FEATURING: André Ferraz, Co-founder and CEO of Incognia
In this episode, I speak with serial entrepreneur André Ferraz, Co-founder & CEO of Incognia.
André shares his journey in co-founding the innovative location identity company and how combining exact tamper-resistant location and device intelligence prevents fraud. As a pioneer in zero-factor authentication, he discusses the difficulty of catching fraud outside of the US, and some of the attacks he's seeing out in the market.
RESOURCES:
Connecting with André Ferraz
LinkedIn: https://www.linkedin.com/in/andreferraz/
Incognia: https://www.incognia.com/contact
Companies & Resources Discussed
Incognia: https://www.incognia.com/
Magazine Luiza: https://www.magazineluiza.com.br/
Apple: https://www.apple.com/
Samsung: https://www.samsung.com/
Google: https://about.google/
Endeavor: https://endeavor.org/
FULL EPISODE TRANSCRIPT
Steve Craig:
Welcome to the PEAK IDV EXECUTIVES SERIES video podcast, where I speak with executives, leaders, founders, and change makers in the digital identity space. I'm your host, Steve Craig, Founder & Chief Enablement Officer at PEAK IDV.
For our audience, this is a video for a series, so if you're enjoying the audio version, please check out the full video recording on executiveseries.peakidv.com where you can watch this full episode, read the transcripts, you can access any of the resources or links that we discussed today, and also go to our YouTube channel, you'll check out clips there as well as the full recording.
I'm super excited to introduce today's guest. He is André Ferraz, he's the Co-founder and CEO of Incognia. Incognia is an innovator in the exact tamper resistant location and device intelligence for fraud prevention. André is a serial entrepreneur. Prior to starting Incognia, he was founder and CEO in In Loco ad tech business. It was acquired by a Magazine Luiza. Prior to In Loco, he was founder and CEO of Ubee, I hope that's the right pronunciation, and he built that company from a research project to a prototype.
Originally André is from Recife, Brazil. He's leading Incognia today from the Bay Area, California. You can catch him on LinkedIn. He frequently writes posts about the industry, speaks at conferences and webinars, he does podcasts.
He's all over. Thank you so much, André, for joining this podcast.
André Ferraz:
Thank you. Pleasure to be here.
Steve:
Absolutely. Well, let's, let's dive in. I've personally worked in mobile application and SDK development, and I must admit with what I know about Incognia, you've got one of the most interesting companies that's emerged in the past few years.
Can you talk a little bit more about the problems that you're solving at Incognia?
André:
One of the key issues we find in the industry is that pretty much everything that has to do with fraud prevention has a device fingerprinting component to it. But we started identifying that there were a few issues arising.
I'd say the first one is recently we saw a lot of changes to the operating systems and the browsers in terms of the limitations they have created around collecting data, right? Mostly for privacy purposes but that is hurting some of these solutions that rely on device fingerprinting.
The other two things that we have encountered was that there are two very common behaviors that we observed from fraudsters. The first one is trying to clean these devices. They're able to generate a new device ID. And the most extreme example would be going through a factory reset process, right?
So it looks like a completely new device. And we realized that the existing vendors were not able to capture that. Given that's a very common behavior we observe from processors this, this means that they were being able to come back and attack you again. And device fingerprinting solutions were not effective to prevent that.
And then the third thing I'll mention is we also noticed that the existing device fingerprinting solutions were not able to find the connections between multiple devices, right? So. Especially the more like organized fraud rings, for example, they usually have like multiple people working at that.
And usually each of these individuals, they have access to multiple devices. So in many situations, when you think you're being attacked by like a thousand different fraudsters, in fact, you're being attacked by just a handful that each has access to multiple devices. So we realized that if we create a solution that was more resilient and could build a stronger fingerprint for devices and users this could enhance the, the capabilities around preventing fraud. So that's essentially what we do is creating a more resilient fingerprints for these devices so that we are more effective at preventing and detecting fraud.
Steve:
The point you made about the shift from large device manufacturers, let's say like Apple or Samsung, Google.
They've started a lockdown on privacy, I think a lot because of the abuse of ad tech, right? You're tracking people and you're trying to make money off of them, but then when they create this opportunity to purge out that history, reset devices, change the identifiers and it opens it up for fraudsters to exploit those features, which are meant for good consumers.
