Playback speed
×
Share post
Share post at current time
0:00
/
0:00

Investing in Digital Identity with Jelena Hoffart

Steve interviews digital identity investor Jelena Hoffart

In this week's episode, I spend over an hour discussing all things identity with digital identity investor and author Jelena Hoffart.

Jelena shares what it means to be an investor in the digital identity ecosystem and how she got into the space. We explore how the major reduction in fintech and crypto marketing spend impacted identity verification companies and what she thinks about Big Tech’s future impact on digital identity.

Jelena frequently writes about identity verification topics on her Medium profile and we dive into her most popular articles like ⁠“GTM in Identity and Fraud: Why Point Solutions WIN”⁠ and ⁠“What Consumers Can Teach Us About The Future of Employee Identity Management and more!

Jelena's episode will give you amazing insight into how venture investors evaluate companies and place their bets.

RESOURCES:

Connecting with Jelena Hoffart

Jelena Hoffart’s LinkedIn: https://www.linkedin.com/in/jelena-hoffart/

Jelena’s Medium Site: https://medium.com/@jelenahoffart

Companies & Resources Discussed

Jelena Hoffart’s articles discussed in this episode:

Mark Settle is the author of Truth from the Valley, A Practical Primer on IT Management for the Next Decade and former CIO of Okta.

Stash is an investing app created to enable everyday Americans build wealth incrementally with small investment amounts (micro-investing.)

Goldman Sachs The Goldman Sachs Group, Inc. is a leading global financial institution that delivers a broad range of financial services to a large and diversified client base that includes corporations, financial institutions, governments and individuals.

Robinhood is a financial services and investing app developed to democratize finance for all. In the US, people can invest with no account minimums.

Revolut is a global neobank and fintech company that offers banking services for retail customers and businesses.

Alloy is a global end-to-end identity risk solution that helps banks and fintechs automate and manage their decisions for onboarding, ongoing fraud & AML monitoring, and credit underwriting.

Socure is a provider of digital identity verification and fraud solutions. Its AI and predictive analytics platform applies artificial intelligence and machine learning techniques with trusted online and offline data intelligence to verify identities in real-time.

Sentilink provides innovative identity and risk solutions, empowering institutions and individuals to transact confidently with one another. The company was borne from a synthetic identity fraud problem the co-founders experienced while working at Affirm.

Affirm is a buy-now-pay-later (BNPL) app. It provides a next generation platform for digital and mobile-first commerce, making it easier for consumers to spend responsibly and with confidence and easier for merchants to convert sales and grow.

Monnai delivers transformative consumer insights infrastructure that enables businesses to navigate the four key pillars of the customer lifecycle: KYC, trust & fraud risk, credit decisioning, and collections. We power some of the largest global digital lenders, financial institutions, and fintech players across the U.S., Latam, India, and SE Asia.

Pierre Dermache & Ravish Patel are co-founders of Monnai.

David Birch is an author, advisor and commentator on digital financial services. He is an internationally-recognised thought leader in digital identity and digital money. In 2023, Birch published an article titled “KYE: Know Your Employees”, which was referenced in this podcast.

Okta is an identity platform solution provider focused primarily on workforce identity and increasingly customer identity.

Hindenburg Research specializes in forensic financial research. Its analysts often look for situations where companies may have any combination of accounting irregularities, bad actors in management or key service provider roles, undisclosed related-party transactions, illegal/unethical business or financial reporting practices, undisclosed regulatory, product, or financial issues. In the podcast discussion, a report on Paypal was referenced. However, the report in question was likely a March 2023 report concerning fintech Block overstating its genuine user counts and understating its customer acquisition costs.

Auth0, acquired by Okta, is a customer identity solution that enables organizations to provide secure access to any application, for any user through a customizable platform. Auth0 continues to operate as an independent business unit of Okta.

FULL EPISODE TRANSCRIPT

Steve Craig: Welcome to the PEAK IDV EXECUTIVE SERIES video podcast, where I speak with executives, leaders, founders, and change makers in the digital identity space. I'm your host, Steve Craig, Founder and Chief Enablement Officer at PEAK IDV. For our audience, this is a video first series, so if you're enjoying the audio version, please check out the video recording on executiveseries.peakidv.com, where you can watch the full episode, you can read the transcript and access any of the links or resources discussed in today's conversation. In this week's episode, I'm excited to speak with Jelena Hoffert. She's an investor, consultant, and advisor in the digital identity space. 

Jelena is an expert in the field of identity and fraud technologies. Most recently, she served as an investor at a global venture capital firm. Prior, she held finance, strategy, and investment banking roles at Stash and Goldman Sachs. I first met Jelena through her thought leadership on LinkedIn. She writes incredible insights on digital identity and fraud tech, which she publishes on LinkedIn and on Medium.

Jelena is a Duck. She's a University of Oregon graduate and is currently based in New York City. Jelena, welcome to the podcast. Thank you for being on it today. 

Jelena Hoffart: Thank you so much for having me, Steve. I'm excited. 

Steve: Well, let's get started. I'd love to learn more about your personal journey, how you got into identity and fraud. Can you share your story? 

Jelena: Yeah, absolutely. I think with everyone else falling into identity and fraud is not a path that we ever expected, but it is a fun one nonetheless. I, like you said, began my career at Goldman Sachs doing very traditional investment banking within, you know, very traditional financial services firm.

From there, I really wanted to start up an operational experience and landed at Stash doing finance and strategy. Stash is an investment app that really focuses on, kind of, middle America and people who have historically been cut out of the financial services sector and who don't get much advice, especially when it comes to investing and trading.

And so, ended up joining the team there and that's kind of when I got my foot in the door in identity and fraud. I joined Stash at an incredibly interesting time, which was right during 2021. So when I joined it was the peak of COVID. Wall Street bets was taking over and everybody was trading. It was everyone's favorite pastime for the first time ever.

