Learn best practices from data protection experts on how to use the latest defenses to secure your organization against the latest threats and to offer your customer a smooth customer journey without fears.
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Learn best practices from data protection experts on how to use the latest defenses to secure your organization against the latest threats and to offer your customer a smooth customer journey without fears.
Learn best practices from data protection experts on how to use the latest defenses to secure your organization against the latest threats and to offer your customer a smooth customer journey without fears.
We've heard a lot about authentication too. Obviously there are consumer identities are under attack all day, every day. What kind of perspectives could each of you bring about? What do you think some of the best methods are for protecting consumer identities? And it's a free for all. Whoever wants to talk Royal, I'll just, although You should just go down the line All fair enough. So in my mind, awareness is the answer. And what I mean by that is sometimes when you're caught between a rock and a hard place, best thing to do is to go further, faster, go forward faster.
And so knowing that no matter what we do from a authentication verification, whatever layers we put in place, identities are still gonna be under attack. The best thing a consumer can do is be as aware of the usage of their identity as possible. And that gives them the tools at that point to at least protect themselves when those attacks do occur. So I would tell you awareness as to one thing that hasn't necessarily been spoken about as much, at least in the sessions I've sat in on. Okay. So I'm gonna go completely opposite of you.
That's Actually Awesome Mates Always because no, because you know, when you, when I go to a conference and somebody says, they're gonna give you actionable advice on how to protect your identity online, I'm always at the edge of my seat because there's very little that we can do really to protect our identity online. Right? So we know that the, the browsers behave differently, we have different skill sets.
You know, my mom has, has zero clue about what's going on. I get entire emails in the subject line.
So, so we have all of these kind of pieces that we have to deal with and a continually moving threat landscape. So awareness is really good. It is.
And, and trying to not, maybe not put all of your data into any form that comes your way and thinking about the value of your data, I think is, is a really important piece. But, but what can we do?
It's, it's a tough question to answer. It's why we're here.
So, so I think we think at the DIAC, what we need to solve for is not only personal identity, but we have to solve for organizational identity as well, and the ability for us to, to prove relationships between each other. And so it is the consumer ID world event. What we're putting forward in Canada is that the way that you solve this is by unlocking the capabilities of the government to underpin assertions about us particular attributes about us and make that available into the economy for us to use. And then we also have to solve for personal identity.
So that that's what those attributes are. Proving. Maybe they're coming from the government, maybe they're coming from a bank, but then we also have to unlock the capabilities of the private sector. And so we have to get the best out of authentication. Banks can pick us out in a crowd digitally because we're doing tons and tons of transactions with them, governments can't, they, they have very little idea who we are digitally telcos have a much better idea who we are digitally inside of their walls than governments do. So.
So from our view, there's very little that we can do in the current state. We have to be aware. We have to try to, to, to squash the vectors that we can, but in order to really solve for this equation for the identity equation and the safe, safer transacting equation, we have to get governments doing what they do and which is verifying pieces of identity and get that into the economy.
And stop only thinking about me, logging into government, and we have to get private sector to be able to consume that information or validate that with that information, but also help governments to authenticate who we are that we're the same person over and over. So that's a little what we think in DIAC. So are you, are you advocating national guard? I love that. That's a great question. Yay. Let's do it.
No, we're not. We're not. So we're not, we're not, we're not advocating for a singular national identity, everybody.
Every, I like to say that identity is an intersection of technology, culture and governance. How you're, how you're social insurance number is your identity. Sure. We have a social insurance number.
I mean, we have a social security number here as well. Right? One might argue passports.
I mean, I think only 10% of people in the us have passports is that's a really low number. I think. I don't know the number Canada, but I, we just speak across the border. Yeah. I know it's high up there though. But the point here is, is that in terms of a singular identity. So are you Canadian?
You know, the direct, you know, where it is? So I thought, okay, so you know that not, not everybody does. I know where it's. So you know that the, the C K north are here, the legal root exactly could the legal root of your identity in Canada comes from the province and the legal, unless you're an immigrant, then it comes from the federal government. So we are a Federation of 13 provinces and territories that all agrees to work together under one government. So the federal government doesn't even know who you are until the province tells them.
So this idea of a singular identity, number one, Canadians don't want that. They've they've, they've clearly said that they don't want that. Now maybe culture will change. And eventually they'll say, yeah, this is a pain in the, but will, will do it. But the way that the governance works, all of the, the roots come from 14 different places. So we need to be able to connect in with those roots when you need a high assurance and make that available and enable Canadians to actually use that information. So we're not talking about one singular identity.
