Irreversibly Transformed Identity Tokens

Biometric systems have gained traction as the future of global identity. 

Biometrics is one of the few feasible options for de-duplicating attempted enrolments in an identity system.  It is most easily accomplished by retaining each registered person’s biometric template and then comparing each new enrolment against the register.  

The privacy penalty and security risks are great: if your biometrics are compromised, they cannot be trusted for the remainder of your life.  Data Protection Authorities have taken an increasingly cautious approach to all Privacy Enhancing Technologies including encryption, hashing, de-identification and pseudonymisation.

The IT2 is irreversible, and identity is verified using our probabilistic zero knowledge proof AI.  Unlike credit card tokenisation, the IT2 are not de-tokenised for normal usage, the original template need never appear again in plain text.

By rendering it safe to use, store, and share, IT2 unlocks the potential of a biometric powered digital identity without compromising privacy. 

Access to markets & services that are vital to participate in the modern economy require some form of digital verification or identity. However, for 1.1 billion without any form of viable identification, this is a significant barrier.

The problem has been exacerbated by COVID-19 - the need to support the informal sector swiftly and yet not open up systems for fraud creates a demand for inclusive ID systems that can uniquely identify individuals across multiple databases.

Many believe that biometrics are the answer.  And we believe this to be true, but there is a danger.  If your password is stolen, you can always change it. Biometrics are the password that you can never change. 

With over 7 thousand breaches disclosed and over 15b personal records exposed globally in 2019 alone, traditional identity verification tools are no longer secure. These breaches have compromised username and passwords, and knowledge-based questions authentication programs.

Compromised identities not only erode trust between consumers and enterprises, they have a significant financial impact.  In 2019 alone, identity fraud resulted in losses of over $16B. More concerning, 85-95% of synthetic identity fraud goes undetected.

Trust Stamp has a vision of a future where an inclusive privacy enhancing digital identity powered by biometrics unlocks a suite of community services, from health services, to school, to savings, to farming micro-insurance, to loans and micro-entrepreneur support, without the need for phone ownership of the entire population.  

We work with last mile innovators (from NGOs to social enterprises to governments), to deliver identity solutions via touchless biometrics, for anyone, anywhere, online and offline.  

The technology has been deployed in the humanitarian sector alongside Mastercard, where the reality is a lack of mobile phone ownership, a lack of unique identification, an off-grid community who have had minimal education protecting PINs, and the need to manage risk of fraudulent cash disbursement is high.

It has also been deployed with social innovators:  Shujaaz  is East Africa’s biggest youth brand. It engages daily WITH 56% of young Kenyans and 24% of young Tanzanians.  Their mission is to connect young people with the information, skills, and resources they need to take control of their future. Digital identity is at the centre of their vision to support this community to find opportunity and work, which will be the biggest challenge of our post-COVID world.

Using the IT2 Token is a robust way to create privacy-enhancing inclusive identity verification, deduplication and 1:many matching capabilities for the last mile ecosystem, in a touchless biometrically enabled infrastructure that has a vision to be interoperable, work offline in remote communities, and built ground up to protect biometric data in that environment from abuse.

The IT2 foundationally enables shared devices and community digital ambassadors to simply bring online services back to the local context securely and with integrity - “beyond digital”:  facilitating inclusive service design & community level innovation to create the right impact in these uncertain times. 

Biometric authentication as a method to prove identity is growing rapidly, with many companies providing large scale biometric solutions. However, we have yet to find another company that can achieve our core proposition of irreversibly transforming any biometric data from any source into privacy enhancing tokens, and then performing efficient probabilistic one-to-many matching for identification.

The benefits of IT2 to privacy and security include:

• Privacy via Irreversible Tokens: The IT2 makes identification (or re-identification) much more difficult and therefore reduces privacy and security risks for individuals enrolled in a biometric system.  Once tokenised, the original template need never appear again in plain text. 

• Enabled for Use in Remote Areas: The IT2 can be enabled for identity verification & identification at the local level (offline). 

• Security of Data At The Edge of the Network: IT2 is created immediately at the point of biometric enrollment so no sensitive data is ever, nor need ever to be stored.
  

