, right, where it's
00:25:53
like, yeah, they talk about it, but it's such an unsurmountable
00:25:58
task that, you know, you kind of take a calculated risk and it's
00:26:00
like well, I don't think that they'll ever be able to
00:26:05
accomplish that.
00:26:09
Speaker 2: I believe that, while the different cryptocurrencies
00:26:15
are based on blockchain, there should be a very high level of
00:26:19
blockchain there should be a very clear separation between
00:26:23
the technology and how you use it, and while I can see why some
00:26:31
politicians or countries wanna put different type of
00:26:34
restrictions, regulations on cryptocurrencies because while
00:26:41
there is a lot of benefits and positives out times of this
00:26:45
whole cryptocurrency world, there are there were different
00:26:53
risks as well, so I can understand why there are a lot
00:26:56
of discussions around that, but when it goes to blockchain
00:26:59
basically the technology, and you can build different, you
00:27:04
know, type of applications and great things on top of it that
00:27:11
have nothing to do with the currency then I don't think that
00:27:16
there is any risk that I'm aware of.
00:27:19
The technology itself will be banned in any way, and
00:27:24
specifically on very far-off credentials, and you know it's
00:27:28
part of the W3C, and I know many countries, including the US,
00:27:38
are following that with different type of ideas.
00:27:40
Maybe they don't comply with it completely, but they all try to
00:27:44
come up with some kind of unified way for, you know,
00:27:50
developing standard for people to be able to digitally, safely
00:27:57
and securely identify themselves , and that technology seems like
00:28:04
you know great fit for that.
00:28:07
So I think that's where it will go to in the end.
00:28:15
Speaker 1: It's an interesting space, so you know, if you had
00:28:18
to kind of guess or make a prediction right, where do you
00:28:21
think it'll go in the next?
00:28:22
You know, five to 10 years, where do you see this space
00:28:26
going and growing?
00:28:31
Speaker 2: That's very, very, very hard to tell because it's
00:28:36
moving super fast and also because I think one of the main
00:28:43
drivers for where this industry goes is so, on one hand, is the
00:28:52
legitimate players of the governments and the large
00:28:56
organizations.
00:28:57
You know the Apple and Microsoft and Google of the
00:29:00
world, and also e-commerce, like Amazon and but very, very
00:29:12
important, you know, impact is the bad guys, and they evolved
00:29:22
faster than anyone.
00:29:23
They they adapt new technologies faster than anyone,
00:29:26
and a lot is going on now around.
00:29:32
You know deep-fake and generative AI's, and I think
00:29:40
that this is going to change dramatically the way that
00:29:46
organizations and even you know people, how, what terms, what
00:29:55
technology they use to verify that whoever they interact with
00:30:00
is really the person that they can be.
00:30:03
We are now having this, you know , online interview, but Very,
00:30:10
very shortly you could have this discussion with someone that
00:30:13
looks exactly like me my voice but it will be fake, and now you
00:30:20
know it could be someone for your bank or someone for your
00:30:24
work, or so I think there will be a need to have all the right
00:30:29
technology to make sure that whoever you interact with is
00:30:34
really the person, and not to trust our standard ways of
00:30:39
looking at the person, hearing their voice, anymore.
00:30:41
So I think that's going to drive a lot of the changes in
00:30:45
this market.
00:30:48
Speaker 1: Well, you know near before I let you go, why don't
00:30:53
you tell my audience where they can find you if they wanted to
00:30:57
reach out to you, where they can learn more about your company
00:31:01
and any other social media sites or links that they should know
00:31:06
about?
00:31:08
Speaker 2: Sure.
00:31:08
So yeah, my name is Nier Stern.
00:31:10
I work for Authentics, so Authentics is AU10TIX, so you
00:31:17
could go visit our website and get a lot of information on what
00:31:22
Authentics does and ask to be contacted with and me personally
00:31:27
.
00:31:27
I believe the best way is to email LinkedIn.
00:31:31
I usually very responsive and also on LinkedIn you can find a
00:31:38
lot of different types of articles and blogs that I
00:31:44
published.
00:31:44
Speaker 1: Yeah, awesome.
