#582 AI, Fraud, and Digital Identity: Jarek Sygitowicz on Building Trust in the Internet Era

Mehmet: [00:00:00] Hello, and welcome back to an episode of the CTO Show With Mehmet today are very pleased. Joining me from Warsaw, Poland, Jarek Sygitowicz. He is the Chief Strategy officer and co-founder of Authologic Jarek. Thank you very, very much for being here with me today. I really appreciate, you know. The time to, to, to record this episode together.

Today we're gonna talk about, you know, digital identity. We're gonna talk about, you know, regulation, fraud, and of course AI and what the market is going towards to in that space and the trends. Without further ado, as usual, I don't steal much from my guest time. Yik, thank you again for being here on the show.

Tell us a little bit more about you, your background, your journey, and you know, what you're currently up to, and then we can dive into the conversation. So the floor is yours. 

Jarek: Sure. Uh, thank you very much for inviting me to the, to the show. Uh, my name is Jarek. I'm a co-founder of Authologic. We are building a global EID hub.

So, um, we aggregate and [00:01:00] orchestrate all the government issued digital IDs, identity wallets, and bank IDs into single API and, um, yeah, but we, we, we are, um, EID first identity infrastructure. There is a. Um, very big shift right now, um, uh, on in the identity space from the legacy, you know, plastic documents to, to digital IDs.

Um, you are based in Dubai, so you probably use UAE Pass. Um, so we call it a Gen one, EID, uh, centralized wallets. Currently, the whole world is moving towards, uh, next generation. I, uh, identity based on verifiable credentials technology. 

Mehmet: Mm-hmm. 

Jarek: And we are kind of building a, um, platform or the infrastructure that is connecting the legacy, uh, uh, world.

So IDV using plastic [00:02:00] documents that Gen one Eids and bank IDs, and the next generation digital identity into single platform. Because the biggest problems with eids. Has always been the adoption rates. So even though it's growing very rapidly right now, you still need to have legacy methods to verify identity.

So, uh, Ahthologic is a one-stop shop that gives, uh, all the users ability to, to verify identity. But the, the uniqueness of our platform is that we are EID first, so we will. Check whether you have the, the, this next generation eids or identity wallets. First, if you do, you will get the most, um, uh, pleasant experience, like half a second verification.

If not, then we will fall back. Uh, so basically, uh, our product is EID first and whatever everyone else has a, as a, as a, as a product, uh, uh, for identity for us is a fallback that [00:03:00] that's Authologic. 

Mehmet: Great. And, and thank you because you know, I was trying to ask you also, like, you know, the reason why, and you just explained this, you know, gen one and, you know, gen two of Eids now, but before this, let's go back maybe one step, uh, and you know, to just talk about the, the.

The K ycs and you know, these things that, how people started to interact with these kinds of technologies. So people when, you know, think about identity as login screen or KYC checks, um, you know, so they think about the login, right? So they think it's only that, just the login page from your perspective, like what does a digital identity infrastructure actually should be looked like?

Jarek: Okay, so, so that's, that's interesting question. So, uh, uh, what, what you mean by login screen is authentication, actually not ID verification. Right. So, uh, so, so that's the difference. But, um, you know, let, let me back up and, and tell you what was the, [00:04:00] the, the history of identity on the internet, right? And, and why need, we need to have different infrastructure today because it's the, the, the world has completely, uh, completely changed.

So the, the, the, at the beginning of the internet, uh, basically, um, you had no way of telling, um, who is on the, on the other end of the line. So this was this famous, uh, New York Post or New York Times cartoon where there's two dogs sitting in the com by the computer and, and, and saying like, on the internet, nobody knows that you are a dog, right?

So, yeah. So this was, uh, and, and, and, and, uh, natural, uh, you know. Way. And the first, uh, ID verification method was actually an email from the provider. So for example, you know, at the beginnings of PayPal, they verified people by asking them to email pictures of the plastic documents, right? So you, you actually were sending by email, uh, pictures of your passport or, or driving license.

And this was [00:05:00] the beginning. Um, then it evolved, uh, to become a system, uh, that will automatically check, um, validity of your documents. So the, the picture was still taken. But there was a database where you can see whether the picture actually matches with the format from the given year. Uh, there was an OCR process where you can extract the data from the document, and they added also the, the process of, um, checking your biometric features of your face.

And comparing it to the biometric features of the phase that is on the document. So this is kind of a state of the art and currently gold standard of the ID verification online. And anyone that went through the KYC process went through the process of. Photographing their own documents back and front, and then doing the selfie check or liveness check.

