Identity verification has been around for decades, ever since the advent of the driver’s license and social security cards. But in the digital age where anyone has the ability to conduct financial transactions remotely it has become more challenging. And with all the data breaches that have been happening today companies are less secure in their ability to verify someone’s true identity.
Our next guest on the Lend Academy Podcast is John Dancu, the CEO of IDology. His company has been around longer than just about any other in the space, they actually pre-date the smartphone. So, this has given them a unique ability to create a frictionless and accurate identity verification system.
In this podcast you will learn:
- What first excited John about the opportunity for IDology.
- What the product was originally like back in 2005.
- How we should think about identity verification in the age of massive data breaches.
- The products that IDology offers today.
- How they are to validate people in a frictionless way.
- The impact that increased mobile phone usage has on their process.
- The different data sources they are using.
- How their data consortium works and the advantage this gives IDology.
- How they are using AI and machine learning in their products.
- How the banks are doing today with digital identity verification.
- What differentiates IDology from the other players in the space.
- The new findings from their annual Consumer Digital Identity Study.
- What was behind IDology’s recent acquisition by GBG.
- How they are able to stay one step ahead of the fraudsters.
- What’s next for IDology.
This episode of the Lend Academy Podcast is sponsored by LendIt Fintech Europe 2019, Europe’s leading event for innovation in financial services.Click to Read Podcast Transcription (Full Text Version) Below
PODCAST TRANSCRIPTION SESSION NO. 207 – JOHN DANCU
Welcome to the Lend Academy Podcast, Episode No. 207. This is your host, Peter Renton, Founder of Lend Academy and Co-Founder of the LendIt Fintech Conference.
Today’s show is sponsored by LendIt Fintech Europe 2019, Europe’s leading event for innovation in financial services. It’s coming up on the 26th and 27th of September in London at the Business Design Centre. We’ve recently opened registration as well as speaker applications. You can find out more by going to lendit.com/europe.
Peter Renton: Today on the show, I am delighted to welcome John Dancu, he is the CEO of IDology. Now IDology are a fascinating company, they have been around longer than just about anybody else in the identity verification space. So I wanted to get John on the show and talk about what the world was like when they started, this was like 15 years ago or thereabouts, so we talk about that, we talk about how it’s changed and how their product has evolved with it.
John talks about their friction free approach, in fact, we go into some depth on that, we talk about how they’re using machine learning and they also have an annual digital identity study which we discuss and then we talk about the fraudsters and how they’re getting better and how companies like IDology are really trying to stay one step ahead. It was a fascinating interview, I hope you enjoy the show.
Welcome to the podcast, John!
John Dancu: Thank you, Peter.
Peter: So I like to get these things started by focusing on your background, maybe you could tell the listeners what you did before you got to IDology, what sort of…what you did in your career.
John: Sure, so I’ve been an entrepreneur for a period of time. I started my career as an accountant and then also as an investment banker for roughly ten years which is a profession I really enjoyed and left banking to basically to start help companies raise capital and build them substantially. IDology is the longest one I’ve done, I’ve done four of them, and I’ve been at IDology for roughly 14 years, I would say I’m a classic entrepreneur.
Peter: Okay, so tell us sort of the story of IDology because, you know, you weren’t one of the founders, I believe, you came in as CEO in 2005, so what was it that you saw back then that really convinced you that this company had potential?
John: Sure, so when I found IDology, you know, it had a couple of employees and a V1 level product and what really excited me about it was…remember, this was 14 years ago.
John: So things have changed since then, but it’s a big market. At that point in time, consumer- not-present type transactions where you were conducting transactions where people didn’t see you, whether that be on a phone or on the Internet, were growing and growing rapidly and I saw that there was a really substantial opportunity relative to that market and the growth that it was going to have and the need for really a unique solution. I also believed that it was a market that was going to continue to grow and have continual wind behind our backs and that’s still the case today.