And so as a result, I got to see, sort of, the height of the market within a fintech app itself. So we got an incredible amount of users coming into the app and wanting to trade. And one of the big issues that we were facing at Stash is how do we make sure that everybody and every user who's coming in at the top of the funnel is able to seamlessly get through the onboarding process?

And so the product team spent almost a year just working on what is the user onboarding flows? What should we show people? What do we tell people? Why are we asking for their social and things like that that you have to do for KYC. And within that project, I was a partner to them on the finance and strategy side. So doing a lot of the modeling and what was really, really interesting is, as we were digging into why people were dropping out of the funnel, one of the big reasons was actually identity verification. 

And so, you know, even an incremental one or 2% of people falling through the funnel because we couldn't verify them was a big amount when you were multiplying it by how many people were trying to get into the app. And, you know, Stash was relatively small compared to, you know, a RobinHood or Revolute, for example. But when it… over time, it adds up to a meaningful amount of revenue that was lost. 

And so, I was actually looking at the problem from a very top of the funnel and revenue that’s actually lost, because I was a finance person. And so when it came down to it, we ended up implementing some of the leading vendors, Alloy and Socure at Stash. And it was really part of that process and seeing it all the way through. When I ended up on the investor side, I still had a focus on, kind of, these identity and fraud companies.

And when I looked out into the market of what other investors were saying and investing in, I didn't feel like there was a very good acknowledgement of the different type of IDV companies. It was sort of all broadly bucketed into, “Oh, this is regtech and compliance.” And for a lot of people, it was extremely unsexy to invest in these companies. People saw them as, you know, cost centers as, “Oh, we just have to have this.” But I really came from this perspective at Stash that no, if we get IDV right, we can make sure that Stash and every other neo bank is pulling through as many people in the funnel. And that helps everyone, right? We get more money. We're able to get more users, et cetera. 

So, it's a-- from there I ended up writing kind of some of the content that ended up going viral within the small identity and fraud circles and really just got to know a lot of the operators, a lot of the investors in the space and have been really privileged to get to speak with them about a lot of the problems they face, which ends up informing a lot of content that I do write.

Steve: That's great. That's great background. And when you think about that at meme stock time, everyone was coming out of the pandemic, just sitting at home trading and sitting on Reddit and making these bets and trying to ride it. When you transitioned over into an investor role, what was your day to day like? And what does an investor do coming out of the practitioner ecosystem? 

Jelena: Being an investor is an incredibly privileged position. I definitely don't take it lightly. We are partners to founders who are changing the world. And that means everything from being a capital partner, which is the easy part, right? You functionally give them money to grow their business.

But the best investors really think of themselves as, you know, strategic partners to the founders where you're helping them think through these big decisions. So, when do I raise? How do I go to market? Who do I need to get in contact with? And I… so a lot of the job is kind of focused on building these founder relationships.

When you find a company that you think is just incredible for whatever reason, you want to go and get in contact with them. That's always a hard part, making sure they actually want to speak with you, but then just building that relationship and showing them the value of, okay, I can-- I can give you this customer introduction or I can do this or help you this way.

So a lot of the job is sourcing and talking to founders. Then, when you find, kind of, a company that is raising a round and does want to take capital, then it's a long diligence process where you're really asking the difficult questions. You're opening up everything about the business and you're really making an investment case for why should we as a fund invest in this company?

And so it is a very privileged seat and I'm very lucky to get to work with some of the most resilient, incredibly smart founders and help them on their journey-- to, kind of, growing their business and becoming the best entrepreneur they can. 

Steve: Excellent. Well, you're actually the first investor that I've had on this EXECUTIVE SERIES podcast, so thank you very much for being on it. Without going into any confidential research or due diligence that you've done, can you share some of the notable investments that you worked with or the portfolio companies in the mix? 

Jelena: Yeah, absolutely. I worked at a growth stage fund. So we worked with, kind of, all companies across fintech, cybersecurity, and supply chain.

But specifically to this audience, one of the investments I made was into a company I'm sure you all know called Sentilink. Sentilink is a very special company. They were founded by Max and Naftali, who were the one of the first first few employees at Affirm, and so they were actually the data scientists who came across the problem of synthetic fraud, and they, kind of, named it and built a solution for it.

So, as maybe the audience knows here, synthetic fraud is when a person creates a fictitious identity. They apply to get credit and then they're able to usually add themselves as an authorized user to somebody else's credit card and then get them real credit, which then they can open up an account. And so while Max and Naftali were at Affirm, they would go to collect on these people. And as you can imagine, you can never find this person because they didn't really exist. And so it is a part of fraud that, kind of, just fell through the funnel on other people's systems and radars. And, and so they really pioneered that solution and it's one of the leading, kind of, products in the fraud market. So really happy to back them. They're incredible team. 

I also backed a company called Monnai, which is led by Pierre and Ravish. I-- when I looked into the market, I saw that there was this quite a few companies focused on US KYC and it was quite a saturated market. And when you looked at, kind of, broadly and globally, the IDV infrastructure that has built-- been built in the US hasn't necessarily been built in a lot of the other international and emerging markets. And so, Pierre and Ravish at Monnai are building the consumer insights and identity verification infrastructure for specifically India, Southeast Asia, and parts of LATAM.

It's an incredibly hard problem to solve because all of these things and these identity schemas are all very, very fragmented within the market. But they've done a great job of consolidating and giving insights and being, kind of, the first-person fraud and identity vendor that a lot of these emerging markets, neobanks have used and so incredibly noble. They've done a great job. 

And lastly, I've spent a lot of time with the Incognia team and Andre. They're very happy to see their recent fundraise. They have built an incredibly powerful location intelligence technology that they have been building over the past almost 15 years since the founders were in college. And, you know we talked to many customers about them and resoundingly people have told us that the technology is best in class and so really looking forward to seeing what incognito does, as I know that they've scaled very quickly. 

And I think when you look across all of these companies that we've invested in, or been really close with, you see a few things. One is a deeply differentiated product, you know, from Monnai to Sentilink to Incognia. The teams really lead with the product, and that is how you win the identity and fraud market. When people are A/B testing, you want to make sure you're always coming out on top, and they do. 