So, you know, doing some kind of, uh, head [00:06:00] movements, you know, all kinds of stuff to, to prove that you are a, uh, you are the same person that on a, on a ID document. So this was like, we call it Legacy. 

Mehmet: Mm-hmm. 

Jarek: And then the COVID hit. We decided, because we were working for the bank, we decided like, okay, everyone, uh, so, so identity on the internet was kind of an edge case till COVID, like people were onboarding, uh, to financial services, but it wasn't really like, you know, you, you weren't doing this every day, or, you know, you, you were doing this once a year or something.

And COVID actually took it to the next level, like identity on their internet started to become a thing because of, uh, the fact that everyone was locked out. The second thing, uh, that, that you had to, like, people discovered that a lot of services, like government services need to be like, you cannot go to the.

[00:07:00] Uh, to your local government to do something, you need to be online, uh, because of COVID. Um, so, so, uh, actually governments started to see this as a problem that, uh, you know, current state of the art is not so secure. Um, and it's, it's really inconvenient, right? So. On the one hand, security is a problem, but on the other hand, it costs a lot to actually process this kind of, uh, ID check.

And, um, so, so the government started to work on, on, on different things. So in Dubai, for example, during COVID, you came up with UAE pass. So this EID that. Once you onboarded your documents, you could reuse this, uh, this identity for, for many different purposes. Uh, you know, dealing with the local government, you know, and, and, and they were adding additional services to this.

So the same thing happened across the world, uh, actually, and, um, uh, then on top of the, the problem of COVID and the, when the government started to realize that, that, [00:08:00] that there is a new. Identity infrastructure needed, they employed banks to help. So for example, uh, there was a big surge of bank IDs across, uh, uh, different geographies and, uh, identity wallets as well in Europe.

So we have tel, uh, kind of equivalent of UAE path. With 11 million users and it's being used 1 million times a day. So, so this, this adoption skyrocketed because of COVID and, uh, COVID actually, um, stopped being a problem. The development, uh, was running on, let's say, um. Convenience. So people, uh, thought that it makes more sense for them to have the i, uh, identity documents in the phone rather than in a plastic, uh, uh, in their, uh, physical wallet because the wallet is going away because you have all the, you know, car keys, you know, payment cards, everything else is in a, uh, is, is in your, in your phone as well.

So why not, uh, the, the [00:09:00] documents, right? So, um. This was, this was the kind of convenience driven, and now we have another force. This next force is ai. Mm-hmm. You cannot tell whether you see something online is real or not. And when, where, where, whether you are dealing with a living person or a bot. Right. So there is a additional force, and because of that, the governments are pushing even stronger on the.

Regulation side. And the regulation is the final kind of, uh, ultimate force of, of adoption for eids. And there is two sides to the regulations, uh, uh, that are being, um, developed right now. So the first one is age proofing of the internet. So we have, like, everyone understands that not everybody, especially kids, should have access to specific content or social media, right?

Right. So it's going global. Right now. Every country is thinking about this eu, you know, us uh, [00:10:00] Australia, Canada, everyone is thinking about this or, or implementing this so famously online Safety Act in the uk. Um, you know, many other, uh, regulations across the globe. So the content and edge verification is one thing, and, but the other thing is that, you know, the world is unstable place right now, uh, a ML.

So anti-money laundering, uh, is becoming a very, very big thing. So you, you don't want to have. You know, Russians, uh uh, for example, transferring money without being checked. So you have sanction list, you have, you need to have ID verification who is actually moving money. To whom? Right? So this is additional, uh, additional, uh, kind of angle of regulation.

So A ML and KYC is part of the, the, this, this a ML process. So you have, uh, the, the kind of second very big force that is driving adoption. So. The governments are developing right [00:11:00] now, the, this next generation identity based on verifiable credentials. Um, so, uh, verifiable credentials very quickly is about, uh, uh, separating the issuer, the government from the wallet.

So today, uh, the, the wallet is basically connected to the government and every time you use the wallet. They kind of see this, this, this event, the verifiable credentials, technology separates issuer from the wallet. Once you use the wallet, the, the issuer doesn't know, so the issuer of the documents doesn't know that you use the document.

It's, it, it mimics a bit the, the plastic, uh, document behavior because if you have a plastic document, you go to the pub and someone asks you, uh, to prove that you are over 18. You can show them the document that, uh, the, the, the government doesn't know that you are, uh, at, at this pub, right? So, so the verifiable credentials, technology is doing that, and this next generation technology is being mandated.

So in Europe, a European Union, [00:12:00] all 27 countries will issue the wallets in December this year. And next year it'll be mandated on all the financial institutions that they need to accept this digital identity. Wallets. Uh, we have different flavors of those kind of regulations, uh, across the world. And, uh, we have a mixture of convenience based adoption and re uh, regulatory driven adoption of eids across the world.

Right now. The, the adoption is skyrocketing and, and, and, uh, it's, it's, it's connected to all those forces that I mentioned before. 

Mehmet: Right. Yeah. Jarek, like with all these changes and all these use cases is like including of course, first and foremost, you know, proving. It's me, right? Like it's my own identity.

And then going and doing some financial transactions. So of course there's the government aspect of it, there's the financial aspect of it. Are you seeing like still some people outside of these two, I would say, [00:13:00] um, you know, use cases are missing on, on what's happening here and why there's a better uh.

Reason for them to, to migrate, you know, because you mentioned about, you know, proving your identity on the internet and I think, you know. You, you talked about the ai of course, like we, we, we can discuss maybe for hours and hours, you know, and I had a lot of guests with me here discussing, uh, how AI and deep fakes are exploding now.

And actually we were discussing this, believe it or not, even three years ago when chat GPQ was, it's in infancy, I would say, you know, in the hands of, of people. Um, but beside. You know, government use case and financial use case, where do you see there's a work to be done, you know, to, to, to get or adopt? I would say, um, what you call the ideas, uh, ver like next generation version two, oh, let's say, um, on a [00:14:00] larger scale.

Jarek: So, so, um, the, the problem of EID adoption is a actually marketplace problem. Uh, so you have two sides, uh, to the, uh, to, to the equation. So the first side is an acceptance network. So how many places actually allow you to use your EID, right? 

Mehmet: Mm-hmm. 

Jarek: And, uh, in case of European Union, the, the, the solution to this problem is a mandate and acceptance.

So basically the, the thing that is happening is that the regulators said that, uh, utility companies, healthcare, uh, financial institutions, banks, telecom institutions, and many others, lawyers, they have to accept digital identity in 2027. That's a mandate. Like if you don't accept that, you'll be fine. Uh, and the second mandate they did, so the, the, um.

Uh, the [00:15:00] second element of the adoption is the user. Like you need to have a person, uh, with an actual IEID to to use it, right? So they don't want to mandate the usage, so they don't want to go to you and say like, you have to have an EID because it's culturally, you know, it, it's a problem. Like people will, uh, push back.

Right. Uh, typically when you, you, you are, if somebody tells you to do something, you are pushing back, especially if it's a government, right? Uh, so, uh, so, um, that the, the clever part is that, uh, they mandated the states, uh, member, states of European Union to issue the wallet. And they say like, okay, the, the, the, the, the, the users will see.

The difference in convenience of having digital documents, so not having, [00:16:00] uh, um, not, not like you won't be forced to carry around your plastic document. You can have it in the, in the, in the, in the digital form. So this is the, this is the, this is the second part of the marketplace. So once the marketplace is established.

You, when you have the acceptance network and you have the users, this will start, uh, posi, uh, po uh, positive kind of reinforcement circle, uh, uh, cycle, right? So you have a situation where, uh, the more users you have, more businesses would like to accept and, and vice versa. More, more, uh, more, uh, places you can use the EID more users will, will have an EID to, to, to, because it's, it's, it's more convenient.

What is interesting about the IDs is actually. It's, uh, not only about the convenience, because when, when we discussed the, the status quo today, the biggest problems with, uh, the biggest problem with, with identity verification online [00:17:00] currently is, uh, cost. It's very, very costly to, to do the, uh, to do the ID check, because you have to have a lot of computing power in, uh, uh, to do the OCR to check whether it's not AI generated or not.

You have to have a lot of computing power to, to, to, to prevent, uh, you know, uh, people to use deep fakes, right? You need to do all kinds of analysis of the, of the image that you are receiving to, to check whether this is not. For example, projected from the high definition monitor because the, the typical fraud is like you, you have a monitor, you have a camera, you do the deep fake, and, and the, the, the telephone is, is, uh, uh, reading the image from the, from the high definition, uh, uh, monitor.

