Transcript: Onfido:Airside Vision Webinar - June 21, 2023

Yuelin Li 0:02
Great, hi everyone. Thanks again for joining. So, this webinar is about “Verify Once, Share Anywhere” where we’ll be exploring the future of digital identity. I’ve got some fantastic co-speakers with me today. We’re just gonna jump right in. I’ll introduce you to the others on the panel. So let’s start with Mike. Please tell us a bit about yourself and what you do.

Mike Tuchen 0:12
Right. Yuelin, thank you. I’m Mike Tuchen. I am the CEO of Onfido. And Onfido is a global leader in digital identity verification, fraud detection, and KYC compliance. What that means is we allow our customers who tend to be companies like financial services companies, banks, travel companies, and so on to verify/confirm who their customers are, and do that using a smartphone and a form of government-issued identification. We confirm that indeed, there’s a real person there, that their biometrics match whatever identification document they have, and that document is indeed a valid doc. We do that worldwide and allow our customers to really streamline their onboarding process and make sure they meet their local regulation requirements. I’m excited to be here.

Yuelin Li 1:08
Thanks Mike. And over to you, Adam.

Adam Tsao 1:11
Thanks, Yuelin. Just a brief background on my experience. I’ve been in technology and security and travel for about 31 years now. I was with Congress; I was in charge of air traffic control modernization, among other things. And when 9/11 happened, I was one of a handful of people the government turned to to create the new travel and transportation security system. And so as we’re trying to figure out how to make the world more secure, we stumbled upon some issues with identity that have led us to where we are today. So I left the administration in 2008 and decided to take my learnings and the opportunities we saw while working with the government to create Airside.

Adam Tsao 1:55
I think our biggest success is we’re probably best known for Mobile Passport, which was a public-private partnership between the Airports Council (ACI-NA), the U.S. Department of Homeland Security Customs and Border Protection (CBP), and Airside to let people clear customs using their phone. We had 10 million users, and we saved about 20 million hours (correction: 2 million hours) of standing in line. So this was really our first proof point that people actually do want to use their digital identity from their phone, and that we can actually provide this great benefit to the traveling public. So we took this backbone that we built. Airside has always been very privacy-focused. We have never seen anyone’s personal data across our system. We can’t mine it. We can’t sell it. We can’t share it. We can’t lose it. And so we took that technology and we made that the basis of the Airside platform, and it really put us in a position to be the leader of private digital identity sharing. Our patented system really puts the control back into the hands of the individual. We’re trusted by the U.S. government, American Airlines, and others. And millions of people use us to save time while protecting their privacy. So along the way, we realized that we can provide long-term success by creating these trusted technologies or trusted connections. And so that’s what our technology is based on.

Yuelin Li 3:29
Fascinating, we’re gonna dive a bit deeper into some of that. So hi, I’m Yuelin. I’m the Chief Product Officer at Onfido. And I’m also the moderator of today’s discussion. And after the conversation we’ll be having we’ll also be answering questions. So please pop your questions onto the questions tab in the app. We are seeing a huge shift in the digital identity landscape: In the 14 or 15 years or so since smartphones came about, it’s now become completely ubiquitous. I think most people are almost afraid to leave the house without their phone. And we’re also using it to control more and more of our lives. So according to Juniper, as early as 2026, which is only two or three years away,

over 60% of the global population is expected to adopt a digital wallet and manage that from their phone as well.

We’ve seen actually in the last three or four years how the pandemic has taken us from a fully digital lifestyle to a more hybrid setup, where the things that happen on your mobile and what’s happening in your life started becoming really connected and you need to use your phone to be able to access things or use the device to prove your status or check-in. So we’re seeing a lot of these trends. Is this why Onfido and Airside came together, Mike?

Mike Tuchen 4:53
Let’s go back to the beginning. You talked about the last 15 years. The opportunity we saw is that the digital identity landscape really hasn’t evolved along with the market. What happened back when a remote identity verification was created a dozen years ago, is we took an in-person process and made it digital, which is great. I mean, it’s a huge improvement. If you used to have to sign up to create a bank account, you’d have to go into a bank branch with whatever your identity documents were, prove who you were, and then drive back home again. We took all of that and digitized it. You can now do that with a smartphone. And wherever you are, whatever you want to do, it works, now fully electronically. It’s fast, it’s safe, it’s convenient, it’s more secure, and it gives better accuracy, it can detect fraud better than the old way. But the process is still the exact same. And what that means is, we’re over-sharing in a couple of important ways. Like, the first way is for every company that you want to apply to; if you want to apply to two different banks, or a bank and a trading house, and then you want to sign up for a hotel, you’ll be able to do remote check-in. You want to sign up for a car rental company to be able to rent cars — for all of those steps, you’re going to have to keep going through the exact same process over and over and over again. Boy, that seems like a lot. Wouldn’t it be great if you could do that once, store it on your smartphone securely, and then share it? Wouldn’t that make it much more streamlined, much faster, much easier, and so on? Absolutely.