• Revocability / Cancelability: The IT2 process can be varied from one enrolment to another, thus making the tokens cancellable in the event of a data breach.

• Agnostic and Interoperable: The privacy enhancing IT2 can be used with any biometric vendor, thus breaking vendor lock in.

• Efficient and Scalable: Once created the IT2 is very small (as small as 128 bytes) and the algorithm has an efficient scaling mechanism for 1:many matching

• Fuzzy Matching: many biometrics produce a binary yes/no answer. The token gives a confidence in the match so you can also check "near-misses".
  

Our technology is already being used to prevent fraud in a US Bank. They saw:

• Improvement in Account Opening Pass rate: 81% of applicants previously declined for identity authentication were reopened

• Recovery of dormant customers:  83% of existing customers whose accounts were closed for failing legacy authentication methods were reopened

• Detect  Account Takeover & Synthetic Identity Fraud:  our AI identified three organized fraud rings in 2019! 

The technology was selected by Mastercard Humanitarian team as a robust solution for emerging markets inclusive identity in rural offline applications.  It is being used in their project with Gavi described here: https://www.gavi.org/investing-gavi/funding/donor-profiles/mastercard

More academic information about the tokenisation algorithm is given in Entry 19 of the paper found here: https://www.biometricsinstitute.org/members-biometrics-solutions-and-concepts-to-covid-19/

COVID-19 has shown that people working in the informal sector are invisible, and the digital divide is widening.  And there is a need to go “beyond digital”: 50% of the world's population have no access to the internet, and 1 billion people have no trusted way to assert their identity for basic needs like healthcare, vaccinations, social payments and food aid. COVID-19 has shown the need for a safe approach to collaboration between businesses & entrepreneurs who operate services in the last mile and those who need to reach last mile citizens in the informal sector, to ensure no-one gets left behind.

We have a vision of an inclusive digital identity for all, based on simplified Customer Due Diligence (CDD) that unlocks a suite of community services, without the need for smartphone ownership.  

However an interoperable ecosystem of services doesn’t happen overnight - this requires businesses in the community to find the tools easy to use & to trust the tools to validate identity accurately; the community to be able to use simplified CDD effectively with identity fraud prevention front and centre; & the right government support of simplified CDD, and trust frameworks to govern digital identity interoperable services.

The first step is putting in place safe last mile decentralised registration that creates a mechanism to recognise people as people, and when necessary find people across different sources of data in a way that doesn't infringe on privacy rights.  We believe the IT2 is a simple technique to deliver this.

To this end our activities focus on making tools & example code available efficiently that register, deduplicate, find matches based on zero knowledge proof and allow safe biometric reauthentication using the IT2.  

We focus professional services activity on helping enterprises use the micro-services, and are actively searching for opportunities to support trust frameworks / identity schemes to experiment with the technology across 2 or more enterprises. 

For businesses creating last mile services, we provide APIs and SDKs for the developer ecosystem who want to create their own services; we provide demos and example code to showcase the services in action.

TrustStamp directly provides a one-stop biometric toolkit as above to allow innovators to create enrolments, deduplicate, check grey lists and re-authenticate individuals.   Because the toolkit protects the  biometric with the IT2, it creates a way for innovators to simply protect the data & later interoperate with trust frameworks and identity schemes and support deduplication & shared services.  

The tools are designed to integrate into existing digital platforms that are already widely used in the development sector, such as ONA.  It is expected that most innovators will want to own their customer experience and benefit from simple easy-to-use safe biometrics.

Where an enterprise is already working with a biometric provider or a developer sector tool, that enterprise can use the IT2 algorithm to transform the biometric PII more efficiently & safely than use of encryption or hashing techniques can provide.  This unlocks the power biometric reauthentication in last mile offline applications safely, protecting biometric data from potential attack on unknown devices.  This has already been done with several biometric vendors as part of a Mastercard engagement.

Once an IT2 is generated, Trust Stamp’s deduplication, 1:many matching & reauthentication algorithms give an enterprise confidence to use the IT2 to reduce identity fraud applications, spot repeat offenders & ensure people are uniquely identified even when there are silos of information within the business.

Once 2 or more institutions using IT2 wish to collaborate, this foundational technology allows institutions to answer questions digitally, without sharing data or creating a centralised repository.