So, so that's, that's the, that's the thing that you need to do. It's, it's very costly. On top of that, uh, you know, to. Uh, to be on the safe side, you need to have a lot of anti-fraud, uh, systems like detect from which country the [00:18:00] session is coming, uh, from, you know, the all kinds of database integrations, like a lot of stuff that you need to do to make sure that the image you are receiving is legit, right?

So it's very, very costly. And on top of that, some of the, because it's not super still, uh, foolproof. Um, uh, a lot of regulators are mandating the, the, the companies or regulated companies to actually go through the manual reviews. So banks, for example, they cannot, uh, just, uh, automatically accept images, even if it's checked by AI or some of some sort.

If they need to, uh, push it through the people that will actually look at the, uh, the, the pictures and say, yes, this is legit. So in this day and age, by the way, today I'm looking at Twitter. And I have no idea whether it's AI generated or not. This is like, uh, uh, you know, we discussed this, uh, uh, before the call.

Like I, I see the, the rocket hitting Dubai. I have no idea whether it's, uh, it's real or not. There, there's, yeah. Like, and, and [00:19:00] I need to get someone to validate this for me because there is, I, this is so good that I cannot tell. So, um, you, you know, if you have a financial institution. And, and, uh, let's say some people in the, the call center looking at the pictures there, there's no way they can tell, right?

So, so this is the, this is the cost element for people, manual verifications, you know, a lot of technology to, to prevent. And, and now if you, if you sum it up, you have very poor user experience. You have a lot of cost and a lot of risk associated to the problem. On the flip side, with EID, you have a transaction that takes half a second.

It's cryptographically sent, uh, signed, and there is no human involved. It's fully automatic. Um, so for the, for the companies, uh, to adopt this, it's a, it's a complete no brainer. The on, of course, the, the only problem is, uh, the adoption again. So we help with that. So we, we minimize the risk of adopting [00:20:00] eids.

Because for everyone that has an EID we can detect whether it's, it's, uh, the, the, the device is capable of having, uh, EID, you know, the, we, we can, we can, uh, we can make it super easy for them to use it automatically. And if they don't have any id, we will fall back automatically to something else. Uh, and this will be the most con convenient method for, for the given users for.

So for example, if we detect that you are coming from Dubai and the connection is from Dubai, we will fall back to UAE Pass. If you don't have, uh, your ID in Apple Wallet, for example, our Google Wallet. 

Mehmet: Got it. Now you mentioned about, you know, putting this, um, let's say for European Union, 27 countries. And, um, now how do you make this?

And I know like, uh, you described the company as global EID hub, right? So, uh, how. Orchestration with other, uh, Eids, right? And other [00:21:00] digital framework could work in, um, in, in, in real life. And just out of curiosity, because really I don't know the answer and sorry for my ignorance, like how much you know. Um, you know, these d different providers are willing to exchange and interchange, you know, the information.

Let's, let's say between the EU and maybe Dubai or maybe another country or maybe another block. 

Jarek: Yeah, so, so this is, uh, this is actually, uh, a very big technical challenge because a lot of the co governments, uh, are, uh, mandating the, the processors to keep the data inside the country. So for this is the case for, uh.

Uh, the countries in the Gulf region, uh, for example, but not only in Asia. We have, uh, similar situations in Europe as well. Um, uh, so, uh, we typically, so, so we have a distributed, [00:22:00] uh, network of. Servers and we keep the data inside. Uh, and once the data is inside, you can use the, the legal framework to my, the, the like, because you have a legal framework to obtain the data from the digital, uh, wallet or the digital identity provider.

Once you have it inside, it's, uh, legally owned by the, uh, data. Uh, administrator. So the, uh, the company on, on behalf of which we are, uh, working. And, uh, then based on, uh, legal frameworks developed between the country A and the region B, for example, there's a mu mutual agreements between the. Uh, European Union and the Gulf countries to transfer the data between, uh, between our regions so that based on this legal framework, we can, we can transfer this.

Again, we are working on behalf of the specific entity, like typically financial institution. Um, [00:23:00] so, uh, this is fully, uh, let's say, uh, legally checked and, and, and, yeah, legal. 

Mehmet: Yeah, you, you know, for, for, for the discussion, I think there is something, um, very important you mentioned, uh, a couple of minutes ago regarding the adoption, right?

And, uh, it's on the user side right now. I know you can force things by low, right? And, um. For example, the UAE pass here in the UAE, you know, like you, you cannot do some, some transactions if you don't actually. Yeah. Like, I think majority of the transactions now, you can't do that without a UE pass, right?

