As artificial intelligence (AI) provides new tools to criminals, Incognia has the antidote, with tools that are 17 times more effective than facial recognition. Incognia, which recently closed a $31 million Series B, combines GPS, Wifi, bluetooth and network signals to pinpoint devices with department-level accuracy to combat fraud.
Co-founder and CEO Andre Ferraz said the original idea for Incognia was ahead of its time. Initially designed as an authentication system for IoT devices and to drive retail traffic, the technology tackled the problem of users accessing multiple devices simultaneously. Password authentication results in a poor user experience.
Ferraz looked to location technologies. Determine whether the user is physically present at a location and could be authenticated to all surrounding devices. That’s a step up from GPS, which can determine that someone is in a building but not on a specific floor or in a certain room.
That was a decade ago when fraud and authentication use cases were less of a market opportunity. Fast-forward to the pandemic, which accelerated the need for more complex fraud prevention solutions.
“This was finally the right moment to return to the original concept of using geolocation for authentication and identity use cases,” Ferraz said.
How Incognia links user to device
Incognia’s primary use case is ensuring that a device is used by the person associated with it. The technology uses alternative signals from a device like model, operating system and hardware. That combines with device location behavior analysis to deliver a much more robust solution.
“The reason why this is important is that the behaviour of users is quite predictable,” Ferraz explained. “About 85% of the new accounts are created when the user is at home. Say you are creating an account on a neobank; one of the pieces of data you have to share is your home address.
“When you scan your driver’s license, your home address is right there. How do we ensure that the device trying to create an account in your name is (associated with you)? By understanding that your device is in that exact address and the account created, the likelihood (of accuracy) is much higher than if that device wasn’t there.”
The same philosophy that clears legitimate users also catches illegitimate ones. Fraudsters are usually repeat offenders. When they locate a vulnerability, they will exploit it exhaustively. Incognia’s system can identify multiple accounts created from the same device and location.
Where simple biometric solutions fall flat
Ferraz explained that Incognia is a step up on biometric-based solutions because they rely on static information. Your face and fingerprints don’t change. But once someone has access to that information, they can impersonate you. More sophisticated fraud tools render biometrics less effective.
While fraudsters can capture and animate your face, they’ll struggle to predict your movements. How will they know where a target is 24 hours a day? Ferraz likens it to the difference between shooting at stationary and moving targets.
Ferraz added that Incognia’s technology protects against fraud by matching address information to device behavior. It reduces new account fraud by up to 95%.
Account takeover is dramatically reduced for similar reasons. Around 90% of device logins are from trusted locations. If a new device tries to access an account from an unfamiliar location, it is identified as suspicious behavior.
New account opening is more complex. Sometimes, legitimate account holders sell access to fraudsters so they can launder money. Incognia can determine that the new behavior doesn’t match the activity from the trusted device. They are in different places.
Open data and Gen AI: Important considerations
Open data movements don’t affect Incognia, as permissions must already be obtained. Digital sovereign identities are interesting if they become mainstream. Ferraz said the key will be user experience. Incognia could recognize users without creating friction.
Like everyone else, Ferraz is watching AI. Many mainstream authentication factors are negatively affected by it. Social engineering methods that collect user information are more sophisticated, scalable and effective.
Yet many financial institutions still rely on legacy systems. A recent Incognia survey revealed that more than 70% of the top 50 U.S. banks still use SMS messages, which Ferraz said is the weakest security method available.
Generative AI helps criminals be more successful. Voice copying and animation of photos available online give them powerful tools. Ferraz said institutions could fight back with Incognia.
“From a consumer standpoint, our technology is resilient to these types of attacks,” Ferraz said. “From a business standpoint, this will probably continue driving much growth for Incognia.”
Also read:
