IT security investment set to explode, Money 20/20 survey says

Eighty-four percent of 113 companies surveyed at the recent Money 20/20 conference say they expect their enterprise to increase investment in IT security over the next 12 months.

The survey, conducted by biometrics security company authID.ai, also found that 38% of respondents are “highly concerned” with traditional approaches such as one-time passwords and knowledge-based authentication. Another 42% are moderately concerned with these authentication measures.

Respondents included decision-makers from $2.3 trillion Citi, $3.7 trillion JPMorgan Chase and T-Mobile with a range of job functions responding: 32% in sales and marketing, 24% in C-level or senior management roles and 15% in IT.

The survey also revealed that 36% of organizations use one-time passwords for identity authentication while 29% said they use a combination of one-time passwords and knowledge-based authentication. Twelve percent said they used neither, and 8% said their institution did not use identity authentication at all.

“We allow you to verify an identity — instead of using a six-digit PIN code or knowledge-based authentication questions about where you lived 10 years ago or what your favorite pizza is,” authID.ai CEO Tim Thimot told Bank Automation News. The security provider offers an alternative biometrics-based authentication to these traditional identification measures that is like “a selfie, very similar to Apple face ID, but it’s not on the device, it’s stored in the cloud,” Thimot told BAN.

But the authID.ai solution is a bit different than Apple ID, which uses an image to activate a token stored on the device that then triggers the entry of the password. Instead of storing a selfie, authID.ai stores a mathematical mapping of a person’s face in the cloud that is used to authenticate a login. In effect, it authenticates based on the face, not a password stored on the device, Thimot added.

“If you’ve ever been hiking and looked at topography maps, we’re basically capturing the topography of your face — little math formulas that say, a corner of my eye, the tip of my nostril, the tip of my lip, what are the distances of that and thousands of literally small mathematical formulas on the context of your face and the liveliness of your face,” Thimot said. “We capture that and then that is stored in the cloud.”

This mathematical map, 99.9% accurate according to Thimot, is called by an application programming interface (API) to Microsoft’s Azure cloud that verifies the person so the authentication isn’t stored on the device. It also leverages machine learning to recognize a person despite potential weight loss, facial hair or other minor changes that might affect the person’s appearance. When the authentication is wrong, it faults to the negative — meaning the person is not recognized and another authentication, such as a PIN code, is required.

Biometric identification can also be based on fingerprints, signatures and iris patterns.

authID.ai also complies with Fast Identity Online (FIDO) standard, Thimot said. FIDO is an industry-led open standards group for authentication whose members include $3 trillion Bank of America, PayPal, $1.1 trillion ING, $1.9 trillion Wells Fargo, Visa, Mastercard and $200 billion USAA.

The publicly traded company was previously known as Ipsidy but rebranded in June under new executive leadership. The Denver-based authID.ai was founded in 2011, and its clients include the Saint Kitts & Nevis-based private Hamilton Reserve Bank, formerly Nevis International Bank and Trust, as well as CU NextGen, a credit union service organization that plans to roll out the security solution nationally.

Shares of authID.ai [NASDAQ: AUID] were trading $17.34 at 3:59 p.m., up 1.76% as of morning open.