Mm-hmm. Um, so there are some exceptions. Uh, I, I believe there are some exceptions where like if you have a disability or something like this, you know, um, you can go to a center and someone that would do that manually for you. When we mentioned the term [00:24:00] wallet and when we mentioned the identity wallet sometimes, and this has also been a a, a topic of discussion on this show, I think around one year ago.

Um, it turns out like. People have this kind of, uh, I would say fear of, you know, the privacy, you know of, of, you know, this wallet. 

Jarek: Yeah. 

Mehmet: Who's in co who is in control. We know, like, and we tell people data is encrypted. Right? And it's like, it's you's your phone, it's residing, you know, in, in your device. But still there's this, uh, I would say talk from time to time and you know, like for example, in, in, in, in many countries they were talking about this, uh, you know, even, uh, digital currency, which is the CPA being controlled by central banks.

And they, yeah. Right. So all these ideas. Might trigger, you know, these questions from the user perspective for the individuals. Yeah. Do you see this an [00:25:00] obstacle or do we have an a clear answer for that? Who controls actually the digital data and the digital 

Jarek: data? Yeah, absolutely. Absolutely. So, so this is a great question.

So I can tell you one thing. So it's a, it's um, it's a meme. I think that EID is a, uh, um, tool for the government to control its citizens. Uh, it's, uh, especially with the gen, uh, next generation or gen gen two eids, it's, it's completely not the case. And I will give you an example, uh, juxtaposing the, to the, to the current status quo, right?

So the, so typically when you are being asked, let's, let's use age verification. You wanna log into the service provider of content, 

Mehmet: right? 

Jarek: And they ask you to, uh, to verify your age. Using your picture of a driving license. 

Mehmet: Mm-hmm. 

Jarek: So, um, on the, on the driving license, there [00:26:00] is a picture of you, there is all information about you, including your address and uh, if the content provider is really thorough, they will ask you to do the selfie check as well.

So it's not only the picture on your document, it's the latest picture you have. And all the biometric features of your face are being sent. This is the status quo right now, okay? Mm-hmm. So imagine so, and this is the, the traditional, uh, ei, uh, the traditional ID verification that people are okay with. Uh, so you are transferring where you live, who you are, how you look, and, uh, in case of, uh, data leak.

The, the whole document is being leaked, like, you know, picture of your, uh, so, so you can basically impersonate, uh, impersonate anyone on the internet using this, this, uh, this, uh, this picture of your, um, driving license. So let's [00:27:00] check how it works on the EID side. So the next generation wallets, they are, uh, they got the credentials from the issuer.

So the issuer has no idea what you do with it. You, it sits on your phone. So basically, here is my digital credential now that, uh, the service provider is asking me my wallet if I am over 18 or over 21. My wallet will respond with yes or no only response. No data, no biometric information, no pictures, nothing.

Just true or false, uh, from from my phone. Um, so which method is more secure and more privacy preserving? Uh, this is the question to the audience. 

Mehmet: Right. You know, and I can argue also, and I say, you know, I tell people this sometimes. I said, guys, like you gave. You know, these social media providers much more than [00:28:00] actually any Id would ask you to, to provide.

Jarek: This is, this is small potatoes. This, I, I can tell you one thing. So my, my colleague yesterday, because he's using Claude a lot. Right. Ai. 

Mehmet: Mm-hmm. 

Jarek: So he's chatting with Claude and, and AI agents today. They remember what you said before, so they have a persistence. So, uh, he was chatting about some, you know, do my self assessment, how I'm doing, uh, like, you know, this kind of introspective, uh, questions.

And, uh, you know, he got answers from AI that was really shocking to him. So AI inferred based on his previous questions and previous discussions, a lot of information about him. He never gave this information, but the AI was able to. You know, fetch information from the internet, plus infer some information from the previous discussion and build kind of profile.

So the same thing happens on Facebook, on TikTok, on [00:29:00] Instagram, everywhere else. So, uh, I would argue that Eids are the only way we can preserve our, because you know, this is. Um, you, you can use pseudonyms within EI Ds. There's a lot of concepts, zk proofs, so, so zero knowledge proofs. So, uh, you know, the, the, the, um, you can, you can switch identity.

So for example, if you think that the AI knows too much about you, you can switch, uh, uh, uh, using your EID. So, so this is, um, the kind of, the thing that is protecting the, uh, uh, privacy of the users, not, not, uh, enabling the government tool. To do the, uh, I don't know, surveillance because the real surveillance is, is happening, uh, on, on the app platform because they, they do the profiling of, of yourself for, for, for money.