Mike Tuchen 6:46
The other way that we’re oversharing is we’re sending the whole document with every request. So think about that. I ran into this in the real world two weeks ago. I was on vacation in Italy and checking into a hotel. And the person behind the counter said, “Can I have your passport?” I’m thinking they’re just going to look at the passport. No, they take it back into the back room, take a photocopy of it. And the question you ask is, “What on earth are you doing with my passport? I’m just trying to check-in to a hotel room for God’s sake.” So who’s going to have access to it, how are you going to use that? How long is it going to get stored? What? That’s a lot of information to get into a hotel. We’re doing that over and over and over again, which means there’s more information spread out in more and more different places.

It’s the equivalent of taking your wallet and leaving it out on the park bench, or worse: making 100 copies of your wallet and leaving it on every single park bench in the entire park. So it’s not a great experience,

certainly, but it’s also not a secure and private experience. We can do a whole lot better than that, electronically. And the fraud world is increasing, not decreasing. According to Javelin research, in 2022 companies lost $43 billion due to fraud. And think about the streamlining aspect, the fact you’re having to go through this entire reverification process each time. Well, there are some scenarios for things like Buy Now Pay Later (BNPL) that are directly in the transaction flow, where companies are really, really sensitive to adding extra friction. And statistics show that companies lose $18 billion a year in lost sales due to shopping cart abandonment. So if you can make that into a much more secure, one-click kind of experience versus going through that whole reproving your identity each time, that makes it a lot more accessible for some of the really important scenarios. So we see this move towards digital identities stored in a wallet and reusability, shareability, user control, and privacy management, we think that’s absolutely critical. That’s where the world’s going. We’re excited to partner with Airside to bring that to reality for the entire world.

Yuelin Li 9:08
Makes sense. And, Adam, how did this come about for you?

Adam Tsao 9:12
Well, we were absolutely thrilled to be introduced to Onfido. I think from my first conversation with Mike when he explained his vision of where identity we knew as a fit. I mean, we’ve always been privacy first.

We’ve always believed that the individual is the key to identity and that you can’t have these massive databases. There’s just a finite life to that particular business model. And so when you look at Onfido you have the world’s best identification technology with a global reach into the most important financial institutions. And then you look at Airside and we have the leading privacy-based digital identity-sharing platform with a lot of traction in travel. Putting us together we have the opportunity to do what no one else in the world can do. And that’s exciting. We can literally transform everyone’s day-to-day lives and give control back to people who felt they had no control, bringing us security and privacy, and peace of mind that we each deserve.

It’s thrilling as far as I’m concerned.

Yuelin Li 10:21
Great. Yeah, what an exciting vision. And actually, some of this is not a vision because it’s already happening, especially around travel. We just heard about the success of Mobile Passport and some really other exciting partnerships as well. So Adam, can you tell us a bit more about Airside today and how it’s already transforming the way people travel?

Adam Tsao 10:41
Thanks, Yuelin. So travel presents a natural opportunity for digital identity transformation. It’s a huge market. There are airports, travelers, airlines, and governments and they all want to move towards a biometrically-bound reusable digital identity solution to improve the system. We know strong identity matters because of 9/11 and everything. There are a billion passenger trips in the United States alone and 4 billion worldwide. So that’s, that’s already a use. Every time you fly, your identity and data are checked multiple times, beginning as soon as you purchase your ticket. And then you’ve got to then prove yourself along the way. That means lines, that means your data is being shared across borders, that means your data is shared between entities. And in order to make all this work, you have to stand in line. And everybody hates lines. It drives travelers away, it drives up costs.

Adam Tsao 11:48

By implementing the Airside digital solution, we can go from plane to beach in 20 minutes.

Think about it: 20 minutes. And so that makes something like a weekend trip viable from people, say, living in Miami, and so that’s what we’re talking about. And when you start to realize how real standing in line is and like, “Ah, I don’t want to deal with customs, I don’t want to, there’s too much hassle,” what trips, what commerce, what things do we avoid because it’s just gonna cost us too much, it’s going to cost us the hassle? And so by going towards and working with travel, you really provide a huge value and a stickiness of a proven solution that people, everybody in the system wants.

Adam Tsao 11:56
So reusable ID reduces costs, reduces liability, and it improves customer experience. Travel itself is built on layers and layers of layers of interconnected global legacy systems. And so as the regulations become more complicated, and the threats become more complicated, it makes using any of these centrally controlled platforms untenable from a regulatory, privacy, and security stance. And so that gives us an opportunity. Governments do not trust the link between the data on your boarding pass and the person standing in front of you; that’s why you have to pull out your ID over and over and over and over, and that means standing in line. So every touchpoint is owned by somebody else. And so every touchpoint has a different experience. And so you might have to show your passport, you might have to show your driver’s license, you might have to show your passport and your driver’s license, you might have to show your passport, your driver’s license, and your credit card if you’re going into a lounge or something like that. And so, if you think about all of this, in order to take advantage of the moving digital, that traveler with one touch has to be able to send the right amount of data to the right place at the right time for the right reason. So you can’t just stick it into the airline system because then it would be at every single terminal in the airport; they don’t want that. They don’t want your biometrics, they don’t want to touch it. They don’t want their systems to be infected by the data that’s becoming more and more regulated. And so what this gives us is the convenience of a one-touch ability to get a VIP experience where you’ve positioned your right to move forward at any of these touch points. It’s more convenient. You don’t have to pull out your wallet. You keep moving. You don’t have to say who you are.

Adam Tsao 15:03

We’ve proven in the real world that we can be five times faster just from a process standpoint.

