Contact Us

At first glance, calling something “zero-knowledge” may not sound like a positive thing. Since knowledge is typically seen as something that’s good, it would make sense that having less of it would undesirable. But there are certain situations where having less knowledge is better than having more. One of the most common scenarios is where privacy is involved, and that is where the technical term zero-knowledgewhich refers to a method where the yes or no answer to a question can be shared without revealing the actual details of the answer—comes into play. But before we delve too deeply into that, let’s look at a basic example of how a zero-knowledge proof works.

This “Bob and Alice” scenario is a slight twist on Yao’s Millionaire’s Problem, conceptualized by computer scientist and computational theorist Andrew Yao in 1982.

zero-knowledge, zero-knowledge proof, alice and bob, payfone, consumer privacy, identity authentication

An Even Simpler Example of Zero-Knowledge 

 

Another even simpler example is one we are calling Maya and the Online Wine Shop. Maya wants to purchase wine online but there is an age restriction of 21-years-old or older. Maya wants to prove that she meets the age criteria without revealing her age. She prefers to have a private simple Yes/No response provide an answer that definitively proves that she is of legal age. This can happen if the online wine shop has zero-knowledge architecture, which can validate her age, without giving away the ‘secret’ (i.e. that she is actually 45 years old).

 

Interesting, But Why Does This Matter?

 

These two examples give us a basic understanding of what a zero-knowledge proof is and how it can help maintain privacy. In essence, zero-knowledge is a method of one party proving to another party that they know a value without conveying any additional information. So how can this be applied to some of the real-world problems that are challenging society today?

 

One area where zero-knowledge architecture is especially applicable is the realm of digital identity. With people using their phones and other devices more and more to interact online, verifying digital identities is now crucial to allowing consumers to access online services in a secure manner. Until recently, our online identities were managed in a similar fashion to how our offline identities are—by leveraging a trove of personal information such as names, addresses, social security numbers, passwords, etc. There are three key problems with this model:

 

  • These “honeypots” of personal information are not secure. And as we saw in some infamous data breaches of late, they are a magnet for opportunistic fraudsters.
  • Because these honeypots are so easy to break into, the information held within is often easily available on the black market, rendering it useless as a means of securing online identities. For example: a hacker can simply buy your social security number, type it in and pretend to be you.
  • The information held in these honeypots is also oftentimes out-of-date. Consumers change their phone numbers, move, and make other changes to their lives, and the static information in these giant databases can’t keep up. In addition to not being secure or effective, verifying identities against these troves of static, hackable, often outdated information is a pain in the neck for consumers. Think security questions like ‘What’s your mother’s maiden name?’ While you may remember that, you might not remember the answer you provided to the question ‘Who was your favorite teacher?” These are annoying time-consuming authentication practices for consumers and are easily hackable by fraudsters.

 

Most digital identity experts agree that our online identities cannot and should not continue to be managed using this “old” non-secure way of doing things. So what should the “new” way be?

 

Passive, Private & Minimalist

 

Passive identity authentication, which analyzes secure, dynamic signals instead of relying on static information, is being adopted by more and more forward-thinking Fortune 500 companies. True to its name, this type of technology often removes the need for the consumer to take any action, and instead uses signals from their mobile or other device to instantly complete the authentication. Removing the consumer from the process not only takes away opportunities for fraudsters, but also makes things easier and more frictionless for users.

 

But what about privacy? In the past, concerns have been raised about how passive authentication companies leverage dynamic signals. Oftentimes, these signals come from authoritative sources, known as Identity Verifiers, such as mobile network operators or banks. The main concern around this model is that the Identity Verifiers must often pass the signals outside of their systems to the company that is doing the passive authentication. This leads to a question of whether the signals are indeed secure and private, or whether they can be intercepted during that transfer.