00:31:46
Well, thanks, nier, I really appreciate you coming on and I
00:31:50
hope everyone enjoyed this episode.
Speaker 1: How's it going, Nir?
00:00:01
It's really good to finally have you on the podcast.
00:00:03
I feel like we've been trying to schedule this thing for
00:00:06
forever at this point, but I'm really excited for our
00:00:10
conversation.
00:00:11
I think it'll be interesting.
00:00:12
Speaker 2: Yeah, I'm sitting here.
00:00:13
Thanks for having me.
00:00:15
Speaker 1: Yeah, absolutely so, nir.
00:00:17
You know I start everyone off with kind of telling their
00:00:21
background right of how they got into the world that they're in
00:00:25
right now.
00:00:26
So you know, when I look at your LinkedIn, I see that you
00:00:30
kind of started your career in pre-sales right Once you got out
00:00:34
of the Israeli military, you got into pre-sales and now
00:00:38
you're in like identity fraud and handling that sort of thing.
00:00:43
So talk to me about how one, how you got into pre-sales right
00:00:48
and then, if there is, I guess, any skills in pre-sales right
00:00:58
that you learned, that paid dividends now.
00:01:03
Speaker 2: Oh, great question.
00:01:04
So yeah, as you mentioned, I started in the Israeli military
00:01:14
as a programmer and I've been doing programming for a few
00:01:23
years and pretty quick I've learned that I need the human
00:01:32
interaction and you know a bit more dynamic environment and
00:01:40
that's basically why I moved into being a pre-sale and I
00:01:50
think most of the value I get from that period is deep
00:01:59
understanding of the life of a salesperson and you know what it
00:02:03
requires for them and you know how is it to work and create a
00:02:10
relationship with a customer.
00:02:12
Speaker 1: And build it and how much?
00:02:13
Speaker 2: effort you build into that and as a product manager
00:02:18
in the identity and fraud, this is what I'm doing in the past 15
00:02:23
years or so.
00:02:24
That, I think, gives me a lot of understanding of you know who
00:02:29
.
00:02:29
I work with which is both dev, which I have experience in sales
00:02:33
, and marketing sales, and I think that that's one of the
00:02:37
biggest advantages of that period.
00:02:41
Speaker 1: Yeah, you know, I have noticed that, at least in
00:02:46
the cybersecurity space, it's kind of hit or miss with how
00:02:51
people treat their salespeople in terms of, you know, like the
00:02:58
third party vendor, right, I have seen it where companies, I
00:03:05
mean just treat them terribly.
00:03:07
You know, like, these salespeople are just looking for
00:03:10
an update, right, Because they just did, you know, three months
00:03:14
of work for you and they need to justify it to their
00:03:18
management to keep on doing it if you need it, you know, and
00:03:22
they just want an update to understand where they are in the
00:03:25
process, right, To understand where we are in the process.
00:03:30
And I never understood that and I'm very against that, you know
00:03:34
, because, like they're people at the end of the day, you know,
00:03:37
like, why can't we just treat them like people, respect their
00:03:40
time, respect them and, you know , go from there and not expect
00:03:45
anything.
00:03:45
You know, in the back end I've experienced it, I guess, on the
00:03:49
other side of that too, where people will gladly accept a
00:03:55
sales call or whatever it might be right, and they'll accept a
00:04:00
dinner, they'll accept an event, a sporting event, right, but
00:04:06
then they don't go that extra mile and actually get this
00:04:11
person a call with the right people on the call to look at
00:04:15
the product you know, to make it an assessment and say like, hey
00:04:19
, maybe this will actually work for us.
00:04:21
We don't have a project slated for right now, you know, but you
00:04:26
know we'll have something down the line.
00:04:29
You know, I don't mean to talk too much, right, this episode is
00:04:33
for you, obviously right.
00:04:36
But you know, this kind of goes hand in hand with my selling
00:04:41
internally episode that I did, where you know you treat the
00:04:46
salesperson like a person you know and, yes, they may take you
00:04:51
to dinner or lunch or something like that.
00:04:53
Right, but the important part is you actually setting up that
00:04:57
phone call, getting the right people on the call and actually
00:05:01
assessing the product, actually taking a serious look at it,
00:05:05
regardless of if you have a project slated that year for it
00:05:09
or not.
