Shauli Zacks
Published on: June 3, 2024
SafetyDetectives had the pleasure of doing a Q&A with Chirag Bakshi, the CEO and founder of Zumigo. With a rich background in digital identity verification and fraud prevention, Chirag has been instrumental in shaping Zumigo’s innovative approach to using mobile phone numbers for user authentication. Under his leadership, Zumigo has developed cutting-edge solutions to combat identity fraud and enhance online security. Chirag’s insights offer a deep dive into the challenges and advancements in digital identity verification, making this interview a must-read for anyone interested in the future of identity security. Join us as we explore Zumigo’s journey and its pivotal role in redefining identity verification in the digital age.
Can you tell us a little about your role at Zumigo and how you got involved with the company?
My name is Chirag Bakshi and I’m the founder and CEO of Zumigo.
How did Zumigo come to be, and what was the inspiration behind its founding?
Zumigo was created when I realized that a person’s mobile phone number is a proxy to their identity and can be used for authentication during any digital financial activity, such as bank account sign-up/sign-in on the web, and e-commerce transactions. By using the mobile phone number to authenticate a user, we can provide better fraud prevention and identity theft protection as compared to traditional solutions.
What are the key challenges in digital identity verification today?
Today, the attacks leverage new technologies such as deepfakes and AI, which makes the attacks difficult to detect and prevent. Old school attacks take on new angles, such as phishing using SMS (i.e., smishing), which are also hard to prevent. The widespread adoption of the web for business engagement and operations leads to proliferation of online/digital accounts and devices. In this scenario, traditional security and authentication methods like password-based verification are hard to manage for both the user and the business, and therefore are not very secure. Users also have high expectations of the experience of fraud prevention solution. On one hand, they expect a low-friction experience in accessing their digital accounts, including the verification process; on the other hand, they also expect their identity and data to be protected completely. This means that user experience and fraud prevention must go hand-in-hand with any identity proofing solution.
How has the rise of mobile transactions impacted the approach to identity verification?
Using the mobile device means businesses can verify the mobile number or device as part of the user’s digital identity. But because users expect a low-friction experience, the verification can now take place in the background without additional burden on the user. Instead of using complex, cumbersome methods such as uploading scanned IDs or calling into a call center, the device can verify the owner of the phone number and device, as well as other associated information, against the mobile network operator’s records. This dramatically simplifies the sign-in/sign-up process.
The mobile device is used for many activities across the digital journey – whether through the web browser or native apps. For native apps, passkeys help to ensure that the mobile devices themselves can automate the verification and simplify the mobile experience. The security gap that needs to be addressed, however, is to verify possession and ownership before installing the passkeys on the device.
The rise of mobile transactions touches almost all industry segments where digital access is common, and there are many use cases that can leverage mobile identity verification.
How does Zumigo’s solution enhance business security/prevent fraud compared to traditional methods?
Our approach starts off with verifying a user’s mobile identity, which includes mobile phone number and associated account activities. Mobile phones have become ubiquitous globally. Each phone number has an account of paid service connected to a real person, often over time, and all aspects of the activities associated with the number become something that can be used to authenticate the user.
For example, we can use the mobile number’s activation and services to authenticate whether this number is valid; from account services we can use account tenure, account type (whether it’s a pre-paid account), etc. and other information about the mobile device such as SIM card changes to assess the risk profile of the phone number. This can be done automatically without additional steps from the user, other than volunteering the phone number to be authenticated. Because it is difficult to type on small devices for long forms, the input fields can be automatically filled with the authenticated information, accelerating the sign-up/sign-in process and improving conversion rate.
Zumigo’s approach wins because:
- It does not rely on IP address, anonymous IPs and VPNs (which can be proxied)
- It is not vulnerable to simple hacking, like emails
- It uses real-time/authoritative data (such as mobile phone number owner name and address matching, mobile account tenure/status, device SIM or porting activity, etc.), not predictive or historical data
- It does not impede user experience with unfamiliar processes
When layered with other verifications, like email or payment instrument or geodesic distance, we produce a highly accurate risk assessment of transactions and users in a low-friction manner. The end result is a more accurate verification with faster detection of anomalies without unnecessary customer friction.
What future trends do you see in the field of digital identity verification and fraud prevention?
A user’s digital identity is becoming multi-faceted. It’s no longer just an email address. It now includes information from mobile phone accounts, payment data and sources, personal identifiable information, social accounts, biometrics, etc. Any of these can become a vector for fraud attacks. Digital identity verification should therefore leverages these different sources of information for a user.
An effective digital identity verification solution should converge and layer different methods and information sources – the digital identity intelligence – to provide multi-dimensional and multi-factor authentication, to ensure that the users and accounts are protected, and that fraud is prevented. At the same time, the approach should also be modular so that businesses can choose the number of layers to fit the requirements of the verification (e.g., high net worth accounts vs newsletter subscription).
In the near future, businesses will band together to leverage a network of mobile phone activities to identify anomalies and online fraud rings, to fight organized crime with organized fraud prevention. Using the intelligence gathered from the network that includes banks, Fintechs, neobanks, insurers, online merchants and retailers, businesses can optimize the algorithms to determine the associated risk of fraud and stop fraud pre-emptively.