Mehmet: Absolutely. Uh, now, Jarek, without going into the technical details, I would say, uh, and, uh, you know, deep diving, although like people ask me why you call it CTO show, we don't dive too much [00:30:00] technical. I don't want to bore people with, uh, too much technical details. But when it comes to, to implementation, like if, if a government entity or like, or a, or a bank or any other, like, uh, clients comes to you, how easy it's to, to migrate from, from the legacy to your platform today.

Jarek: So, so, uh, the, the, the good news is that you don't have to migrate from the legacy. You can, if you, if you have something, we will use your thing as a, as a fallback. Mm-hmm. So it's great. So we don't ask you to, to switch. A lot of clients are actually migrating because then they have everything on one platform.

So the visibility of data, the management of data is much easier. Uh, in terms of in integration with us, we have multiple different modules, so, uh. Uh, the, the, the first thing that you need to, uh, need to have is kind of the acceptance ability to accept data from different wallets, different, uh, I, uh, you know, ID schemes, so this is the, the one, one platform.

And this is typically, [00:31:00] typically connected to the, uh, to the onboarding flow. So you, you typically do Id, uh, IDV or ID checks, uh, during the onboarding to financial services or gambling or. Crypto or whatever. Um, so this is, this is kind of a onboarding, uh, uh, element. Uh, the second thing is that, uh, many companies and, and especially banks, uh, uh, want to issue credentials to the wallets because then they can do like, okay, they, they, uh, you, you, we talked about the login box, right?

Mm-hmm. So, uh, the typical, um. Uh, typical process, uh, in Europe, in, in couple of months, you will be that you are using your wallet to prove your identity. Uh, you are being asked to accept the, uh, the token, so the credential from the, uh, uh, from the bank, for example, to the wallet. So in the wallet you have a bank card or a bank key that will be used to authenticate you back to your [00:32:00] account.

So instead of. Uh, using something else like your ID to log in, you, you use your bank card or bank key to, to, to log in and you use the same bank key to out, out, authenticate your card transaction or money transfers. Right. So, so the issuing of credentials is the second module. So it's also easy to use and easy to integrate.

Uh, it needs to be integrated with the data source about the users, what kind of credentials you wanna, uh, you wanna issue, right? Um, and this is the second part. Uh, we have an omni panel, uh, so the, the back office system. We have, uh, front-end intelligence. So the system that actually detects what kind of capabilities your device have, you know, what kind of, uh, eids you can use and, uh, you know, kind of, uh, main maintaining or orchestrating the process in a way that it's more, most convenient for you and for the, for the organization.

So there's multiple different elements, but in essence, uh, uh, integrating us is super easy. The, the [00:33:00] biggest job is to think about the processes that you want to modernize, because typically, you know, when you have, uh, EID the process of onboarding can be completely different because, you know, you know this from the Uua E Pass, uh, like you have the tip.

Like, uh, uh, uh, onboard with the legacy stuff to fill out all the forms, you know, do the pictures, et cetera, or do the quick path, like click here, UUA Path will give us all the data and you are done. So this is the typical, uh, problem for the, um, for the. For the companies they need to kind of, uh, redesign some, some of the processes in Europe.

What is, what is, uh, the big challenge right now and, and we are helping, uh, uh, our customers with this, uh, challenge is that we are not touching only the onboarding processes. We also touch the payment processes because the, the, the credential that I mentioned is used for payments as well. So you need to give users an option to.

Uh, to use the credential for, uh, payment authorization, and this [00:34:00] touches a lot of different processes, uh, uh, you know, systems, et cetera. So, so it's, it's something that we help, uh, with as well. 

Mehmet: Yeah. Yeah, because I think there is, uh, here, at least in the UE like, um, uh, majority of the banks, you know, they were forced recently and I'm not sure if that can help in that use case.

Um, you know. People are familiar, like, you know, sometimes when you do a transaction on your debit or credit card, you receive an OTP using otp. Yeah. So, so now it's 

Jarek: in, in, yeah. 

Mehmet: So now they're trying, so, so the solution they came up with is that actually the OTP is embedded within the banking application itself.

Uh, instead of, but yeah, you know, I'm trying to imagine, you know, like if, if you have like, it's like single ID that would prove who you are wherever you are now. But if we want to take the risk, Jarek, like, and, you know, to, to make it also clear from, from. Avoiding single point of failure perspective. So if, if, if my phones falls in the wrong [00:35:00] hands, for example, what's the, uh, break glass mechanism in, in this situation?