00:05:10
You know, to that salesperson, that's, that means the world,
00:05:14
right, Because they're they're putting their neck out there,
00:05:17
you know, on the line in their own company to say, hey, we need
00:05:21
to spend resources on this.
00:05:22
Is that something that that you noticed as well, or was it
00:05:29
different at your companies?
00:05:30
How was that?
00:05:35
Speaker 2: Um, so yeah, absolutely, I think you know not
00:05:46
sure if it's only in the high-tech industry or
00:05:49
cybersecurity, but I just simply noticed that in this industry,
00:05:55
many times, people you know will play roles, right, what your
00:06:00
title is, what your job is, and so on and people are sometimes
00:06:04
too attached to that role and forget that in the end, it's all
00:06:07
human beings and we all, you know we should treat each other
00:06:13
like that and be respectful and, you know, think, in the end,
00:06:21
creating the relationships and creating trust is a key both and
00:06:26
, as you mentioned, both internally and externally,
00:06:29
because you do need to promote ideas, to sell ideas, in order
00:06:33
to be successful, both internally and externally.
00:06:36
And I think it's a key to remember on the other side,
00:06:43
there is a person and don't do anything to them that you
00:06:47
wouldn't want other people to do to you, and so on.
00:06:49
So I relate to what you just said very, very much.
00:06:54
Speaker 1: Right, so you know.
00:06:57
Talk to me about how you transitioned into your current
00:07:01
role with an identity fraud company.
00:07:03
You know that sounds like it is a huge jump right To go from
00:07:11
pre-sales into identity fraud.
00:07:15
Talk to me about you know if there's any skills that you may
00:07:18
have learned along the way that prepared you for this role, and
00:07:23
you know just what you're doing, what the company is doing
00:07:25
overall.
00:07:27
Speaker 2: Sure.
00:07:27
So a little bit over 15 years ago I was, as I mentioned, I was
00:07:32
pre-sale, and then I was interviewing to a company called
00:07:41
Actimize, which was later acquired by NICE and they're
00:07:47
developing fraud detection systems for mainly financial
00:07:56
institutions, and so I was interviewing for a pre-sale role
00:08:00
and one of the founders he told me well, you need to be a
00:08:05
product manager, and he was one of the smartest people I ever
00:08:09
worked with and he explained to me why he think I'll be great in
00:08:12
that and I took that role.
00:08:14
I ended up being a product manager in that company and it
00:08:19
was back when online payments just started, like bill payments
00:08:26
in the US, and P2P and ACH and so on, and frauds were
00:08:33
unbelievable.
00:08:33
So the fraudster did the well, the first one to adopt it and
00:08:39
many of the banks didn't have any solutions.
00:08:42
So we developed these systems that basically look abnormally,
00:08:48
based on the history of the payments and other types of
00:08:54
indications that these are risky or fraudulent transactions, and
00:09:00
I did that for seven years.
00:09:02
So I learned a lot about everything about, I guess,
00:09:06
identity and digital identities and authentication and fraud and
00:09:09
rates management and all of that.
00:09:14
So that's where I think I got most of my initial understanding
00:09:19
on that world.
00:09:20
From there I moved to a company called Trustier that was
00:09:24
acquired by IBM.
00:09:25
They were focused more on the cyber side of identity and fraud
00:09:31
so everything around financial malware, old front desktops and
00:09:36
mobiles and phishing scams and so on and as it was acquired by
00:09:44
IBM, we were a part of IBM security and very much
00:09:48
integrated into the identity management of IBM solutions.
00:09:52
So I learned a lot about the identity piece when working
00:09:58
there and then for me it was very clear transition actually
00:10:07
into authentic, such as dealing with identity proofing, which
00:10:11
kind of merged between two worlds of risk and fraud and
00:10:15
identity.
00:10:15
And yeah, it's really great.
00:10:21
We have a lot of very diverse and large customers from many
00:10:29
industries and that's how I got here basically.
00:10:36
Speaker 1: Hmm, so talk to me about identity proofing.
00:10:40
What is identity proofing and how does it help prevent fraud?