With your history in ad tech, is that how you connected to the Incognia problem space? Is, did you see that? Is that some of the history there?
André:
That could be an interesting way to describe our story, but actually was the other way around. So we initially went, when my colleagues and I, we started building our first company, what we wanted to build was actually the same product we're working on today.
But what we realized in the early days was that there wasn't a real like market opportunity at the time. Like the market wasn't ready for a solution like Incognia, like 10 years ago. So we had built the underlying location technology back then. So this technology is actually quite mature.
We have been working on it for more than 10 years. And what we decided was, well, given the market is not ready for this idea. Let's try to monetize this location technology with, with something else, right? And this is how we got into ad tech because we realized that this technology could also help like retailers understand and drive traffic to their stores.
So we built a product to do that. But yeah, we always wanted to build a fraud prevention solution. The timing wasn't right, but once we sold the business, we, we decided to go back to that idea and we realized that the market was finally ready. So that's, that's when we launched Incognia.
Steve:
Yeah, it's as if with the onset of the pandemic and suddenly the change of people not working in offices and this emergence of digital nomads, you saw all these shifts. Fraud exploded during that time as everyone's suddenly moving into the digital channel. I see on LinkedIn that you have September 2020, which is sort of in the throes of the pandemic just beginning.
Did you see that black swan event and go, “Hey, this is starting to really ramp. Maybe we can take that technology and then start to apply it.”
Is that what was the compelling event?
André:
Yes. Yes, exactly. We started developing the product in March 2020. So, yeah like once, once we, we started seeing like lockdowns and all of that, we were like, okay, now, now it looks like the right moment for a product like this, so we started building it back then and launched it in September 2020.
So, so yeah it's, it was finally the right time.
Steve:
Yeah. With, with all of the food delivery and just the essential services, people weren't leaving their houses. So you really needed to rely on those frontline marketplaces to be able to continue to do business. Well, it's, it's been out three years, so that was 2020.
We're coming up on September 2023. Can you describe a little bit more how your product works today? Like what's the state of the art with integration experience and how do end users, if they, do they interact at all with your technology or is it seamless?
André:
We started from the concept of device fingerprinting and then we added this location layer on top.
So to explain a little bit more about the location technology we have. Over the past 10 years, we have been working on building a location technology that was more accurate than the GPS because we thought that it could enable a number of additional use cases when it comes to fight fraud, right? So we developed a solution that uses signals like Wi-Fi and Bluetooth and with that, we're able to improve the accuracy of the location data.
And with that improved accuracy, which is within, like, 7 to 10 feet, works indoors. It's able to identify, like. Like, in which floor you are in the building, so it's much better than the GPS we, we combine that with the device fingerprints. Right? So the first and most basic thing we do here is with this combination, we're able to solve those problems that I mentioned in the beginning, right?
So detecting device resets, creating a more stable device fingerprint, detecting the connections between multiple devices and things like that. So that in itself enables us to be way more effective at preventing fraud, because for example, if you're not able to detect the device resets, that means that the fraudster won't be able to come back.
You're just delaying the process, but they will come back anyways and will attack you again. If we detect it, they won't be able to come back, right? So it becomes way more effective. So that's the most basic part. Besides that, we do a number of other things, like for example as part of the IDV process, right, usually you will for example, scan your driver's license and do things like that.
And as part of that process, we are able to capture information about the address location, right? So one of the things we do is we check that address against the location behavior of the device to determine what is the likelihood of you living in that location. If so, the chances that you are a legitimate user are much higher.
If there is no match, then the likelihood of that being a fraudulent account is higher as well. So we're connecting like the IDV process to the physical world type of information binding these two things in making the identity verification process more reliable.
Another thing we do is to use location also to remove friction from the authentication experience. So for example, when you are logging in to your app, it could be either a banking app or a marketplace, etc. One of the things we see is that about 90 percent of the logins occur from places that you go very frequently, like your home, your office, etc.
So in those situations, if you're logging in from the same device that you always use from a location that is familiar, like your home, for example, why do we need you to type your password again? Or why do we need to send you a six digit OTP over SMS or asking for biometrics? So we can basically get rid of that and provide a much better user experience by simply recognizing that you are on a trusted device and on a trusted location. And with that, we eliminate friction for like 90% plus of, of the events.