We're talking about models where people are in the middle, they can, you have data requesters and data verifiers, and they can just make those connections between data requesters and data verifiers. So for us, single identity, no is not, is not in the cards now. Thank you.
So the, the topic is really why we start to think about what eventually became a company and, and you, but very long time ago, that means how do you, or you protect yourself indeed in the digital world that where you could already see 10 years ago, the growing amount of data about yourself going into everywhere. And this is just growing. So we tried to think in a sort of radical way, we could always do, okay, put the bigger lock in front of the door in a bigger, in a bigger, safe deposit box, cetera. But I mean, working banks in the past, you know, that doesn't work.
And as you may know, there's no money in banks anymore. I mean, real money.
So, and there are good reasons for that because you can, you can always break in. And the matter of fact is that it's opening every single day. So we really look at, since we were a startup at that time, or even not, not even that the, what could we do radically. And that's how we came with the thinking about it's all about where the data are located.
And then how can you access the data you don't have to, you can disassociate the fact that you access the data and the fact that you own the data, because the, the main problem is that when you start to own the data for companies, then you begin to go into bigger and bigger and bigger chest where you have that, and then you have backing issues. So if we could find a system where you know, where the lake, the data is accessible, you might check to a query. Is it true or not? Is it bigger or small, whatever the question is. And then you come back with the answer and all you store.
So to speak is the answer with sometimes some certification or credential around that answer, then that should be possible to build something. And that's how we came up with the architecture of our platform with also because GDPR was already in progress 10 years ago, we looked at that and actually privacy by design from Canada. And so we had that as a threshold.
I mean, that was the, no non-negotiable part of the design or for solution. And I think eventually that's where now as a customer, if I have a way to store my data in very natural way, in, in a mobile or wherever, where I used to have my data anyway, collect some more, have it completely secure and encrypted in one or several location, but that's that I own with a, as I said earlier, by default, it's an optout, that means you don't touch. I don't share.
And then I decide with whom I can share when, and, and just by the opportunity or the triggering event, as I say, which is when I want to buy something, or then I start to have a system where at least my data feel secure. And then I feel that that data doesn't have to move of not all the data has to move to the person that needs that data to make a transaction with me. And you start to have a system where eventually you feel protect and in control. And that's how you start to rebuild the trust. If companies start to say, well, we take it seriously.
Now we're not, you know, of course we take seriously customer data, but that's mainly for marketing issue or for compliance issue. But if I, if, if companies start to treat that there's a real asset that, and respecting the customer, then they will say, okay, I don't need to own your data. I just need to be able to, if you ask me something to access some of these and that's it. And so that's why we build up picture eventually. All right, I'm gonna keep the theme of debate alive here. Joni.
That's a great idea that you guys are getting data from governmental sources, authoritative sources, it's much more meaningful than credit bureau data and that kind of thing. But at the end of the day, it's data, it does improve identity. It proves that somebody knows some information. It doesn't prove that that's the person performing the transaction. So I love where you're going with it, but I still think it has some holes. Now we personally deal with some very, very sensitive data, probably the most sensitive PII in the world.
And that's government issued IDs and bases really important stuff, really sensitive stuff. Hackers panacea, if you will. So we process things in a stateless environment. We don't store that data. Those images come into us. We process 'em return a result, return that result to our customer then destroy. So it's a good way to save and protect the customer. It was just coming, coming off of another telco fraud forum. And another concept that came out of that was tokenization. We've been doing that with credit cards for quite a while.
So if somebody steals the, the database of credit cards, it's meaningless, it's worthless to them. Why can't we apply that concept to PII? Sorry.
Yeah, I don't, I don't think we're very far off. I'm trying to find a way to fight with you now, since we wanna keep that theme going, but I don't think we're that far off.
I think, you know, we're talking, I think we, we had some themes here. We're talking, I think largely about keeping data where it is. I think we're talking about data minimization. I think we're talking about, you had another point that I wanted to pull onto well platforms, environments. Yeah. So we're talking about environments that are more secure that we can, that we can do business in.
Oh, you, I think you had zero knowledge proof, maybe some, you had a bit of zero knowledge proof. Yes. So I don't need to ask the specific question. I can ask a, a range and then get a yes or no token. So I think, you know, without planning, we got a lot of themes that we all really agreed on there. And then I think in terms of, you know, I agree with you, data is data.