00:10:46
Speaker 2: So identity proofing in a very high level is part of
00:10:53
KYC know your customer A process where, basically, organization
00:11:01
is traditionally required to know who they deal with on the
00:11:08
digital channels.
00:11:09
So in the past, when you wanted to open a bank account, for
00:11:13
example, you would go to the branch, you would show them your
00:11:15
ID, they would copy it, they will look in your face, see that
00:11:20
it's through the URIV, they will log in all the details and
00:11:24
so on, and they were required to do it because of regulations.
00:11:33
With the transition to the digital world and with all the
00:11:39
new regulations around anti-money laundering and
00:11:43
anti-terries financing, there were more and more regulations
00:11:51
that require those organizations to go through this know your
00:11:58
customer process and the very key part of it is identity
00:12:02
proofing, where basically, you need to prove you are who you
00:12:06
claim you are using a photo ID.
00:12:08
Now it all started originally from that specific need, which
00:12:15
is more around compliance and regulation rather than fraud,
00:12:20
but as the technology improved and companies like us that were
00:12:31
able to create this process fully automated.
00:12:34
So it's all based on machine learning models that are doing
00:12:39
everything from taking the picture in the best quality,
00:12:43
identifying the identity there, classifying the ID, extracting
00:12:48
all the data from the ID, running multiple forgery tests
00:12:51
on it, comparing the self-eutility.
00:12:53
All of that is fully automated and happens within four to eight
00:12:57
seconds.
00:12:58
The user experience became relatively smooth so it's not
00:13:04
like it used to be that you had actually manual reviews.
00:13:08
People would repeat manually behind the scenes, so you could
00:13:10
wait minutes, even hours until you get a response.
00:13:13
So now it's been four to eight seconds.
00:13:16
So more and more companies are using our technology as a strong
00:13:21
factor of authentication instead of traditional ones that
00:13:24
are basically not very effective.
00:13:28
So, instead of using one-time password on SMS or email, which
00:13:34
any sophisticated fraud or can bypass easily using social
00:13:38
engineering in many cases, many of our customers use us whenever
00:13:42
there is a risk for account takeover or risk activity, they
00:13:47
only require their users to go through an identity proofing to
00:13:51
really show who they are.
00:13:51
So that's basically where it's at.
00:13:59
Speaker 1: So in the, I guess, the security architecture of
00:14:03
this, what a user go through your identity proofing process
00:14:09
and they're issued potentially a like a PKI certificate, right
00:14:15
where then they can sign emails and do everything else with that
00:14:19
certificate.
00:14:20
Or is that something that is not currently incorporated with
00:14:24
the product or anything?
00:14:30
Speaker 2: Our basic offering is a process in which we end up
00:14:39
giving a response to our customers saying whether or not
00:14:44
we were able to verify the identity of that end user.
00:14:49
From that point on, it's the responsibility of our customer
00:14:53
to decide what they want to do.
00:14:54
It could be okay we will re-credential you, we will allow
00:14:59
you to transfer, I don't know, $50 in ACH, we will allow
00:15:06
you to recover your account after it was hijacked, and so on
00:15:13
and so on.
00:15:13
Or it could be very simple things like you know we will
00:15:17
allow you to get a scooter because you need to prove us
00:15:20
that you're a wear team, or to rent an apartment in Airbnb, and
00:15:26
so on.
00:15:26
So there are different use cases, different verified
00:15:31
moments, as we call it, where our customers will use our
00:15:34
technology and then do something based on our response.
00:15:39
The reason you technology in the industry called very fabled
00:15:43
credentials, where, basically, the whole idea is that, instead
00:15:50
of us, as consumers, to show and share our details with
00:15:56
different organizations unnecessarily, we will create a
00:16:01
very fabled credential, that's, different types of credentials
00:16:05
that are cryptographically stored on a wallet on our mobile
00:16:11
device, and then all we share is claims with the organization.
00:16:16
So if I want to go and buy alcohol using Uber, eat or
00:16:21
whatever, all they need to for me to show is that I'm citizen
00:16:27
of the US, for example, and over 21.
00:16:29
So I will share my claims and all they will get is yes, he's a
00:16:35
citizen of the US.
00:16:35
Yes, is over 21.