Steve:
That's fascinating. And do you require permissioning, like a lot of the access to the device GPS, of course there's a prompt, but are you able to do some of these features if the fraudster were to say, no, I'm not giving you my location. Is there ways you can get around that?
André:
Yeah so for the device fingerprinting, we don't need permissioning. So we're able to capture all the data we need for that purpose. For the location piece, we do need the users to opt in. So the lack of opt in actually is, it's a signal in itself because we see that the vast majority of the users, they do, once they realize that this data will be used for, for fraud prevention purposes. So for example, we, we have examples of customers that did that did it the right, right way or the wrong way. The wrong way is not explaining to your user that you're going to use that data for fraud prevention purposes.
We would see like uptake rates around 50%. When the apps are transparent with their users and they say like, this data will be used, for example, to protect your accounts. We see opt in rates upwards of 95%, so vast majority of users are willing to share this data if they understand that this will be used to protect them.
Steve:
I was looking at some of your case studies and what you described for the technology. It makes a lot of sense for where you've had phenomenal success, food delivery, the gig economy, peer-to-peer marketplaces, even banks and FinTechs.
Where would you say most of the value is that you're creating, is it in the upfront or is it the authentication? Is it account recovery? Like, where are you seeing the most success?
André:
Yeah, it's actually across the board. It's a very flexible solution because in the end, like it's, it's a better way to identify your user, right.
And you can use it in different moments. So for example, we have a number of clients that are using us to streamline the onboarding process. So when the user is going through the IDV process and they're verifying their documents, for example, and sharing their personal data we're able to do other verifications behind the scenes, right?
So, okay, is this a trusted device? Does this user live at this address? I think like that, and in many situations, we're able to eliminate some of the steps that the user needs to go through. Because we did some auto verifications behind the scenes, making, making the process more seamless.
So we have a lot of customers using us for that. That's also helping them reduce manual reviews at part of the IDV process, for example. So that's one big use case. Let's say a second big use case for us is around the authentication process, both on reducing and, and preventing account takeovers but on streamlining the authentication experience by eliminating like passwords, OTPs, etc.
So that's another big one. And then the more general like fraud use cases, like payment frauds, like coupon abuse, refund abuse. We also help our customers on reducing those kinds of issues. So those are the, let's say broad use cases that, that we see across industries, and then we have some industry specific use cases, like for example, with food delivery.
There's a lot of location spoofing on the driver's side, vacation rental platforms. You have issues related to fake listings, right? People would just like put a place that doesn't really exist to scam people on these platforms. You have like fake reviews and fake restaurants on like food delivery platforms as well.
In banking you have instant payments. We're working with a lot of companies around like real time payments.
So yeah we're seeing that the product works across multiple industries and really happy to see how flexible it can be.
Steve:
Yeah, it was great. And you mentioned something just now about like multifactor and one time passwords and anyone who's watching this series knows like, don't be doing SMS based it's, it's so spoofable and it's subject to fraud attacks. On your LinkedIn, you talk about being a pioneer around zero-factor authentication, which is, you know, we're always adding factors like an authenticator code and, you know, the password lists on the device.
What does zero-factor mean to you and how is Incognia continuing to pioneer this capability?
André:
Yeah. So the idea is basically that like by analyzing data like there are some signals, some data elements that can help you determine if that user is who they say they are without even asking for any credentials, right?
So the three data points that I think are the most important to, to get to that are one the device, right? So if you know that device, if you've seen this device before, if this device has accessed this account already in the past. That's a strong signal, right? And obviously you need to ensure that device fingerprinting solution is really strong, stable and resilient to things like device resets and also identifying if that is related to any other fraudulent device and things like that. So that would be the first data point.
The second data point is around network, right? So is this a trustworthy network, right? Is this the like, let's say a carrier that this user frequently uses? Or is this a new carrier, for example? Is this user connected to Wi-Fi? Was this Wi-Fi network linked to other suspicious or fraudulent activity in the past?
Or is it the same Wi-Fi router that this user is always connected to when they are at home, for example? So, analyzing the network is important detecting things like proxies and VPNs or exit nodes, also inform like if this user is trying to hide something or not. So, network data is also important to analyze.
And then the most important would be location, right? So as I mentioned, like 90 percent of the logins to like financial services apps and marketplaces occur from places that the user frequents a lot, like their home and their office. So if we identify that this user is on a trusted device, on a trusted network and on a place that they go very frequently, the likelihood is that being the right person is very high, right?