We saved 2 million cumulative hours of line standing for our passengers, our customers for Mobile Passport. And because you’re using the phone, you can apply all kinds of different digital standards and encryptions that you can’t otherwise apply to handing a piece of plastic over to an individual. So we get speed, we get assurance, we get transparency, and we get security, all with a touch of a button. And so a lot of people ask, “Well,

isn’t Apple doing the same thing?”

And the answer is “Not quite.” You know, what sets us apart first is that Apple has been approved to do three states in the United States that are connected directly to the DMVs, and they have agreements with 15 other states. And they’re going to roll out the solution very slowly over the next 10 years. We are already live and approved with 41 states and all U.S. passport holders. So right there we have

300 some-odd million passengers who are eligible to use our system today.

We are not limited by Apple’s walled-garden technology. We can work with anyone. Our open APIs can be tapped into by Google, by the airport operators, by the airlines. And ultimately,

it allows us to be the Spotify to their Apple Music.

And then lastly, we are partnering with everyone in the ecosystem. So it’s not just a matter of you having an ID. We actually are providing the benefits all the way from checking in, to dropping your bag, to skipping security, to passing through customs, to biometrically boarding the aircraft. In order to do that you need a privacy-based system like Airside. So that’s going to give us the opportunity to roll out benefits that no one else can offer.

Yuelin Li 17:14
And that sounds very exciting. And travel sounds very complicated and like you need a lot of product discovery. So if you need some product people to come to [inaudible] and test the minutes of the gate to beach adventure [let me know].

Mike Tuchen 17:31
I’m up to confirm that 20-minute plane to beach myself, so I might have to go and take you up on that as well.

Adam Tsao 17:37
We’re having lots of volunteers for project managers and user experience coordinators. So I’ll put you guys on the top of the list.

Yuelin Li 17:46
Absolutely. Let’s hear a bit about. knowing now what we know about Onfido and the technology and Airside and this simplification of this very complicated space that is travel, what specifically was the “aha” moment where you’re like, “We need to join forces and be stronger together”?

Mike Tuchen 18:07
Well, you know, for us, we saw the trends towards digital identity and shareable portable, all the stuff we talked about a second ago, and the “aha,” this is the moment when we saw Airside. What we were so excited about was that is the clear added-value entry point. Adam just talked about the value that Airside brings to the travel scenario. Why is travel great? Well, travel is great because it’s a high-volume scenario, with a whole bunch of repeat users. It’s one that’s really high stakes with high-security requirements. So you have to meet a very high level of proof. And so, therefore, you have a very high security standard that you’re applying to the IDs. Now add that to the privacy protections and the user centricity that Airside brought, and we said, “Wow, this is great.” There’s a real clear path to building a really high-quality set of stored identities, verified identities. And now, our existing customers can use those directly, and so we can now offer that to our customers. If the user that you’re trying to enroll is already an Airside member, what is the process? They can say, “Would you like to share this part of your identity with this customer?” And if the answer is “Yes,” with one click, you’re done, and you get that reusability and shareability benefit. And if not, then you can go through the existing process that we already have and we can just ask at the end, “Would you like to store this and save time later?” The answer is “Yes”. So we think we can give the ultimate convenience, privacy, and security all in the palm of your hand in creating this shareable identity. The Liminal consulting firm believes that that

reusable shared identity scenario is going to be about a $250 billion market by 2027.

So we’re excited about the opportunity to be a major player as this market develops in the coming years.

Yuelin Li 20:28
$250 billion, not bad. Adam, what about your perspective?

Adam Tsao 20:32
Well,

I think actually Liminal underestimates that because they were only looking at the enterprise.

If you look at that report, it’s entirely enterprise. And so the difference between what we’re doing is that you can do this without an enterprise in the middle. And so my CISO (Chief Information Security Officer), Joe, I’m going to quote him, “If you want better, cheaper, faster, and more secure, you can only pick two.” Well, that’s not the case with the Airside plus Onfido. We can actually create unmatched certainty, unmatched transparency, unmatched data minimization, and unmatched control. That’s a win, win, win, win. So by allowing the individual to gather and verify their identity data, create an immutable trusted digital identity that they bind to their biometrics and then their device and allow them to share as much or as little information as they need to, and give them the power to both track and revoke who has access to the data, you’ve created, you’ve really flipped the industry on its head. You’re creating this new and better type of instant and mutual trust, one that provides higher assurance, reduces costs, reduces friction and minimal exposure while putting the control where it belongs: with the owner of the data. And so this, like I said, opens up opportunities for all segments of the economy that aren’t necessarily even addressed in the Liminal report.

Yuelin Li 21:58
Very interesting. As the future plays out, this idea of users having much more control, and the ability to have these trusting relationships with businesses without giving up any access to their identity and what is happening with it, is definitely where we see the industry going. And I’m talking a bit about shareable identity. So as you know at Onfido as well, we speak with businesses a lot about the balance between friction and user experience, and customer adoption. And businesses today really want to reduce friction to make it easier for customers to interact with their brand at any point in the journey, whether it’s onboarding or when the customer wants to do something, or especially during unhappy moments when you’ve lost your password and you can’t get back in and so on. And shareable identity is a really interesting concept to be able to add simplicity and convenience, and so that you do have some way of proving who you are that the businesses can also trust, but also providing privacy, which is the thing you really don’t have now or control. And so shareable identity is a fun concept I think everyone’s gonna be hearing a lot about over the next few years. Mike, what does shareable identity mean to you?