 

The solution to this problem lies in the fact that the company that is asking for the results of the identity verification (a.k.a. the Relying Party) really only needs a ‘Yes’ or ‘No’ answer. Is this really my customer trying to interact with me, or someone else? Does this customer meet my criteria or not? They don’t need to know any personal information about the customer beyond what is minimally required, and because of privacy, they shouldn’t want to. This is a real-world scenario where less knowledge is desired: the perfect application for zero-knowledge.

 

So going back to the example with Maya who is purchasing wine online, with zero-knowledge architecture, a green ‘Yes’ signal, indicating that Maya is old enough to purchase wine,  will be sent to the wine site. The only information the wine shop will know is that she is 21 or older; her real age will never be revealed.

 

Payfone has been using a Zero-Knowledge framework for our clients (who are Relying Parties) since 2015. By employing zero-knowledge, we  are able to answer our clients’ question of whether their customers are who they say they are with either a Y/N answer or a score, and without having to pass additional and unnecessary attributes that could compromise our clients’ commitment to ’ consumer data privacy.

 

Earlier this month, we announced that we are now extending our Zero-Knowledge architecture to Identity Verifiers and Service Providers (the companies that provide the dynamic signals that we analyze to decision on identity). Identity Verifiers (such as mobile network operators) who are serious about protecting their customers’ data privacy can adopt our Zero-Knowledge framework to continue to participate in doing their part to safeguard customers against fraud while minimizing the amount of information that needs to be passed outside of their walls to do so. This also mitigates the risk of data leakage.  

 

What Are the Benefits for Consumers, Relying Parties and Identity Verifiers?

 

The consumer benefit of Zero-Knowledge is that it minimizes the need to pass personal information about a person in order to verify their identity for security purposes. That means a more secure and convenient digital customer experience that is also more private.

 

Relying Parties can benefit by getting the answers they need to protect their customers and companies against fraud, without opening themselves up to additional data breach risks or exposure.

 

Identity Verifiers can benefit by continuing to participate in thwarting fraud by allowing passive authentication companies to leverage their signals, without having to worry about exposing their customers to data privacy risks.

 

At Payfone, we believe that thwarting fraud does not need to come at the expense of convenience or data privacy. Our Zero-Knowledge architecture is helping Relying Parties (Brands) and Identity Verifiers to manifest this belief.

If you’re interesting in learning what drives our innovation around consumer privacy, please visit our Bill of Trust, and sign up for our webinar about Zero-Knowledge and driving better, more secure customer experiences.

Why do fraudsters love it when companies have a siloed approach to identity authentication?

 

PYMNTS explored this question in an article this week that focused on how enterprises can thwart fraud and improve the customer experience by breaking down organizational silos, or the walls between departments that become obstacles to sharing knowledge or accomplishing goals. The post, which quoted David Barnhardt, executive vice president of product at GIACT, touched upon several points that we think are worth summarizing for anyone interested in optimizing their company’s identity authentication and digital trust framework and not surrendering the customer experience to fraudsters:

 

  • Barnhardt explains that approaching the job of identity authentication and fraud prevention from separate departments rather than as a whole company all too often makes things easier for criminals who can use the lack of communication between departments to their advantage. “Look at the enrollment group, tasked with protecting the front door,” he explains. “Then they hand off responsibility to another group to manage the ongoing customer relationship.”
  • Just as the task of protecting customers against fraud should be a holistic and continuous effort, we need to shift our view of identity from something that is static (social security numbers, physical addresses, and knowledge-based security questions) to ongoing and dynamic. This can be accomplished by implementing next-generation tools such as continuous and persistent identity through anonymized ID tokens and a zero-knowledge architecture that can combat fraud more effectively by giving real-time insights into whether a person really is who they say they are when completing a digital transaction.
  • This concept of a holistic view also highlights the need to bolster identity authentication with multiple verifiers of identity rather than just one or a few sources. Fraudsters exploit systems with limited identity verifiers because they are much easier to infiltrate or trick. Going back to the need for persistent identity, some identity verifiers will also have outdated information that could make it easy for scammers to break in, whereas having a number of backup identity verifiers with up-to-date information would decrease the chances of that happening.

