Interview with John Zurawski, Vice President of Sales and Marketing at Authentify

John Zurawski has more than 20 years of experience in computer software, Internet and high technology.

He has held prominent positions for the analytical software firm SPSS, Inc., the scientific computing firm Numerical Algorithms Group, and the visual search technology firm ditto.com. He fills Board Advisory positions for Photofete, Inc, and Numerical Algorithms Group. Mr. Zurawski has a B.S. in Biochemistry from Loyola University and is an avid sailor.

Currently Mr. Zurawski is the Vice President of Sales and Marketing at Authentify.

Introduce Authentify. When was the company started?

Authentify was founded in December 1999, primarily to provide a real-time registration confirmation tool. The company Chairman, Jim Woodhill, felt that there was a significant gap in the security for online registration. Many security practices rely on easily compromised information, or end at the computer keyboard as opposed to getting to the person behind the computer.

Authentify|Register “provides an organization with a crucial layer of security for any online process”. Introduce it’s features.

Authentify provides the only way to interactively make out-of-band contact with the actual user of a computer in real-time, that also permits the use of biometrics with no software or devices required on the client computer. The heart of the process is the ability to synchronize an automated outbound telephone call to a Web session over the Public Switched Telephone Network (PSTN). Once the telephone call is placed, the Web session will respond to voice prompts made over the phone, or the voice prompts can be tailored to respond to what has been entered on the computer keyboard. Using the PSTN offers a powerful audit and data trail. Telephone billing information can be compared to any registration information provided over the Web. Additionally, a voice recording from the user can be required and captured as part of the process. This is a powerful deterrent to online fraud.

What are your main business goals for this year?

Authentify has gained 14 customers since the first release of the service in April 2001. We would like to continue the trend of adding a customer a month.

Which challenges do you face in the marketplace? What do you see as your advantages?

The marketplace is challenging. To use a metaphor, it’s difficult to sail faster than the wind, and the economic winds are not blowing particularly hard right now. It’s also a challenge offering something new and different. Many firms do not want to be the first in their industry to try something new.

On the other hand, consumer acceptance of our combined Web and Telephony process has been very high. The Public Switched Telephone Network is widely deployed, stable and people know how to use the telephone. These things work in our favor. An Authentify customer need not develop or support a totally new infrastructure to gain the extra layer of security.

What do you see as the main problems in online security?

There are a number of challenges facing the security industry, but if I were to point to any specifics, I believe many organizations begin to feel more secure than they really are. Some of companies you would expect to be well prepared and understand the importance of security, are victimized right along with everyone else. AOL has just had a security problem potentially exposing confidential user information, the auction sites get victimized it happens to regularly. Another challenge is attempting to justify the expense of tight security in terms of return on investment. That’s a bit like measuring the return on your car insurance. It only pays off when your car is wrecked or stolen.

There’s been a lot of news on identity theft lately. How big would you say the problem is?

Identity Theft is certainly the fastest growing crime in the United States. I suspect that’s true on a worldwide basis. The risk reward ratio is skewed well in favor of the criminal. If you think about it, there’s much less risk than walking into a bank waving a gun around. The amount you can steal is often higher than your average bank robbery as well. After all, you don’t want to just steal someone’s credit card or bank account and use that, you want to steal their information and open a dozen new credit cards in their name and use those. In difficult economic times, I suspect the problem will get worse before it gets better. Much the way air travellers have accepted tighter security at airports for their safety, I believe online users will come to accept a few more authentification steps when using online services as they become more aware of the risks to their financial well being.

Do you see the disgruntled employee or the outside attacker as the bigger threat to a company?

That’s a difficult question to answer. Unfortunately, the disgruntled employee has access to information and may know a bit about security policy and practice. It may be easier of them to circumvent security practices. Many information security breaches are perpetrated by “insiders”. An insider may, however, be after something specific. An outside attacker, on the other hand, may break in and blunder around your system causing collateral damage in an unintended fashion. Either way it’s bad.

What are your plans for the future?

Security is a process, not a single event or technology. In our existing offerings, we can layer a number of different security elements into the interaction with the end user. These include speech recognition, voice biometrics, telephone provisioning and various geographic relationship measurements as well. We will continue to add technology layers that enhance our core offerings and deliver value to our current and future customers. Biometrics in particular is an area that holds considerable promise for us.

Imagine using your telephone to register for a credit card and having the voice biometric collected during your registration embedded on a chip in the credit card. Our technology can help the smart card vendors achieve this, and the average credit card holder would enjoy considerably more credit protection. That’s certainly one thing I’d like to see in the future.