Mike Tuchen 23:17
You just touched on a whole bunch of it. Right now, the reason why shareable identity is so important is that as consumers, we need to use our identity to get access to a lot of stuff both digitally and in the real world. If you want to sign up for a bank account, you need to prove who you are. If you want to rent a hotel room, you need to show identification. If you want to rent a car, you need to show identification. If you want to buy a drink, you need to prove how old you are, which means you need to show identification. And so all of these different scenarios require you to prove who you are. The way we do it right now is cumbersome. Why not verify once and make sharing really simple, safe, and secure? Where you control your privacy and you decide who you want to share it with and how much. And that’s clearly the right way to go. It not only gives a clear end-user benefit, it gives businesses benefits because they have a more secure set of identities. They’re already pre-proven and a simpler experience, which means less drop-off, and higher conversion rates. And in addition to the way we’ve stored it on the devices in a secure enclave, a very, very secure way of storing it, there’s another security benefit that’s worth touching on.

Mike Tuchen 24:40
Think about the current world where identities, generally speaking, are stored in a big online repository, and there are going to be hundreds or millions or more identities in them. Think about all the password hacks you can hear. That’s a version of that because these are big honeypots that hackers can come and try to steal. Now, flip that around. You move that to a shareable model, where the identities are distributed; if there’s 200 million identities, there are 200 million different smartphones. And not only is each one really hard to crack given the way it’s stored, but the value you get out of cracking it is, you’ve got one identity that you’ve just gotten with all that work. The ROI for a hacker is completely flipped upside down, so it just doesn’t make sense. It’s a far structurally more secure way to solve the problem: Distributed versus centralizing all information into one big place and every hacker wants to spend their whole life hacking into it, right, because the value of success is so high. So that’s why we see shareable identity as a win all around: It’s a win for the end user. And it’s a win for the businesses that are working with end-users across the whole lifecycle. I talked about onboarding scenarios. Yuelin, you talked about some of the downstream scenarios about high-risk transactions, about account reset scenarios, app reset scenarios — all of these things that are being done in much more laborious ways, you can do in much more streamlined and much more secure ways with shareable identity.

Yuelin Li 26:19
And that makes a lot of sense. We’ve seen such a growth and prevalence of the information that’s being sold on the internet. And the idea of people doing that with biometrics, even beyond passwords, I think it’s pretty inevitable if things are stored in this fashion, but also quite scary, I think, for your typical consumer. So what makes it so valuable and important to customers from your perspective, Adam? And then also from the other side, from businesses?

Adam Tsao 26:51
Sure. So one of the things, especially about some of the knowledge-based questions, is that if you as an individual, for some reason, have different information than in the database, you as the individual are wrong, right? So a perfect example: my first car was a 1979 blue/green International Harvester. And so when the question comes up, what color was your first car? Was it blue or was it green? So I fail that question almost every single time because I believe my car was registered some years as green and some years as blue. And so, as a result, I never pass that KYC but I’m still me. And so identity…

Mike Tuchen 27:33
Adam, sorry to break in. But just having International Harvester makes you just something to begin with.

Adam Tsao 27:36
International Harvester Scout Traveler.

Mike Tuchen 27:45
I had a Scout too and mine was either red or orange, depending on the day.

Adam Tsao 27:50
I knew there was a reason you liked it. So you had an orange/red, and I had the blue/green. Nice.

Yuelin Li 27:56
I’m harvesting all this information as we speak.

Adam Tsao 27:59
Exactly, exactly. And so now that particular knowledge-based question is now useless, except for the fact no one knows which color those cars were registered under. But when it gets down to it, identity is about trust: Are you who you say you are? Do you have a right to access the location or a service or a product? And do you pose a risk? To answer these questions, we share documents, we fill forms, we present cards, we carry keys, we create passwords, we issue tokens, we submit to database queries, we do knowledge-based questions, we share our biometrics and, as Mike was pointing out, as we deal with more and more people in commerce, both digitally and in person, we are sharing more and more of information, our digital identity breadcrumbs are everywhere, across the internet and filing cabinets across the world. And so what ultimately gets to is how do you prove that you are a trustworthy individual? I think it’s Peter, actually, who is our Chief Privacy Officer and CTO and chief architect, who always says to prove your identity it’s either what you are, what you have, or what you know. And so what our system allows us to do is answer all of those questions and answer the questions by creating a single opportunity for the user to do that, once. So, as an individual, you don’t change whether you’re in person or online; what changes is what information is needed, and who needs it. And so, if you can actually create a system where you can decide who gets what, when, where, and why, and you can decide, say, all right, like you have access and you don’t have access, you flip the whole situation on the head. You reduce friction, you reduce costs, and you create a stronger ID. You can use unbreakable technology. You provide transparency that is not available otherwise, and you minimize data exposure for both the individual and the relying party. And finally, and this is the most important part, you put the control back where it belongs: in the hands of the person who truly owns that data. And so that’s why this is such a powerful “aha” [where] we can turn everything on its head by doing the right thing. And there are very few opportunities like that.