Jarek: Uh, so it depends on what, what kind of phone do you have? Um, so I'm using iPhone. So if my, uh, iPhone gets stolen, I can wipe it remotely. Uh, 

Mehmet: true. 

Jarek: And, uh, if your wallet gets stolen and you have a plastic card, then uh. You have a problem, can use you, you, you, you, you cannot wipe it remotely, the plastic document or the passport.

So that's, that's the problem. And, uh, second thing is like most of the phones are encrypted, so it's very hard to break. Um, yeah, so, so it's, I, I, I would say it's much more secure than the standard, uh, you know, physical document. 

Mehmet: Right. I can ask you a question not related to the technology, but more related for the company as, as a startup, because I know like you went through Y Combinator.

Um, so how, you know that experience changed the way you built the company, Jarek? [00:36:00] 

Jarek: Um, so, so YC is, um, is a, um, gift that keeps on giving, I would say. So, uh, the, the, the thing that was really interesting is that they focus you on the problem you're trying to solve and, um, um, you know, trying to understand the, the problem as, as deeply as possible and, um, kind of build something that people want.

So. If, if you, if you, uh, the, the, the first mantra of, of YC is talk to your users, talk to your customers, right? And, um, uh, this is, uh, this is because most of the companies are being created. Backwards, I would say so. So you have this brilliant idea that I will do X and this is much better than whatever status quo is.

And then you are pushing this to the market. Uh, NYC is the other way around. So you talk to the [00:37:00] users or, or the customers, you try to understand what is the problem they have. And once you understand the problem deeply, you try to build a elegant solution that solves the problem in the best way possible.

So. For example, in, in case of Authologic, the, the, the, the thing that we understood is even though we think that Eids are the best, uh, solution to the identity problem, our platform is very pragmatic because we connect everything. IDV Gen one, gen Gen two on one platform. So we solve the problem for, of onboarding or payments for the users because the, the problem is not accept eids.

The problem is. Do the most convenient and most cost effective and least fraudulent onboarding experience for the users, uh, that is available. So this is the, this is the problem statement, and we, we solve it by building the platform that is connecting the, the legacy with the future [00:38:00] of identity, uh, and, and, uh, basically making it super, uh, you know, convenient for anyone, uh, in the best way possible, right?

So, so this is the, this is the lesson that we took, uh, to heart. 

Mehmet: And, and you know, like, uh, I would say, you know, uh, kudos to, to, to you and the team because, you know, uh, coming from, you know, kind of cybersecurity background compliance, so I understand these things. It's, it's, it's easy because usually people, you know.

They don't share much of their pain, so getting that out of them is, is by itself a, a challenge. So, congratulations, Jarek, on being able to talk to these folks because especially banks, I've dealt a lot of them. I respect these, these institutions because it's really, you know, they are under high pressure for all reasons.

We know transactions should be like instant. At the same time, they need to make sure that. There's no anti-money laundering. They know their customers and all this. So sharing these challenges is by itself [00:39:00] a challenge, I would say. So that's, that's amazing. You know, to, to hear this now, I, before, like we, we, we, we, we wrap it up.

I want to come back to the AI part because I think I didn't ask you this important question. So you mentioned about like all the, the, how the technology is also allowing us to get these DeepFakes and, and, uh, you know. Get the bad guys, you know, catch them. But at the same time, we know how much fast the AI is going and we, we just discussed it there, you know, um, do you see, you know, a way.

That we really can always be step ahead of the AI when it comes to protecting the identity. Um, and because, you know, now identity is taking different forms and shapes, including, you know, voice video. It's not only, you know, the, the deep fake we see or like generating images or couple of videos and putting them on the internet.

Uh, we, we heard about, you know, the [00:40:00] situation that happened. You know, people calling on Zoom and asking for transactions and all this. Yeah. So. Can we stay ahead of the bad guys in the age of ai? Just, you know, from, from I would say compliance and security perspective. 

Jarek: Yeah. So, so, so this is, this is something that we are actually trying to build.

So the. Uh, the identity in, in infrastructure on the internet. So this layer of identity needs to be built, right, and I think that the right technology for that is open standards, so verifiable credentials in an open standard. And it needs to be built into all the elements that we are using. So you can very quickly, um, if someone calls you.