Trust Stamp focuses on contactless biometrics that can be captured from a non-specialist Android phone running OS 8 with a 5MP camera or better.  

The SDK allows solutions to work offline, creating the protected IT2 directly on-device before storage to memory, with the intention that data will synchronize to the chosen database when a network is available.  The example code base includes a last mile field worker application using biometric-centred staff logins.

Trust Stamp's algorithm is typically hosted by the partner/client running a service; it is engineered as a microservice that can be deployed in cloud or local environments, or running directly on a smart device. For SMEs a hosted multi-tenant option is available.

Where an existing enterprise wants the benefits of IT2 with their own biometric modality and last mile applications, Trust Stamp provides the IT2 algorithm as a self-contained micro-service that can run on the smart device or at the server dependent on the preferred architecture. It has been used in blockchain applications, the payload is well-formed for this scenario.

IT2 is a capability and not a standalone biometric system, we believe that systems deploying the solution will have the ability to meet several standards, including NIST 800-63 guidelines on digital identity

There are no globally agreed standards for contactless biometrics

Many existing biometric identity databases will be in open-standard ISO 19794-2 biometric template formats. For example, India’s national Aadhaar UID programme and Tanzania’s National ID Authority (NIDA) programme both use ISO 19794-2 standards. 

Even when operating as intended, biometric technology raises privacy concerns which have led to close attention from regulators.  Multiple jurisdictions have placed biometrics in a special or sensitive category of Personal Data and demand much stronger safeguards around collection and safekeeping.  We believe the IT2 is one of very few solutions in the market that significantly advances security & privacy features, as envisioned in the ISO 24745 on Biometric Information Protection

Trust Stamp's algorithm can work easily with decentralized identity ecosystems like DIDs and/or WebIDs (i.e. Solid) based on global W3C standards.  It has been used in blockchain applications, the payload is well-formed for this scenario.

We hope to drive and participate in the global discussion and contribute to the development of open and public guidelines for biometric interoperability.

Examples of open technology standards implemented and/or planned. For example, all data interactions are based on OpenID Connect, OAuth 2.0, JSON Web Tokens, Verifiable Credentials (W3C), JSON-LD, Schema.org, etc.

The reality in communities with low literacy and numeracy levels is that the security mechanisms traditionally employed are ineffective: PINs are often forgotten & need reset, written down, shared with agents or family members.  This leads to security and consumer, fraud & consumer protection issues if not dealt with. 

In conjunction with Mastercard, the technology has been deployed in the humanitarian sector, where the reality is a lack of mobile phone ownership, a lack of unique identification, an off-grid community who have had minimal education on protection of PINs, and the need to manage risk of fraudulent cash disbursement is high.

The size of the data has been optimised to transmit the least information necessary. The identity token itself is compressed compared to standard biometric templates due to the IT2  algorithm. Because of the IT2 transformation, the business can rest assured that PII data is meaningless if it is hacked, allowing the potential to work offline safely.

We are expanding access to the solution to smaller businesses with the same problem space of digital identity.  We are partnered with https://www.shujaazinc.com/ (Kenya’s largest youth media brand) to support them in creating alternative trustworthy sources of data, that could in the future lead to richer information available from a serious young entrepreneur community who are invisible today digitally, and the potential of a linked, consent-driven data sharing economy between the formal and informal sector.

The clients we work with generally have 10's of millions of customers, therefore we work on staged rollout. 

An example of this is a bank we are implemented with which is currently rolled out to 275,000 customers of a total intended roll out of 80 million. Happy to provide further details directly to the World Bank team. 

We ensure that our customers know they are talking to the right person. We have 2 impact goals: 

1. Support identification of marginalised communities

2. Fight fraud

In light of COVID-19, Mastercard expanded its worldwide commitment to financial inclusion, pledging to bring a total of 1 billion people and 50 million micro and small businesses into the digital economy by 2025.  As a Mastercard solution partner, we believe the IT2 impact goals need to be equally ambitious.