I mean, the market is still very vibrant and it’s really growing, but the other point that we saw was there were certain markets that were underserved and that was mostly kind of underbanked, thin file type individuals that wanted to conduct business on a consumer-not- present environment. The vendors that were out there in the market, at that point in time, didn’t really do a very good job of supporting on-boarding of those customers. So we felt that we could build a niche and that’s what we did and then, of course, we expanded the niche beyond that.
Peter: Sure, so it feels like in the ID verification space 15 years or 14 years is an eternity, tell us about what the product was like back when you first got involved and contrasting that with what you’re offering today.
John: Yeah, that’s a funny question because, I can remember, years ago I was working late nights and coming up with innovations that we just thought were the next best thing and now I look at those innovations and I kind of giggle about them because now they’ve just become requirements relative to the market, but the market has certainly grown dramatically, right, from a standpoint of needs for the market.
Our philosophy and…IDology is very much a product company that basically just happens to access data and help solve this identity issue. Our philosophy has always been to build, break and then build again, but one of the things that we realized about a decade ago was breached data really lent itself to what we call “perfect identities.” So a fraudster would come in and basically steal identities or purchase identities on the dark web and then have the ability to come in and basically mimic you, right, they’d have your name, your address, your social, your birth and be an impostor and basically utilize your identity.
One of the real innovations that IDology built back then was to address that issue and the way that we did it was we looked at…you know, not only do we have to consider that John’s data is correct, but is John really the correct person submitting the information on their computer or on their mobile phone. And that’s what’s really made IDology a very successful company is being able to solve those two problems as opposed to just saying, hey, your data matches.
Peter: Right, right. So when you first got involved in this company, I mean, data breaches were pretty rare from my understanding. Obviously, there were probably some, but now it feels like today everyone just assumes their identity is…their personal information is out there and available with, obviously, we had the Equifax breach a while back and there has been many, many other massive data breaches in recent years. It feels like that’s becoming more and more rapid so how should we think about, you know, identity verification then in the age of these massive data breaches?
John: Well, I think there were a lot of breaches back then, but they just weren’t as public and publicized and…
John: …certainly since the regs have changed and so forth and the obligations of people for disclosure on that, it’s becoming pretty much a daily occurrence, right, relative to, there was one I think just yesterday on Quest Diagnostics. So the breaches have always been there, I just don’t think they’ve been as announced relative to it. But again, from our standpoint, the fact that data has been breached is something that you have to take into consideration when you let someone buy something on the Internet or whether you on-board it.
You need to take an approach that you’re protecting that consumer, right, you want to make sure that when you validate a transaction and an identity, that you’re validating the correct person and it’s really a duty of us and a duty of other companies out there to help protect consumers.
We just put out a consumer study and that was one of the things that consumers said to us is that they really expect companies to go above and beyond in protecting their identities so these breaches that basically, I think, created a requirement, a bar that basically we make sure that we’re doing proper identity verification on the people that we’re conducting business with.
Peter: Okay, we’ll get into the study in a little bit, but let’s just maybe switch to sort of talking about what is it you’re offering today? What is the product suite and who is the target market, tell us a bit about your offerings.
John: Sure so we sell to businesses, we’re a cloud-based solution that’s B2B. We solve a very horizontal problem of validating that someone is who they say they are in the consumer-not-present environment that lends itself to be heavy financial today because that’s where a significant part of those transactions are; health care, life insurance, gaming for lotteries and sports betting. There’s a whole listing of things that we basically do and sometimes we’re kind of quite surprised at use cases that come to us where people have needs, for instance, a good one is organ donation.
We wouldn’t think that we would be doing that, but we are validating people basically giving the permission to donate their organs on their licenses. But the product today is a very comprehensive solution, you asked the question before about, you know, what was it like back 14/15 years ago. Basically, what we’ve done is we’ve built a solution over time where based on our customers and their needs and the market that we’ve tried to address the issues that they have.