And the second thing is having deep product experts. And so all of them had a background in doing this from the operational side. And they really can talk to the buyers in this space and the buyers in this space get a lot of marketing mumbo jumbo thrown at them. But when you have a buyer that's-- or a founder and a founding sales team, that's really technical and can speak to the buyers as peers, it's very, very helpful. And that was a lot of the feedback, honestly, that we got on all three companies when we were looking to invest. So very excited to back them and stay close to them. 

Steve: Each of those companies are super innovative. I've been following all three of them. I've just had Andre on the podcast though. So I've got two more founders and CEOs, perhaps we can reach out and get them involved.

I absolutely agree too, with your-- your sentiment around having a founder that deeply understands the technology and the problem space, and that's key to differentiating in this market is putting that knowledge out there. So companies can see what you offer. And how it's going to improve their fraud rates and their capture rates with new customers, so good points. 

When I think about the investment ecosystem in late 2020, as the pandemic started, everyone's working from home and we kind of got an idea of what it was going to do. Like investment really picked up in identity. And then most of 2021, I kept seeing huge fundraisers and a lot of activity. But then into 2022 and then mid-2022, things got really turbulent. I'm curious from your perspective, being, you know, in the investment table, what was the sentiment in 2022 into 2023? 

Jelena: Yeah, absolutely. And I think, you know, you can't look at identity and fraud investing and sentiment without looking at the underlying crypto fintech sentiment.

And so I was lucky to get to have a front row seat at this at Stash and when 2021 really hit, as I said, all of these people were coming into investment apps for the first time they were being onboarded into these apps. People were coming in just so that they could try to trade GameStop and that was probably their only-- their only mission.

But that made the investment and the growth of all of these fintech companies just absolutely go up and to the right. And so as that happened, you look at the knock on effects, which was really identity and fraud exploding as well. Many of these identity and fraud companies earn money per API call. So every single time a user is onboarded, they ping the identity and fraud vendor. They earn, kind of, a dollar or, you know, such in terms of person onboarded or checked. And so as you can imagine, you get a proliferation of consumers into these fintech apps and then you get the identity of fraud companies that are supporting it from the infrastructure side. So they're seeing unprecedented amount of volume going through the app and they're taking advantage of it. 

And so you saw a lot of these big rounds being raised by, kind of, the leading identity and fraud companies at the time. The hard part is now, as we've settled back into sort of normal onboarding behavior, they are not seeing the volumes that they're expected. And investors were truly underwriting these outcomes to that high level of volume of data velocity of customers coming into the app is normal, and of course, we now know the benefit of hindsight it wasn't. So when I think about investing, one of the biggest things that's important to me is a company that isn't indexed to just account creation. You want to get a company that can not only be there at the point of customer onboarding, but also every subsequent authentication. Also, every subsequent payment or, you know, right before I accept an UberEats delivery, for example, like Incognia does. And so looking into the market, I think there's been a much better recognition by investors that there was a point in time high volume that we saw on account onboarding. But now when we're looking at the identity company in the future and who's truly going to win, they need to be able to earn revenue through all the points in the customer journey. Or they won't kind of have the TAM to support a venture backed outcome. 

Steve: A lot of the companies in the identity space, the providers, they're chasing these multiples that look more like traditional SaaS, but they're transactional SaaS.

And so they're beholden to changes in the market, the cyclical nature of growth. And with all these investors pulling back on spending money on customer acquisition within the fintech app or the crypto winter that came there's less transactional revenue to go. 

Jelena: A hundred percent. And that was one of the things I saw firsthand at Stash. I won't name the exact amount that we were spending on marketing, but at the time, our investors in Stash were really pushing us to spend, spend, spend, growth at all costs, you know, multi-million dollars per month were spent into the lead gen funnel, which then went back to support the volumes that you saw all of these identity and fraud companies getting.

So again, as everyone kind of turns to what do we do about profitability, volumes eventually kind of fell off. And, and that's why there's-- I think now a broader recognition of how do we earn money on different points in the customer journey. And mind you, I think a lot of the firms have also said, how do we offer more products in our suite in order to kind of beef up our revenue as well?

Steve: Yeah. Yeah, the other thing that we saw in 2022 into 2023 is more of big tech getting involved in identity. You wrote an article in January of 2023 called “Is Apple the Next Identity Verification Juggernaut?” And I think that went super viral on LinkedIn. When I talk with investors that aren't as in tune with the space, they ask about that.

They're like, “Well, isn't this all going to be owned by Apple or Google? You know, is that a threat?” What was the story behind why you wrote that article and can you share some more of your thoughts around it? 

Jelena: No, absolutely. And I-- I'm always humbled by how large those articles get. But it really started the genesis was me talking to my operator network and saying, “Okay, what do we actually think about Apple?”

I haphazardly wrote down a few bullet points, sent it to my network; they tore it apart, added their thoughts on it. And it was never intended to be an article, but I figured that the thought that we all put into it needed to be put out into the universe. This was also at the time where we're hearing more and more about Apple's foray into fintech. They had the buy-now-pay-later. Of course, they had the deal with Goldman Sachs. And so, I think what wasn't talked about was what they were doing on the infrastructure side. Every single news outlet was talking about what they're doing on the fintech side, and that was very, very well known, but identity was that small little part of enabling infrastructure that they were actually working on, but no one except the really nerdy identity folks here were focused on.

And so I made the mistake of going through the Apple patent rabbit hole-- and there's millions of patents. They really-- they literally file them daily. But that was kind of the only way that you can get a piece of the playbook and what was happening. So spent days and days and days going through and kind of gathering some insights from what the patents that they were, you know, putting out there were saying, and you could truly tell that they were spending a significant amount of time and focus on identity and fraud.

And it's not only to help their own, kind of, fintech ambitions, but it's really to own things like mobile drivers licenses. And there-- from there, you can kind of own the identity wallet, that I know so many of the startups have really chased in the grand scheme of things.

