Incode CEO discusses company’s history, biometric technology, and future plans
Ricardo Amper is originally from Mexico City, and he has so far founded and sold two companies, neither related to biometrics.
One of them was in the food industry, the other one was in the chemical industry. In 2015, Amper moved to the Bay Area, to start Incode.
Biometric Update spoke to Ricardo Amper about Incode’s history, technology, and future plans.
“What we did first is we created an app that would share automatic photos based on who appeared in the photo, based on facial recognition.”
Amper says they have had very interesting issues since the very beginning of the app’s development.
“We had to be doing facial recognition that was very exact with very low false positives because, you know, you would send a picture to someone else.”
At the same time, the app had to run directly on the phone, on the edge, and that was a challenge.
“At that point, Apple took us on our roadshow to showcase how we and two other companies were using a core machine learning framework that they had to share photos, but we couldn’t get traction and so we pivoted.”
According to Amper, the reason why Incode pivoted defined the company.
“I’m happy to talk about why we pivoted and how our story of dealing with really bad photos – this high-risk scenario of sharing photos automatically — made us pretty good in identity.”
A single identity
Since the beginning of the Incode project, Amper explains, the team had a vision of one identity everywhere that could be used, for example, to open a bank account as quickly as you can register for a newsletter.
“And so, in order to do that, we [aimed at building a system that would] enable users to authenticate themselves using biometrics and be able to finish an onboarding within 10 seconds.”
According to Amper, facial recognition was the best form of biometrics for both the online world and the offline world.
“So with our technology, for example, banks enable experiences like digital onboarding authentication without a password, or for example, going to an ATM and withdrawing money with your face.”
The reason Incode chose a mobile option was therefore to support the concept of reusable identity that can be used anywhere.
“The way we think is that life should be like the grocery store of the 1800s where you go to the grocery store and they recognize you by your face, you have a very personalized experience that gives you credit with very little risk. We think that biometrics, and particularly face biometrics combined with other things can give that vision.”
Three issues, three solutions
The moment Incode decided to move forward towards this vision, the company encountered three sets of issues.
The first one was whether to decide whether to build a completely automated platform or have some sort of human support behind it.
Ricardo says that he was surprised to discover that many facial recognition companies today still heavily rely on humans, but he believes this approach is flawed.
“We thought that approach was not scalable from a fraud perspective because you can’t uncover much of the fraud that way, from a privacy perspective you don’t want the PII (personally identifiable information) to be known by another human being. And it’s not a great user experience.”
In addition, Amper says, it is a misconception that humans are inherently better than machines at recognizing and identifying individuals.
This is due to the fact that humans have inherent biases, while algorithms rely solely on the datasets they are fed. A face algorithm based on a sufficiently inclusive dataset will therefore be less prone to racial biases than a human.
“There’s always going to be false negatives, there’s always going to be false positives on both sides of the human and the technology, but with very good technology you can have much better performance than a human being.”
Also, according to Amper, most companies underestimate the difficulty of the quality of the picture.
“If you want to get that very high performance it is not enough to have good algorithms, you need to take a good picture.”
Incode works with U.S. customers, but also ones in Latin America, where low-end phones are the norm.
“You also get first-time users, so when you try and have an algorithm work with a very bad photo, it is difficult. And in that case, a human would probably perform better.”
To address these issues, and thanks to Incode’s photography background, the company designed its algorithms to drastically and automatically improve the quality of those photos.
“So when you’re capturing an ID, we’re looking at ten frames per second, analyzing every pixel, understanding whether it’s an ID, whether we can read it, whether they’re in shadow, or whether the resolution is good. And so by the time it goes to our server, it’s a much higher quality photo that you would get from our competitors.”
That is how Incode came to the conclusion their platform had to be entirely based on AI (artificial intelligence) and fully automated.
“Number two, we wanted to build our own components, so most of the components of our platform are homegrown.”
For instance, Incode’s biometric engine has been built by the company from scratch and ranked by NIST as one of the best in the world, and the company’s liveness detection has passed compliance testing by iBeta.
“And so we are the first company in the world to achieve a software-based solution that is not dependent on hardware that would allow us to estimate depth, based on how light reflects on the face,” Amper states.
Behind this choice, the CEO says, there was reasoning that, if Incode could build world-class components, they could integrate better than anyone, as opposed to licensing them from the same third parties, and potentially finding security holes.
“And the third one was the platform itself. We were talking to customers like Citibank, for example, and they said they needed to integrate about seven vendors to get all the different components for their digital onboarding.”
Amper believes this is a flawed approach to authentication, and it would make more sense from a business perspective to have one single integration point based on a highly optimized SDK instead.
“A very simple-to-use technology that will give you all those options. And so what we did is we created a platform.”
Identity, not surveillance
When Incode started in facial recognition, the company acknowledged there were two ways they could go: the surveillance side where there is no expectation of privacy, transparency, and control, or the identity side, where there is an expectation of transparency and users are in control of their data.
Opting for the latter, Amper says that, because the company relies on its own platform and technologies, it is not sharing user information with any third parties, or storing their photos at all.
Secondly, Incode relies on biometric templates, encrypted digital representations of faces taking up the format of a 2 KB token-like string.
During the authentication process, users’ faces are then captured via a smartphone camera to decrypt the information that was originally encrypted using the biometric template of their faces.
“Even if it gets hacked, you don’t know what that person looks like, you can’t reverse engineer it,” Amper says.
Incode software can run either on the devices, but also on the server, depending on customers’ needs.
“For example, there’s a government that is using our technology to vote. And in that case, when you’re authenticating your vote, it never goes to the server and stays directly on the device. And so that’s kind of an added layer of security.”
Thoughts on passwordless authentication
When asked whether biometrics and other passwordless solutions will replace PINs and passwords entirely, Amper said he believes they are going to coexist.
“I think the nice thing about a password is the simplicity of things. But with that simplicity comes a big risk and so we think it’s okay that people have passwords for things that are less secure, for example, to check your balance with your password, but then it’s pretty risky to transfer money out of your account.”
That being said, Amper believes there is a big opportunity when it comes to those use cases where the password or device is just a proxy of you.
For example, to make sure that individuals are who they say they are when voting with a physical presence, or when driving a car-sharing vehicle.
“And so for those use cases I think passwordless is perfect, but I think in general, it’s always going to be a combination of what you have, what you are, and what you know.
A biometrically delightful world
According to Amper, Incode’s main goal is to create trust between people and companies through delight.
“To build that you need to create a whole ecosystem of companies that participate, as well as infrastructure with governments because the government has a place in establishing citizens’ identity.”
In terms of which companies should be targeted first to achieve this vision, Amper says financial services, as well as healthcare firms, should be at the top of the list.
“We’re working on a business model side, as well as some technology to achieve that.”
However, the CEO adds, working with governments is quite different than working with private companies. Both from a regulatory perspective and from a technical perspective.
“The first difference is that your tech stack has to be flexible enough. We can run on the cloud, we can run on-premises, we can run in environments where we don’t have human beings in the back.”
Because of this, Amper believes Incode technology is a good candidate for government-based, high-security scenarios.
“Secondly, you have to be fully enterprise […] Parts of the government can be very entrenched into the old way of doing things, but in the end, simplicity and security always show their value.”
“So, we are patient,” Amper adds, “and we have very patient investors who are willing to fund us in a way that we can help these governments go through that transition. It’s not going to be easy, but eventually, I believe that the world is going to be fully digital in terms of identity. And I think we have a role in that.”