We do this by empowering our partners (B2B2C).  We target partners with large potential reach and measure our impact by focusing on the metrics that result from their implementations, including the number of unique enrollments (indicating end user reach), re-authentication requests (indicating continued use beyond initial enrollment), re-authentication fails (indicating potential fraudulent uses), number of duplicates detected and other metrics that may be specific to the partner’s use case

Our “go to market” strategy includes both a direct and channel/partner approach. Strengthening our channel partners is critical as it enables us to reach more clients quicker and it embeds our technology in wider solutions for the customer, increasing the ubiquity of our privacy enhancing technology without having to significantly scale our sales team.  

In order to meet this increase in demand over the next 12 - 18 months we aim to strengthen our team in the following areas: data science (machine learning, artificial intelligence), biometrics, developers, product and sales / customer success.

The reality of emerging markets execution is not simple:  fragmented identity & privacy regulation, language barriers & adoption of new technology that is not today the cultural norm, and potential conflicts of interest as trust frameworks are designed. 

There is a need to work with last mile partners to effectively reach the scale potential & ensure that the solutions are sufficiently robust and simple to customise to local conditions.

We plan to further productise our offerings and the implementation required, increasing our ability to deliver them efficiently at scale by ensuring channel partners and last mile innovators have the combination of simplicity and customisation needed to design for their context.

We are keen to find consortiums & identity & privacy regulators who want to experiment in a safe sandbox environment as part of their design of trust frameworks & scheme rules, as we believe it could lead to pragmatic & helpful discussions towards swifter outcomes for marginalised communities.

Trust Stamp currently employs 40 full time staff, which includes:

• Science, Engineering and Development: 19

• Business and Sales: 8

• Quality Assurance: 8

• Operations and Support: 5

Trust Stamp also has 8 part time employees in leadership and executive advisory positions. 

We work closely with a development agency to augment internal resources and have around 10 contractors working at any given time. 

Trust Stamp started off in 2016 with the goal of protecting people in the digital space, addressing a host of cybersecurity issues from wire fraud in real estate to secure P2P transactions in virtual marketplaces. The common denominator in addressing and identifying fraud is secure, trusted identity, and we were able to expand our work into the banking and fintech space through our involvement with incubator programs throughout the country. 

Our entry into the humanitarian space began in 2018 when we partnered with the Conference of Western Attorneys General Alliance Partnership to provide technology that facilitates secure cross-border information sharing to identify victims of human trafficking between the United States and Mexico. 

We then went on to join the Mastercard Startpath accelerator program which led to the humanitarian application of our technology in a project that aims to provide legal identities to over 100 million undocumented families for vaccinations, medical services, aid and education. We have spent four years and millions of dollars developing identity solutions that deliver the secure, robust verification needed for digital transactions while protecting the privacy of individuals to an incredibly high degree. Trust Stamp technology serves some of the largest financial institutions in the world. As of Q2 2020, Trust Stamp has 14 patent filings, and proven revenue of 2.1mm (2019). We have nearly doubled in size over the past year, and our technology is used in a variety of verticals, including finance, insurance, humanitarian, travel and government

Vital4 - to extend TrustStamp’s compliance and monitoring capabilities in the Financial Services sector 

Women In Identity - we are an Gold sponsor of WiD a non-profit organization supporting diversity and inclusion in the identity industry

Mastercard Humanitarian & Development team - we provide the IT2 into Mastercard's inclusive identity vision & collaborate to deliver initiatives

ID4Africa - we are actively supporting the leadership team as they shape Service Design thinking advocacy 

Mojaloop Foundation - we are a participant in mojaloop convenings with shared services for fraud detection in mind. 

10 Clouds - channel partner & additional development resource capacity NAEA 

Propertymark  - advocates of fraud detection solutions in real estate sector 

The National Association of Realtors - advocates of fraud detection solutions in real estate sector

We provide the IT2 algorithm in a number of formats that allow innovators to experiment directly & we sell solution engineering to deliver one-stop-shop solutions.

We reinvest into R&D, with a focus in 2020 & 2021 on infant biometrics 

We provide direct technology delivery services & we scale via last mile innovators & channel partners / solution integrators. using biometrics toolkits.

One example of the toolkits we have packaged include last mile gig worker toolkit that can enable multiple use cases, from removal of staff shared pins, to customer re-authentication via agent networks.

