Join Sheetal Elangovan and Robert MacDonald for an IBA Friday! In this session, they discuss their key takeaways from Identiverse 2024.

Video Transcript
Speaker 1:
Okay. Enough talk about cricket, I think we're live. By the way, I do want to play cricket, so someday we should figure out how to help me do that next time I come to New Jersey. Hi Sheetal, how are you?

Speaker 2:
I'm good. How are you, Rob?

Speaker 1:
Happy Friday.

Speaker 2:
Happy Friday.

Speaker 1:
Yes, indeed. And happy Friday to everybody else. Welcome to another IBA Friday. This is Rob and Sheetal coming at you through LinkedIn. And last week Sheetal, you and I had a little road trip together with a couple of other colleagues. We were at Identiverse. Yeah? Was it exciting?

Speaker 2:
Absolutely exciting. Did you make any money, Rob?

Speaker 1:
I do not play the tables at all. I stay as clear from that. I'm too cheap. I don't like giving people my money unless I'm going to get something in return and just losing it is not... No, I can't do that. It's not part of my DNA. How about you? Did you win anything?

Speaker 2:
Nothing. I gained some nuggets of wisdom though about-

Speaker 1:
Well that's good. Well, hey, listen, there's lots of nuggets of wisdom to learn at Identiverse this year. I had a horrific travel experience getting down there. Completely new thing for me, but we don't have to get into that again today. But let's talk a little bit about Identiverse. Did you have a good time?

Speaker 2:
We did. So Rob, I know you this time around you did a lot of planning for Identiverse and you brought us all together at the booth and lined all of this up. So tell us about your experience. When you were there at Identiverse, what was happening at the booth? What kind of customers came in to talk to us?

Speaker 1:
Yeah. There was, I think a little bit of everybody from every market I think ended up swinging by the booth, Sheetal and what I did notice this year over any other year is that there was a lot of questions about identity verification. How do I verify? How do I proof users? And can you do that? And in previous years, that really wasn't a question. There was a lot about password lists or pass keys or whatever, but this year there was a lot of focus on how do we verify a user remotely? And we had hotels, we had universities, we had banks, we had big travel companies, we had amusement park organizing. We had all kinds of people coming by and asking us about identity verification. And it was a relatively steady stream to that. People asking about wallets, which again was kind of the first time anybody really asked me about a wallet. So there was lots of interest in that. Did you see the same thing or what were you seeing?

Speaker 2:
Yes, I think pretty much the same thing with respect to universities. We saw people from universities, staff come in to see how can we verify our students and make sure that from day one they have a credential that they can carry with them, they can it log into their student portal, they can use it to get to their classroom. Which is a beautiful use case where it's an absolutely streamlined access for a student from day one. So that was a really good use case.

Banks, we had a lot of banks who came in and spoke to us about, "Hey, do you have any kiosk-based verification where I can sort of do a self-service experience for ID verification?" Where a customer can step in and they can verify themselves and they can use that to recover their password, recover their account, or perform a high-value transaction. So those kind of things.

We also saw, I mean a lot of hotels and retail chains who were at the booth, Rob. Who were looking for solutions especially around how can I have my hotel staff or ground staff authenticate on a day-to-day basis? So I was recently at a retail chain, I saw an employee who had a badge with a QR code, and that's what they used to authenticate. Now how easy is that to get compromised? So that was a real-world use case. So what can 1Kosmos do in that kind of scenario, Rob? How can we solve for that?

Speaker 1:
Yeah, I mean you and I have talked about that I think in the past and we've got our 1Key, and that was a popular discussion and maybe we'll talk maybe the identity verification for help desk in a minute because that was another one. But the shared workstation kiosk, how do I deliver a passwordless experience to those users that are at some sort of kiosk or a shared kiosk. Whether that be retail, again, some of the amusement parks that we talked about. There's a lot of those shared workstations and they were struggling with trying to get a streamlined and secure solution that didn't rely on badges or things that can be stolen, things that be compromised, things could be forgotten at home. Because you forget it at home, what do you do when you get to work. That's a hurdle that IT has got to jump through to try to get that to an employee quickly and with as little friction as possible. And it's not doable. It's expensive.