Yuelin Li 30:36
We definitely see the pendulum swinging from no privacy rules and everyone taking whatever data they want. It’s going the other way, which is actually, this personal data and biometrics is something that’s very precious and something that you want to own and you want to control and you want to share and you want people to share rather than having it done for you. We speak a lot about identity being multidimensional, and so much discussion about identity can really limit it to just your legal identity, whereas actually to be able to do a lot of things you need to have a much broader set. You have many other conditions, such as, do you actually have the right to fly just because you have a driver’s license? Or, the right to drive? Or what is your relationship because of who you’re traveling with? And there’s a lot of amazing use cases that really open up. Let’s hear from you, Adam, as you’ve been working in a cycle a long time. What else do you see for the future of digital identity?

Adam Tsao 31:38
Well, I think you hit the nail on the head, Yuelin. Your identity is not your documents. And so the world, much of the world of digital identity is focused on the wallet, which is cards and documents. Your identity is the core of your humanity. And so your digital identity is actually going to be, as we move forward, the core to every part of your commerce. It’s more than just your data. It’s more than your biometrics. It’s your relationships. It’s your associations. It’s your preferences. It’s your history. All of that goes to answering, you know, who you are. And I think because of what we’re seeing with generative AI, the bad guys have more tools than the good guys at this point. And so what is going to happen? What’s going to be the key that gives everybody the ability to be trusted? How do we trust? And so I think in the end, a decentralized user control identity will be the backbone of the new economy for both in-person and online experiences. And it’ll be a key part to protecting us against AI-driven crime. No more physical cards and more physical passports. No keys, no tokens. Basically, we’ll all be carrying an AI-proof ID bound to us on our devices. When you think about it, that means that as things become less enterprise driven, you get more gig economy, more sharing economy, more person-to-person, we’re doing these digital transactions with people we’ve never met before. And so this allows us to fill in a gap and let verified identity be the backbone of commerce. And that’s what I think is truly, truly exciting. And

essentially, we’re building the photo negative of Facebook.

And so you yourself become Facebook and you share what you want, when you want for how long with anybody and you think about the kind of the power of Facebook and what it did to the internet, politics, commerce, and even how we relate to each other. The problem with Facebook, though, is it exposed all of us. It exposed us to non-verified information. It exposed our information elsewhere. So as the pendulum swings with governments and businesses moving more toward privacy and regulation, I think that

whoever cracks this decentralized user-control digital identity is going to be the ultimate winner.

Yuelin Li 31:57
Agree. It’s definitely changed, I think, the idea of private life and your public life, for sure. And maybe those consequences haven’t fully played out for most people. And, Mike, what are your predictions for the future of digital identity?

Mike Tuchen 34:29
I think first just looking back for a second, you know, we’re moving from phase one, where everything was in person. to kind of the second phase where we have been in the last decade, where we’ve taken that exact same process and digitalized it to really the next phase where we’re now using shareable identities and stored digital identities. Clearly, that’s where the world will be over the next decade. So we think that’s a major transition for the entire industry. Adam did a nice job articulating some of the opportunity there. And, you know, folks like

Gartner believe that by 2026, half of the world population is going to be using these shareable digital identities.

That’s just three years from now.

Mike Tuchen 35:13
Yuelin, you talked a little bit about the multifaceted nature of identity and Adam did as well. I’ll look at that through a different lens. I look at an identity as being not just who the government says I am. The government has proven trust for most identity systems around the world, but with a lot of other layers on top of it. Which frequent flier programs am I a member of? At what level? Which car rental programs am I a member of? Which hotel rental programs am I a member of? Which banks am I subscribing to? Which affinity groups? All of those things make up my identity. And all those things are things that we can store and attest to and share and so on. And those are all things that people want to control who they share it with and when. We think that’s clearly directionally where this goes. We think digital identity for us, at Onfido with Airside, together starts in travel given that, for us the excitement around that, it’s a really high stakes, high-security requirement business. It’s a high-frequency and high-volume business, so we can ramp up a number of very highly vetted profiles and very highly vetted identities and get them stored very quickly. And then comes in, customers can choose to reshare those for all kinds of other scenarios, primarily things like financial services. So we think it’s a great entry point into a dramatic market shift that’s happening, that’s one of the most important changes going on in the technology world, across the board. And so really excited to be leading the charge in this changing landscape with a really strong foundation, bringing some of the most important capabilities in one of the most important use cases out of the gate.

Yuelin Li 35:13
It’s one of the exciting things about working in technology, right? Is this being part of the paradigm shifts and waves and given that the smartphone has really only been around for just over a decade, really, it’s an indicator that this new paradigm shift to: What is identity? What is identity on a smartphone with humans and user control? So really, really interesting discussion. So we’ve got a bit of time to take some questions, and we’ve got quite a lot of questions from the audience. We’re going to work our way through that list. So the first question is from Peter. Peter’s question is, “Where does the original good ID come from?” I think my interpretation of this question, by “good ID,” is the first binding of identity proofing to the Airside App. Adam?

