Peter O’Neill, president of Mobile ID World, recently spoke with Kevin Alan Tussy, the CEO of FaceTec. FaceTec made massive headlines in the press after its work applying facial recognition to Google Glass, and since then it has been capitalizing on the demand for strong authentication on mobile devices. The following conversation covers the notable flexibility of FaceTec’s technology, the benefits of a Silicon Valley mindset, how moving away from passwords is going to greatly mitigate massive hack attacks, and much more.
Peter O’Neill, President, Mobile ID World (MIDW): Can you give our readers a brief background of your company please?
Kevin Alan Tussy, CEO, FaceTec (FT): About three years ago one of my developers and I started to see some trends, we started to see wearables come into the market, obviously we saw the mobile smart device market exploding and we also started to see the biometric trend coming. We wanted to see what we could do with some of the technologies with more of a Silicon Valley type of a mindset rather than what we were seeing from facial recognition companies, which was focused on the government, law enforcement side, on premise type stuff. So we wanted to take some of our tech experience and apply it to biometrics and facial recognition in particular and make it work on smart devices.
We did some work on Google glass which got us an enormous amount of press a couple of years ago. It was picked up by all the major TV stations and hundreds of articles were written about us. We were exploring basically what can be done with facial recognition on smart devices. Through that process and when speaking with many different companies that reached out to us, what we learned was that so much of the demand was in authentication, that passwords were a real problem, they weren’t really ever expected to be used on mobile devices the way they are now. It was fine when it was on a desktop in your house behind locked doors and it was difficult for someone other than you to get control of it, but when you have a mobile device and you can just leave it in a booth at a restaurant it starts to become a much more challenging problem, especially for some of the companies left holding the bag dealing with identity theft and fraud. As well as just ease of use and customers demanding an easier way to access their own devices and their own accounts. So we started to explore that in the last two years and what we have found the key use case that we can roll out right now for facial recognition is essentially facial authentication and that is what we provide as a company.
MIDW: You describe your technology as flexible architecture that allows for a world of possibilities; can you elaborate on that a little bit more for us?
FT: Sure. When we got started the smart devices weren’t quite as powerful as they are now and the algorithms we licensed at the time weren’t anywhere close to as capable as the ones we have created ourselves since. So we actually built a cloud architecture that would allow us to send images to the cloud, process them and then send biometric data back to the devices– so we have an entire cloud system that we have already built. We have on-device facial recognition algorithms that we have built so we can run facial recognition on-device without any network connection – you can put your phone in airplane mode and you can run facial authentication on that device without any need for a network connection. So we have really the ultimate flexibility: we can operate completely and totally on-device for both facial authentication or recognition, we can do a hybrid where we do the biometric processing on the device and some of the comparisons on the cloud, or we can just send the images all the way up to the cloud and we can do it all there. All three of these methods are all extremely fast and they all have their own strengths depending on network speed and the device being used.
MIDW: What would you say are some of the advantages of FaceTec over some of the other products that are on the market now?
FT: Let’s say, for example, our product ZoOm. It has a couple of major advantages. Number one, it can run completely on-device similar to TouchID, and how it stores data from your fingerprints solely on the device, and never anywhere else, we do that with your biometric data that is converted from your face enrollments. Your data is securely stored on the device and it is never stored anywhere else. That is a huge advantage for security, and it makes everybody that much more comfortable working with a biometric when they know that biometric data won’t be shared in a cloud environment. Number two: we developed technology that allows us to get a 3-dimensional verification from a face from a 2-dimensional front facing camera on any smartphone instantly. We can get extremely accurate liveness measurements and we can get extremely high match percentages. So it’s better than a fingerprint yet still extremely convenient. We haven’t seen anything else in the market or in development that comes anywhere close to ZoOm in the number of capable devices, ease of use, or security.
MIDW: You mentioned a little bit about passwords and the difficulties that we are experiencing with them now. About 3 years ago we held a webinar with that said: “Passwords are dead”. Do you think this is finally the year?
