With decentralized ledger technology, handling paper documents will soon be a thing of the past.
While the sudden arrival of the pandemic forced companies to digitize various contracts and certificates, not every digital document can be easily verified or should be trusted. To ensure critical files are authentic, a new approach is required – especially since there’s always the possibility of important documents falling into the wrong hands or being tampered with.
To discuss how trustless technology will shape our future, we invited Quah Zheng Wei, Chief Executive Officer and Co-founder of Accredify – a company helping organizations create, issue, and verify verifiable documents.
How did the idea of Accredify come to life? What has your journey been like?
The state of the world has changed. We're a digital society, and our lives and business are shared online every day. Widely adopted processes to safeguard information and ensure data accuracy are complex and lengthy, often causing significant gaps during critical business moments.
The world needed a quicker and safer way to protect the sharing of sensitive information. That's why my co-founders and I created Accredify to accelerate the world’s transition to Web 3, a trustless future of the internet, through verification technology, or TrustTech as we’re coining it for ourselves.
Our journey began in December 2019 when we began assisting Singapore’s top universities and adult learning institutions in the creation and issuance of education credentials. Now, Accredify is in five different industries – the education, healthcare, corporate, defense, and aviation industry. Our clients range from SMEs to government and statutory boards. We’ve partnered with industry giants such as SAP, IBM, and VFS Global to make our service more accessible to clients around the world.
Accredify has been consistently recognized as thought leaders in the verifications solutions technology space. We were recently awarded 2022’s SBR Technology Excellence Award for our solution for the education industry – previous winners were technology giants the likes of IBM and Tencent. The European Chamber of Commerce also reached out to us to share some comments on how verifiable COVID-19 health records would impact the future of travel during the peak of the pandemic.
The amount of public recognition we have been receiving has been extremely motivating because compared to where we first started the company in 2019, we didn't have the kind of validation that we have today. Awareness of the capabilities and value of decentralized ledger technology was minimal at the time, so this really gives us the assurance that we’re headed in the right direction.
Can you tell us more about what you do? What are verifiable documents?
Accredify leverages decentralized ledger technology to power our solution of helping organizations to create, issue, and verify tamper-proof, verifiable documents and data, also known as Accredified documents, that are traceable back to the source of issuance.
On top of our issuance product, we also provide clients with an option to provide the recipients of their documents with a free application known as Accredify Passport, which allows them to store their Accredified documents securely and conveniently.
Recipients of Accredified documents can then share their documents with third parties who can verify the authenticity of the document instantly – verification is done by scanning a QR code on the document, or by dragging and dropping the document into an online verifier portal.
When a third party engages in the act of verifying an Accredified document by either scanning the document’s QR code or dropping it into the verifier portal, our renderer will return a Yes / No answer as to whether the document:
(a) has been tampered with
(b) has been issued
(c) if it was issued by an authorized organization, and
(d) is still valid at the time of verification (some documents have expiry dates, such as insurance packages)
This comprehensive process of automating the creation and issuance of verifiable documents, along with placing data ownership back into the hands of an individual to share their information with entities they choose of their own free will, as well as making the process of verifying data simple and instantaneous for third party verifiers is what constitutes TrustTech.
In your opinion, which industries should be especially attentive to document verification?
I believe that all industries must start adopting TrustTech if the world wishes to transition to Web 3. Web 3 can only be accomplished if enterprises initiate the creation of verifiable documents and empower individuals to own and share their data and information.
However, industries that would benefit especially from TrustTech would be the corporate, government, and sustainability sectors. Enterprises engage in high-stake, high-value business interactions, and transactions such as mergers and acquisitions, KYCs, and so on. The traditional process of ensuring due diligence on a partner or new vendor takes months. With TrustTech, this process can be streamlined down to a week, or maybe even days.
With regards to governments, we’ve worked with numerous statutory boards to develop schemas for important documents and implement this in their government policy to ensure that industry stakeholders are aligned in terms of using this schema as a single source of truth for important processes. One example is when the pandemic reached Singapore, we co-developed Singapore’s digital verifiable COVID-19 standard known as HealthCerts with Singapore’s Ministry of Health (MOH). HealthCerts is an internationally recognized document of an individual’s COVID-19 health status, which can be verified with a QR code scan. Clinics would issue a HealthCert to travelers, whilst immigration officers and airline staff would scan the HealthCert to ensure the traveler is COVID-negative before admitting them aboard the flight. Before HealthCerts was developed, each clinic had its own version of a COVID-19 document, and this was difficult for MOH to track and manage.
Finally, sustainability has taken center stage in recent years. How can we ensure that companies can be held accountable for the commitments they have taken to their climate goals or UN Sustainable Development Goals? How can consumers be assured that the products they are purchasing have been created following environmentally friendly practices? TrustTech can ensure this. Verifiable labels on food packaging issued by an international governing body championing sustainability, or verifiable documents that indicate the practices a company has undertaken during their manufacturing or procurement procedure can help both consumers and auditors verify that organizations are being held accountable to their goals.
How did the recent global events affect your field of work?
The COVID-19 pandemic was a black swan event that changed the world. For us and many others in our space, it acted as a catalyst in the uptake of emerging technologies such as ours which could allow authorities to verify an individual’s COVID-19 health status instantly. The demand for our technology was driven by the rising cases of the black market and fraudulent COVID-19 test results around the world, which if left unchecked, could spark new waves across countries and around the world.