Really the issue that we’re addressing is validating an individual with nominal friction, with no friction and having confidence that they are who they say are and we do that through a product that we call “Expect ID” that has multiple ways of basically looking at your identity. We call it “smart layers,” right, when we think about validating someone. The more kind of layers that you go through gaining confidence on that identity, that their data matches, that there aren’t issues relative to the strength of their identity, doesn’t look like a breached identity, there’s proper addresses, their email looks appropriate, their phone hasn’t had recent changes.
These are all kind of smart layers that we’re looking at, in essence, and we’re correlating that data to make sure that we have confidence that the person that’s presenting their data is the right person, is the legitimate person. How we have really helped…how IDology has been successful in the market is we’re helping our customers basically on-board legitimate users. We happen to do that through identity verification, and the product is basically focused on trying to validate folks with no friction and then dynamically we’ll evaluate attributes on an identity.
If it sees inconsistencies, or you want a higher level of identity verification then we have means of basically stepping up that verification through asking a series of multiple choice questions what’s called knowledge based authentication, scanning your license, sending a secure link to your phone, etc. so it’s all under control by our clients/our customers. They basically can determine exactly how they want the process to go.
Peter: Okay, so I want to just delve into that a little bit because you said a couple of times there, you know, a no-friction solution. I’m just curious about…maybe you could take us through a use case where…you know, if it’s a financial transaction, maybe it’s an online lending platform, or an online bank, or someone and they’re using your product. I’m curious about how you’re able to have confidence that the identitiy is correct without having any friction, or maybe you could expand on…just expand on that.
John: Yeah, that’s part of the secret sauce, right, of how we do this, but in general, the way I would view it is the more unique data points that you can check on an identity, the higher confidence you have in that identity in conducting business with them and then it gets back to what I mentioned about smart layers, right.
Think about…we do a lot of compliance, right, it’s a fundamental part of our solution, making sure that financial institutions are meeting their KYC compliance from a regulatory standpoint, but that’s just one point and that’s a very small sliver of it. We also want to make sure we check the depths of that identity and the quality of that identity and you do that by looking at differing notes relative to that identity that gets created by algorithms that we have at looking at the information, and then by also looking at differing data points.
When you think about someone committing fraud, they can steal your identity because of all of this breached data, but that fraudster needs to have a phone, they need to have an email, they need to come from an IP address. By looking at what we call the vice location and activity-based attributes, we can gain confidence that that person that’s provided that information is really the correct person.
Peter: Okay, so then your clients then, I mean, don’t necessarily…your client’s clients, I guess, so your business clients who are offering this to consumers, or whatever, the consumer may never know that there is really an identity verification going on because, obviously, there are some companies that are out there today that are making you get out your driver’s license, I had to do one the other day.
You take a photograph of your driver’s license, you take a selfie and, you know, you’re clear that there’s something serious going on there where they’re really checking you out. So what you’re saying is you can have a high degree of confidence and obviously, I imagine it’s up to your clients that you don’t need to go through that process, is that what you’re saying?
John: That’s correct and, you know, we’re doing it day in and day out. When you think about consumers, consumers don’t really care that the company has fraud, right, they want to have a really….because they’re legitimate, they’re not worried about the fact that ABC company may have fraud that they have to deal with…I’m legitimate, I want to on-board and I want to on-board quickly and easily.
Now clearly, if they go and read the terms of service, they would see that they’re subject to identity verification, but the process of being able to validate people on a frictionless basis is really important relative to the velocity and speed and making sure that consumers don’t fall off in the process which is a really, really big issue.
Peter: Right, right, for sure. And then what about when like…the world is switching to mobile and, I imagine, I don’t know what percent, but there are certainly many companies now have a majority of customers coming to them through mobile. Does that make it easier or harder for you to really do this frictionless verification?