Adam Tsao 38:18
Sure. So it’s a combination of aspects. Generally speaking, we are certified to an IAL-2 level, which includes two strong pieces of evidence. Mostly, we prefer to go back to the original database to confirm that the data of the identity matches. So for instance, with your passport, you know, you take your passport, you scan your passport, and then you use that information to open the chip. If you can then open the chip, then you’ve got to basically scan your biometrics that match the source picture of the chip, then we run that chip against the good and bad chips out there. And so we know that the data, the biometric in the document are all from a recognized data source and they all match and they haven’t been tampered with. And so that’s the level of security we go through. Every type of identity that we go through will go through a slightly different process, but it is largely essentially that there’s the biometrics, there’s the data verification, there’s the source verification and then there’s the binding back to the device.

Yuelin Li 39:25
Thank you, Adam. The second question is from Louie in the UK. Louie asks, “I noticed that when I was adding a new document to my Airside account, the verification is done via Thales. Is this set to change given Onfido’s new relationship with Airside?” Oh, I was like, really? Very well observed. Adam, do you want to take this one? Or, Mike?

Mike Tuchen 39:53
Easy to answer that because it’s an easy question.

Adam Tsao 40:01
The answer is, yes, it will change. Obviously, we’re dealing in a regulated system. So we need all kinds of government approvals, but those are all underway.

Yuelin Li 40:14
We also now have a question from Robert in Amsterdam. Robert asks, “What do you think of initiatives, such as the W3C verifiable credentials initiative, to standardize source data authentication and the related audit trail?” It sounds like you’re from the identity industry, Robert. Adam or Mike, would one of you like to take this?

Mike Tuchen 40:39
Right now, there are really three different standards that are evolved for digital identities. One is an ISO standard around local driver’s licenses; another is the verifiable credentials standard you just mentioned; and the third is a standard in the EU that’s just been finalized right now, called eIDAS and eIDAS 2. And so our view right now is that verifiable credentials is a really promising technology that has some really good attributes. The concept of you can have individual assertions. So we talked a lot about not having to share the entire identity, but being able to, if you need to just prove your age, to be able to say, “Yes, this person is over the age of 18.” Well, you can do that in two ways. With a verifiable credential system, you can share just the birth date as the one attribute that you care about and say we have attested this from this user. Or, as with another standard layer on top of that, called zero-knowledge proofs, we can say we attest this person is over 18 or over 2, with really no information exchange, no private information exchanges, aside from just an assertion and approvable assertion that you are over the required limit. So we think that’s a super promising technology that’s been standardized and has a lot of industry support. It doesn’t yet have the number of relying parties that mDLs have. So for example, the airline TSA system that relies on the mDL standard. And we think the EU standard of hideouts, too, is going to have a bunch of mandated support by the EU. The EU tends to take more of a stick approach than a carrot approach. So we think over the next couple years there will be a lot of thick supply to that one, and that will get a critical mass adoption. So it’s certainly one of the three most important standards in the space, but a lot of really technically helpful attributes that can lead to a very high-quality identity system going forward.

Adam Tsao 43:00
I think that the standards are important, right? That’s how we all unify and figure out how do we connect, how we exchange. And there’s going to be lots of standards. Ultimately, where we will not compromise is the privacy. And so once you’ve started to the point where the user is actually in control of the privacy, the source of the data, the standards, all of that can be, the system is meant to be able to handle whatever standard is necessary for whatever identity transaction there happens to be. And so it’s a matter of how many standards do you want to comply with at any given time? And so as Mike’s saying, we comply currently with NIST, we comply currently with ISO, we comply currently with Kantara. There are plans to comply with the W3C. So the standards are important because those are goalposts that we can all shoot to as industries. But you have to remember, from our standpoint, because the individual controls and we provide both the security and the transparency, we’re actually 90% compliant with pretty much every standard that comes out there. And so for us, it’s a tweaking for an individual transaction, as opposed to a wholesale change that you’re gonna see with a lot of the other digital identity systems.

Yuelin Li 44:18
Thank you. That makes sense. The standards are also standardized in their own ways, especially around certain modules. We’ve had a lot of questions, so I’m just going to move on to the next one. And the next question is from John. It’s an interesting one: “You mentioned Facebook, which has encountered problems with identity spoofing on Facebook accounts and Instagram accounts. And how does the Onfido Airside solution minimize spoofing?” Is this a good one for you, Mike?

Mike Tuchen 44:48
Sure. Look, the challenge with really all of the social media platforms today is they’re not doing identity verification by and large. It’s something they’re all investigating and all want to move to. If you don’t verify, then someone can just claim, “I am President Biden.” And how would you know? You haven’t proven that person’s identity one way or the other. We saw Twitter, using a different social media platform, go down the route of considering doing verification, but instead, they chose to just simply charge a certain amount for a blue tick. Well, it turns out that the amount they charged was less than the value as perceived by a malicious prankster. In this case, the plaintiffs were sort of innocent on one level but cost companies literally billions of dollars in market cap because they posed as being an official company account and put out what would be otherwise damaging information. And so, just an example, if you don’t do verification, then your people can claim that they are whoever they claim they are, and you have no way to confirm. So what we would do, going back to the question, we would look to see if you’re trying to say, “I want to prove that I’m Mike Tuchen.” Okay. Well, you have an Airside stored identity. If so, that’s a very high bar that we can now say very confidently that, “Indeed, I’m Mike Tuchen because I’ve proven that to an IAL level 2” that Adam just walked through. And in just a click or two, boom, I have that attestation that I can link this Facebook account or this Twitter account to this very high-confidence identity. If you don’t have an Airside account, then we fall back to now using what Onfido has been doing for the last 12 years, which is, “Alright, pull out your government-issued ID, pull out your smartphone.” We use a product we call Motion that proves that there’s a real live human being there, that is indeed the same biometrics as the one on the identity. We’ll confirm that the identity is valid. And then now we’ll do that linking between that account, that social media account, and that real human identity. And so we can solve that for the already stored identity in a reshareable case with Airside or we can solve it in a will resolve it in the [inaudible] case. And at the end of the process, we can say, “Okay, Mike. Welcome and would you like to store that information to save time later?” And move to save that in Airside. That’s the goal.