So when we were talking about our 1Key and what it brings to the table, there was a lot of interest in that because of the simplicity in the one to many scenario that we bring. You leave that key in the system, anybody that walks up to it that has been registered to that device type in their username, scan their fingerprint and boom, they're off and running. And that really resonated with a lot of people that could buy the booth. And I think you can probably sentiment the same thing, right?

Speaker 2:
Absolutely. So we saw a lot of people who were extremely interested in that entire offering. I know you wanted to go back and talk a little bit about ID verification. So tell us a little bit about that. What kind of-

Speaker 1:
Yeah. Well, being that we were in Las Vegas and one of the biggest breaches of last year happened to two of the major chains that are in Vegas, all done through the same method where somebody called into the help desk, impersonated a user and were able to reset and gain the user's credential that they called in about. So there's a lot of inquiries about how could we help solve that problem.

Now we already have a solution that we built shortly after that attack happened because we have those capabilities and showing that to customers in terms of how it worked and what we delivered and how quick and easy it was and that you could drop it in and fit it into an existing workflow that's in place today, really made people come to a pause and they're like, "Really? It's that simple?" It's like, yeah, we just send a link to get somebody to scan their driver's license, scan their face, and we can prove identity in 45 seconds. And then the help desk agent can continue on with the credential update, reset, whatever that might be.

And there were a lot of discussions around that because that's not something that's readily available to customers and they're struggling to try to figure out how they solve that problem. It is a real attack vector that's becoming more frequent. And in talking with customers, they were very intrigued by how that can be done and how that can help harden, I guess, the security in and around help desks. I mean, you talked more customers than I did. Well, I don't know if you did. I think you were just in more meetings than I was. I was looking after the booth. But what about you? What did you see? What were you hearing?

Speaker 2:
So I think I pretty much heard the same things as you are. The common themes were pretty much the same. How can I protect some of these shared? The only thing that I want to add was we had a lot of customers who came in and talked to us about our wallet. So I think the entire concept of preserving an end user's privacy, how can I make sure that we're not compromising data or a user's PII. And everybody knows what a wallet is and I think there was a lot of interest in that direction as well. How can we use a wallet in the consumer space? How can we use a wallet in a government space? How can we use it in an enterprise space? So a lot of conversations around that topic around using an identity wallet, which is also very interesting to learn from customers. And really being at a booth, it gives you a very humbling experience as to how customers can use your technology to move their initiatives forward.

Speaker 1:
Yeah, I mean, everybody's got very unique use cases when they swing by the booth. It's like, "Hey, tell me about how you could do whatever my use case is." And while sometimes they all sound the same and technically we're solving the same problem, the way in which that problem presents itself can be very different at a lot of these different prospects, customers, people that are swinging by the booth. And it's interesting to learn from and hear about how a lot of these different places are doing it. And listen, in some cases, some are trying to go out and do it on their own, and they're just looking to compare what they're doing versus what we're doing, and does it make sense to have us do it for them instead of them try to go down the path and do it themselves. I mean, I had a couple of quick conversations with people in and around that.

But yeah, I mean, getting out and seeing a lot of these or meeting a lot of these organizations and people that work for these organizations is interesting. And like I said at the very beginning, it spanned pretty much everything. Like you said, there were hotels, there were universities, banks, there was lots of government representation there as well at this event. And looking into how can they deliver secure services to citizens and residents calling help desks or logging in to get access to services and things along those lines. So lots of really good conversations. You went to a couple of sessions. How were the sessions?

Speaker 2:
I actually went to a lot of the sessions. So I think Identiverse is a really good opportunity to see what's happening as trends across the industry. Definitely one of the highlights was what kind of new attack vectors are we seeing? And one of them even said it's CaaS, C-A-S-S, and it's cybercrime as a service where you have these wide range of call centers that can be set up to conduct OTP fraud or capture related fraud, different kinds of attack vectors that are emerging.

But one of the attack vectors that we really covered this time was deepfakes. The prevalence of deepfakes. And I think 1Kosmos did a talk about how deepfakes are going to become more prevalent, especially... And this is a threat in the ID verification industry. So as a company, we've put a lot of research and investigation into how can we ensure that when somebody is presenting their face in a remote verification scenario, that it's not actually a deepfake. We put a lot of mitigation strategies in place, but it was really about educating the market saying, hey, this is the next big attack vector that anyone who's shopping around for 90 verification solution should really be worried about or thinking about.