 

In the grand scheme of things, all of these considerations will lead to higher customer satisfaction and engagement by offering customers a secure, seamless and end-to-end experience rather than just one-and-done transactions.

So how do your identity authentication processes and experiences stack up? Do they tick these boxes?

☐ Persistent: Do they create a unique and persistent identity token for each customer that allows for continuous identification across business units and channels?
☐ Private: Do they protect your customers’ data privacy by replacing their personal information with an anonymous encrypted token?
☐ Passive: Do they allow for a fast, frictionless and fraud-free customer experience where the customer does not need to take any action (such as typing in an SMS passcode or answering knowledge-based security questions)?
☐ Pervasive: Do they start with your marketing team and touch every functional team in your organization?

For the full article, visit PYMNTS

Payfone held our very first ‘Wine & Time” Executive Experience last week in Atlanta. The event, held at City Winery in the popular Ponce City Market complex, was a great success, and was well-attended by Atlanta-area executives interested in learning how time and trust are the new KPIs reshuffling the Fortune 500. The evening was filled with delicious food, lively conversation about creating fast, frictionless and fraud-free experiences, and, of course, free-flowing bottles of excellent wine!

payfone, digital trust, identity authentication, payfone events

The event was held at City Winery, a unique bar and restaurant with an on-site winery.

payfone, digital trust, identity authentication, payfone events

payfone, digital trust, identity authentication, payfone events

The evening began in the “Den” where attendees heard from 2-time TEDx-speaker and Olympic Silver medalist John K. Coyle (‘The Time Guy’) about the science behind how humans perceive time, and how brands can apply that science to vastly improve the customer experience. John drew the crowd in with a vivid story about his Olympic speed skating days, and then touched upon how mere milliseconds can decide the difference between winners and losers – whether you’re competing in sports or in business.

payfone, digital trust, identity authentication, payfone events

Rodger Desai, Payfone’s Founder and CEO, and Kathleen Waid, Payfone Senior Vice President of New Business, gave guests an overview of Payfone’s mission of allowing brands to take back their customer experiences from fraudsters by delivering digital trust through our Trust Platform™ and Trust Score™.

payfone, digital trust, identity authentication, payfone events

payfone, digital trust, identity authentication, payfone events

Afterwards, attendees spread out into the Den landing and had the chance to receive their own personal Trust Scores from Atlanta-based Sales Engineer Caitlyn Livingston to see how the technology works.

payfone, digital trust, identity authentication, payfone events

payfone, digital trust, identity authentication, payfone events

Every attendee went home with a personal gift and a signed copy of John K. Coyle’s book, Design for Strengths.

Thank you to everyone who attended! It was an immense success and now we’re busy planning our next ‘Wine & Time’ event.

If you’re interested in attending or learning more about our Trust Platform, contact us today.

The two digital identity leaders are combining forces to make the login experience easier and more secure for consumers in Spain

 

BARCELONA (February 14, 2019) – Payfone, the world’s leading digital identity authentication provider, and the GSMA, a trade body representing mobile network operators worldwide, announced today a new partnership to bring fast, frictionless and fraud-free login experiences to companies and their consumers in Spain. Payfone and the GSMA’s Mobile Connect authentication technology fulfill the need for enterprises in Spain to engage more effectively with their customers. Payfone’s award-winning Trust Platform and Trust Score™ replace cumbersome and hackable identity verification processes such as passwords, knowledge-based security questions and SMS one-time passcodes with instant, invisible, and zero-knowledge digital authentication. The deal marks another major milestone for Payfone as it continues its expansion into 35 global markets.

 

The key ingredient to enabling the best possible digital experiences is eliminating the real-time Trust Gap, the difference between the >95% of consumers who can be green-lighted through a VIP customer experience and the <5% of consumers who require further authentication to confirm that they are who they claim to be. Payfone eliminates this Trust Gap and creates a VIP express lane experience for trustworthy logins through our patented Trust Platform and Trust Score. The Trust Score answers the question ‘Is this customer who they claim to be?’

