This is a transcript from the AI and the Future of Work podcast episode featuring Jaime Ramirez, CEO and Founder of Preventor, discusses the future of AI for identity verification to prevent fraud online

Dan Turchin (00:21):
Good morning, good afternoon, or good evening, depending on where you’re listening. Welcome back to AI in the future of work. Thanks again for making this one of the most downloaded podcasts about the future of work. If you enjoy what we do, please like comment and share in your favorite podcast app, and we’ll keep sharing great conversations like the one we have today. I’m your host, Dan Turchin advisor at insight finder, the system of intelligence for it, operations and CEO of people rein the AI platform for it. And HR employee service. We’ve discussed the future of identity management in the past with great guests like John Whaley from unify ID. We live our lives online. The stakes are high when your identity information is compromised. New technologies from blockchains to biometric authentication to AI based anomaly detection are maturing daily. And yet we still rely on traditional passwords and two factor processes that are easily fished or hacked.

Dan Turchin (01:22):
The statistics are frightening. According to survey data collected last year by data pro 57% of people who have had passwords fished still haven’t changed their passwords. 23 million accounts are still secured by the ever so popular password. 1, 2, 3, 4, 5, 6. I think I remember that reference from Mel Brooks and baseballs 51% of people reuse the same passwords for both home and work. Really bad idea. It’s clear the future’s different, but it’s unclear which approach will prevail. We’ll keep discussing what’s ahead and ultimately we’ll let you decide what form of identity management makes you feel most secure when you go online. I today’s guest is here to educate us about one novel approach using token based authentication to automate everything from age verification to customer onboarding. Hi made Ramirez founded preventer in 2017 to modernize identity management. He’s an expert in the fields of financial crime, risk management, anti laundering, and fraud prevention. Having provided it consulting services for 25 years plus to south Florida’s Latin America based financial institutions. Get ready for a masterclass on the future of your online security and without further ado, it is my pleasure to welcome. Hi, may to the podcast. Hi, may. Why don’t we get start? You share a little bit more about your background and how you got into this space.

Jaime Ramirez (02:50):
Sure. Thank you then for a great introduction for, to me. Well, my, my background is I’ve been in the space for more than 30 years working in the banking technology MSVs and also the last 20 years working directly with the anti-man laundering app prevention systems applications, and doing consulting services to, to financially institutions and the last five years with the digital identity management.

Dan Turchin (03:26):
So tell us about the problem that preventer solves and specifically before preventer, how did organizations navigate things like KYC, know your customer or a ML processes, AML anti-money laundering, and now that preventers in the market, what we expect is available, it wasn’t before.

Jaime Ramirez (03:52):
Well, I would say that you know the industry, the financial services industry has been working hard hard improving or enhancing the, know your customer and anti-man laundering processes inevery stage of the, the, during the customer life cycle preventer besides to, to be in compliance with all the regulation and international recommendations helps a financial institution to automate the process, to digitalize and to automate the, the process to minimize human errors, to, to improve the quality of the data, because it’s less manual entry and obviously to reduce the fraud.

Dan Turchin (04:52):
So pick one customer of preventers that you’re really proud of, tell us how they use the system and what was, what was the problem that, that they chose to solve with it?

Jaime Ramirez (05:03):
Well, we have few few banks as customers. I mean, they, they used to do before the customer onboarding manually at the, at the agencies at the branches. So that will require like from five minutes to 15 minutes, depending on the, on the type of the customer. And if it’s business customer, it may take a few days or weeks to do, to complete the onboarding and know your customers. Then after the know your customer department or VSA VSA department has to, or have to, to verify the quality of the information. And then according to this, to do, you know, either to do it enhancing the cancel ency or that, and then do the monitoring of the, of the transaction of the customers. That process will require a biggest staff in the compliance department. So it used to be like one of the call centers that requires more money in the, in the financial institutions.

Jaime Ramirez (06:14):
So by by automating this process, you basically reduce the time of the onboarding, reduce the personnel that needs to, to review the manual entries and have just few of those KYC analysis analyst to, to review the, any fail actions at, at the onboard, right. And then after the KYC is, is basically automated. So and the BSA department can, can be reduced in personnel, not, not interms of the number of people, but they can, they can use a personnel that, that human force to, to do other kind of analysis instead of manual injuries.

Dan Turchin (07:12):
I know that around the world, different countries have different regulations for how again management is handled. And one of the things I’m interested in is I know preventer has an international footprint in Latin America, parts of Europe, as well as the us. What’s different about the, the market for identity management solutions based on those regional regulatory frameworks.

