Rob Leslie, Sedicii: “every industry should protect the identities with which they have been entrusted”
As said by Clive Humby, data is the new oil. And if it ends up in the wrong hands, individuals can face both psychological and financial damages.
Unfortunately, cybercriminals are well aware of the value of sensitive information, so they are continuously going after it by employing social engineering tactics or phishing campaigns.
As a result, many users opt for additional tools to secure their online presence. Let it be by hiding their true location with a VPN or by installing robust security solutions to combat malicious programs monitoring their activity.
However, the CEO of Sedicii, Rob Leslie, says that industries that have been entrusted with relevant user identities should protect them, as well. We sat down to have a chat about the importance of identity verification services and how they can help prevent fraud.
Tell us a little bit about your story. How did the idea of Sedicii come about?
I am an Electronics Engineer by profession, having graduated from Dublin City University in Ireland in the 1980’s. I spent the first 20 years of my professional career working in senior and director level roles in Japan with eSafe Japan, Dell Japan, and at PTS Japan.
I returned to Ireland in the early 2000’s and have continued my entrepreneurial journey co-founding Kyckr (ASX:KYK) in 2007, which is now listed on the Australian Stock Exchange. It was while working with Kyckr that I realized there was a growing need for much more robust privacy services as they relate to a person’s identity.
I founded Sedicii in 2013 while extensively researching the core cryptographic technology called Zero-Knowledge Proof (ZKP) which is at the heart of the Sedicii services. In 2016, I left Kyckr to fully concentrate on building Sedicii, which is the platform that enables a global, federated privacy network.
Sedicii is a World Economic Forum Technology Pioneer, and I have spoken at Davos about digital identity, cybersecurity, and other technology issues affecting the economies of the world.
What features make Sedicii stand out from other identity verification services on the market?
Sedicii has developed a solution that allows financial institutions and other organizations to securely process the knowledge they have about clients or transactions, without disclosing the underlying data or information.
This enables financial institutions to identify potentially suspicious transactions and clients more clearly and more accurately by using the risk information they collaboratively can generate, without ever disclosing or sharing it. It leads to more effective detection of criminal activity.
The service confidentially computes a risk score using Multi-party Computation (MPC) via inputs from the parties to identify pre-execution risk in real-time. The system also visualizes multiple transactions to expose different fraud patterns. No organization learns anything about the other organization's customer as no information is shared and confidentiality is completely preserved.
You state that the future of digital identity is authoritative data. Can you tell us more about this approach?
An authoritative source is any entity responsible for the issuance of a credential or other identity attribute. Let's take an example of an ID – a source, such as the Passport Office or a Driving Licence Agency, that issues passports or driving licenses is authoritative. The authoritative source becomes the single trusted source for the verification of the issued credential.
Utility companies, government departments, and banks who interact with you financially can all be authoritative for different pieces of data about you. These two genuine sources of ID will verify that an individual is genuine if used in the digital ID verification process.
Did the pandemic present any new challenges for the ID verification field?
COVID-19 has actually brought an acceleration in interest in our digital identity services such as KYC, KYB, and AML services because of the need for remote verification of peoples’ identities. Remote working has certainly created a greater security risk because of peoples’ insecure internet connections (Open VPN). This, in turn, brings an increased threat of fraud, theft, misappropriation, and impersonations for both physical and financial domains.
In a recent Gartner survey, they found that 88% of business organizations all over the world mandated their employees to work from home as Covid rates rose. In tandem, personal use of the internet for online transactions has also seen an exponential rise in fraud and theft.
So, governments, national agencies, financial institutions, and telcos are all looking for ways to combat these threats. Currently, one of the biggest challenges for us is to meet the demand for our products and services.
Run us through the main dangers of identity theft – what damages can someone cause while posing as someone else?
One of the triggers for me in setting up Sedicii was having my debit card compromised while making a purchase online (before setting up the company, of course). The ensuing disentanglement of my data from various institutions and the reinstatement of replacement data.
The new card numbers and verifications of all my accounts set a train of thought in place. If you could verify a person’s identity from a trusted authority without passing on, or sharing any information, then this would be a significant move forward in the identification of risk. Of course, it is not just your financial data that is dangerous in the hands of fraudsters.
Impersonation of an individual can cause both psychological and physical damage to the innocent party and cannot be under-estimated. Indeed, in many countries, identity theft is a criminal offence leading to prison time and financial penalties.
Which actions put individuals at a higher risk of identity theft?
The five most vulnerable identity theft categories are the following:
- Medical & Health
- Children or Elderly persons
So, using online accounts for managing your financial, tax, or employment information with simple or weak passwords can give fraudsters access to a wide range of information on an individual.
Your bank account, salary records, and tax details are all valuable and could enable a thief to make purchases by using your identity without causing suspicion.
Impersonation of the young or elderly who might not always have their own online access, if they have any at all, can be hazardous as the effects are harder to detect. These vulnerable categories will be more susceptible to psychological damage.
In your opinion, which industries should put extra effort into ensuring proper ID verification?
The fact of the matter is that every industry should protect the identities of those who have entrusted them with their data. However, priority must be given to those where the greatest degree of damage could happen. Healthcare and financial services are obviously two of the higher risk categories.
But hackers are smart. They know that by attacking the weakest link they may be able to gather the information that could help them attack even the strongest services.
With work from home becoming the new normal, what are some of the best practices companies should implement to protect their workload?
Strong policies on data protection and cybersecurity are critical when working from home. In Europe, the Irish Data Commissioner has given guidance on protecting data while working from home, including the following tips:
- Devices should have all necessary updates, such as operating system, software, and antivirus updates installed
- Devices are used in a safe location, not in the general view of others, and locked if unattended
- Strong and regularly changed passwords and, where available, encryption should be used to restrict access to devices
- Work email accounts rather than personal email accounts are used for work-related data. However, if personal emails are used, contents and attachments should be encrypted
- Only an organization’s trusted networks or cloud services should be used where possible
- Paperwork should be always be locked away in a secure place
Share with us, what is next for Sedicii?
We are currently working on a really exciting Web3.0 project called Nillion. It is a public utility for the secure, decentralized storage and processing of sensitive data that is underpinned by a new token. It uses new, patented technology based on secure multi-party computation that we have developed and has the potential to change the security and risk profile of all data completely. It is really exciting.