Search Icon

Before coming to Socure, I spent over a quarter century in the identity management and access control space. Not because I’m old. I started when I was four. But I digress.

I sold, designed, and implemented IAM platforms for a large number of large clients in those years, traveled the world for it, even wrote a book on it. I know IAM almost as well as I know guitars and German beers. As part of being in that ecosystem, I attended Gartner shows, security shows, and of course the massive RSA show in San Francisco. And that’s where I’m hanging this week. The weather is gorgeous. The show is well organized. I’m staying by the wharf, and I have a great view of Alcatraz from my balcony. Again, I digress.


RSA is a huge event for cybersecurity. This means securing apps, databases, networks and digital assets. I’ve attended literally dozens of times. My wife warned me again this week, “don’t you dare come home with any more pens or tee shirts or rubber toys,” meaning the crap all the vendors give away at their booths.

Coming to this show is like diving into familiar waters. Identity and access involve creating accounts for new users, such as “welcome to the company, you may now access the CRM, the expense center, email, the company directory, the demo environment, etc.”  And then comes the authentication and the single sign-on.

I’m still in the identity business, but now I stand one step in front of where I was before. Our tag line this year is, “Authentication is one day too late.” IAM assumes that people are trustworthy enough to provision and allow to authenticate. But how do you know? This is what I do now. At Socure, we help our customers determine that their own customers are who they say they are, and that they should be allowed to get in the door, to access the assets they want, to authenticate.

Applicants ask for loans, credit cards, deposit accounts, and as part of the application they supply personal info such as name, phone, email, address, SSN, date of birth, or some combination thereof. Our machine learning models assimilate this data and render the probability that an applicant is risky or good. We help hundreds of banks, lenders, credit issuers, fintechs and others auto-accept good applicants, reject bad ones, and vastly shrink both false positives (people who might otherwise get rejected for the wrong reasons) as well as the friction people often are subjected to, such as KBA or manual review.

(N.B. We supply what we think is the only good form of friction, document verification that is integrated with our service.)

We don’t provision, we don’t provide SSO. Those are functions of Day One and beyond. Socure helps customers decide who ought to participate in those technologies. We’re Day Zero. You don’t get those accounts, you don’t get to authenticate, until we’ve scored you. Do we like your phone, your email, your address? Do we like you as a whole?

That’s another thing that sets us apart. It’s common in financial institutions to stack up point solutions that treat phone, email, address, and other elements individually. But that forces the institutions to orchestrate all those into a single decision. It also cranks up the false positives, since any single “no” means, well, “no.” And this doesn’t take into account the person as a holistic identity.

To coincide with the RSA show, we held our Customer Advisory Board meeting, during which a selection of our most strategic customers participated in a discussion of our solutions and our roadmap. We very much appreciated the clients who made the trek into the city, especially with the coronavirus having a very, very noticeable impact on travel and attendance at the show in general. These forward-looking individuals aren’t just customers, they are partners in pointing the way toward the future of identity verification.

Anticipating that future helps us avoid being tardy with the best solution at the optimal moment. Authentication is a day too late. Verification is right on time. This is where Socure sits, at the point of origination, before you might let the wrong ones in or keep the right ones out. Let us help you do the right thing at the right time.

Posted by

Jeff Scheidel

Jeff Scheidel

Jeff Scheidel is a technologist with 38 years in software, including 26 years in security solution design. He is the author of numerous white papers on security and regulatory compliance, as well as a McGraw-Hill book on identity, access, database, and application protection. Jeff is an expert on compliance requirements across a number of industries, and has presented at a wide variety of security events.