Passwords can no longer protect bank accounts and online wallets. Two-factor authentication (2FA) is vulnerable. By 2021, according to the official Cybersecurity report of Cybersecurity Ventures, cyber fraud and hacker attacks will cost the world $6 trillion compared to $3 trillion back in 2015. Blockchain can help with resolving the problem. By the yearend, Canada’s SecureKey plans to launch a decentralized identification service, Verified.Me. One’s identity can then be verified in a mobile application of a smartphone. Greg Wolfond, SecureKey founder, in an interview told Invest Foresight why his project was supported by major Canadian banks and how blockchain will change digital identification.
– You have founded many startups – how do you do it? How do you manage your time?
– It’s really all about people. Learning how to surround yourself and develop relationships with trusted partners who share your goals makes running multiple companies feasible. Deep partnership is the most important aspect of leadership and one of the major reasons why the companies I’ve been involved in have seen their various successes. I think the idea of partnership quite aptly parallels what we’re achieving in the launch of SecureKey’s digital identity ecosystem, Verified.Me; innovation without genuine collaboration simply just isn’t possible when building ecosystem solutions.
– How did SecureKey come to be?
– SecureKey was founded because we saw a fundamental flaw in the way identity is proved online, in person and on the phone. It’s too easy to create a fake driver’s license or to answer someone’s knowledge-based questions. The system is broken. Too many people become victims of identity fraud, leading us to ask more questions about how the issue of identity could be solved with greater security and less friction.
– This was in 2007. What was your first product after the launch of the company? What is your company’s growing ratio since then?
– Our first product offering was SecureKey Concierge, which is a next generation authentication network for conveniently connecting people to critical online services using their secure banking credentials they already have and trust. Currently, SecureKey Concierge connects Canadian citizens with the online services of over 80 government agencies. From filing your taxes online to booking a campsite at one of Canada’s national parks, SecureKey Concierge allows citizens to securely log into these online services using credentials from trusted Sign-In Partners.
– In a digital economy, the current centralized identity system is described as being flawed. For example, more than 1,300 identity breaches have occurred since 2017 in the U.S., which have caused some 175 million identity records to be compromised according to the 2018 IBM X-Force Threat Index. Do you have similar statistics for Canada?
– Canada has certainly had its fair share of data breach scenarios. Of the major publicly-reported breaches, well over 10 million Canadians were impacted, but this is only a small slice of the pie as organizations reported an average of 455 attacks last year alone. Obviously, the problem is pervasive regardless of geography.
The reality is that today’s data breaches aren’t bound by borders. As our digital economy becomes more and more ubiquitous, the question we ask as security and privacy professionals shouldn’t be, “How can we decrease the number of data breaches in the U.S. or Canada?” Rather, it should be, “How can we create strengthen access to systems to reduce the damage of data breaches for everyone?”
– What is digital identification based on blockchain? How would you explain this concept to a six-year-old child?
We would say to a child that your data is like your things – your toys and your bike. There are places you can leave them safely and places that aren’t safe. We use blockchain distributed ledger technology to help you share your things (your data) so that only people you say can use them will be able to. You get to say yes and give your (consent) every time. No one gets to move your things to other places where they might get stolen. They stay in safe places (like your bank, in grown up terms) until you agree to share them.
– Why change more or less successful ways of identification? What are the disadvantages of biometrics and 2-factor authentication (2FA), which has been hailed as a silver bullet for password security?
– 2FA (This is an authentication method, in which you need to provide two means of identification – your password and unique code generated by a special mobile application for authentication. – Ed.) is a great step forward, but it doesn’t solve the problems facing digital identity. Even with 2FA, consumers still face pain points and open themselves up to fraud when proving their identities. Fraudster techniques are becoming more and more sophisticated, as evidenced by the steadily increasing numbers and severity of data breaches around the world. From DDoS attacks to WannaCry and Heartbleed, bad parties’ attempts to infiltrate our personal lives are becoming more consistent and elaborate. The solution must enable three different type of factors to be truly successful: what you have (like your phone), what you know (like your bank login) and what you are (like your biometrics).
– Could you please tell how long did it take to develop Verified.Me? How is the simplicity aspect of its being accomplished?
– The simplest way to explain the services we develop is that they provide the technology that securely connects consumers with the online services they need. Whether that be through our currently service, SecureKey Concierge, or our upcoming blockchain-based digital identity ecosystem, Verified.Me, holistic privacy is always built into our solutions from the very beginning.
It takes time to develop the secure platforms that consumers deserve, like our upcoming solution Verified.Me. We’ve actively been involved in talks with investors, experts and collaborators since 2015 to ensure Verified.Me goes to market with every angle considered and the most sophisticated security and privacy built into the solution courtesy of some of the world’s greatest minds (The company is working on Verified.Me together with IBM Corp. – Ed.).
– You have a competitive advantage in a commercial roll-out – seven-large lenders, including Toronto-Dominion Bank and Royal Bank of Canada, invested C$30 million ($24 million) in the project. How did you manage to get such powerful support?
I think the answer here is a fairly simple one: risk management. Fraud is an immense issue in – Canadian (and global) markets that financial institutions must combat. More secure digital identity verification is a natural next step for the banks as they continue to better protect their customers. They realized that an ecosystem where telcos, banks and governments work together to increase security and reduce fraud is an important thing for everyone – consumers, businesses and governments alike.
– Which organizations are going to use your product based on blockchain?
– There are many organizations involved in the development of our blockchain-based digital identity ecosystem, Verified.Me, either as investors, network members, innovators, collaborators or policy advisors. These include: BMO, CIBC, Desjardins, National Bank of Canada, RBC, Scotiabank, Sun Life Financial, TD, Intel, Levio, Notarius, Digital ID & Authentication Council of Canada (DIACC), etc.
– Do you have the competitors? What do you think about American blockchain-based digital identity platform Civic? What differs your solutions from them?
– Many companies in the digital identity space have developed different methods of addressing today’s digital identity issues, but the reality is that any approach needs collaboration with different parties to ensure solutions are highly secure. We’ve worked extensively to create an ecosystem to facilitate our approach to digital identity – one that seeks and encourages deep collaboration and partnership – which is really our greatest differentiator. We’ve been able to engage major financial institutions, government services and others because you simply cannot build a secure and feasible digital identity with only one party.
– Given the recent Facebook privacy scandal, there is an unquestionable need for a self-sovereign identity ecosystem. Just one question: what is your commercial strategy in the long run?
– We plan to launch Verified.Me in Canada in 2018, where we’ve developed fruitful relationships with major financial institutions, telcos, governments, sharing economy services and more. Organizations like DIACC and Global Privacy and Security by Design have set global privacy and identity standards that made the Canadian landscape a natural place to begin building our Verified.Me ecosystem. However, the problems with digital identity are not Canada’s alone and impact all consumers. As such, we are already active in several other countries and will pursue other markets following the Canadian launch.
– What’s the future of your industry?
– I think the future of our industry will come when cross-industry organizations realize the value of collaboration and join platforms to develop solutions for a social good. Operating in independent silos (A silo in IT is an isolated point in a system where data is kept and segregated from other parts of the architecture. IT professionals often talk about silos in a negative way, because the free flow of data is so important in most enterprise systems. – Ed.) is not appropriate for the digital age – nor is it sustainable.