Kaarel Kotkas, CEO of Veriff, met with Aviva Zacks of Safety Detective for an interview about his cybersecurity journey and how it got started with some blue twine.
Safety Detective: What got you interested in cybersecurity and what do you love about it?
Kaarel Kotkas: People usually get curious about something when they are pushed to tackle a particular problem. My story is no different. My interest in cybersecurity was triggered more than a decade ago, however, more by accident than intentionally. I grew up on a beef farm in Hiiumaa, a small island in the Baltic Sea. My job was to collect the blue twine that was used to tie up the hay bales. I was not really excited about this job and started looking for biodegradable twine so that I would no longer need to collect the twine. So I searched the internet for biodegradable twine, found an online store, and tried to buy it. I sent a copy of my ID to the online store but my order was declined because I was underage, 14 at that time. Without thinking twice, I photoshopped the date of my birth from 1994 to 1984, sent it off once again and it worked—the biodegradable twine was shipped to Hiiumaa to our farm. This was the first time I experienced how low the barriers to online identification were and how easily the system can be tricked.
Several years later as I was graduating from high school, I was also conducting a case study for TransferWise. My task was to test their security systems by using a false ID. This task really got me excited about the world of secure identity verification. So, I spent the whole summer writing code trying to solve the issue.
I founded Veriff with the belief that online identity verification can be more secure than physical face to face verification. First, developed technology that enabled Estonian e-residents to open bank accounts without physically visiting the country. Then we moved into banking to help Baltic banks meet compliance and KYC requirements. Our technology made sure that the person taking the credit really is who they claim to be. That’s shortly how my journey in cybersecurity started.
SD: What do you love about it?
KK: I am excited about where we are heading. Veriff is building infrastructure for trust, we allow any website and mobile application to match a person with their government-issued ID. In the physical world, when you go to the bank to apply for a loan and present somebody else’s passport instead of your own, it’s likely that you will be caught by the bank employee. Then you can only rely on your fast legs and run away not to be caught. In the online world, things get more complicated. It’s too easy to pretend to be someone and we face a problem, there is no trust online – it’s hard to know who or what is real. But to establish trust, you need a secure way to prove a person’s identity. Once trust is established, more innovation and services can be accessible for everyone from anywhere.
With the help of our technology, we can build reliable and scalable trust online. Our mission is to create a single global identity for everyone on Earth so people would have equal access to services regardless of where they come from. We will become a home for people’s identity online and with Veriff’s ID, people will have full control over where and why their data is being used.
SD: What types of companies use your technology?
KK: We have a diverse portfolio of global clients. It includes internet businesses, fintech companies, sharing economy providers, and marketplaces in the USA, Europe, and other places in the world.
These are the industries that have strict regulations to meet the Know Your Customer (KYC) and other compliance requirements. In order to provide services, they need to make sure that the person using their service is actually who they claim to be. We serve many digital banking clients including Blockchain, Uphold, Mintos, Rebellionpay, Tfbank, TransferWise, Transfergo, and many others. In the mobility and ridesharing sector, our clients are Vienna-based goUrban, Berlin’s public transportation company BVG, Turo, and others. Geographically, our target markets are the EU, the UK, and the US. With that goal in mind, we want to be closer to our global clients and opened our first overseas office in New York, the USA last autumn.
SD: Tell me about Veriff’s technology. How do you stay ahead of the competition?
KK: Veriff’s verification engine is highly automated, accurate, and fast. Having verified millions of people across the globe, Veriff has become number one in document support in the world. With an ability to verify people from basically anywhere in the world – we service more than 190 countries and close to 9,000 government-issued IDs. This figure is twice the size of what our closest competitor can achieve. We support 36 different languages and 95 percent of identifications are made on the first try.
Much of the competition focuses on human reviewers and picture matching. What sets Veriff apart is the variety and richness of collected data from each session. This information helps to improve Veriff’s machine learning decision engine.
We cross-compare verification sessions based on device, network, and customer behavior, whereas our competition treats each verification session as the first. Instead of just matching two pictures, Veriff leverages device and network information, customer behavioral information in a video-first approach.
We are also very transparent about the decisions behind the verification process. The identity verification technology is often referred to as “black box technology” – there is not much transparency about why a person going through a verification flow is approved or declined. This is not the case with Veriff. Since our decision engine is highly automated, we can provide our clients with motivated answers and details about the final decision.
SD: What is the worst cyber threat out there today?
KK: That’s a tough one. As technology is evolving, we also see cyber fraud getting more sophisticated. I’d say deepfakes, where an image or video of a person is replaced with the likeness of someone else, have garnered widespread attention recently and a trend is emerging where they are increasing in prevalence. Techniques are being leveraged from machine learning and artificial intelligence, the result of which is high-quality audio and visual content that is very successful in deceiving people. It is being used by scammers as a way to bypass and overcome facial recognition or voice biometric protocols put in place by financial institutions and other organizations.
Just like the team at Veriff, governments, organizations, and tech firms around the world are currently working round the clock to research ways to detect deepfakes and prevent them from being used fraudulently. And we need to constantly be a couple of steps ahead of the fraudsters.
SD: How has the Covid-19 pandemic changed cybersecurity forever?
KK: The pandemic has definitely accelerated digitalization, including the demand for secure identity verification. Societal changes that we thought would happen in 5 – 6 years, now occur in 1-2 years’ time. It’s an era of digital opportunism. With such a large number of transactions having been shifted online so quickly, companies have been disrupted at a scale not seen before. This means that the opportunities for fraudsters to take advantage of new—and potentially poorly designed—digital platforms have increased tenfold. In particular, the telecommunications, retail, and financial services industries have been especially affected. According to TransUnion, the percent of suspected fraudulent digital transactions rose 5% from March 11 to April 28 when compared to January 1 to March 10, 2020. In addition to this, more than 100 million risky transactions from March 11 to April 28 were identified. This situation is still unfolding but it is clear that the businesses that will survive this period of turbulence are the ones that will leverage the most advanced and robust fraud prevention tools.