Jaime Ramirez (07:36):
Yeah, basically the, the international regulations are like I will say that it has a framework. So in that framework, all of all of the countries are based on, on, on similar regulations and each country has a specific requirements. So as preventer, what we did is that we, we, we tried to cover the, as much as possible on the regulations. So if you are the country that your your addiction does not require some of the features, you just need to go, you know turn off that feature and then is, is, is adjustable. It’s flexible to, to your requirements, the regulations, the local regulations though, but international the know your customer and the anti-man LA is, is basically the same in all, all the, you know, it’s just few, few things that some, some countries requires more or less about the GDPR, even though the GDPR is is very, it’s most using in, or start using it in Europe. I mean, the GDPR is globally. So you use the same, the same law requirement, legal requirements.

Dan Turchin (09:11):
Would you say that in regard to identity or fraud detection of prevention, is the us ahead behind, or about on, on, on pace with the rest of the world?

Jaime Ramirez (09:21):
No, I think that we are we’re we’re ahead in the, in the USA. Yes. You know, and there are some countries that is they have different kind of rules based on the, on the demographics based on their demographics. No, like for example in Latin America, maybe you need to, you, you need to, to monitor the transactions, not only by country, by also by regions, by cities, by zip codes, you know, because the crime or the NA traffic is more indifferent kind of in different cities

Dan Turchin (10:08):
Not too long ago on this program, we learned about the future of biometric authentication specifically on on edge devices using biometric authentication locally. And the thing I was curious to know from you is what’s, what’s unique approach that preventer takes. I know there’s, there are a lot of competing technologies and protocols and approaches. What, what is what’s unique about preventer?

Jaime Ramirez (10:37):
Yeah, so far we are offering a different, different kind of biometrics, authentications the ID proofing face recognitions, video license detection, or also selfie license detection. We are also offering voice recognition. All of them can be combined depending the, on, on, on the type of risk, the, of the transaction or on the risk appetite of the H institutions, you know and that can be configured in different type of flows. So you can have one flow for the onboarding. You can have another flow for like recurring customers that you need to, you need to authorize any, any high risk transactions or even to do the password list. The login, for example, for, for employees,

Dan Turchin (11:32):
Is any one particular biometric factor, more secure than another, like say a retina scan versus a fingerprint versus a selfie, or is best to combine multiple ones to increase the overall security.

Jaime Ramirez (11:45):
We’re not, we’re not doing the fingerprints because it, it has to, that requires special a specific hardware. So what we do is that we do face recognition, license detection, and voice recognitions. I would say that a combination of the video by voice is, is the most secure.

Dan Turchin (12:11):
Do you use database that’s external to the client? Do you have to go over the, over the internet to get a match on the biometric data, or does that matching technology live locally on the device?

Jaime Ramirez (12:26):
No. what we do is in the ID proofing, what we, we verify the document itself, right? The, what we do is send that with the selfie, with the video, we, we do the, the face recognition license detection, and then the photo match against the document. Then after what we have is on demand services to additionally, verify that the content from the document against the local civil registries, but OnDemand services. And it will depends on each country. If the, if the authorities have like an API services that we can, we can access to, to do the verification.

Dan Turchin (13:14):
I had an opportunity to learn a little bit it about how this is done in Indonesia, where there’s a government registry and it’s company called priv ID that has basically won the license from the government to use that government registry, which countries have a registry that you can U access via API.

Jaime Ramirez (13:31):
Well, in Latin America, most of them actually United state is the only one so far that, I mean, they, they, you can have access to it, but you, you have to have access by a state by each state. There is no one API that that you can, that you can have all the access to all the identities. But another other way that we do the ID proofing, which is more secure is by reading the R F I D and the electronic documents. So basically that’s, that’s you can, if, if you do the R F I D basically you are reading the entire document, including the full of the person. So you don’t, you don’t, you don’t need to go to any other local race to verify,

Dan Turchin (14:23):
But, so I think I’m missing how the, how the workflow happens there. the, the document, if

Jaime Ramirez (14:29):
You, yeah. If you have the, like the identity document or the, the identity document has the ID the electronic chip, what we, what you, what we do is we read that, that information that is storing that the, in that chip, and that includes the binary data data of the document, plus including the photo of the person.

Dan Turchin (14:54):
And I’m sorry. So is there a second factor? So if someone stole my driver’s license, could they act as me for authentication, or is there a second factor that involves a selfie or something to verify that?

Jaime Ramirez (15:06):
Yeah, yeah, yeah, no, of

Dan Turchin (15:07):
Course it would always be a second factor.

Jaime Ramirez (15:09):
Yeah, it would also, yeah, no, but I mean that you don’t need to go to the local registry to, to validate the content of the information, you know, because you already have it there it’s hackable.