Steve: I'm definitely going to link to that article so anyone who's listening to this or watching it, go out and read it, it's very well done. Can you summarize your position though? Like, are they the next juggernaut? 

Jelena: I a hundred percent think that they have the ability to take down a significant amount of market share in the industry. And I-- so I think that's-- I think that of Apple and Google, by the way, I know that the focus was on Apple for that article, but Google is doing, kind of, the same playbook as well.

I think that, you know, even if I've heard in my day to day, people say, “Oh, you know, Apple's not really a threat” or “You know, it's not something that I'm going to take seriously because it just doesn't seem like it's going to happen in the short term.” And I think my advice to every founder in this space is that you need to know exactly what Apple and Google are doing, or else you're going to miss it when it comes and they're already laying the foundation. 

And when I think about other things that Apple has done, such as their Apple Pay, they've had that forever, and they've really been able to just wait it out. And the adoption was slow and then it hit-- hit escape velocity. And I essentially don't bring a wallet anywhere in New York. I use Apple Pay exclusively.

And so you, you know, that Apple is able to one, wait these things out and get the benefit of timing. And two, they don't need to make money from it at all, and so they have the ability to be a significant issue for players. That being said, I think, you know, Apple and Google getting into this space in earnest is a 5 to 10 plus year, kind of, time frame. They obviously first and foremost are going to use their own identity and fraud, kind of, capabilities for onboarding their own consumers into things like buy now pay later, which Apple just launched themselves.

And so I don't think that, you know, in the next 2 to 3 years, people can expect Apple is going to be selling their identity and fraud into Goldman Sachs bank or JP Morgan or any of that. But they own the front door to your phone, they own the front door to pretty much all of the US consumer market. And, by the way, they own access to all of these apps so it would be very easy for them to, kind of, embed any of their solutions into the onboarding that we see in the apps. I already use Face ID to open most of my mobile banking apps. And so I can foresee a future where we're doing that is with, kind of, Apple's identity and fraud infrastructure.

And so it's a significant threat. I think everyone should take it seriously and-- but again, I think it's a much, much longer term kind of time horizon for it to play out. 

Steve: Companies like Apple or Google or Meta or Amazon or any of the big tech companies, they can play the long game because they have this war chest of resources and sometimes more cash than where they know where to put it.

I was working at a solution provider back when Face ID launched, when the iPhone 10 came out and it had that. And I was fortunate to have a conversation with someone who was a face biometrics authentication platform, it was the founder and CEO and I asked him, “Hey, is this going to be a threat for your business? How do you look at it?” And his perspective, even leading up to the announcement, was that it validated a use case for them and that they had more interest in demand that they'd ever had because Apple came out and said, “Hey, this is something that we should pay attention to and they rolled it out.” And so I think maybe there's potentially a tailwind to help companies versus just like a headwind.

How has your perspective changed? We're now in spring of 2024 and that was January ‘23. Yeah. Do you feel even more bullish on Apple than Google? What's your-- what are your thoughts today? 

Jelena: It's a good question. I think anytime you're putting out some of these longer term forecasts, I think you can tend to see them in your head as happening more quickly than is really going to make sense.

I think, you know, today Apple has about four-- four or five states live with mobile driver's license. I'm sure that they wanted and expected much more-- but these things take a lot of time, especially working with DMVs. I can imagine the pain going state by state level. Mind you, there's some states that could say, you know, we hate big tech; we hate Apple all together. We won't work with them. I'm not privy to any of those conversations, but I could see that happening in theory. And so, I always try to thread the needle between long, long term forecasts and what's happening now because reality is, is there's a lot of these identity and fraud companies that are kind of at this threshold where they could go public in, kind of, the next couple of years And likely Apple is not the biggest threat to them, kind of, through that process, but it's certainly something that credit bureaus and these emerging identity fraud companies need to think about in the long term.

But yeah, I'd say I'm more bullish than ever but the timeline I think is just the key to all of this. Again, it's medium to long term where this is really going to hit its big velocity, just like we saw with Apple Pay.

Steve: Yeah. The other long term thing that comes up in my conversations with investors is digital identity standards in different countries. And whether that be like what the European Union is doing or things that we're seeing in Canada or Australia. What's your perspective on the digital identity and identity verification market being solved by government versus private sector?

Jelena: I think the correct answer will vary wildly by country and geo. As you know, in the US we tend to let private companies do everything. And so while I know that there is incredible leaders within the US government who are focused on digital identity, I got to imagine that Apple is really kind of the way in which it happens here in the US. 

Apple and Google will probably own it with the cooperation of governments-- state, local, and federal governments. But in these other locations, Estonia, for example, you have the governments really, kind of, setting the policy. There's, you know, in taking the lead on what it will be. I think eventually we'll need an orchestrator who's going to look across all of these digital identity schemas that develop localized government-- in geo wise, and we'll need to kind of bridge them all together. 

And so, as I think about it, it still leads to big tech being one of the, kind of, leaders who's going to be able to have the wherewithal and really the resources to say, “Okay, we can work with the UK, we can work with Estonia. Like, we have customers in all of those geos. And we have a reason to want to understand and get access to their identity documents across these different geos.” 

And so I really think that it'll be very much either private or public led, depending on geo, but you'll have one person or a couple people, probably big tech and big media, that's going to put them all together and make it an interoperable solution that can be used seamlessly.

That will be the key, and I think that is also a long time coming, but that would be the ultimate solve of identity. Because as you think about it today, companies that-- in fintechs and financial services companies that work across all of these different geos have to patch together all of these localized vendors. There's a ton that are focused on US, but as soon as you start, kind of, adding in the European Union and other parts, there's different identity and fraud vendors that you need to layer on, and it just gets extremely complicated. So, very, very long term, I think that there is an interoperable, kind of, orchestration layer that will be built. And I think big tech has the-- one of the best chances at doing so. 

Steve: Yeah, the patchwork of regulations, this fragmentation of technology, that interoperability problem is a challenge to being able to solve the problem going across borders. Like, if different countries are on different standards, then we as consumers, I don't think we want to have a bunch of different apps, you know, a different wallet for every scenario. I think that defeats the purpose. 