FT: I sure hope so. I’ve spent many many hours meeting with major banks and we’ve outlined some ideas about how to end the password and those have been very well received. Really what it comes down to is, as you know, moving away from a shared secret and moving towards something that proves you actually are or who you say you are and that will help to eliminate identity theft. One of the major banks that I spoke with shared with me the depths of their challenge and what they told me was that their servers don’t necessarily get the hacking attempts like we see in the movies. What happens is that another site, let’s say a music sharing site, gets hacked and the names, usernames and passwords of those people are all compromised, let’s say it’s a million people that use this site. What happens then is the hackers take the first name and the last name and they configure a username that a person is likely to use and then they take the password and plug it in. So hackers are going to run a couple of million different login attempts with real passwords that people have actually used before and if the password that they used in their mp3 music sharing site is the same as the password they use for the bank, all that’s left is to guess the correct username . If they try a million times they might get access to 10,000 bank accounts. So we are trying to remove the username and password layer and add on-device biometrics so the hacker actually has to steal your device and convince our 3D authenticator that they are you and that is much, much tougher proposition. Any even if by some miracle a hacker can do all that and they get into an account, they only get access to that one account, not 10,000, so the juice isn’t worth the squeeze.
MIDW: Then there is the whole ROI for anyone who has passwords. The expense involved in running a call centre just to reset passwords for everyone who forgets their passwords. Just the cost of that alone is amazing.
FT: Yes there are a lot of monetary factors coming into play that are driving banks and other financial institutions and enterprises of all types trying to move away from this password situation because it is so insecure. People end up writing a list in a notebook, or they carry that list with them in their wallet, they write them to a spreadsheet on their computers and save them on their desktop, or they save them in their browser. Passwords create so much friction that people find shortcuts around it and then those shortcuts become everyone’s problem and they become an extremely high cost which is passed on to the consumer. So I think this is a unique opportunity for a company like ours where you see that the consumers are really pushing for a better solution for convenience and the enterprises are pushing for a better solution for security and economic reasons. It is a kind of a perfect storm that we are looking to solve with biometrics and ubiquitous problems mean huge opportunities for a FaceTec and ZoOm.
MIDW: I think everybody is feeling that this change is urgently needed, especially for end users who are fed up. You mentioned discussions with banks, which vertical markets are you focusing on?
FT: We are really an authentication company so any secured application on a smart device is in our wheelhouse. If you want to authenticate an individual before access is granted to your app or an individual wants to authenticate themselves on a smartphone to gain access – that is our focus. Our new app ZoOm is, I believe, the easiest most secure way to log into any app across the board and it is a 100 percent software solution.
One of the biggest challenges to fingerprints is they need dedicated, often expensive and sometimes temperamental hardware in the device and they aren’t usually deemed secure enough for single factor financial transactions over a couple of bucks. From the numbers I’ve seen, only 50 percent or so of the smartphones that are sold in 2016 will have fingerprint readers in them. So when a large financial institution wants to roll out an authentication program, and only 50 percent of their customers might be able to use the biometrics, that is definitely a problem. But with our app, ZoOm, they would be able to embed that actual biometric authenticator in the app. And right now our SDK is only about 6.2 MB so we can provide that to any institution and they can just wrap it up into their current app. Then they just push an update and the next time a user opens the app, it asks them if they would like to enroll in face authentication, they say, YES! and then they are able to use face authentication to access that app from there on out. We have continuous face enrollment, we have continuous learning, we have continuous algorithm upgrades that make that app better and better over time as it’s used and as we continue to refine our algorithms and our anti-spoofing over the next months and years.
MIDW: Has this been a good year for your company?
FT: Absolutely! My first tech company I started in 1999 when I was still in college and was lucky enough to sell that in about 2004 to a company on the NASDAQ, but I’ve never seen anything like the opportunity that we are looking at right now with this. I’ve never seen anything like it! There are billions and billions of users– That installed base is ready to go and no one has been able to seize it yet. I believe that we have everything that we need to do it. We have the technology, we have filed the IP on everything that we have done, so we are way ahead I believe in a lot of the novel aspects of what we are doing. And I think that we are probably going to be in a position because of our IP, to exclude our competition from doing the novel things that they would need to do to compete with us on a technology level, even though what we are doing is also extremely difficult it’s nice to have that IP boxing out big competitors. To give you an example of our current performance levels, we are able to process something like 50 frames on a typical modern smartphone in about 1.5 seconds. Those frames can then be compared against 1,000s frames that have previously been enrolled on the device in about a millisecond. Then we can issue a decision based on that and include all kinds of other factors, including motion data from the phone from the accelerometer, gyro , GPS etc. Then we can communicate all that data to the financial institution to allow them, to not only to decide thumbs up or thumbs down on the authentication, but also to be able to build and maintain a risk score.
MIDW: Thank you, Kevin, very much for taking the time to speak with us today. I look forward to hearing more about your company as the year unfolds.
FT: My pleasure, Peter. I look forward to doing it again.
UPDATE 9/12/2016: The original post of this article listed the interviewed company as FacialNetwork. The company has since re-branded as FaceTec. The interview has been edited to accommodate the name change.