Until recently, Trust Stamp had been largely funded by institutional investors, venture capitalists and accelerator/incubator program funds. In March of 2020, we launched our Series A round of funding with the goal of supporting continued R&D and company growth, which ended on July 17th, 2020 raising $10 million.

TrustStamp has revenue sources from clients, the funding round focus is to allow the business to further scale & invest further in R&D.

Trust Stamp achieved $2.1mm of revenue in 2019, representing a 152% YoY growth compared to 2018. Our income is in two streams, implementation fees for building or configuring applications and then passive income based upon licensing revenues on a pay-per-use or periodic basis. Revenue earned in the last 12 months is heavily distributed among our two largest enterprise clients.

Trust Stamp conducted a $10mm Series A round of funding the first half of 2020, which was comprised of $5.6mm in investments from the general public in addition to investments from Mastercard International, FSH Capital, Second Century Ventures, the OnRamp Insurance Accelerator program and the FIS Accelerator program. Prior to this round, Trust Stamp raised capital from venture capitalists, corporate/strategic investors, angel investors and incubator programs:

1. $351,000 - January 2016 - Common Equity

2. $15,000 - April 2016 - Convertible Note

3. $500,000 - August 2016 - Convertible Note

4. $100,000 - December 2016 - Convertible Note

5. $500,000 - January 2017 - Common Equity

6. $547,800 - July 2017 - Common Equity

7. $2,000,000 - August 2017 - Convertible Note

8. $3,000,000 -  August 2018 -  Common Equity

more information is publicly available here: https://www.seedinvest.com/trust.stamp/series.a/

TrustStamp have just closed a funding around, raising $10million

Full details can be found here:

https://www.seedinvest.com/trust.stamp/series.a

Additional details will be provided directly to the Mission Billion Challenge team, as needed.

COVID-19 has brought a sense of urgency to the problem of digital identity and invisible informal sector communities.  The challenges countries are facing to mitigate the economic impacts of COVID-19 underscore the urgency of action so that those in need are not left even further behind.

Often in these circumstances larger questions of biometric security, privacy and safe database comparisons can be waylaid, and this can lead to the deployment of solutions that are not fit for purpose, unsecure and a negative affect on individual privacy. 

Trust Stamp's tokenisation can fundamentally help governance bodies to achieve a safe solution from the outset that combines grass-roots innovation initiatives with larger system design, for the purpose of distributed service design in last mile.

However the reality of emerging markets execution is not simple, and accelerating partnerships to enable this is the focus of our application:

The largest benefit to Trust Stamp in applying is the ability to demonstrate the benefits of IT2 tokenisation over encryption & hashing biometric protection, as well as to showcase our tools available to last mile innovators to harness its power today.

1) IT2 adoption as an enhancement to biometric security in distributed systems requires advocacy from those working in on-the-ground projects.  For this reason, we would value support in marketing, media and exposure of the benefits of IT2 as a better alternative for privacy and security vs traditional hashing and encryption.  

2) To gain traction at scale requires acquisition of on-ground implementation partners, as well as advocacy to local innovation communities such as those replying to the WURI challenge.

3) We welcome the opportunity to discuss with governance bodies who want to learn more & experiment as new trust frameworks are designed.  We would value legal & regulatory conversations as market opportunities arise for deployment, as well as advisory input into our emerging markets strategy. 

In the short term:

1) We would value input from the ID4D team as to markets/projects actively looking for solutions for deduplication & 1:many matching  - as mentioned on the ID4Africa webinar post COVID. there is a short-term need for this in the light of how an initial COVID response combined sources of data.

2) Our hope is that WURI challenge innovators could directly benefit from our gig economy toolkit that includes touchless biometrics & IT2 deduplication & reauthentication services in action. We would hope for introductions to winners from that prize; innovators benefit from free access to the toolkit as part of COVID response

In the longer term

3) It is clear that entities are rethinking their digital identity strategy in light of COVID:  we would value input from the ID4D team as to the institutions considering the design of trust frameworks and decentralised solutions around digital identity for last mile service design, to allow us to directly advocate for the use of IT2 to unlock the power of inclusive identity and simplified CDD thinking.