00:16:38
It was certified by a cynics who is a partner, and that's it
00:16:42
First user experiences must match.
00:16:44
Much smoother because you don't need to go through showing an
00:16:47
idea, so on.
00:16:48
But more important maybe than any user, you don't share any of
00:16:51
your information unnecessarily.
00:16:53
Also for the organization, they don't need to keep it.
00:16:56
So we do support all of that process as well.
00:17:01
Speaker 1: This is.
00:17:02
Speaker 2: We have a cooperation with Microsoft Entry ID.
00:17:06
They developed a system, so they are use cases where the end
00:17:12
game of our process is creating this very subtle credential
00:17:17
that can be used in the future.
00:17:22
Speaker 1: That's interesting.
00:17:23
So you're saying that other entities will basically
00:17:27
authenticate a user against your service or whatnot to provide
00:17:33
them access to whatever service they're offering, right?
00:17:37
Speaker 2: So in the end, in the future, I believe that will
00:17:45
take a few years, probably because this is relatively new
00:17:49
trend in the industry, but we do see more and more companies
00:17:54
investing a lot around that Very public credentials, many of the
00:17:58
new digital ideas of those standards.
00:18:01
So the mobile driving license in the US is following the very
00:18:05
public credentials standards, the IEDAS in the EU and so on.
00:18:08
So in the future, all of us, instead of having multiple type
00:18:14
of IDs in our physical wallets, like driving license and in some
00:18:21
countries like Israel, you have an ID and also you have your
00:18:26
student card and so on you have in your mobile.
00:18:29
You have multiple IDs.
00:18:31
It could be from government issues, but also from different
00:18:35
type of commercial organizations that you will be able to share
00:18:41
and use and prove your credentials.
00:18:44
For example, it could be to prove that you are a certified
00:18:49
nurse or a doctor, or, and so on .
00:18:53
So think of all the different claims that you may need to use
00:18:58
in your day to day.
00:18:59
In the future, the world will be in your wallet and we'll just
00:19:02
be able to share them in the most secure way, without the
00:19:06
need to carry on different type of certificates and so on.
00:19:12
Speaker 1: That's interesting.
00:19:13
I wonder if they will go that route with passports as well,
00:19:19
right, because I personally, I really like getting that
00:19:22
passport stamp.
00:19:23
I don't know, it's something, there's something satisfying
00:19:28
about it, like I'll go to a place just to get the stamp
00:19:31
rather than like anything else.
00:19:33
But it makes me, I don't know, it makes me slightly nervous,
00:19:40
right, as a security professional, to have that on a
00:19:45
digital device.
00:19:45
It makes me wonder if there's someone out there that can I
00:19:50
don't know hack into it and then use that to impersonate me.
00:19:54
Is there?
00:19:55
Let's just talk about Apple devices specifically, right,
00:19:59
because all of that would go into the wallet and the wallet
00:20:02
is supposed to be secured to some extent.
00:20:05
Is there?
00:20:07
Is there protections or native protections around the wallet or
00:20:11
those identifications that enhance the security in some way
00:20:18
?
00:20:21
Speaker 2: So, yeah, I think that the key here, that is, it's
00:20:23
all encrypted graphically, so none of the data is available.
00:20:31
If you try to somehow act, attack the app or anything like
00:20:36
that, and it's all.
00:20:38
All the certificates are out there in the blockchain and you
00:20:42
need to have to access that.
00:20:44
You need to have access to the back end.
00:20:45
So there are multiple measurements that are being
00:20:50
taken in order to prevent any type of you know, trying to hack
00:20:58
or create forged ideas.
00:21:04
Now there are multiple vendors and multiple type of wallets and
00:21:12
so on and, as I mentioned, this is still early stages, but
00:21:19
security is a key there.
00:21:20
That's the key.
00:21:21
You know, tpi and all these things.
00:21:27
Speaker 1: Yeah, I feel like it's not just early early stages
00:21:30
for you guys, it's early stages for that entire industry.
00:21:34
Yeah, you know, like it's.
00:21:36
It's almost like the entire industry has to reinvent
00:21:39
themselves, you know, with the new and emerging in tech and
00:21:43
whatnot.
00:21:44
It's really interesting.