Because otherwise, like someone else would need to steal your phone, check into your house, connect to your network, and know the password of your device. So, so it's a lot, right? So, it's too much work and too much risk to get that done. So basically by verifying all of these elements, we can be confident enough to authenticate that user without having ask for a password or any other form of MFA.
Steve:
On that first point, you mentioned for seeing the device. Does that imply your platform is almost like consortium-powered where every client you bring on expands the footprint of the devices you see, or is it only within the ecosystem of each client?
André:
Yes. Yeah. So it's a consortium.
Currently we have about 200 million devices in our network and it's expanded quite quickly.
Steve:
Yeah. That’s powerful. Because you may have a first-time customer, but then if they've been seen and they've been flagged as good with a peer or maybe a, you know, a different type of business gives you a lot of intelligence right out of the bat.
Very interesting model. I'm seeing more and more of that in this space.
Well, I want to go deeper into Incognia in a moment when I was zoom out and look at your personal story. So you've been starting companies for years. You're based you're based in Brazil. You have, your company is a mix of Brazilian employees, US employees and others around the world.
How has your experience in Brazil influenced how you've built this global brand and this global company?
André:
One of the things I've seen really some parallels on is on the Israeli cybersecurity industry. The situation there is it's a region that's not very stable, right?
There are conflicts all the time. Therefore they need to be extremely prepared for any, any type of attack, including cyber-attacks, right? So you, you have like a lot of people that know a lot about cyber security. Therefore they're creating some of the best companies in the space. But it's not a huge market, right?
So they create these companies and these technologies out of Israel and they very quickly expand into the US and grow very quickly, right? So like some of the leading cybersecurity companies come from there. I think places like Brazil, for example, could become very similar to Israel, but particularly regards to fraud, not cybersecurity, but, but fraud prevention specifically. Why do I say that?
Because if you compare the activity that's going on like here in the US to what's going on in Brazil, in terms of fraud, Brazil is way more difficult because first of all, like in terms of the regulations and prosecution of like online fraudsters, in practice, they're not going to jail, nothing is happening because like there, there are so much more going on in the country that they simply cannot focus on going after these type of bad actors, right?
So basically that creates an incentive for the organized crime to invest more and more in online fraud. So, so that's one element. The second element is basically that recently, right, you had Pix, which is a real time payments solution that was enforced by the central banks on all of the financial institutions.
So differently than FedNow everyone had to adopt and enable that service for all of their customers from day one. Currently, Pix which is the real time payment system from the central bank in Brazil is already bigger than cash payments is already bigger than credit card payments, like, and I think in only two or three years so it has become the most important payment solution in the country and real-time payments means real time fraud. So you also create another layer of incentive for fraudsters to act. So if you compare a Brazilian financial institution to an American financial institution, for example. The Brazilians are way more advanced in terms of fraud prevention solutions because they had to, right.
They were forced to because they were being attacked more aggressively from like different places and from people that were simply not going to jail after, after the, so for example out of the top 50 financial institutions in the US about 75 percent still rely on SMS things, OTP, as a second, second factor authentication, and we just spoke about it, right? It's not secure. It's easy to spoof. There are so many ways that this this can fail.
But still the vast majority of the financial institutions rely on this. If you look at Brazil, none of the top 50 institutions rely on this, right?
They have built more sophisticated solutions for that. So what's very interesting is by learning from the Brazilian experience on how to fight fraud in such a difficult environment, we're able to bring all of this knowledge here to our customers in the United States and enable them to upgrade their defenses way more quickly than if they were partnering with a vendor that was only present in this market, because they were simply not exposed to these newer attacks that were going on. So I think that's helping us a lot.
Steve:
You make a really interesting point on that, that leapfrog effect. We've seen this. Time and time again, when you think about the internet in the US we were still doing dial up as other countries were rolling out mobile networks and some countries were much faster in SMS adoption, or even when you look at China or India, their payments ecosystems, people are, they might only have a phone and they're interacting in ways we're still putting our cards in and writing checks. So I think that's really a really fascinating point. I mean, when you think about fraud, it's pretty universal in the different attacks because technology is similar across different regions, there different regulations and things you have to deal with, but what are some of the attacks that you're seeing that you're stopping from organized crime?
