Anonybit

Transcription:

Jessica Vinitsky (00:11):

Hi everyone. I'm Jessica Vinitsky from Anonybit, and today I'm going to show you how we help prevent account takeover and other forms of fraud, streamline the user experience, and do it all in a privacy-preserving way. Fraud continues to be a challenge because many organizations still rely on a combination of weak authenticators like passwords, SMS codes, or security questions somewhere in the user journey. But the issue is those methods are fragmented and can't stop modern threats like DeepFakes or injection attacks, and they leave the door wide open to fraudsters. The only truly reliable way to close those gaps and to verify identity is with biometrics. While this may seem like a simple solution, many organizations are still reluctant to deal with biometrics because of concerns around data storage and potential data breaches, but that's where Anonybit comes in. We offer a decentralized, biometric solution that makes it possible and easy to securely capture, store, and use biometrics wherever authentication is needed.

(01:25):

Now, what makes us different? Instead of storing biometrics on a device or in a single database, we take the biometric, break it apart into anonymized pieces, and then distribute each piece across a multi-cloud environment, which is composed of different types of nodes. Once the data enters the nodes, it never comes out, even for matching. So unlike Humpty Dumpty, we never put the biometric back together again. Instead, we distribute it. Once it's in the cloud, we'd even argue that it's no longer there. We have three solution capabilities: one-to-one biometric matching for authentication (is Jessica really Jessica?); we can also do one-to-many biometric lookups during onboarding to flag any synthetic identities, people who are on a block or watch list, etc.; and we can also store any non-biometric data like document scans and queues.

(02:28):

These are the solutions and capabilities that I'm going to show you today in our demo. One thing to note, while my example today will be focused on the face (the selfie), we are multimodal and can support any biometric modality, whether it's the face, iris, palm, fingerprint, voice, etc. I'll walk you through two different demos. One will focus on the capabilities: we'll do an enrollment, which is the process of capturing the biometric and then creating a new biometric profile in the decentralized cloud. Then we'll do an authentication, which is the one-to-one, after we put it in the context of a digital banking platform. So let's bring it to life. The first thing is always key: we collect consent. I'll go ahead and consent. Next, I'm going to enter my phone number, which acts as my unique identifier for demo purposes. Once I click enroll, it's going to prompt me to capture my selfie. In the backend, we have technology working to detect my liveness and make sure that I'm a real person and not an image or video.

(03:45):

In terms of user experience, as you saw, it's quick and simple. If we shift to the backend, you can see that I've been flagged as a potential fraudster. There's an identity duplicate in the system. We set the threshold to $0.62$ to show the top four matches, but this aspect is completely configurable. The idea is if somebody is already enrolled in the system, they won't be able to create a new account, therefore stopping the fraud before it happens. If they're not in the system, then we take the biometric, shard it, and then create a new profile, which can be leveraged for all downstream authentication afterwards. I'm going to go ahead and confirm match to show you that my enrollment will fail. The fraudster has been stopped. Now let's pretend that I wasn't a fraudster and we'll go ahead and do an authentication. I'll enter my unique identifier again and take another selfie.

(04:51):

As you can see, just like that, I'm successfully authenticated. This process takes about 200 milliseconds, which is as easy and fast as doing tap and pay. If I click on present data decentralization, you can see that each node returns a score. The system then combines each score to create a final authentication score to see how valid the image was. So that's the first part of the demo. Now let's put it into the context of a digital banking platform. What you see now is the Q2 demo environment. Here we're being used for step-up authentication (MFA). I'll log in like I
normally would with my username and password, but now, like all of you, I'm in Boca and not at home in Montreal. So I'm going to be triggered to do a step up and capture my selfie for extra assurance.

(06:01):

As you can see, the image was broken down and I've been successfully authenticated, and I can now access my account. If I want to go do a high-risk transfer, it'll be a similar experience. I'm going to go ahead and send $\$10,000$. Since it's above a certain threshold, I'll be prompted again for step-up authentication and to capture a new selfie. And just like that, wire transfer authorized. It's a quick and easy user experience that always ensures secure access and trust at every touch point. We can be used at the call center, in branch, or through digital. Thank you.