Dan Turchin (15:20):
Yeah. I see. and so preventers owning responsibility for verifying that the person holding that document is actually the person that the says it is

Jaime Ramirez (15:32):
Exactly holder is the document owner that

Dan Turchin (15:35):
Makes more sense in the countries that have these registries, how do they require the citizens to provide their information to the registry? Is it required? How does that work?

Jaime Ramirez (15:47):
Well, those are, those registries are the one that issuing the document. So they have the records of the customers, of the persons, of the people. You know, those are the ones that are issuing, it’s like United States that the the driving license.

Dan Turchin (16:05):
And so if the citizens, the

Jaime Ramirez (16:07):
DB, yeah.

Dan Turchin (16:08):
If the citizens want to use that as a form of authentication, then they need to try the information, but they’re not obligated to, there’s no fine if they don’t provide data to the central database. Is that right?

Jaime Ramirez (16:20):
No, the local S they have that information, because those are the ones that are issuing the document. Right. It’s like the DMB you hear in United States, you access the driver license database and the, you have your information there.

Dan Turchin (16:33):
Right. So if I wanna drive, then I need to provide that information to the government

Jaime Ramirez (16:36):
Of course. or an ID. No, for minors.

Dan Turchin (16:41):
Makes sense. Is there any component of machine learning or automation, or does, does the preventer system get smarter over

Jaime Ramirez (16:48):
Time? Yeah, of course. Yeah. How so? For, for, for the artificial inte the AR you will use the artificial machine learning for the detection, for example, for the face analysis to, to estimate the age and the gender of the person to, to estimate other factors of the person. So we use the artificial intelligence in most of our processes, basically.

Dan Turchin (17:13):
How do you mitigate for the impact, potential impact of a biased sample generating either false positives or false negatives? For example, if the training data has, let’s say, you know fewer underrepresented minorities, it’s more likely to make wrong automated decisions when those underrepresented minor are having their, let’s say their age verified. How do you compensate for the fact that there may be bias in the data?

Jaime Ramirez (17:40):
Yeah, we, we, we, we, we did a test in the, in the last quarter of the quarter four of last year. We, we did a test of the bias and then actually we, we report the zero bias. Now we did a using the data of of, and customers. We, we work with them and then we, we, we test the bias to make sure that you know, we don’t exclude anyone at that time that we do the, the AI face recognition. And, you know, so far the, the algorithms or AI are working fine.

Dan Turchin (18:22):
Where do you get the data? Let’s say the faces or whatever you’re using to do, let’s say age verification, where do you get that data from?

Jaime Ramirez (18:28):
No, no, no. What I mean is that the data that we use, we, we working in with some customers to use their data, to do, to do this test internally in our labs. Yes.

Dan Turchin (18:40):
Right. But let’s say I’m starting a job and you’re doing age verification using machine learning algorithm. the data that the machine learning model has been trained on where’s that data come from?

Jaime Ramirez (18:56):
Well, no, the data, the machine learnings that are, that are trained for is the data is using the, using the, the selfies and the documents. and then, you know, you, what, what you do, you said, you make sure that you know, evaluating the, that the data the results from, from this process from these verifications are, are okay or not, you know, like you are reading a person that is one gender, one Agni, and then you’re looking at the document, and then you see that the document is, is according to, with the results. Yeah.

Dan Turchin (19:39):
Right. So the document says I’m a certain age. And then you, you can detect, let’s say for my selfie, whether or not I am in fact that age.

Jaime Ramirez (19:47):
Correct. Yes.

Dan Turchin (19:50):
And so there’s a database of selfies that you’re using to train a machine learning model to be able to match the information in the document with the face of the person who’s being, whose age being verified, right?

Jaime Ramirez (20:06):
Yes. Yes.

Dan Turchin (20:09):
And so let’s say my selfie is being contributed once I provide my selfie to preventer. Do, do I have the option to not have my, my selfie stored? Or am I made aware that potentially my selfie might be used to build a machine learning model?

Jaime Ramirez (20:29):
Well, of course, yes. By, by, by GDPR, you, you are in control of your data. Yes. And the, our customers are in control of their data, too. Yeah.

Dan Turchin (20:40):
And so through GDPR, they have a right to be removed or at least a right to know what data is stored,

Jaime Ramirez (20:45):
Correct. Yes. You are the right to say, you know, I don’t use my data. And then, you know, the data is being deleted.

Dan Turchin (20:53):
Are there any examples of companies in your space that have had that kind of data breach? It seems like when it’s being used for fairly high stakes use cases, like, you know, iden I identity verification you’d have to be very cautious about how that data is used and secured. What, what are the kinds of methods that you take to prevent a breach? And are there any high profile cases of data like that being, being compromised?