One of the other things I've been seeing in the last 6 to 9 months, maybe a year, is more on this topic of workforce IDV. Dave Birch talks about this as ‘know your employee.’ I saw you had teamed up with Mark Settle, the former CIO for Okta, and you jointly wrote this article, “What Consumers Can Teach Us About the Future of Employee Identity Management.” What role do you think the enterprises and workforce use cases have in, to evolving the broader market? 

Jelena: I think it's a really interesting question. And I was really humbled to get to work with Mark Settle on this article. Mark is a legend. He's a seven time CIO and he was the CIO at Okta when it went public, which as we all know, Okta is a $17 billion company, publicly traded company that focuses majority of its time on workforce identity.

And when I think about it, I think about companies like Okta as, sort of, the legacy, kind of, incumbents in the market. And I think about consumer identity is the next wave, the innovative young scrappy startups. And when I say, kind of, workforce identity, I mean, how does an employee get onboarded into their organization and how do they-- you think about-- you know-- the authorizations that they have.

Whereas consumer identity, I think about that as how do consumers, as individual people, get onboarded into apps and financial services organizations is obviously, kind of, the biggest use case for consumer identity. And so when Mark and I came together, we knew that we wanted to write a paper that explored, kind of, both of our expertises and, sort of, the intersection between them. His is obviously workforce, mine was consumer, and we had a lot of conversations. He's a great person and mentor, but I think what it came down to it, is really this fundamental difference between the two spheres. When we think about consumer identity, it-- the optimal amount of consumer fraud is non zero.

And so, I think about this like PayPal. PayPal actually had a huge short-- short sell report from Hindenburg that came out that said, PayPal is onboarding, you know, millions of illegitimate users. But when you think about it from PayPal's perspective, that's actually a feature, not a bug. They want to do that. One, if they're onboarding more and more users, It looks like their company is growing well. It's better for the-- their vantage point in the public markets. But if they're 80% sure that a consumer is who they say they are, they're going to say, “Yeah, I'm going to just take the chance because the revenue that I can get from that consumer outweighs, kind of, the risk that there might be.”

Sure, they can do things like step up authentication. But if I'm doing step up authentication, I'm typically doing document verification where I ask for a selfie, and a passport, and then you're making the consumer go out and dig out those documents and do it-- and so there's a lot of drop off associated with it. The goal of the consumer identity is to get people through the funnel as fast as possible with the lowest friction possible. And they're okay if some of them are illegitimate users, that's just the nature of the beast. 

But then when you look at workforce identity, and really Mark Settle's world, his role as CIO is to make sure that every single employee that's onboarded only has… well, first of all, is who they say they are, but second of all, only has access to the resources and the databases that they should.

They want to make sure that that person can't steal data that they shouldn't get access to, can't manipulate data. And so it's a much more locked down, zero trust architecture, which makes these two things, you know, fundamentally different. From that you're able to see that on the consumer side, there's been a lot more innovation that's happened because they weren't built into these really strict trust regimes, and you're seeing, kind of, all of these things develop. So Face ID, passkeys, mobile drivers licenses that they're able to kind of take advantage of. 

But when we look into the future, especially with employee, you know, workforce identity, there's a lot of these new technologies that have been developed on the consumer side that are actually quite applicable to the employee workforce side. And so, I had to look into the future. I'm sure that Okta is going to make a play into consumer identity. I'm sure in the next few years, there'll be a lot of these KYC companies that are up for sale, just given market saturation. And, you know, candidly for Okta, it would increase their TAM by incredible amounts, if they're able to, kind of, pivot into consumer identity. And so M&A is the way for them to do that, just like they did with Auth0. 

Steve: The consumer is all about choice. The employee, they're working, they want a paycheck, it's like, you take the job, you take the tech or not, you can't say, “Oh, sorry, Mr. and Mrs. Employer, like, I'm not going to use your laptop. I'm not going to use the security framework like that-- that doesn't work.” 

In your article, you described, really eloquently, the components of a modern identity stack -- proofing, authentication, and authorization. And you talked about potential TAM for Okta to go more into the consumer proofing side. How do you see the convergence happening between, you know, on one side, consumer innovation on the other side, the employee centric verification?

Jelena: Yeah, absolutely. And I think this is one of the biggest things that Mark and I came out of this entire process and market mapping of saying there is, you know, operators, investors, founders who are really focused on one of those spectrum and not the other, even within investing, consumer identity companies tend to fall within fintech teams, whereas on the employee identity side, that tends to fall into more cyber security and software teams.

And so you had all of these people who weren't looking at the vendors, kind of, on the other side. And so we were able to kind of look across both of those lenses and see that there's a lot of convergence here. So we call out that proofing, which is essentially how do you get into the organization or the app is very fundamentally different between consumer and employee. Obviously, a consumer, you're either just checking-- do they have a, you know, a social media profile that we can use to log into or their Google, all the way up to the most technical end of the spectrum, which is do they have the KYC factors for onboarding into the neobanks or the financial services institutions?

But employees, as you know, go through a robust background check onboarding to get into the app. But then once you're into the app, there is a lot of technology that's been developed just for authentication. So it's right before you went into the app, how do you make sure that the person is who they say they are? You've already verified them once, but this is that secondary check and all of that technology is essentially commoditized on both sides. And, you know, there is a big opportunity for these vendors who are, kind of, operating in that convergence point to say, “How do I cross sell the technology I already have into these other markets?”

And so that was kind of a big thesis point that came out of writing the article. And then, of course, kind of the final piece of the stack is authorize-- authorization. So when a consumer or an employee is already, kind of, in the system, what parts of the system do they have access to, or how are, kind of, they operating within the system?

So for employees, it's obviously really-- obviously really important because you want to make sure that, you know, your finance person isn't regularly checking HR records or your engineer isn't getting and editing, you know, the data science stuff and whatnot. And for consumers, it's more about like, on the platform are you posting, you know, fake media, fake news, things like that, or are you taking advantage of-- kind of, you know-- are you taking advantage of being able to-- or are you taking advantage of like payment things that you shouldn't, like, are you doing essentially fraud? And, and so we spent a lot of time kind of looking at each of those segments, in particular. 