Because that's really what we want, to fight the evils of the world, which they use as money for money laundering and crime rings, etc. What have you seen and what have you stopped?
André:
Yeah. Well, there are a lot of things going on. But overall, some of the the attacks that I was most impressed about were to one was in the food delivery space where basically what was going on was like they infiltrated a lot of and basically what they did was they would go to the restaurant, they would pick up your order. And right after they picked up your order, they would cancel it. So you, as a consumer, you would receive a notification on the app saying like, “Hey, your order was canceled. Here's your money back, etc. etc.”
But then the driver would show up at your home with the food, with the receipt. And they would say, “Oh, I'm sorry. There was a bug on the app. You got a refund but, but, but like the payment didn't go through. So I need you to pay here on this POS” and the POS was tampered with and when they type like $50, they were actually like in practice it was like 5,000.
So you would swipe your credit card and they just took $5,000 from you and run away. Right. So, I was really impressed because it was very hard for a consumer to tell what was going on because it was a very credible type of social engineering attack, usually like social engineering attacks are 1 in 10, one in a hundred, right? In this case, it was almost like 10 out of 10 that were falling for it. So I was really impressed about this one. It was, it was also challenging because the payment was, was happening outside of the platform. So the food delivery company didn't have any visibility on what was going on. And it has become a massive problem for, for that company.
Fortunately we were able to partner, we enabled them to reduce that attack by more than 99%.
And basically the way we did it was by using our identifiers to prevent like the drivers from like sharing their accounts with someone else because we would see, okay, someone else is accessing this account on another occasion, it might not be the same person from a different device, etc.
So that was one. The other was preventing new fake accounts from being created. So we were, we use our solution to verify the user's address and link that to the ID process, etc. And also identify if multiple accounts were being created either from the same device or from the same location with multiple devices.
With that, we were able to, to stop that, that problem. But if, if we didn't do that, probably this would have much bigger consequences for that company. So that was one. And the second was an interesting attack also social engineering attack in which was the first time I saw chatbots being used at scale.
And basically the attack was if you followed it, it was on a bank. If you've followed that bank's page on social media, another page would follow you back. That page was very similar to the original with like some, like differences in the characters and the image, etc., but it was controlled by a fraudster and that account was managed by a bot, which would start interacting with you asking for like basic things like, “Oh, can you give us feedback on our service?
Like, how do you like our content? Etc. etc. etc.”. At some point, that bot would then send you a message like, do you recognize this transaction? We found it suspicious and that immediately puts the consumer on a place of vulnerability, right? Oh my God, someone is trying to do something wrong here with my credit card.
And then immediately the user would react, right? No, it wasn't me, etc. And then at that point the bot was out and then a real person would become part of the conversation. And that person would eventually convince you to share the OTP that was just sent to your, in this case, to your email.
Once you share that, it's over. They would take over your account, steal all your money. And it was very scalable because it was like one bot attacking like hundreds of thousands of people at the same time. And then once, let's say the consumer was primed for, to become a victim, then a real person would, would play in.
So. Yeah, and another impressive and very creative attack that we've seen. And after seeing that we, it was, goes back to my previous point, right? We saw this more than two years ago in Brazil. And recently we started seeing this in the US like six, nine months ago. So, when we saw this here with FinTech, we were like, okay, we already solved that problem for someone else.
That's, that's fine.
Steve:
These scenarios you mentioned multiaccounting or account sharing, renting accounts. I've seen forums where people are, you know, they're not eligible to work in the country, but they want to rent an account so they can make some money and it seems benign, but then fraudsters see that.
I know I can rent this account and I can do this scam that you just described. And then what a lot of people don't realize, I think in the mainstream is just how powerful these ChatGPT like services are getting where a fraudster, a criminal ring, maybe it's a rogue nation state, putting these things together, that can now communicate with tens of thousands of people at once.
And then just takes out that one hook. And then here comes a live fraud agent to close the deal. And it's pretty scary because there's not a lot to deflect against those attacks. It's exciting that Incognia has technology to be able to do that. As the industry evolves and as Incognia grows, or what are some of the key initiatives that you see for your platform that you can share in a public forum like the next year? What are you solving for?
André:
Yeah, I'd say we continue to expand into, into additional verticals. So we started with banking. Now we have customers across industries like marketplaces, gig economy platforms, food delivery, vacation rental but also customers in the social media space and gaming space and entertainment, streaming, etc.