It doesn't really mean anything without binding it for physical presence and using multifactor authentication and different mechanisms to say, yes, I was actually there and present for this transaction to be able to give consent to it. And also to, so we can do even more higher and more compelling use cases around healthcare or other things.
I guess the one thing that's interesting that I was thinking about when you were giving your talk was, you know, consent is kind of an interesting paradox and protecting consumers because, you know, if we have to record a consent and prove that a consent event happened and retain that data, you've now created a paradox that you know, that I was there. So I'm curious, you know, how, how we're gonna kind of get out of that box, protect people and enable, enable people to do that kind of business, to do their business, but also not create this paradox with recording of consent.
And I think that great. I think that's an issue again, where the regulators, the same regulators, I feel as if who have written the laws on data privacy on the flip side have been involved in written writing the laws around compliance and the requirements around consent. So I don't know that it's up to any certainly the vendors to figure it out. I think the regulators have to come to the accommodation and figure that out for us. Because if you look at the laws, there is a paradox, there's an absolute paradox around if I'm required to collect consent.
That means I'm actually, and I have to prove that I collected consent. That means I'm retaining customer data. Therefore I'm violating, you know, the right to begotten and yeah, the process just goes on and on.
So, but one thing I want to go back to around the original premise here around, you know, protection of the customer, I'm gonna keep with the libertarian bent, and I'm gonna say, it's the customer's requirement to protect themselves. I do believe that people do need to keep an eye out. You should be as aware as possible around your identity.
Your, I don't believe there is any way. I personally don't believe there's any way to stop it. Your identity will be stolen most likely, at least once in your lifetime. And it's up to you at some level, whether it's credit card or whatever the case may be to be aware and, and mitigate, you're not going to necessarily stop it. So that's a, it's a personal viewpoint, but you ask and is answered Just to I'm sorry, there, those questions. There was one.
I, Somebody go ahead. I'm sorry. Me. Are You saying that digital crime is not part of physical crime?
I, I did not hear that. Are you saying that digital crime is not on par with physical crime when somebody breaks into my house and steal stuff so I can call the police, but when my password is stolen from the dark we're abusing UN bought, it's not a crime and I can't call anyone.
No, I'm not at all saying it's not a crime. I'm just suggesting that the crime's going to occur. It's more likely to occur that someone is gonna steal your passport information online, as opposed to breaking it and taking your, your, your big screen television. And there's certainly not gonna break in and take your passport into your home. They're more likely to break in, you know, break in on the web and take your ID than they are to take any valuable from your house.
Well, just wanted to contradict a little bit on the fact that the, there is a way, or there are ways, but there is definitely a way to collect the consent without collecting the data and also actually put in place systems where you have, it's still possible to have the right to be forgotten, pretty efficient. That's what we put in place. Not that long ago for a customer.
I mean, now with GDPR, it's a, they all have to do it, but a customer in Europe. So they are ways to do it. Just have to be a little bit creative. You know, I, I like, I like the idea of, you know, trying to protect yourself, but how do I protect myself from Equifax, not doing their job?
You know, they're collecting information on me. I, I never gave them consent for that.
You know, they're not, they're not any value add I did. Okay. I stand corrected, actually, I'm gonna sit corrected now.
I mean, it's, it's, it's like cars, right? I mean, so we can take the libertarian view for sure.
But, you know, as we said, you know, this is outside of our control. We can't control those organizations.
And, you know, so how, what, what is the consumer's role here is also maybe another way to think about it. And so, you know, when I, when we come to this question, I often think about cars because just as the internet is magic to my mother, cars are magic to me. I know how to drive them. I have no idea how they work. What's going on underneath it's magic. The key goes in and it goes, but we do have rules of the road. I can be super libertarian and drive into the ocean. That's a thing that I can do if I want, it would be probably stupid. Or you drive into the person next to it would be stupid.
But, you know, we did have a consumer protection agency where people got together and said, Hey, by the way, maybe we should make these cars as safe as they can be. We know that they're gonna have accidents, but let's identify as how we can design them so that they're not complete death traps.
And so, so we accept that things are gonna happen, but we people in this room and others have a big responsibility here to, to make this environment safer, better, still leaving the room that people can, you know, they're gonna do stupid things that we're never gonna have a perfect. So I agree with that. And there, you know, as, as consumers, this time, we can also vote with our feet.