Jaime Ramirez (21:23):
Well, we, we using our security and then we have some certifications under the cyber security, you know, to prevent that you know, attacks or anything like that. And then we are also using AWS, which is Mota one of the most secure cloud based. Yeah.

Dan Turchin (21:46):
Do you believe that at any point in the, let’s say next decade, we will truly be in a passwordless authentication environment because things like biometric authentication are more secure, or do you think indefinitely we’re gonna be still having to, you know, provide traditional, you know, passwords, you know, text based path passwords and, you know, SMS verification?

Jaime Ramirez (22:11):
Well, I think that, you know, there will be more companies or more yeah. More companies to, to start using in the biometrics authentications, but still, you will need to have the option to, to use your password or to, for log or any kind of access, not to, to applications. What I believe is that these digital identities that you are that you have to authenticate with other companies at the end, you will, you will be the owner of your, your identity instead of authenticate with another company, what, what you do is you will have to share your identity, right? So right now, if you, if you have five companies that you need to authenticate like financial services, a bank you know mortgage company, or any apps that they will ask you to do the digital more. So you have to authenticate your document and everything, by having you, your ID, you just need to do it once. And then you share your right. One, one, if you have to update your address, you don’t have to update it, update your address in multiple application will be in just one place.

Dan Turchin (23:44):
So imagine as an, with all your years of RegTech and you know, thinking about anti money longer and that sort of thing you’re a pretty savvy consumer. So what what advice do you have for our listeners, maybe that would be non-obvious about how you protect your identity?

Jaime Ramirez (24:03):
What I don’t always say that basically make sure who you are sharing your, your, your personal information with your credentials, you know try to use two factor authentications in every, every application because there are some, some, some apps that is optional, right? So it’s up to you to, to use a two factor authentications. There are some that force you to use it, but there are others that it’s up to you. So try to try to use that. Like you mentioned, at the beginning of this podcast no, don’t use the same password over and over, over, and yeah, it’s quite, it is quite difficult actually, if you have, you know, like me, I have, like, I don’t know, like hundreds of password from different applications. If you wanna use one password pair up, my, it would be very difficult to manage.

Dan Turchin (25:09):
It seems like the bad actors always find a way to stay a step ahead of you know, consumers who are naive. Will that always be the case? Or do you think there’ll be a time when, you know, the technology will actually, you know, outpace the bad actors?

Jaime Ramirez (25:25):
Yeah, yeah, no, I think that you know, this, this is, this is the beginning of the authorization. This is the beginning of how the everyone start working remotely. And then in the next few years, everything will be like, this. Everything will be about like detail IDs here and then biometric authentications in every, every other application. And then but after that, you know, you know, how exists the cybersecurity, like you, you mitigate one of the fraud scenario. There is another one, so,

Dan Turchin (26:13):
Well, hi, man, this has been a pleasure. I gotta get you off the hot seat, but not without answering one last question for me. So you you’re an expert in in security, in identity fraud, but you’re also an expert in in south beach and Florida living, having been there for more than 30 years. And I mentioned before we started recording, there’s this net outflow of talent from the bay area where I am in California to south beach and areas around Florida give us the pitch. What’s. So what’s so compelling about Miami and why, why is everyone flocking to there from all over the country?

Jaime Ramirez (26:49):
It’s in the weather? No, we have part of it. There is summer every, every, every day of the year here Miami is becoming the hot up. I mean, it’s the, every everyone is coming to here to every, most of the companies are opening an office headquarters here in Miami. So yeah, it’s becoming a Miami tech.

Dan Turchin (27:14):
It used to be that Miami had to come to Silicon valley to get the tech talent. Now it’s gonna be the other way around soon Silicon valley to go to Miami, to get the tech talent back.

Jaime Ramirez (27:23):
Yeah,

Dan Turchin (27:25):
Good. Well it is been really enjoyable. Where can our audience learn more about preventer?

Jaime Ramirez (27:33):
They can go to my, my website it’s preventer.com very easy. And there is a, there is a patient of resources, so very helpful. They wanna more about identity verification, pro prevention anti-man laundering. There is a lot of the articles resources.

Dan Turchin (27:54):
Good. We’ll make a point of sharing some of that in these show notes. This has been great. Thanks for stopping by and maybe you’ll come back and another time and we’ll share an update on the company and the same to the technology.

Jaime Ramirez (28:05):
Of course. Thank you then.

Dan Turchin (28:07):
Excellent. Hi, ma my pleasure. That’s it’s all the time we have for today’s episode of AI in the future of work. I’m your host, Dan Turin signing off for this week, but of course, back next week with another fascinating guest.