Whether it’s a data breach, fraud, or malware – there are many people that have experienced or have been affected by a cyber attack. And with the stay-at-home orders that followed the global pandemic, hackers have even more time on their hands to exploit users.
Some of the most threatening cyber attacks are fraud. When it comes to individuals, it can result in huge losses of money, while organizations can end up with a ruined brand reputation on top of it.
To avoid such intrusions, there are various cybersecurity measures that can be helpful, one of them being authentication solutions.
To discuss cybersecurity issues and threat prevention methods, we invited Stefan Kostic, the CEO of IPification, a company that offers network-based authentication solutions for mobile and IoT devices.
Tell us about your story. How did IPification grow from an idea to what it is today?
Our founder and current president, Harry Cheung credits the founding of IPification because of one incident that one of his friends experienced in 2013 when hackers got a hold of his mobile banking account and stole his money.
Because Harry had been on Kaspersky’s Board of Directors at the time, his friend wanted his input on the issue. But besides some general best security practices, there wasn’t much Harry could offer. That was when he had realized that mobile security was seriously underdeveloped.
Four years later, IPification was officially launched! Many mobile operator partnerships later, IPification covers 1.5+ billion mobile subscribers globally – and after just launching our new product IM Auth that extends our services to all – WhatsApp, Viber, and Telegram – users, our product can cover just about anyone with a smartphone.
And this is just the beginning!
Can you tell us a little bit about what you do? How do you manage to ensure security without compromising the user experience?
IPification was founded on the premise that nowadays, you shouldn’t have to compromise between security and user experience, and we think we have delivered on our promise.
IPification authentication, phone verification, and other fraud prevention solutions assign each user with a unique Mobile ID key, made of the user’s phone number, device, and network data. With only one click, the users send an authentication request, we verify their key against the data their mobile network operator holds, and boom – they are done within milliseconds. This is our flagship solution which also supports zero trust and continuous authentication.
With the new IM Auth, the user chooses their preferred IM provider – they send an automatic message to the branded IPification account and they are verified. In addition to our flagship solution, with one integration, you’ll also get a solution which doesn’t require a SIM card from one of our many mobile network operator partners, making it the perfect alternative option.
IPification is the trifecta of bank-grade security, seamless user experience, and maximum data privacy.
On your website, you state that the future is passwordless. Would you like to share more about your vision?
An average person today has over 100 passwords. That’s plenty of passwords to remember, and that’s also why as many as 66% always or mostly reuse the same password or variation across accounts. On top of that, passwords aren’t secure enough for today’s standards.
Those are just some of the reasons why we believe in the passwordless future and work hard with mobile network operators and service providers globally to make it happen.
The IPification vision is to establish a secure and user-friendly, user-centric ecosystem around our technology.
Have you noticed any new identity-related threats arise as a result of the pandemic?
There haven’t been as many new identity-related threats due to the pandemic as there has been a general skyrocketing of previously used identity theft tactics, namely phishing, SMishing, password stuffing, and SIM swapping.
In fact, just this past year, the number of data breaches through September (2021) exceeded the total number of successful cyberattacks by 17% compared to 2020. Additionally, we had a few major cyberattacks, including the Colonial Pipeline cyberattack and the Coinbase hacking.
The former was taken down by a single compromised password and caused fuel shortages on the East Coast, while the latter happened due to flaws in the Coinbase SMS 2FA system when cybercriminals stole cryptocurrency from approximately 6,000 Coinbase customers.
If anything, this proves that cybercriminals don’t need to invent new identity-related threats because the old ones are still pretty effective. And that’s precisely why we as a global society have the responsibility to standardize multi-factor authentication that’s secure and seamless at the same time.
As multi-factor authentication is becoming commonplace, what tactics have emerged to bypass this safety feature?
When at least three complementary factors are used, multi-factor authentication is notoriously difficult to hack. However, if I had to pin out the biggest risk to MFA, then that would be accounts that are using legacy authentication within corporate environments.
Employees who haven’t yet activated MFA on their accounts become the main target of hackers who usually revert to social engineering tactics, tricking employees into inadvertently giving them access. Kind of like what happened in the Twitter hack where attackers gained access to the company Slack.
This risk only skyrockets when you take into consideration the massive work-from-home (hybrid) working model shift globally.
What are some of the lesser-known risks a company can be exposed to if it doesn’t follow appropriate authentication practices?
Apart from the costs of cyberattacks which can break companies, and especially in the case of small and medium enterprises, I don’t think many realize the impact inappropriate or outdated authentication practices can have on user acquisition, retention, and engagement rates.
Just to illustrate – a 1-second delay in page load time causes a 7% loss in conversions. Moreover, 60% of users feel they are occasionally, frequently, or always slowed down or blocked from accessing services online. And 43% of users abandon an onboarding process due to friction related to proving their identity and/or verifying their phone number.
All of it piles up, resulting in damaging your brand image, market positioning, and losing competitiveness in the market where you risk your customers choosing your competitor over your service.
In your opinion, which types of organizations should be especially concerned about implementing quality identity verification measures?
Definitely fintech apps, as they’re the main target for cyberattackers. And especially now that the pandemic has caused the increase in both usage and cyberattacks: in the first half of 2020, fintech app user sessions have increased by 49%, while cyberattacks – by 118%.
Most importantly, the cost of ruined brand images hit fintechs the hardest.
A Microsoft and Frost & Sullivan study found that in an instance of a cyber attack, a large financial services company incurs an average of $7.9 million of economic losses.
Moreover, as a fintech app, you deal with people’s money, meaning you have to be regarded as super secure. That perception takes a significant blow with any cybersecurity incident and causes further losses.
What security tools would you consider essential for every mobile user nowadays?
Switch on the best authentication methods that you have available. If you can have multi-factor authentication, use it. If you can have IPification, use it. If biometrics is available, use it. If authenticator-app 2FA is available, try to bear with the friction and use it. If SMS 2FA is what you have, it’s still better than just passwords. And finally, if you only have passwords, make sure that you get a password manager and never reuse your passwords.
Share with us, what’s next for IPification?
As mentioned before, the IPification vision is to establish a secure and user-friendly, user-centric ecosystem around our technology. To achieve this, we plan on enabling secure authentication for three billion smartphone users and one billion IoT devices in the next five years, becoming a partner of choice for the top 100 telecom operators and serving 10,000 enterprises and developers in ten different segments by 2025.
This interview has previously appeared on Cybernews.
