Whilst working at the financial software company, Square, Rick Song noticed more and more of the general problems happening with online security. So, he decided to tackle the problem head-on and create his own firm where he worked on developing innovative change to online Identity Verification (IDV). And thus Persona, an organisation that focuses on building a comprehensive identity verification platform, was born. Speaking about privacy, security, and end-user experience, Rick Song speaks exclusively to Software Testing News.
Why did you decide to create your own firm, rather than pushing your own ideas into the company you worked at?
IDV is the kind of problem that I’m really passionate about. I find IDV particularly fascinating because it is an ever-evolving problem: as the internet and its use evolves, the need to properly identify everyone also evolves. I’m excited to tackle this challenge with the solution that we’re building at Persona. I also think it’s really important for a company’s incentives to be as closely aligned as possible with those of its customers. By nature, larger companies have a lot of different priorities and conflicting incentives. But we’re able to focus on the needs of our customers and properly align our success with theirs – creating a better experience for our customers and their end users.
What can you tell us about the problem with Identity Verification (IDV)?
Today nearly all transactions have moved online — from banking to finding a babysitter to on-demand services — the number of use cases for IDV has grown tremendously. All of these new industries and use cases need their own custom verification flows that take into account their user base, their regulatory requirements, their appetite for risk, and their unique required verifications. A one-size-fits-all approach to IDV just doesn’t work for most organisations today. Also, incumbent IDV solutions often take a very manual approach, where humans are conducting a manual review of sensitive consumer data and documents. This approach is slow and cumbersome for all parties involved and is not designed to safeguard sensitive personally identifiable information (PII).
What are you doing to deal with this issue?
We realised that consumers want to verify their identities as quickly, easily and securely as possible while protecting their sensitive information. That’s what we set out to do – to build a comprehensive IDV platform that puts privacy, security and end-user experience at the heart of the product. We designed our platform to limit access to sensitive data by developing a fully automated solution. This also allows us to analyse identification documents, selfie videos, and other data in real-time – which lets our customers and their end users receive their results as painlessly as possible. We offer a full suite of identity verification components that can be configured and branded to create custom-tailored flows for our customers.
Why did you decide on these points to be your primary focus?
We wanted to focus the design of our product on end users and their needs because at the end of the day we want to help real people verify themselves online and improve the safety and security of online transactions of every kind.
Where do most people tend to trip up in terms of not protecting themselves with online security, particularly thinking about things from a business point of view?
Online security is incredibly complicated. Consider for example phishing and all the different types of scams that are happening every day. Sometimes user education is key to combating scams – you do your best to educate yourself and protect yourself and your personal information. But when it comes to IDV, you are dependent on the solutions organizations put in place. At the same time, organizations struggle to outsmart bad actors in the ever-evolving IDV space and increasingly, data – particularly mishandling of individual data – is becoming a liability rather than an asset. Even the savviest online users and business are vulnerable.
In terms of the development stage, how have you created a ‘platform’ to develop IDV?
Persona provides a comprehensive suite of different verifications – from database lookups and quizzes to document upload and selfie video. In addition, we augment identity verification with behavioural and environmental signals. We enable customers to easily construct custom verification flows, mixing and matching verifications so that their IDV solution meets their unique needs.
What security are you implementing?
We encrypt all sensitive data at rest using AES-256 encryption and industry-standard tokenization. We force HTTPS and TLS encryption for all data in transit over networks. Our database and technical infrastructure are hosted within SOC 2 and ISO accredited data centers. Physical security controls at our data centers include 24×7 monitoring, cameras, visitor logs, and entry requirements.
We enable customers to redact data and set up retention policies that delete the data across our entire system. We’ve thought about privacy from the ground up and designed our entire system around ensuring that PII is both securely stored and easily deleted.