I mean, we can favor companies that take us seriously in terms of data, privacy, et cetera, and, and, and avoid the others as an old activist. I been in the organic movement since I won't tell you along and same thing at the beginning, that was a tiny, tiny little niche, not even a niche. And eventually now you find in any kind of grocery store, you're gonna find at least a few product with organic, not even talking about, is it good or not? Doesn't matter. But that was just pressure and voting by customers saying, this is what I want.
And I think eventually it'll be companies having a wise message to Derek, to the customer saying, I take it seriously now. And not just because I have to, but because I know this is better for you. And by definition for me Following up on your Equifax question, I'm a bit of a slow learner. I've been a victim five times this year had $300,000 worth of cars off me and in two weeks. And I've got a residence in Las Vegas that I've never been to and, and all kinds of things.
So, you know, it's not easy. And obviously I, I didn't do anything wrong there, but the answer is credit freeze.
You know, if you want to stop yourself from being a victim, just freeze, it don't lend anybody access it. I need to preceded my question with something that's unique about our product that we're introducing. It's a patent pending product. That's a fingerprint product that has an encryption. That's unique to the specific fingerprint. And my question about protecting the consumer. It has to do with the concept of the, of hiding the consumer's information behind the encrypted fingerprint on the authenticating server. And I'm my question is what, if anything is wrong with that, that you perceive?
I have to think through that. I mean, it sounds probably a pretty good concept initially. No biometrics on servers. That's what I say. Speaker 10 00:20:24 I would say that That's a good point. That's an awful big debate. Fido's got a lot of momentum and keeping those biometrics stored centrally, locally, where the consumer owns them.
I mean, yeah, there's some momentum there that's Important, but you know, again, I'll just play the contrarian because that feels good today. So sort of to the point you made earlier around breaking into your home, you can build a wall, you can build a boat, you can elevate your home on stilts. You can do lots of things. And if someone is determined, they can get into your home. That we know that that's, there's no denying that you can have armed guards. 24 by seven guards can be corrupted and then on and on and on, they can get into your home.
Stored on the server is just a central, a fixed place is always a way yeah, you can get in. That's a rule in the military, you know, fixed in placement. That's just an easy way you go, it's defined walls. I can break a break in, dig under, go around, fly over whatever the case may be. So storing it on your device, I just steal your device, storing it on some server somewhere. I just have to find that server and get to it. So all I'm saying in that exercise is there's always going to be a way we're never gonna get away from that. What we can do is try to be as aware as possible.
So again, it's not gonna be foolproof, but being aware is certainly one best defense that you can apply. Speaker 11 00:21:56 I like the more offensive approach than just being aware, for instance, how much data do we just give up? Just cuz somebody asks for it. How many people have their birthdate on Facebook? Why Lots Speaker 11 00:22:09 Of people. And if they require a birthdate, make one up, just remember what it was All Speaker 11 00:22:15 Time, but put disinformation up there.
I mean, think about it. They, with, with the only people that need your social security number is a revenue agency or financial institution. Anybody else's for that required make one up your phone number. You'll wonder why you get spammed on your cell phone all day long. How many places have you put your phone number? Yeah. Right.
Put a, put a fake phone number up there, put a birthdate that's different than your own birthdate. You can't open credit with your social insurance number and a wrong birth date.
And that, that knocks a whole bunch of it out. So just because a website asks for this information doesn't mean you have to give it up truthfully. So I totally agree with that. And I think the thing is, is you could have, you know, good site.com ask you for that information. And nothing happens. You could have stupid site.com ask you for that information and then suddenly it goes, but you can't people can't tell the difference between good site.com and stupid site.com. So you know, what we're trying to do is actually get to the root of that issue.
Why are you being asked those stupid questions? Why are you being asked for your birthday to be on Facebook?
Well, I think, you know, it can answer probably for legal reasons. You should be above a certain age, should be participating in Facebook it's to protect their liability and not yours shouldn't we be able to have a token or a claim that we can pass that says, this is my overage token. Yes. Take it. Not my birthday, right.
It, so we gotta solve that problem. The, the verified claims, verifiable claims and ecosystems that are ready to process those claims. And then we can really address what's going on.
I, I agree with you. Speaker 12 00:23:50 So couple things first, one of my longtime favorite expressions or sayings is you can never make anything. Foolproof. Fools are too ingenious.
And, and that's the nature of what we're trying to build as well is that you do the best you can. And you know, it's gonna get circumvented, not just by bad people, but by PE other people who just happen to do things that nobody ever expected, you know, the whole thing of unintended consequences, but the, the protection notion like protecting the home is an interesting one in the, there there's really two, two important aspects to be aware of. The one is the, the, the large scale attacks, which is I'm gonna hit 10 million people.