Steve: Yeah, I've worked in employers where once you're in the system, you have access to everything. It's just trust for the employee that they can access all different systems. And then I've worked for others that are much more locked down, and there's actual authorization processes for you to access specific technology.

Now, this article you wrote with Mark was September just this last year, 2023, and you made some predictions. Can you share some of those predictions? And again, I'll link to the article, but I'm curious, which might already be manifesting. 

Jelena: Oh, absolutely. Mark and I keep track of all the passkey announcements that happen via email. We… so usually one a week it says, “Oh, you know, here's the latest company to come up with passkeys.” Which again, is one of these, kind of, consumer developed parts of this stack that you've seen adoption into the enterprise. The other one is Okta just came out a few months -- or a few weeks ago now -- with their own, kind of, fine tuned authorization product.

And so you see Okta doing what's really obvious. It's just trying to get through all parts of the stack. And Okta, for example, is kind of eliminating each of the point solutions in those individual stacks and trying to say, we'll be all things to all people. We might not do it super well, but we will really try to do that.

So, it's a-- it's a really fun thing that when you're making forecasts to see if they're-- they come into fruition or not. 

Steve: So really good segue into one of the last articles I want to cover, which is your most recent one, which is the go to market and identity of fraud. “Why point solutions win.” And I love this topic because I often get asked this question too, when I'm speaking with investors, again, that don't have the level of experience and insight that you do, they're like, “Well, why would I choose this versus that when it comes to a best-in-class point solution or some other platform play?” Can you highlight the three categories that you discuss in this article?

Jelena: Yeah, so first I'll just talk about, kind of, the genesis of this article. And like you said, it is the number one thing I get asked by other investors. It's, you know, I want to invest in a generational company that has a huge TAM and has really a big platform from which they can grow. And I completely understand that in every other category, that is also my approach.

But identity and fraud is so different, that there isn't a one size fits all approach. There isn't a, “Okay, i'm going to get, you know, this platform and I'm done. I don't need to think about identity and fraud -- it's solved.” If anything, identity and fraud still is one of the most unsolved pieces of technology ever.

And it's going to get worse with deep fakes, AI, real time payments -- it's scary. But so when I think about, kind of, the three categories within the go-to-market of identity and fraud, you really get three things. 

One is these best-in-class point solutions, and these are people who are going to market and saying, “I am the best at synthetic fraud,” for example, with Sentilink. They're saying, “You know, I may have KYC and some of these other things, but I really, like, you will find no one better when it comes to A/B testing than me on synthetic fraud.” And, you know, all of these parts of the stack are so hard to solve that it is comforting to vendors-- or to buyers when they say, “Okay, all of the resources of this company is going into one specific piece of the stack and solving that.” So that I know is as fraudsters innovate, like, they are really attuned to the changes and I'm protected proactively. 

The second, kind of, piece of the stack is these vertical based platforms. And so, these are platforms that have the breadth across all of the point solutions. And they-- they're the one stop shop approach where it says, “Okay, I have synthetic fraud, I have KYC, I have document verification, you can get everything here.” And they tend to go after, kind of, one vertical, mainly financial services or gaming, or e-commerce. 

And then, kind of, have the middle approach, which is orchestrators. And these are companies that they don't really build anything in house. They plug into all of the point solutions and some of the platforms and say, you know, “You as a fintech can choose to integrate one time with us, and then you'll get access to all of the different integrations that we have.” Which is really helpful, especially when you are looking at smaller fintechs, because they don't have, kind of, the engineering team to really orchestrate and really spend time doing all these engineering integrations. So it's, kind of, the easy hack for some of the smaller vendors-- or the smaller buyers in the space. 

Steve: When I double click on best-in-class point solutions, there are a lot of companies you had mentioned that-- that there are a lot of different companies that could do KYC, there's different companies for documents, et cetera. Not calling out any specific companies that you've already mentioned, as an investor when you've looked at companies and when you're doing diligence or you're getting to know them, do you sometimes look and go, well that seems good, but that's more of a feature versus a whole company.

What's your perspective on how you decide, like, can this be a standalone business versus should they just be a signal in the stack? 

Jelena: Absolutely, it's still one of the most important things that I think about. And of course, there is the investment case for best-in-class point solutions. But when I look across the point solutions, there is definitely pieces of the stack that are technically harder to solve than others.

I will just, kind of, name and shame KYC in the US. That is something that, you know, is commoditized, the data is there it's a… well, KYC isn't solved, but US KYC, the data is there; and, that's not, kind of, a differentiation or there's no moat around that. But there is parts of the stack where there's less competitors. Obviously location intelligence and synthetic fraud, where I have made investments or attempted to make investments are one of those categories that are more differentiation-- differentiated; there's a moat around them. So that's more important. 

And the thing I look for is the ultimate TAM size or revenue potential. One of the hidden secrets of this that I don't think a lot of people that aren't close to it realize is that even one of these point solution vendors can have ACVs and contract sizes up into the double digit millions. Which is incredible because as you're thinking about enterprise software comparables, that would be a best-in-class ACV amount. And you can get that with a point solution here instead of an enterprise software platform. And so that's how I really think about it is how do they earn revenue and how are they able to, kind of, drive up these ACVs. 

Obviously focusing on enterprise side of the market, you get larger ACVs, but this is also when it comes back to a lot of these companies in the stack have been only indexed to account onboarding. So if you are a part of the stack, like Incognia, that does, you know, authentication payment and right before discrete pieces of time, you can earn more and more API calls volume, which equals more money. And so it's less about the… you know, is this just a signal in the stack of… like people-- this is so powerful that people will pay for it many different times per customer, many different days of the week and that gives you the size that you need to be a truly investable category. 

