We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
Today, identity and access management provider 443ID announced it has emerged from stealth with $8 million in seed funding and an identity verification solution that uses open source intelligence (OSINT) to gather data signals to verify authorized users, while keeping unauthorized users at bay.
443ID’s platform gathers OSINT signals, essentially online data that goes beyond the reach of traditional search engines, to generate a real-time risk score for each user, and assigns extra authentication steps to high-risk users, such as filling out CAPTCHA forms or verifying their email address so they can verify their identity.
For enterprises, this OSINT-driven approach to risk-scoring provides greater accuracy in identifying malicious users while ensuring that legitimate users don’t have their login experience adversely affected by verification steps.
Fighting account takeover without ruining the UX
The announcement comes as organizations have continually failed to identify fraudsters and cybercriminals initiating account takeover attempts. In fact, research shows that account takeover attempts increased by 90% in 2021, to an estimated value of $11.4 billion in losses.
“Ever since the web became an interactive medium, companies online have had to protect themselves from bad actors. These actors drive promotion abuse, fraudulent registrations, bot traffic and even account takeover attempts, to name some examples,” said 443ID cofounder and CEO, Stephen Shoaff.
Not only is defending against these threats a challenge, it’s also difficult to keep attackers at bay without ruining the user experience with lots of additional authentication measures.
“When looking at the available tools today to protect against these bad actors, we noticed a common theme. Few, if any, were designed in a way that preserved the best user experience. As a user on the internet, you were now needing to frequently MFA, find all the bicycles in a CAPTCHA to sign up for a new service, or log back into an application you use regularly for no apparent reason,” Shoaff said.
The answer: customizing the login process according to risk
443ID’s answer to these limitations is to use real-time risk scoring to customize the login process according to each user. Users with a low risk score can log in without extra authentication steps, while high-risk users must complete additional steps (such as filling out a CAPTCHA form or verifying their email address, as mentioned above).
At the same time, using OSINT data signals is advantageous for organizations because it has the advantage of gathering a wider range of data to generate customizable risk scores, which traditional proprietary risk and authentication systems are unable to do.
However, Schoaff notes that OSINT data works best when combined alongside data from existing identity systems, so the enterprise can create a more complete risk profile of the user.
The identity and access management market
The release comes as the market for identity and access management is growing significantly, with the global market valued at $12.26 billion in 2020 and anticipated to reach $34.52 billion by 2028, as more organizations invest in technologies that can help them restrict unauthorized access to critical data assets.
443ID is competing against a range of providers including PIPL, an identity trust provider that uses billions of unique identifiers to verify users and connect them to their real online identities.
In practice, this means identifying billing and shipping address mismatches, and discovering synthetic identity fraud or account takeover attempts. PIPL most recently raised $19 million as part of a funding round in 2018.
Although 443ID’s approach is unique from competitors like PIPL because of its usage of OSINT technology. Schoaff says that “we are uniquely leveraging this asset for the identity security (identity and access management) marketplace,” with the ability to build custom scoring models rather than relying on proprietary risk scores.