 

“Companies around the globe realize that there is no longer a need to trade off great digital experiences for fraud prevention,said Rodger Desai, Chief Executive Officer of Payfone. “Winning businesses will be differentiated by delivering experiences that not only engage customers and drive long-term loyalty, but save on OpEx by eliminating unnecessary intervention processes.” Desai continued,”We are thrilled to partner with the GSMA and Mobile Connect to bring our advanced Trust capabilities to Spanish enterprises, who can leverage them to give their customers a safer and more convenient way to log in while competing more effectively.”

 

“With Mobile Connect, the mobile industry is fulfilling an important role in the digital identity space, giving users control over their own data and enabling consumers, businesses, and governments alike to interact and access online services in a convenient, private and trusted environment,” said Alex Sinclair, Chief Technology Officer of the GSMA.

 

Payfone and Mobile Connect’s secure, frictionless authentication technology will be available to Spanish enterprises in mid-February 2019.

 

Request a meeting to learn how you can boost customer satisfaction and engagement with Payfone’s Trust Platform.

 

About Payfone
Payfone is the world’s leading digital identity authentication network. Our award-winning next-generation Trust Platform validates identities and enables enterprises to deliver fast, frictionless, and fraud-free customer experiences to over 90% of their customers. Payfone closes the Trust Gap and issues a real-time proprietary Trust Score for 6 of the top 10 financial institutions, and leading healthcare, insurance, technology and retail companies. Learn more at payfone.com and linkedin.com/company/payfone.

 

Press Contact:
Yuka Yoneda
yyoneda@payfone.com
212.614.6927

CTIA, the wireless industry association, today announced that Michelle Wheeler, Payfone Vice President of Market Development, will join CTIA’s Board of Directors effective January.

 

Payfone is a valued CTIA member and a leading cybersecurity platform. Payfone’s focus on targeting digital identity theft with innovative identity authentication network solutions has made it a trusted brand across multiple industries.

 

“I’m excited to welcome Michelle to the CTIA Board,” said CTIA President and CEO Meredith Attwell Baker. “Payfone is a leader in the digital cybersecurity and authentication space. We look forward to working with Michelle on ways to protect businesses and consumers in the mobile ecosystem as next-generation technologies come to market.”

 

“I am honored and excited to join CTIA’s Board of Directors,” said Wheeler. “I look forward to serving the organization and advocating for the protection, privacy and convenience of American wireless users through advanced identity authentication technologies like Payfone’s.”

 

With more than 25 years of experience in the communications industry, Michelle’s career has focused on enabling operators around the world to leverage data and analytics to solve business problems. She is a recognized expert in her field with deep experience in operational credit and fraud strategies.

 

The full CTIA Board of Directors is available here.

 

About CTIA
CTIA® (www.ctia.org) represents the U.S. wireless communications industry and the companies throughout the mobile ecosystem that enable Americans to lead a 21st century connected life. The association’s members include wireless carriers, device manufacturers, suppliers as well as apps and content companies. CTIA vigorously advocates at all levels of government for policies that foster continued wireless innovation and investment. The association also coordinates the industry’s voluntary best practices, hosts educational events that promote the wireless industry and co-produces the industry’s leading wireless tradeshow. CTIA was founded in 1984 and is based in Washington, D.C.

 

About Payfone
Payfone is the world’s leading digital identity authentication network. Our award-winning next-generation Trust Platform validates identities and enables enterprises to deliver fast, frictionless, and fraud-free customer experiences to over 90% of their customers. Payfone closes the Trust Gap and issues a real-time proprietary Trust Score for 6 of the top 10 financial institutions, and leading healthcare, insurance, technology and retail companies. Learn more at payfone.com and linkedin.com/company/payfone.

 

Media Contacts:

Jason Johnson
CTIA
jjohnson@ctia.org

Yuka Yoneda
Payfone
yyoneda@payfone.com