Steve: The other secret out there is the big companies, if you reference PayPal as one, they purchase multiple signals. So they're not just using one particular document signal or one particular fraud signal. I think in the last few years, five years, 10 years, we've seen this rise of orchestrators. Some organizations decide, “Hey, I'm going to just-- could make connections to all of these different signals and do it myself.” And then some move into an orchestrator. What do you think from a buyer standpoint is driving those decisions? Like how they would pick one over the other? 

Jelena: No, absolutely, it's a good call out. When I was initially doing a lot of this research that, kind of, blended to some of the first articles that was the thing that stuck out to me is I was talking to all of these buyers and they said, “I'm using 10-plus signals in companies to really orchestrate my own, you know, tech stack that's blended with all of these different things. And it really is customized to the end vendor.” But when I think about, kind of, the orchestrator versus building it myself-- really comes down to the size of the buyer. The largest banks in the world tend to be picking these individual best-in-class point solutions, A/B testing it, trying to figure out if it works within their stack and there's a discrete uplift and they have the engineering resources to, kind of, do these things themselves. Obviously, as you think about it, they're the ones who are most exposed to fraud and compliance fines anyway. They always make an example of the big banks. So they have to be very, very, careful with that. 

But, you know-- and we used, you know, Alloy at Stash, where it was very, very helpful for when we were first thinking about how to solve IDV to get access to, kind of, all of the signals and have that as the starting base, especially when there was only, kind of, a handful of product managers and engineers focused on solving identity and fraud for a pretty large fintech, but still on the smaller end of-- the side.

So it definitely comes back to capacity resources, but the biggest learning that I've had is, kind of, every time we've seen people say, “Okay, I'm just going to have this one stop shop approach,” they always have a massive fraud event. And they always come back to that's not actually the best way to do identity and fraud.

I've seen it time and time again, where, you know, you lose quite literally $20 million overnight to a massive fraud attack. And you say, you know, the head of fraud is like, “What the heck? I used exactly what the market told me I should be using, and it wasn't good enough.” And, you know, it's-- identity and fraud is not solved; it will never be solved. And, you know, you have to just do is layer, layer, layer as my friend Tobin from Stash says. And if you layer more than the next person, the bad guys will go there. And that's true; it's so true. And that's what we see time and time again.  

Steve: Yeah and that same article, you talk about the head of fraud role and this other secret in the industry where heads of fraud don't last very long. When there is a big fraud event, they're often terminated. Like, “hey, you didn't do your job correctly.” How has this story played out and how does it continue to play out? 

Jelena: Well, when you think about, kind of, the head-- or head of fraud role as it's developed over the past 10 years, like that was usually a role that was, sort of, reserved for the largest banks. You know, there's not that many of the largest banks. So it was a quite specialized person in that seat. As fintechs developed, a lot of the fintechs learned the hard way that, “oh, crap, I need someone to do-- focus all their time on fraud, risk, and identity.” And so you've got, sort of, these best people at the moment for these types of roles as all of these neobanks and fintechs were developing, and you know, they chose the best vendors that they could at the time, and they ultimately were on the line when things went wrong.

And so now you're seeing-- you only need one time of losing $20 million overnight for you to realize that you will pay as much money for the best head of fraud who really, really understands the problem deeply, is a deeply technical person. You can lose $20 million overnight, or you can pay, you know, $1 million or whatever for this head of fraud risk. And that's a lot, lot better ROI for you to do. 

And so you're seeing this massive specialization in the role. Really this best talent develop-- and, you know, they can set their price because it is so important for the bottom line for those to do that. And, the knock on effect of as you're getting more and more technical people into the role, people are really-- those buyers are really, really specialized and they want you to show exactly the uplift. They want to do stringent A/B testing. Like they're making these really, really technical buying decisions. I have a very good friend who's a buyer in this space and one thing he said to me is, “You know, I've heard all the marketing mumbo jumbo from all of these vendors and it's all BS. I just-- just show me the evaluation and I will do the technical evaluation. And that I don't need to know anything from your sales people other than that. Just, you know, show me-- put up or shut up” is really what he said. And it's so true, there's a lot of the first to market identity and fraud companies led with the marketing of, “oh, we can do this, we do this.” And as the buyer gets more and more technical, they're really seeing through that and buying decisions. 

And, you know, again, as those big fraud attacks happen, people will go back to their stack and they will take out the platform approach and they will put in those best-in-class vendors. And I've seen it time and time again. 

Steve: Yeah, it certainly is a common theme in the podcast speaking with guests about the messaging in the market, you can increase revenue, you can reduce fraud, you can reduce operating costs, and it's all the same. You go to a trade show, and every booth has some spin on that. You go to websites, and it's all very similar, but getting to that-- that test-- that data study, or that POC, or that trial, that's tough. How do you stand out? Like, I'm curious when you speak with your portfolio companies or if you were to speak with more buyers, like how can a company stand out to get to that first stage to prove the value?

Jelena: It is a very good question. It's a very good point. Getting to the point where these banks are going to let you integrate with their data or even do these technical evaluations is, sort of, like middle stages of the buying process. And there's this you know, cultivating the relationship that comes before it, and so it's really difficult. 

I find that some of these-- the companies I've invested in or wanted to invest in, the thing that unites all of them is that they actually don't have big sales teams. It's a founder-led sales a lot of the time, because if you're thinking about it, like the largest banks want the startup founder in the room and really they're doing the best selling. And so that's a really big part of it is getting those founders in front of it. 

Also a bank is looking at these startups and saying how do I know you're going to be around? I need to have faith in you if I want to select-- if you're ultimately going to, kind of, win the bid. So it is a very very difficult process to sell into a lot of these large banks. And it takes multiple tries, honestly, finding the right person, the right team, the decision maker, hoping they don't leave. It is a process that I wouldn't wish upon my worst enemy, but once you're in the stack, you are locked and loaded and you are usually pretty sticky if you're a best-in-class point solution, and you're hard to rip out. And so, it's try, try, try again, and, you know, to my point about massive fraud, a lot of these companies I see-- have talked to-- these fintechs time and time again, and it's not until they experience a fraud event that they go back to them and they say, “Wait, what were you saying? Let's actually try you out because now I have nothing to lose.” So it's that continual sales process 

Steve: The buying experience if you're in a head of fraud role and you're trying to evaluate solutions and then there's a fraud event, you need to fix that fraud event. But then if you lose your job, then the solution provider now has lost their point of contact and there's this reset, I think it makes it pretty challenging. This is really good insight. 