Adam Tsao 47:34
I think there’s also a future-proof opportunity here. And so we’re verifying to the highest standards today, but those standards will probably be inadequate tomorrow. What giving the user control and consent is you can start piecing together pieces of information that the user can then hold to make their ID stronger and stronger over time. I may validate a passport, then I may validate a driver’s license. Well, there’s nothing stopping me from cross-correlating that, “Alright, that driver’s license I did at IAL level 2, I’ve got the verified biometrics, I’ll do the exact same with that driver’s license,” and then look, they match. The name matches, and the face matches the templates. And they were created on the same social security number, right? So now you’ve got two documents correlated by face data, and a third piece of information. And this keeps going back and forth. And now you take this passport, and you present yourself to TSA, right? And so now that passport that was verified has a live verification against it, we’re not going to share that year with TSA. But we can then say, “You know what, you felt strongly enough to put this in front of an officer. Therefore, that gives you some sort of points for surety.” And this, in the long run, gets to a continuous dynamic identity, that really, no one else has the opportunity to build except Airside and Onfido. That’s really where we start, the aha moments, start going. It’s like, “Oh, wait. So my Boy Scout membership, which is garbage, has absolutely more meaning now that I’ve tied it to a verified identity.” And so that’s where you start seeing that you’re building the layers of verifiable, cross-correlated data with things that are voluntary, and you start creating this picture of a digital identity that no one else can have. And so, yes, it makes it almost unspoofable.

Mike Tuchen 49:28
And the real benefit here is, as we get more and more of this correlated data, correlated information — and it’s not data in the sense that we access this on the profile —

the confidence, the identity gets higher and higher, and therefore the fraud gets lower and lower. And that’s a really unique approach to what we’re building.

Yuelin Li 49:48
Okay, if anything that is enabled because it is user control, and very tricky to do without it because you need the user to provide all that information to you and for us to do with that information today. Thanks for the responses there. We’re going to keep moving on. So this is from Peter to Adam. “Can you please talk us through how it works at the airport?”

Adam Tsao 50:12
Oh, absolutely. So once you verified yourself on your Airside Identity, you’ve created a credential. And so within the Airside App, let’s say you’re going to use it with American Airlines, you go inside and you say, “Share my identity with American Airlines.” As we start adding flight numbers and other information, your biometric template will be placed at a single camera for however long that camera needs to hold it. So say I’m flying tomorrow on flight 123 out of Reagan National (DCA). And you say “Share.” Well, your biometric then gets held in a single camera that allows you to walk up to the self biometrics bag drop. As soon as you do, the camera does a one-to-one match (yes, I’m Adam) and allows me to then drop my bag and I can go. No printing tickets. No to all of these other things. I will then get a record that the camera saw me and I will get a record that will say that I was approved. And so if you think about the number of touch points that can be enabled, being that bag drop, boarding, going through customs or going through TSA, basically with one share, you’re essentially saying, “I am who I say I am. I am going to walk through this touchpoint and when I do, you then will have access to the rest of my information.”

Yuelin Li 51:31
Interesting. And they can try it out in person already in airports in the U.S.?

Adam Tsao 51:38
Absolutely. There are 15 airports in the United States that accept the Airside Digital ID. It’s actually marketed under the American Airlines mobile ID and there are 15 airports. We just opened our own express lane at Reagan National in Washington, DC. So if you are a (AAdvantage) frequent flyer with (TSA) PreCheck®, you can completely skip the line. It’s two steps and you’re right through security.

Mike Tuchen 52:05
I used at DCA a couple of weeks ago, and it was absolutely transparent. It was awesome.

Yuelin Li 52:10
The idea of skipping the line at the airport is the absolute dream, especially if you are a foreigner like me coming to the U.S., gosh.

Yuelin Li 52:15
Tell us a little bit more about the future of digital identity. This is a very interesting question from Matthew. “How do you look at the future of digital portability? For example, taking identity information from one platform to another based on preference and not being tied to a single platform or wallet.” Very interesting question. Mike or Adam, would one of you like to take it?

Adam Tsao 52:16
I mean, I think that’s ultimately the key, right? You are who you are, regardless of what platform you are on, or who’s asking for the information. So you really ultimately have to be platform agnostic.

