From online retailers to any time you book a train, holiday or rental car, web users are being asked to create more online accounts than ever before.
In almost every case, personal and financial details are shared, with only your password and the company’s promise of security protecting your data.
However with the last 24 months seeing tens of millions of customer records exposed at companies including LinkedIn, Adobe and Evernote to name but three, that promise is looking continually harder to keep.
Irish authentication start-up, Sedicii, hopes to solve this recurring issue. "What our product does is essentially prove that you know something without the need for you to actually disclose it," says company CEO, Rob Leslie.
“A typical case would be logging on to a travel website,” he says. “Today I type in my username and password, that information gets encrypted and sent to the website where they do a comparison and if the comparison matches what’s stored against my identity record they say ‘okay we’re happy to let you in’.
“We essentially change that process so the password information never gets sent to the website. Yet we’re still able to prove you are who you say you are through some very clever mathematics.”
Notably, with Sedicii on board, he says, it means that for cybercriminals there is "nothing to intercept and nothing to steal on the server end".
Leslie first came across the concept two years ago, when reading a feature about researchers in the Digital Enterprise Research Institute at NUI Galway discussing new findings in the area of authentication.
He rang up the university, met the two researchers behind the idea who told him “they’d be very inclined to progress the technology” and began working on commercial prospects. With NUIG retaining a stake in the company, Sedicii has been given free rein to develop the technology and bring it to target markets such as retailers, airlines, financial institutions and government agencies.
In addition, ahead of a presentation at the “hugely important” Bank Innovation 2014 conference in Seattle next month, the company is currently working on a “product demonstrator” for credit cards which will “mean that retailers and merchants don’t need to store your credit card numbers any more”.
“There should be no need for credit information to be stored anywhere other than the issuing bank,” says Leslie.
With banks and a number of online commercial entities now using two-factor authentication – while the possibilities of biometric identification technologies continue to develop – the Sedicii co-founder is keen to add that the technology isn’t entwined with password-only processes.
“We’ve deliberately taken the approach that we should be agnostic to what happens on the client side.
"If a firm wants to have a keyboard-entered password they should be able to do that and the same for a biometric or two-factor authentication. Any form of identifier, we don't mind what it is, our technology will interface with it."
Readying for market
Leslie and co-founder Richard Cody – whose background lies in business development – are "full on at the moment" trying to raise capital in the region of €500,000 to get the product fully ready for market.
The pair recently finished a stint in the London-based Oxygen Enterprise Partners start-up accelerator programme, which brought €28,000 in seed funding alongside mentoring and meetings with “high level” possible clients, while a further €25,000 was raised in funding last November.
Alongside a current base in the Arclabs Research Centre in Waterford, Leslie is hopeful a London office will soon open to allow for sales into the vast financial services sector based there, with plans to "extend further afield to continental Europe and the US very quickly" as well.
Planning to create “employment in the range of 30 to 50 people” within three years throughout its proposed network of offices, for the minute, Leslie and Cody will focus on wooing potential clients.
“The big thing from their end,” says Leslie, “is there won’t be any need to convince their customers” towards any new technology.
“For customers,” he says, “you see absolutely nothing differently.”
“People resist change,” adds Leslie, “with our idea, they would still be asked to type in their username and password just as they are today but what’s happening behind the scenes inside the browser and between the server and the browser is completely changed.”