Previously, our product struggled with the negative connotations associated with blockchain technology such as cryptocurrency, NFTs, and Bitcoin driven by the public media. Now, decision-makers and governments around the world are aware of the value of TrustTech and are more open to incorporating the use of decentralized ledger technology into their operations due to its immutability characteristics and valuable use cases during the pandemic. This has helped TrustTech gain mindshare in the heads of our target audience, which has opened many opportunities for us in terms of expanding our technology across markets and industry verticals.
What would you consider some of the most common security issues surrounding document management?
The two most prevalent cybersecurity issues surrounding information and data are first, the breach of data privacy regulations if sensitive information of customers and users is stolen by malicious parties, and secondly, the loss of valuable documents in cyber attacks.
In the first case, the number of cyber attacks focused on exploiting loopholes in a company’s data protection policies and procedures is rising. Data breaches pose extreme reputational damage in terms of the trust that customers have with the corporation trusted with protecting their data.
For the second instance, the loss of valuable documents and information in malicious cyber attacks would refer to a corporation’s strategic plans or even product blueprints and roadmaps. Any replication of this data by a malicious party would pose dire consequences in terms of intellectual property if the company has not patented or filed copyrights to own the rights to their technology.
In your opinion what are some of the worst mistakes employees tend to make when handling sensitive documents?
I would think these mistakes would fall under the umbrella of employees handling sensitive information such as personal data or confidential business information. These mistakes are extremely easy to make due to human error but have devastating consequences for the firm. The first would be sending sensitive information using modes of delivery without proper encryption, such as sending files via email without end-to-end encryption. There’s even a risk that employees might send unencrypted files to the wrong email, which will give the actor on the receiving end full access.
Secondly, would be sharing sensitive information on unofficial work channels such as communication platforms like Telegram and WhatsApp. Unfortunately, this is becoming increasingly common due to the “convenience” that these platforms pose, or at least the habits that are formed now in this digital era where communication is performed solely on such instant messaging platforms. Employees need to be trained and an organization’s cybersecurity branch needs to implement the necessary software restrictions to ensure that these actions are limited.
Finally, it is when employees are accessing sensitive documents over unsecured networks, such as using public WiFi, without using a company VPN. The pandemic has drastically changed the way we’ve worked – we’re open to employees working remote, be it overseas or from public places such as cafes or shared working spaces which they consider conducive. However, there is a high risk that a malicious party may tap into the network and gain access to the data that the employee is handling.
Besides implementing quality document management systems, what other security measures do you think are essential for organizations nowadays?
In these instances, we need to go back to the basics. The essentials are there for a reason – they form the fundamentals of a secure database and are something that all companies should implement. Firstly, companies should implement a password manager and 2FA management for their whole team in order to access all business accounts, such as Bitwarden or Google and Microsoft Authenticator.
Secondly, the firm’s Data Protection Officer should work closely with the Communications Team to develop a package of consistent reminders to employees using the firm’s internal communications channel to educate and keep employees on their toes about the importance of data security and data protection policies.
Finally, the cybersecurity team should implement security measures on all employees' physical devices to ensure that in instances wherein an employee's laptop has been stolen, IT can remotely lock the laptop and prevent access. The remote control software can also allow the IT team to implement firmware updates company-wide to ensure every employee’s devices are in line with the latest data protection and security requirements.
What other aspects of business operations do you hope to see secured or enhanced by technology in the next few years?
There are three that come to mind. The first would be supply chain management. Currently, suppliers do not have a specific standard that they are required to conform to in terms of process and procurement quality – it’s more of a checklist exercise. It links back to my point of sustainability in one of my previous answers. Implementing a policy with governments that can ensure the sustainable practices of suppliers or companies using TrustTech would greatly change the landscape of sustainable reporting and commitment.
The second would also be linked to my previous point about Know Your Client (KYC) processes. KYC processes often involve sensitive information about the individuals who are integral to the project or partnership, and the submission and storage of these records may not always be secure. With TrustTech, we hope to make this process easier to manage, as well as more secure to store with our secure application, Passport, which is used as a repository for documents.
Finally, and this is something that I haven’t mentioned before but is extremely important, employee offboarding. When an employee leaves a firm, amicably or not, it’s difficult for HR to ensure that the employee has surrendered all the information they have about the firm. Although employees are our biggest asset, employees can also be our weakest link if we aren’t able to ensure a smooth and amicable offboarding experience for both parties. This is something that we will be working on in the future.
Share with us, what’s next for Accredify?
Imagine a trust-less future. One where we no longer question the trustworthiness of any data or information that is shared with us, whether it be a professional resume, identity card, bank account, or anything else in between. That’s what the future of the internet is – Web 3.
How can we get to Web 3? Through the adoption of verifiable data. That’s why at Accredify, we aim to pioneer the world’s transition to becoming a global village interconnected by verifiable data and to accelerate the world's adoption of verifiable credentials by enabling secure ways of sharing trusted information at every stage of a person's life.
Currently, we’re experiencing close to zero churn rate from our clients and partners, and we aim to keep true to our vision of creating a simple product that allows organizations anywhere in the world and in any vertical to issue tamper-proof verifiable documents and in so doing, help them transition to the future of Web 3.