And if, if 10,000, you know, give me a response, I'm, you know, that's way worth my time. And then there's the spearing, which is you have you as a particular entity business person, whatever, have something of value. Speaker 12 00:24:46 And I want to get it from you. So you're not just part of the, an anonymous, unknown of massive, massive people. There's a specific reason.
And it's, it's very much the same in with, with burglaries. Let's say that you've got your general communities and you get the guy or an apartment building, rattle the doors. Can I open the door? Yep. I'm in and out. It's purely opportunistic and it's a low, low bar. And the beauty is you can set yourself apart from that very, very easily lock your doors. That's the first step.
And well, that's what we consider common sense today. Well, we don't have that same level of common sense yet on the internet, right. That there's some very basic things that people should do that they still don't quite understand. And that's one of 'em lock your doors the second though, is that okay? Speaker 12 00:25:34 Well maybe I'm a little more concerned. So I'll put in a security system, right? You've now put yourself a level above.
And frankly, if you just have the sign, you've probably put yourself a level above, cuz nobody's gonna even bother going there cuz the risk is high and it's just not worth it. When the guy next door has left his door open and then you got the guy who lives in the mansion. Well he's the targeted one. He's the one you're gonna go after. Well guess what? That person, if they're smart will spend even more on protecting themselves because they have to, right. They're not gonna be the one that's attacked.
It's not as big a risk for them to be attacked in the spam attacks, but it's very likely someone's gonna target them in a targeted way. There was a long ramble and I did have a point, but I guess big part of it is that there are some basic things that can be done by the users with a little bit of better education and passwords are a great one.
Speaker 12 00:26:24 I I've often been telling people for years, these stupid rules about using special characters or forcing them as I was so thrilled when this came up with their new guidelines to say, you don't have to do that, but it does make it an easy way to take something you're gonna remember and make it just a little different. So it's not gonna get picked up by the, the dictionary attacks and so on. And all of a sudden you've lifted yourself outta that mass market space.
So some basic education I think will really go a long way, including things like, well, what data should I just never give somebody unless I have to like social church, social security, birthdays and so on. So I reserve a rant. Sorry. That's a great, great rant. Thanks Steve. But the problem, I think with that rant too, is what we talked about is that a lot of this is outside of your mansion. Like it's not, my data is not in my mansion. It's in your mansion. Yeah.
So I gotta hope you have a mansion you now have to, and that you're saving it, but, but I do need to be aware and I do need to put the locks in. And so in terms of two points, I wanna make one actionable. If you don't have a password vault, please go get a password vault. That's at least for me personally, just until we get to the, until Fido kills the password and something else happens, get a password vault. So that PE tell, tell your friends, tell your family so that they're not repeating passwords over and over again.
And then having don't even know where they have them all when they get broken. I think that's very actionable. And then the second thing is I almost think we maybe have to get a little bit out of the paradigm of protecting the consumer and more into the paradigm of empowering the consumer.
And, and the reason that I think about that is because, you know, I have have conversations with people in government who public good is their first priority as it should be. It's good. But the way that privacy by design or privacy has been translated is to build a wall around information about me. Let's just build a wall around it. And that means that I can't access that data about me. I can't use that data for transactions or even, yes, no tokens, overage tokens.
I can't get any of that from governments because the posture has been, no, we have to protect the citizens and build walls around all of it. So if we break that paradigm and we get governments and banks and telcos issuing data, minimize claims, then we can act, then people can actually decide if they wanna share that claim or not. Versus the idea of, we must protect them. We must build a wall around everything that's gonna solve it. Otherwise we're just playing whackamole with, with risks.
So, So we've just done that here in the us, by the way. So we've opened up access to IRS records, government records, birth records. I was just trying to pull it up. I learned about it yesterday in a forum it's called it's combination of SSA, IRS and birth records. So under certain circumstances you have the ability to query, provide those attributes and they can be very verified directly from the source. And I'll give you the information in just a moment. Yeah. Cool.
Any other, nothing at all? Just my thought that, yeah. More questions from the audience. More thoughts From the panel. I think the audience was part, What do you see as a role of law enforcement and all this? Because I know when there's a taxation, garment goes all the way to Siberia to catch somebody. But when there's a digital crime and last year I was rating somewhere cost economy, 6 billion, just account take over attacks, but nobody does anything about it. Like they don't even know they don't, they don't even have the tools to fight these things. So what is government's role?