John: Well, it’s a different form factor, right, so mobile does a couple of things. One is, there’s more transactions coming, right, because now I can basically conduct commerce anywhere and that’s good for our customers and that’s good for us. The second is I’ve got a different form factor that I’m doing this on and it’s a form factor that doesn’t really promote lengthy information so when people are on their phones, they want things to be clean and crisp and to be able to put in less information. When they do that, that means you have less data to basically validate people with.
So you have to look at different data points relative to that as opposed to if you’re on a laptop and you could ask for more information and people are willing to kind of type it in so, you know, there’s less data, there’s a different form factor, there’s also the ability to switch my phone quickly, right, that’s why we want to look at mobile SIM swaps and port changes, and things like that.
So I would say that it’s a different fraud problem than on your laptop and it has different complexities, but the fraudsters are committing fraud on phones, laptops and iPads and everything so for them they’re going to try to use the form factor that gives them the highest probability of being successful.
Peter: So from what I hear you saying, you really rely so much on, it sounds like, on data sources so you’re pulling in a variety of different data sources. I know you’re probably not going to get into the secret sauce, but can you just give us some sense of the different data sources that you’re pulling in that gives you this confidence?
John: I mean, there are lots of sources that we pull in, some of these are referred to as public records, they’re not public per se, right, but they give you the ability to look at information relating to your driver’s license or your voting record or creditor information, utility bills and factors like that. So that’s the type of information that you can access relative to comparing data that exists in the public records compared to the data that you’ve submitted.
We’re also looking at mobile data, e-mail type data and IDology has something that’s really very unique and that is, we have the largest identity consortium in the US and with that, all of our customers are, in essence, contributing transaction data to consortium and that gives us the ability to enable our customers to basically see repeated activity across the network. So when someone is committing fraud, they may commit fraud in the pre-paid market and then go to the tax market and then move to the financial institution market.
By having velocity data, transaction activity that goes across all of our customers, we’re actually able to see that fraud move from entity to entity and this has been a very important part of the success of IDology. We treat data in a very confidential manner, you see data; I don’t really want to go into specifics on how velocity works, but we’re very cognizant of privacy issues there. Our customers tell us it’s the most powerful tool they have relative to catching fraudulent transactions and that’s our own consortium data.
Peter: Right. I know, I think I read something about that you’ve got a range of different companies, some of the other online lenders, so that consortium, that’s got to be billions of transactions that you’re getting access to, right?
John: Yes, it’s a lot.
Peter: Right, right. Okay, so then what about…you know, we haven’t talked yet about artificial intelligence or machine learning and that’s…you know, you’re dealing with massive amounts of data and clearly, that’s the situation where this comes in very handy. Can you just talk a little bit about how you’re using AI in your systems?
John: Sure, our velocity tool is somewhat machine learning-based. You ask people what machine learning means and you get lots of different definitions, but we’re definitely using transactions on an active basis that help make decisions right so the machine is, in essence, learning. We also do a fair amount of machine learning on our back end relative to reviewing transactions and that’s an important part of what we do so we’re doing a fair amount of AI after the transaction today with the viewpoint of proving it out, and we’ve had a lot of success with that.
Over time, we’ll be adding supplemental machine learning into the products so we think it’s an important area and we have lots of interesting data and lots of fraud that we can use to basically train the engine, but I think, what people sometimes forget about machine learning is you need to tell the machine what to do. It has to basically learn from factors that you see and we’re in the process of refining that today and we’re pretty excited about that. In the next year or so, you’ll see us move that into a product.
Peter: Okay, so then I’m interested about banks today and you know, banks have relied on the physical world to sort of verify customers. These banks are moving more and more to the online world, so where do you think banks still need to improve and…I’m talking mainly about those in the online world because that is where you operate, but where are the gaps today and where do they need to improve?
John: Yeah, the banks have lots of gaps (laughs) relative to doing truly online business so when you think about IDology, we’ve been digital since day one for close to 14 years and we’ve helped build these markets, the pre-paid market, the P2P market, the fintech market so we have a lot of expertise relative to doing digital transactions. When you talk with banking executives, I think the best quote I got from a very large bank was, digital to us is you apply on the web or your phone, we deny you and you go into a branch and show your license.
