Payfone’s CEO and Founder Rodger Desai recently sat down with David Birch, Director at electronic transactions consultancy Consult Hyperion, to answer the ‘tough’ questions about industry challenges and how Payfone’s ‘call to arms’ regarding Zero-Knowledge can really impact the digital world.
Desai: Yes, these interests can co-exist; in fact, in our view, they must. Security and the desire for convenience should not override privacy, but you can’t have privacy without security. And since laws and regulations lag technology, GDPR and CCPA may not capture the full scope of the privacy protections consumers require. It comes down to having a strong set of principles that guide how products are built and used. Payfone’s Bill of Trust is our set of principles that we use to guide our actions that go beyond what may be required by regulators today.
Desai: Our view is that even with compliance obligations such as KYC/AML, GLBA exceptions and the GDPR’s notion of Legitimate Interest, consumers expect to always be informed, have the collection of their personal information limited to only what is minimally required, and their consent collected.
Desai: No, that is a common thought every time technology advances. Privacy is a constant renegotiation of the boundaries between individuals and society. History has shown that if society overreaches, innovation and personal rights suffer.
Desai: We think Zero-Knowledge is key to the way businesses will work with each other in digital. Gone are the days where the industry needs to aggregate personal data and somehow protect it. Our mission is to accelerate the digital economy to a world where privacy is not compromised, while protecting from fraud and cyber-threats. Service Providers such as mobile operators and financial institutions play a critical role in the ecosystem, and Zero-Knowledge can allow them to participate safely.
Desai: Yes. While we have never used mobile operator location data at Payfone, there are important and legitimate cases where location can help protect consumers. If a bank would like to ask if a customer’s phone is in the city where an unusual transaction is taking place, then the bank, with consumer consent, can ask a Service Provider if the phone is in that city. The answer should be yes or no, and the actual city the consumer is in should not be returned or revealed. That’s Zero-Knowledge.
Desai: As we just announced today, due to the sophistication of our platform and our focus on redundancy and inclusion, we have many authoritative identity verification partners. We cover 90% of U.S. adults across mobile, VoIP and landline, even pre-paid, family plans, and businesses. Additionally, since we tap into core telecom infrastructure, the way the mobile operators themselves do, we are less reliant on mobile operators directly.
Desai: Yes, especially with the need to thwart SS7 attacks, SIM swaps, robo calls and spoofed calls. These are among the top complaints the FCC receives from consumers. Mobile operators are adopting Zero-Knowledge protocols which will help prevent fraudulent activities, modernize their processes and protect their subscribers and customer data even further.
Desai: We have been on a journey to accelerate the industry to a world that fulfills our Bill of Trust. Today the focus is on expanding our coverage and Zero-Knowledge. Later this year we will introduce new tools for consumers to take control of aspects of their mobile identity. It’s time to create additional tools that accelerate self-sovereignty.