Speaker 1:
Yeah I mean-

Speaker 1:
Go ahead, sorry. You finished that.

Speaker 2:
Yeah. Yeah. So that was one definite trend that we saw. New attack vectors, how quickly they're spreading.

Speaker 1:
Yeah, that session that we put on was with Mike Engel, he's been on IBA Friday in the past, and we had one of our customers partner up with him, Jason Pratt. It was very well attended. It was very cool. I actually had somebody swing by the booth right after it was over. They're like, "Wow. When he kind of transformed his face into Jude Law, that was kind of weird." I was like, "Yeah, that's kind of where it's going."

But really the way I look at that Sheetal, and I don't know if you feel the same way, but there are lots of different ways that you can fake. Now, deepfake is kind of the video version of it. But everything that we've been talking about up until now is that even when we look at the social engineering, you're providing a fake identity, you're becoming an imposter to try to get that information, to get that credential.

So deepfakes, really that starts, any fake of that nature really starts at doing proper identity verification, doing triangulation against government issued documents and third-party databases and issuing databases and really bringing all of that stuff together. And then you start to sprinkle in things like being able to spot presentation attacks, so doing liveness checks and things along those lines like we do.

So having those conversations with customers because they heard a lot about deepfakes, but really unsure of, well, what does that mean to me and how could I go about fixing that? And then talking about the liveness checks and the injection attack prevention and things along those lines, I think really went a long way. And I got a lot of really good feedback on that session that we had provided just based on that alone really. It was just a deepfake, that word really popped up all of a sudden. It was like overnight. Everything was about deepfakes and people were really interested in terms of what that meant and maybe what that meant to them when they got back to the office, right?

Speaker 2:
Yep. Yep, absolutely. Even Andre did his opening keynote and his opening keynote had four deepfakes that were right up front sort of competing with each other to present themselves as Andre. So that's how the entire sessions began. Other than that, some of the popular trends were of course passkeys, a lot of conversations around passkeys and the adoption of passkeys. Over the last couple of years, we've seen it spike up in terms of the entire consumer space.

It kind of tells you that end users are ready for passwordless authentication. They see the benefit in it. There are a lot of adoption metrics that tells us that passkeys can be very, very, very, very fruitful in a consumer space when it comes to how quickly you can restore them, how quickly you can adopt them, all of that information. So passkeys, definitely something to watch out for in the next few, next couple of years.

Speaker 1:
Yeah.

Speaker 2:
Definitely if in an enterprise setting, if there's a customer who needs to implement passkeys, of course it's a big burden on any enterprise is why they opt in and work with single sign-on provider solutions like us where we bring in that capability and you're automatically able to inherit some of those capabilities from an implementation. So definitely something you watch out for. And finally, the good one was, of course, the buzzword that everybody's talking about, which is AI and the security space. Seen a lot of companies innovating in the entire AI space. And one of the big topics that we saw was where AI was able to be a coach, where it is able to help you with very rich decision-making.

A really good example was from Microsoft Copilot where it was able to ingest a lot of data from different endpoints and able to say, "Hey, why did this incident occur? Why was Rob challenged for MFA on May 9th?" And it's able to give you a very beautiful summary of why he was challenged for MFA. And it's all in natural language, which makes it very easy for a support staff to break something down. So we saw some really good trends in AI as well. So that was just a quick and good learning sessions that came out of the entire Identiverse conference.

Speaker 1:
Yeah, I guess that's interesting because now you would no longer have to kind of pour through audit logs to figure out what happened and why. If that's able to consolidate that for you in natural language, that's pretty powerful. Interesting. All right. Well, another IBA Friday. All right. Yeah, listen, if you went to Identiverse and you have questions about anything that you saw there or how we relate to any of the things that maybe you might've learned at Identiverse, you can always reach out to Sheetal and I. We'd be more than happy to have a conversation with you and we can go from there. But for now, thanks for joining us on another IBA Friday and I guess we'll see you in two weeks or so. Have a good weekend, Sheetal.

Speaker 2:
Bye.