I know you're a libertarian, but getting that Attribute Off it's out there, it's out there. So yeah, government law enforcement in particular is overstretched. If you at least here in the us and I would say worldwide, and they're really focused on fighting what they believe to be bigger targets, bigger issues, whether it's, again, you know, financial fraud and you know, in the billions of dollars or terrorism financing, that's really where the bulk of money has gone.
If you, yeah, I'm from North Carolina. Clearly we just had a massive storm. And one of the big news items is the fact that monies moved from FEMA to ice to deal with those issues as opposed to keeping FEMA funded so that they could better handle yeah. Those issues. And that trickles down to local law enforcement. And there's no way local law enforcement can deal with these particular digital crime issues. And from a fi fend perspective, national law enforcement, they're really focused onto being fish. They're not necessarily focused on the small fries. I just wanted add this.
You don't, they do follow crime to other countries. You, you may not see Speaker 13 00:31:31 It, but I was just saying they do follow crime to other countries. It depends on the, if it's a critical infrastructure, like you said, the priority, it depends on the priority. If it's a financial institution, a telco, a utility company depends on the critical infrastructure. They do follow crimes to other countries And bla, I suspect how, how involved with local law enforcement.
They, what we, I actually did get called by a police department on a Friday min Minnetonka police department. So they were actually involved one follow up on what I mentioned earlier, Jonie it's called the economic growth, regulatory relief and consumer protection act. That is a tongue twister, but it, it provides real time name, do B and SSN validation and does not require wet signature, but it's not for everybody telcos. Can't get it. It's it's named DOB and SSN validation. Get that information Three different sources yeah. From medication and can get that to that deal.
I don't know enough about it. Order dancing.
We, we have homework to look at that. Yeah. Cause we have never heard of that.
So, yeah. Speaker 14 00:32:49 Interesting. So while the mic's going over, I think the law enforcement, I mean, if you talk about identity of people, that's one vector. If you talk about identity of organizations, that's a real big piece. And now if you talk about verifiable relationships, like, am I a director and officer of a corporation, am I a beneficial owner of a corporation? There's tons of crime that happens in identity. That's not personal identity related. And a lot of it is money laundering.
And, and so that's a huge vector that consumers get swept up in and turns up in all sorts of other crime like drug money, real estate fraud, it's, it's massive. So that is a huge vector that needs a lot of attention and we have to solve for org identity and people identity and then bind those together where, where we need to. Can I great point, let me just, I'm sorry, just to follow on to that. What we are seeing from our customer base, we've got a pretty global 200 customers around the world. K I B UBO.
Those are things that are definitely becoming, you know, higher, higher rated as opposed to KYC. Ultimate beneficial ownership is something that we are definitely building towards, at least in our business because that's what our customers are asking for Speaker 14 00:34:04 Mine is another question or, or comment just, I would like to introduce and entertainment experiment experience that I had regarding my identity the day before, on the way from Vancouver to Seattle, I was stopped at the passport control by us DHS. And it was brought into investigation room.
And I was told I was supposed, the two have stayed in us illegally for 15 years since I entered this country in March, 2003. And this is not the end of the story. I hope not. Speaker 14 00:35:00 When I was traveling towards Orlando in March, 2000 in March, 2003, I was stopped at passport control by the S D H DHS and brought into an investigation room. And I was told I was supposed to stay illegally in the states for several years, since my earlier entry. And I had my finger scanned at the both entry and at the departure.
And yet this time, the day before, when I tried to get into this country, the data of my departure from the us 15 years ago was missing. And at that time I was very afraid that I, I could reach this place in time or possibly I could be kicked out and send it back home. Then I wouldn't have the chance of speaking with you here. But anyway, this taught me about the, how difficult to totally handle the identity problem. I understand that the, that the database of the us government about the immigration is the most advanced in the world.
And I had to experience two hardship or in re in retrospect, entertaining hardship. And we have saying what happened twice shall happen three times. Speaker 15 00:37:10 Yeah, Speaker 14 00:37:11 It means I have to be very curious what will happen to me next time I have to travel to us and hopefully the American government will have sorted out before my next trip. And hopefully the people like you, we are the help solve the problem before I get here.
Next, Everything comes in threes. You'll be stopped next time.
Well, and with that, we're at break time. So thank you to the panel. Be back at four o'clock please.