00:21:45
You mentioned that the encryption key is stored on the
00:21:50
blockchain.
00:21:51
So what, why did you guys decide to store it on the
00:21:56
blockchain?
00:21:56
Right Versus I don't know an internal server?
00:22:00
Right that's like heavily secured and whatnot, versus you
00:22:06
know any other option?
00:22:07
Right Like potentially, I don't know.
00:22:09
Right Like AWS, kms has a key service or Azure has their key
00:22:16
service.
00:22:17
Right Like what made you go down the blockchain route?
00:22:20
Because that's a very interesting route that you don't
00:22:22
normally see, right now at least.
00:22:26
Speaker 2: So so, just to be clear, this architecture is not
00:22:32
ours.
00:22:32
It's.
00:22:33
That's the very far potential standard that is being built,
00:22:38
and you're absolutely right, it doesn't have to be built that
00:22:43
way.
00:22:43
If you're everything I mentioned, if you want to, as an
00:22:48
organization, for example, to build your own digital identity
00:22:54
that will be used only for your employees or only for your
00:22:57
consumers, you don't need to do that.
00:23:00
The main reason to have the blockchain is if you want to
00:23:03
create a digitality that is following the standard, and then
00:23:08
the point is that it will be able to be used with anyone who
00:23:14
support that standard, and some with the claim and you want to
00:23:19
show again Uber Eats or whatever , that you want to buy alcohol
00:23:24
on your 21 and whatnot, the digital idea on your wallet, on
00:23:32
your mobile phone, will provide a claim he is over 21, a citizen
00:23:38
, and the signature that they will look in the blockchain will
00:23:43
show this was authenticated by a company called Authentics and
00:23:47
they were certified.
00:23:48
Therefore, you can trust them.
00:23:49
So to make sure that it was not graded by someone that is not
00:23:53
certified, and so that's, I believe, the main reason, and
00:24:00
this way, it's fully accessible and you don't need to know.
00:24:03
That's also a very key aspect of the very farmed relationship.
00:24:07
Not only you don't know who the person is behind it, just if
00:24:11
they can provide a claim or not, you also don't know who
00:24:14
provided it to them, because it's all about data privacy.
00:24:18
So I think that's kind of the main objectives of choosing
00:24:21
blockchain for that.
00:24:23
Speaker 1: Hmm, that's really interesting, you know, because
00:24:26
you always hear about, I guess, different governments or
00:24:31
different politicians wanting to , you know, outlaw the
00:24:36
blockchain or crypto, right to some extent.
00:24:39
And me, as a tech person, I try to think through that problem
00:24:45
of how they would actually be able to accomplish it, and it
00:24:50
seems like an impossible, unsurmountable task.
00:24:54
Right, because you would have to have so much buy-in from the
00:24:59
other 200 plus countries in the world, right, and then you'd
00:25:05
also have to have something on everyone's mobile device or, you
00:25:09
know, digital device, whatever it might be right, that is
00:25:14
looking for the blockchain and, you know, block that to some
00:25:18
extent.
00:25:19
I mean, that's such a that is such an extreme feat to take.
00:25:24
I just don't see that happening .
00:25:26
Does you know, I guess, does anyone in the industry?
00:25:31
Right, because you said that this is a standard, this is, you
00:25:35
know, what's being developed, what everyone is going to be
00:25:40
using that's in this space.
00:25:40
Does anyone ever, you know, I guess, worry about that or have
00:25:46
that in the back of their mind, or is it?
00:25:49
You know, kind of like what I just said, right, where it's
00:25:53
like, yeah, they talk about it, but it's such an unsurmountable
00:25:58
task that, you know, you kind of take a calculated risk and it's
00:26:00
like well, I don't think that they'll ever be able to
00:26:05
accomplish that.
00:26:09
Speaker 2: I believe that, while the different cryptocurrencies
00:26:15
are based on blockchain, there should be a very high level of
00:26:19
blockchain there should be a very clear separation between
00:26:23
the technology and how you use it, and while I can see why some
00:26:31
politicians or countries wanna put different type of
00:26:34
restrictions, regulations on cryptocurrencies because while
00:26:41
there is a lot of benefits and positives out times of this
00:26:45
whole cryptocurrency world, there are there were different
00:26:53
risks as well, so I can understand why there are a lot
00:26:56
of discussions around that, but when it goes to blockchain
00:26:59
basically the technology, and you can build different, you
00:27:04
know, type of applications and great things on top of it that
00:27:11
have nothing to do with the currency then I don't think that
00:27:16
there is any risk that I'm aware of.