When you look at the large banks, some of them are making progress and we’re helping many of those. Most of them have systems that are nowhere near what a fintech company or an online bank that has been online from day one have and they really need to get there right. When you think about the big banks, they’ve given up markets, right, the pre-paid market they didn’t participate in, the P2P market they didn’t initially, then they got in through Zelle obviously getting good traction there now, but they have to address being truly digital.
I think they’ll get there, some of them are there and doing pretty well, but most still have a long way to go. They need to do kind of basic things of utilizing IDology, creating a whole stack of products that can basically help them being truly digital.
Peter: Sure, so then there are obviously other players other than IDology in this space, I actually had a couple of different players on this podcast so I’m curious about how you view yourself as differentiated from the other players in this space.
John: Sure, we’ve been doing this for a long time, we’ve been highly successful, if you looked at our customer base there would be a whole bunch of names there that you know very, very well, that are leaders in doing online type transactions and that’s really important relative to the consortium. We want to have strong players basically being part of that and, you know, we have a solution that is highly configurable, dynamic relative to the process of being able to decide how you want to do things.
That’s really important relative to also dealing with fraudsters because fraudsters are hourly deciding what their new attack vectors are going to be and how they can try to beat you. If you have a system that’s fixed and you can’t react to that, you’re not going to be successful. One of our competitive advantages in the marketplace is that our system has more configurations than stars in the galaxy, right, configuration options and when we see new attack vectors, we’re actually able to go in and on-demand change the rules and they automatically get deployed.
So it’s really very, very flexible and then you combine that with our consortium power that we have and I think the leading product in the market and continued innovation and that’s pretty much how we separate ourselves.
As I said, our goal of why we exist is we want to help companies drive legitimate customer acquisition and I think comparing us to competitors, you know, we on the margin, approve more people, approve more legitimate people, and that’s really what companies want. They want to be able to deal…make sure their marketing dollars and their time and effort is being used effectively to drive their revenue.
Peter: Right. Okay, so I want to switch gears now to the annual study you do. You have this Annual Consumer Digital Identity Study that came out just a few weeks ago, maybe you can just tell us what are some of the new findings that came out of the study this year?
John: Yeah, there was a couple that I thought were really interesting. One is that people consider phone and email now to be a significant parts of their identity. Historically, you ask people what’s the number one identity factor and they would say my social security number or my license or my date of birth, but this past year, your mobile phone number and your e-mail address also ranked very high relative to what people consider to be part of their identity. That makes sense, right, from a standpoint that they are…none of us let our phone get more than ten feet away from us.
The other factor that I think is also interesting is that…we talked a little bit about it, is that consumers don’t like friction and they want to make sure that their process is easy to apply and that it is also safe. They want to make sure that enterprises are, in essence, taking care of their identities and making sure that their identities are not being misused and I think that’s a reasonable expectation of consumers. They should have confidence that the people that are getting their identity information are using it safely.
The other one that I’ll mention briefly is that this is the first time where we’ve actually seen a higher level of transactions being completed on mobile devices as opposed to fixed devices like laptops and so forth. This is the year that it crossed and clearly that’s important relative to how we build our product and how our clients also build their product relative to ease of use and making it simple for people to basically conduct commerce on their phones.
Peter: Right, and it’s never going back, is it (laughs). I mean, there might be another form factor in a couple of decades or more, but it’s not going back to laptops or desktops, that’s for sure.
Peter: So we’re almost out of time, but just a couple more things here. I saw earlier this year you were acquired by a company called GBG, tell us a little bit about that and what changes that’s going to bring to IDology.
John: We’re really excited about that because we think it’s an excellent strategic combination. When you look at IDology, we’re clearly a dominant player in identity in the United States and have established a really significant position and a leading product. We’re not a data company, we’re a solution company.