Uh, you can, you can verify that this is the person that you know is calling you, right? So this is a cryptographically signed either credential or a zero knowledge proof that this is the person that you know is calling you. Right? [00:41:00] And, um. This will be embedded. So, so embedded, embedded into, into the infrastructure of the internet and, uh, AI agents, um, because, you know, AI is a bad, uh, like actor in, in this, in this scenario that you described.

Uh, or the fraudster using ai. But also we have a situation where AI is a good actor, is a, is an agent that is acting on your, on, on your behalf. So, for example, let's say that you want your agents to buy your tickets, uh, to the plane ticket, uh, plane tickets to towards, so, for example, so yeah, it needs to have, so, so it needs to have a wallet.

So the, the, um, Emirates, uh, airlines understand that the agent is acting on your behalf. And it knows, uh, you know, it can pay. So it needs to have a wallet to pay, it needs to have identity and, and transfer this identity to Amorites, et cetera. So, so this is the, this is the, the, the [00:42:00] kind of flip side of ai.

And we are thinking about the good and, and the bad scenarios. So how to prevent fraudsters. And how to detect that you are talking to the, uh, to the person that you talked to before, or you know, someone new that is, uh, trying to look like the, the person that you talked before and, uh, the good scenarios, which is like, like agents doing your terms, uh, charts right on, on online.

So that's, that's the, that's the thing. And, and um, both of those situations will actually run on the same technology and the same standards. And we are building this kind of. This infrastructure. Uh, and, and we are building this with platform providers. Of course we are working with 'em. So, so it's, it's like a very, very big task.

And, uh, there's many companies to do doing that. It's not like we on, we are only one, uh, thank God, but we are the best. So, 

Mehmet: yeah. Good. Uh, I, I know like, it's, it's gotta. As they say, like it takes a village to, to do something meaningful. Yeah. And you know, I'm, I'm, [00:43:00] I'm sure like, um, you know, the company Authologic and, uh, the, you and the rest of the team would, would, you know, because, you know, I like how technology.

Makes my life easy. So for example, you know, like we discussed maybe the UAE pass of for people who are not based in the UE. So this is basically how we log into majority of the government, uh, related service, actually even some banks to. Started to even embed it as an option if you don't want to use the traditional, uh, even with the face ID or touch ID if you still use an old, uh, phone.

So they're trying to, to unify it in a way. And, you know, I a, I appreciate the technology helping us. I'm aware, like, yeah, bad guys would come, but I'm always optimistic, you know, that, you know, technology also would. Find solutions for these things. So no, no doubt that, uh, yarik you and the team would do a fantastic job in this and saying that where people can learn more and get in touch.[00:44:00] 

Jarek: Uh, so you get in touch on LinkedIn. Uh, we, we have a profile Authologic and, uh, of course authologic.com, uh, our website. Um, so you can. Uh, you can, uh, go there. Uh, we have a block section that, uh, describes more, um, you know, about the technology, but also the, the regulations and, and the whole legal structure of, of the eids on the, on the internet.

Mehmet: Great. Uh, Yik, I can't thank you enough for this great discussion. You know, it's, it's eye-opening. Uh, it's good for also anyone in the financial sector, government and, uh, other sectors. I think because identity as you mentioned, like it's, it's gonna be everywhere. Um, and we need to prove the identity and verify our identity.

So, uh, I would advise them to go check the website. They're gonna put all the links, uh, in the show notes. You're listening on your favorite podcasting app. You'll find the links. If you're watching this on YouTube, you'll find them in description and at the end. As always, this is how I end my episode. This is for the audience.

If you just [00:45:00] discovered us by luck, thank you for passing by. I hope you enjoyed it. If you did, so please give me a favor and subscribe. Share it with your friends and colleagues, and if you are one of the fantastic, uh, fans that keeps coming again and again, you made. Me so proud, um, you know, last week. And for, for you know, sake of transparency, my audience know this.

We are recording on 4th of March. So last week, first time something new happened. I keep telling people about the podcast being, you know, in the top 200 chart in one of the countries every week since. Last two years. So something special happened last week actually. We entered into eight top 200 charts in five countries.

So this is first time we are doing this, and this cannot happen without, people must have been telling other people to check the show. So thank you very much. You know, for, for the support and, uh, we are on a mission just to, to make sure that we bring, you know, people like Jarek. Companies, great companies like [00:46:00] Authologic to talk about what they're doing, and of course, helping in spreading the knowledge about the latest in the world of technology and business.

So thank you very much for this, and as I say, always stay tuned for in new episode very soon. Thank you, byebye. 

Jarek: Thank you. Thank you for inviting.