00:27:19
The technology itself will be banned in any way, and
00:27:24
specifically on very far-off credentials, and you know it's
00:27:28
part of the W3C, and I know many countries, including the US,
00:27:38
are following that with different type of ideas.
00:27:40
Maybe they don't comply with it completely, but they all try to
00:27:44
come up with some kind of unified way for, you know,
00:27:50
developing standard for people to be able to digitally, safely
00:27:57
and securely identify themselves , and that technology seems like
00:28:04
you know great fit for that.
00:28:07
So I think that's where it will go to in the end.
00:28:15
Speaker 1: It's an interesting space, so you know, if you had
00:28:18
to kind of guess or make a prediction right, where do you
00:28:21
think it'll go in the next?
00:28:22
You know, five to 10 years, where do you see this space
00:28:26
going and growing?
00:28:31
Speaker 2: That's very, very, very hard to tell because it's
00:28:36
moving super fast and also because I think one of the main
00:28:43
drivers for where this industry goes is so, on one hand, is the
00:28:52
legitimate players of the governments and the large
00:28:56
organizations.
00:28:57
You know the Apple and Microsoft and Google of the
00:29:00
world, and also e-commerce, like Amazon and but very, very
00:29:12
important, you know, impact is the bad guys, and they evolved
00:29:22
faster than anyone.
00:29:23
They they adapt new technologies faster than anyone,
00:29:26
and a lot is going on now around.
00:29:32
You know deep-fake and generative AI's, and I think
00:29:40
that this is going to change dramatically the way that
00:29:46
organizations and even you know people, how, what terms, what
00:29:55
technology they use to verify that whoever they interact with
00:30:00
is really the person that they can be.
00:30:03
We are now having this, you know , online interview, but Very,
00:30:10
very shortly you could have this discussion with someone that
00:30:13
looks exactly like me my voice but it will be fake, and now you
00:30:20
know it could be someone for your bank or someone for your
00:30:24
work, or so I think there will be a need to have all the right
00:30:29
technology to make sure that whoever you interact with is
00:30:34
really the person, and not to trust our standard ways of
00:30:39
looking at the person, hearing their voice, anymore.
00:30:41
So I think that's going to drive a lot of the changes in
00:30:45
this market.
00:30:48
Speaker 1: Well, you know near before I let you go, why don't
00:30:53
you tell my audience where they can find you if they wanted to
00:30:57
reach out to you, where they can learn more about your company
00:31:01
and any other social media sites or links that they should know
00:31:06
about?
00:31:08
Speaker 2: Sure.
00:31:08
So yeah, my name is Nier Stern.
00:31:10
I work for Authentics, so Authentics is AU10TIX, so you
00:31:17
could go visit our website and get a lot of information on what
00:31:22
Authentics does and ask to be contacted with and me personally
00:31:27
.
00:31:27
I believe the best way is to email LinkedIn.
00:31:31
I usually very responsive and also on LinkedIn you can find a
00:31:38
lot of different types of articles and blogs that I
00:31:44
published.
00:31:44
Speaker 1: Yeah, awesome.
00:31:46
Well, thanks, nier, I really appreciate you coming on and I
00:31:50
hope everyone enjoyed this episode.
Related Episodes
Episode 91 - The Future Of Cryptocurrency
In this episode I talk with Zenobia Godschalk and we discuss the future of cryptocurrency and how it can change the entire world of finance. We had a great conversation about her journey and so much more. If you enjoy this episode please leave a review & share the podcast. Zenobia's Links:...
Episode 59 - Evan Shoening - Blockchain Security
In this episode I talk with Evan Shoening about Blockchain security and why crypto matters in the world. We also discuss some of the vulnerabilities in this area. We had a great conversation and I hope everyone enjoys it! If you enjoy the podcast please go leave a review on the platform you listen,...