Mike Tuchen 52:57
I mean, ultimately, I believe that there will be fewer wallets over time. It’s sort of reminiscent of, in the IT world, there used to be a whole lot of “who’s on top” kind of question; people were trying to create dashboards and who’s dashboard was the topmost dashboard. It’s ultimately, honestly, the smartphone manufacturers will have very capable wallets that over the next five or 10 years, I think the rest of the world will elaborate. Right now, if you were to try to add an identity to the Apple wallet or add an attribute to it, you simply can’t do it. They don’t have the level of flexibility and third-party access to allow you to do that. And so as a result, there are a whole lot of other wallets that are out there. The same thing with the Google Wallet. If you were to predict forward, I believe that that portability scenario or that interop(erability) scenario is ultimately solved by the world converging on a lightly inbuilt wallet for whatever platform you’re using. And other players like us are adding identities and adding attributes to that to be added to your personal profile, as opposed to having to go to a different wallet to solve this problem versus that problem.

Yuelin Li 54:29
Thank you, guys, for that. So we are coming up to the hour. We’ve got time for one more question and it’s a super-interesting one from Vidit. “So there are countries like India, where digital identity is being centralized by the government via server-side identity wallet. In India’s case, this is the Aadhaar card. Do you see the centralized and decentralized model in the West coexisting? Or, do you think countries like India will eventually adopt client-side,, decentralized wallets?” Mike, I think this one’s for you.

Mike Tuchen 55:07
I think depending on your timeline, I think the centralized and decentralized approaches will coexist in the near term. And then, in the medium and longer term, I think the world converges on a decentralized, purely portable approach because I think it’s the right approach for all the reasons that Adam articulated earlier. I think there, in the near term, there’s plenty of these centralized/server-side approaches that are out there that solve the problems. So I think we’ll have this coexistence, but one of the key enablers to having the world converge on a decentralized approach is one of two things: Either the device wallets opening up and getting capable enough and flexible enough for the rest of the ecosystem to depend on… because what that allows you to do is to have a zero download or zero sort of other coordinating app kind of scenario because, for many customers, that’s a key benefit. So either that scenario happens or the other scenario is, you get a high volume entry point, like travel, where you can plan for it in advance. The other magical thing we didn’t talk about with travel, but it’s important in this context, is you buy your plane flight weeks in advance. You check in for it 24 hours in advance. So you have multiple touch points where you can go, if you don’t already have an Airside ID, you can do it. And you’re sitting at home on a high-speed network, and you can download the wallet and go through the process at your leisure. And it’s not a big deal. But you can’t insert that kind of friction into a point-of-sale scenario. And

so the question is, how can you get that distributed set of IDs out there for these time-critical scenarios?

And that’s where, in the near term, the server-side stuff will make sense because shared stuff will make sense. And then, one of those two scenarios will really drive the truly portable, decentralized adoption, which is clearly the long-term vision.

Yuelin Li 57:39
Great. And thank you, Mike. And thank you, everyone, for attending the webinar and for your fantastic questions and engagement. We hope you find it really informative. And of course, if you want to follow up on any of this or discover more or discuss it further, please contact us. I think the link has been posted in the chat and of course the normal channels. Thanks again for coming. And thank you very much, Adam and Mike.

Cookie	Description
cookielawinfo-checkbox-advertisement	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Analytics".
cookielawinfo-checkbox-functional	The GDPR Cookie Consent plugin sets the cookie to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-non-necessary	GDPR Cookie Consent plugin sets this cookie to record the user consent for the cookies in the "Necessary" category.
cookielawinfo-checkbox-others	Set by the GDPR Cookie Consent plugin, this cookie stores user consent for cookies in the category "Others".
cookielawinfo-checkbox-performance	This cookie is used to keep track of which cookies the user have approved for this site.
CookieLawInfoConsent	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
elementor	The website's WordPress theme uses this cookie. It allows the website owner to implement or change the website's content in real-time.
rc::a	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
rc::c	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
viewed_cookie_policy	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
wpEmojiSettingsSupports	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Description
PREF	PREF cookie is set by Youtube to store user preferences like language, format of search results and other customizations for YouTube Videos embedded in different sites.
test_cookie	doubleclick.net sets this cookie to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
VISITOR_PRIVACY_METADATA	YouTube sets this cookie to store the user's cookie consent state for the current domain.
YSC	Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt.innertube::nextId	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
yt-player-headers-readable	never	The yt-player-headers-readable cookie is used by YouTube to store user preferences related to video playback and interface, enhancing the user's viewing experience.
yt-remote-cast-available	session	The yt-remote-cast-available cookie is used to store the user's preferences regarding whether casting is available on their YouTube video player.
yt-remote-cast-installed	session	The yt-remote-cast-installed cookie is used to store the user's video player preferences using embedded YouTube video.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-fast-check-period	session	The yt-remote-fast-check-period cookie is used by YouTube to store the user's video player preferences for embedded YouTube videos.
yt-remote-session-app	session	The yt-remote-session-app cookie is used by YouTube to store user preferences and information about the interface of the embedded YouTube video player.
yt-remote-session-name	session	The yt-remote-session-name cookie is used by YouTube to store the user's video player preferences using embedded YouTube video.
ytidb::LAST_RESULT_ENTRY_KEY	never	The cookie ytidb::LAST_RESULT_ENTRY_KEY is used by YouTube to store the last search result entry that was clicked by the user. This information is used to improve the user experience by providing more relevant search results in the future.

Transcript: Onfido:Airside Vision Webinar - June 21, 2023

The gold standard in privacy and security

Solutions

Products

Company

Resources

You've Subscribed!