Well, Jelena, we're coming up on time before we wrap up, I'd really love to hear your perspective on the identity space and how it converges with something you brought up earlier, which is the rise of AI, generative media, deep fakes. Like how do you see the next five years unfolding in our space? 

Jelena: Yeah, honestly, I think this is the most interesting time to be a founder, a, you know, advisor, consultant, or an investor in this space. I'm so excited for what comes next, but that excitement is also a little bit scary, as we think about it.

And this is kind of… I think a good, good ending to it. All of what we've done in identity and fraud so far, I think will be completely rewritten in the next five years. If I had to look into the future with my crystal ball, I think we will completely throw out KYC and a lot of these credential based identity schemes.

Because the truth of the matter is my credentials, your credentials, they're all available to buy on the dark web. Someone has already stolen them, leaked them, put them for sale. I can buy an opened Robinhood account for $150. I can buy a pass-- a fake passport with my picture on it. All of that is just low levels of it's-- it's already kind of gone away in terms of what we think about next.

When I look into the future, there is obviously AI is making it much easier to conduct fraud at scale. When you even think about just like, dating, dating fraud. Now you can essentially just plug in responses to Chat GPT and have conversations with many potential victims. You can use Chat GPT to come up with, you know, things to do credential stuffing or okay, a company in Chicago with medium size, what could be a password for somebody who's a CFO there? Like it is just scary. 

And then you've got obviously the problem of deep fakes. I've already seen in the last six months, the quality of deep fakes are already making the leading document verification obsolete. And it's really scary. I'm-- I thank God every day-- I'm not a public facing person. Because, you know, any CFO that has publicly available, you know, transcripts of their voice, all of that can be duped into doing wire transfers. You know, the callback that we do for wire transfers is just talking to a CFO, which now it's duped. So there's a lot that AI has completely disrupted. The ability to conduct fraud at scale, the ability to use AI to really decimate a lot of our step-up verification tools that we have today, like document verification.

And then I think the even scarier part is eventually we're all moving to real time payments. Plenty of geos have already done it. But, you know, really the point that holds back faster payments is identity. We functionally can make payments as fast as possible, but we don't do it because it's so hard to verify that person on either end. So when we're looking into the future, not only are we going to have to verify people but we're going to have to do so instantaneously because I'm about to have the ability to move millions of dollars irreversibly, and it's-- it's really, really scary.

So when I look at all of that, I think the best chance that we have for rewriting our identity verification, kind of, schemas and all of our techniques to date is to look at a solution that isn't necessarily PII based, or so you don't have to put in your name, date of birth, Social Security number, that's easily hackable. You don't have to put your face in there, but it's using something else about us. You know, little bit of a, you know, pump up for Incognia. I think that they have one of the best technologies that I've seen to replace it using location intelligence where they don't know that I'm Jelena, but they know that, you know, I'm in my apartment, and that's usually where I make transactions.

And so they can, kind of, follow me on a map to make sure that I'm the person that I'm supposed to be, but they don't actually know who I am because they don't hold any PII. So, we'll see how all those things play out, but I think it's really fascinating time to be interested in this space. And I would say that identity is literally everything. It underpins all of technology, all of fintech, all of banking, all of payments, all of e-commerce.

And there is no doubt several, you know, $100 billion plus identity outcomes that are going to be built in this space. So I'm excited to help them and invest in them. 

Steve: Identity is so fundamental to the human experience. And when we talk about artificial intelligence, really making it so we can't believe what we hear or see, and we're all interacting digitally, it's very scary, I agree with you. But then there's opportunity to be able to forge a new path and make sure that we do protect people from scams or fraud or being duped by deepfake. So it's thank you-- thank you for sharing. 

We're at time, before we close out, if you've seen any of the episodes of EXECUTIVE SERIES, I like to go a little bit further than the LinkedIn profile just to share more about the person behind the press releases or the Medium articles.

I'd love to hear what you do when you're not writing or researching or investing. Like tell us more about Jelena. 

Jelena: Yeah, well, I grew up in Portland, Oregon, so I am a very outdoorsy person, despite living in New York City now. So in the summers when I was still in Oregon, you could always find me on a hike going and literally searching for waterfalls because there's so many there. Today that looks like going to Central Park and taking a run around the Loop and things like that. But, yeah, I'm a pretty average New Yorker where I like to go to Central Park, run and then try the best foods that New York has to offer. So, I'm always eating my way through the city. 

Steve: That's great. Well, you need to-- if you're eating through the city-- you need to be able to run or jog or walk or stay active out there. 

Jelena: Exactly. Exactly. 

Steve: Well, as, as we wrap up today, what are some of the conversations you'd be looking to have from those that are watching or listening in any particular projects or focus areas that you'd love to chat with people about?

Jelena: Absolutely. If you are a founder and you're kind of building in any of these spaces, especially as you think about AI and real time payments and how it's going to impact identity, definitely shoot me a note. And then for the kind of later stage companies, as they're thinking about how do I think about Apple and all of these things and all of the potential, tailwinds or headwinds to my space, Definitely also drop me a line.  I'm available at Jelena.Hoffart@gmail.com. You can find me on LinkedIn. You can find me on Medium. And, yeah, I'd love to hear from everyone. 

Steve: Great. Well, I'll be sure to put the email address and your LinkedIn profile and your Medium site in the episode transcript of resources.

Jelena, thank you so much for taking the time to speak with me on the podcast. I learned a ton from your perspectives and I continue to when things you publish, so thank you. And I look forward to seeing what you do next in the space. 

Jelena: Thanks, Steve.

0 Comments