When you look at GBG, they had nominal presence in the US. They basically had secured data sources in most of the world, I think in over 120 countries. When we go and talk to our larger customers, they want one provider, they want one vendor to basically service their ID requirements and fraud requirements in the US, in Europe, in Asia, and in Latin America, and that was really the driving force behind putting our two companies together is that we have the ability, given our strengths and given their strengths, to build a worldwide identity provider. That’s something that we’re really excited about and the world is in need of it and we want to provide it.
Peter: So I also want to ask about the fraudsters themselves because obviously, you’re getting better, the products are getting better, the technology is getting better, but so are the fraudsters. How do you stay one step ahead of them and do you think you will be able to, say one day, be so far ahead that identity fraud will be a thing of the past?
John: Well, I don’t think that’s going to happen (laughs). You think about how did people commit fraud in the 1800’s, you know, with a gun and they’re committing fraud now, they will figure out ways of how to commit fraud a hundred years from now. That was one of the reasons why I got involved in this business, the need for our solutions, I don’t think ever goes away. So why is that?
Fraudsters are conducting a fraud business, right, what they are really doing is they are…day in and day out, they’re trying to determine how they can beat companies for money. It’s a business for them so how do you counter that?
One, you have to think like one, right, you have to think about fraud…we go on the dark web and we read forums and we see what they’re doing, we look at our own data on an everyday basis to see new attack vectors that are happening and then we’re adjusting our product relative to that. So it’s an old thing, but it’s kind of a cat and mouse game relative to this.
What you need to be able to do relative to fraud is you need to be able to react to it and modify what you’re doing and then you also need to think ahead of building solutions that don’t give them opportunities to commit fraud. Of course, that’s what makes our business fun and challenging is that we’re doing that while we’re trying to provide a friction-free experience for the consumer because those people are legitimate and that’s how companies want to run their business. They want to run their business taking care of the people that want to conduct commerce with them that are legitimate and then on the side, we have to figure how to stop all of this fraud.
Peter: Okay then, so last question, what are you working on now at IDology, what’s exciting, I mean, what’s next for you guys?
John: Well, yeah, that’s a great question. So we’re constantly innovating and I think…clearly in the machine learning and artificial intelligence area, the items that we’re working on today, I’m really excited about that, that will make our solution that much stronger relative to giving more definitive decisions to people on transactions, right, that this is truly fraud, this is…for sure someone who is legitimate and so forth.
Again, adding another layer, right, relative to AI, I think is really important for that and then just what we talked about a few minutes ago, the worldwide approach that we have now given that we have access to data pretty much throughout the world solving the needs of our customers to be able to use the same system to validate somebody in the US, in India, in China, in Mexico, is I think just an exciting challenge for us and we’ll be spending a lot of time and effort on that.
Peter: Okay, we’ll have to leave it there. I very much appreciate you coming on the show today, John.
John: Oh my pleasure, thank you for the opportunity.
Peter: Okay, see you.
Peter: You know, as I said we’ve had a few of these identity verification companies on the show in recent months and I’ve done that because I find this space personally fascinating and I think it is one of those areas that is so dynamic, there’s so much interesting work being done, work that is really making a huge difference into the success of fintech.
I think this is a piece that is so critical that we get right, so critical that we have robust systems in place because without it, I mean, really the online or the fintech space would just disintegrate because we have to be able to identify good people in as frictionless way as possible. That’s why I feel like this is a space that I think, obviously is going to be around probably forever, but certainly for a long, long time.
Anyway on that note, I will sign off. I very much appreciate you listening and I’ll catch you next time. Bye.
Today’s show was sponsored by LendIt Fintech Europe 2019, Europe’s leading event for innovation and financial services. It’s happening September 26th and 27th at the Business Design Centre in London. Registration is now open as well as speaker applications. Find out more by going to lendit.com/europe.