So, we're seeing that the product is very flexible and we continue to explore new verticals. So, so that's one thing. Obviously like for each of these verticals, you need to adapt your product in some way to their specific needs. So, for example in the streaming space, right. We're being asked to like start building a solution for smart TVs.
And that's something we haven't thought about in the past, but we're going to start building this. So, I see the product evolving in two different vectors. One is on new channels, right? So our solution started like mobile only, it was only for like native mobile applications. We expanded to web. So now we have a solution that works for like websites as well.
Now we're building this like smart TV product and we're seeing, for example, like cars that are being unlocked using a mobile app. So probably that might be another step. So, so yeah, growing into new channels new types of devices is one big area for us. And the other is around new signals, right?
So we started with location only, then we expanded to location plus device fingerprint. And then we started adding some capabilities around analyzing the the user's behavior, like transaction behavior and more depth. So yeah, adding more signals, adding more layers of data is also going to be an important part of how our product evolves.
But also I think an important part is, is also determining like what are the things that you're not going to do. We don't plan to get into anything related to like document verification or like biometrics or things like that. So I see us as being more of a behind the scenes type of solution that don't interfere with the user experience or doesn't have any user interface but we coexist and partner and integrate with, with these other solutions, for example.
But, but yeah, that's, those are the three like key areas that, that I see our products evolving towards.
Steve:
I definitely see the smart TV play. I've got all my TVs are smart TVs and I've got the Firestick to plug in there. This internet of things vision is coming together, like the refrigerators and the ovens and the cars, everything's all connected and how do you assert the identity and ownership of a device, especially when that device might get AI in it and it starts to, it's your AI powered fridge that's ordering eggs for you.
Like someone could hack that and suddenly you have fraud in there. Yes. It's, it's really crazy world where the world is going. When you mentioned that you don't have a plan to like really go down to the IDV, the document stack and other things, would you say your model includes both like direct implementations and then you do partnerships with companies that sort of sit in their stack?
André:
Yeah, we, we do have partnerships with, with a couple of companies and the document verification and selfie space, for example. So yeah, given that's an area that we're particularly likely we have decided not to get into that's, that's an area we're over happy to partner with existing players.
And the reason why we're not doing that is if you think about the data that we capture, right, we, we capture quite sensitive information about consumers, we're talking about like location data and device information, etc. So this is more of a long term strategy, which is given my background in security the thing I believe in is a data breach is, is a matter of time, it doesn't matter like how good you are in security, it doesn't matter like how good your technology is.
At some point, someone will be able to find a crack and get into it. So as we've seen, like all of the credit reporting agencies, for example, had data breaches, many of the like payment companies, banks, telecoms. And, and they have capable people. They have like very good teams. But, but at some point you'll be a target.
And so what we decided to do was given, we have this data and it's sensitive. We don't want to know who is the person behind the device? We don't know, want to know like their name, their phone number, their email address, anything like that. Because in case there is a breach and we have our data out there, we don't want to be responsible for revealing like the locations of these individual, right?
So, if we separate that and the only party that knows who's that person is our customer, the app that is using us, but we don't know, we don't have that data. I think we create a much safer environment in the end for consumers and for our customers. So that's why we're not getting into IDIV.
Steve:
Yeah, it's a very smart way to do it like keeping that firewall and also making sure it's not just safe but you're being very privacy-centric for the consumers. It's a powerful way to do it.
Well, André, we're almost at time. And if you've seen this podcast or those that are watching now, I like to go a little bit deeper than just the profile to learn about passion projects and what drives you.
I saw that you're involved with an organization called Endeavor, where you provide mentorship around entrepreneurship, and it has economic empowerment aspects to it. Can you share more about that and like the other things that you work on besides Incognia?
André:
Yeah, sure. So, so yeah Endeavor is a fantastic organization.
They have this global network of entrepreneurs and mentors. And yeah it's fantastic. Like the impact they're having globally, like for example, connecting like mentors here from like Silicon Valley to entrepreneurs and, and a region that has barely had any type of like VC activity, for example, and having these people talk and inspire them and help them like create their business, etc.
So, it's really, really rewarding to be part of this network. And what's interesting to me particularly is I'm on both sides, right? As an entrepreneur, like being able to access these ventures and learn from them, but also as an experienced entrepreneur, helping the other, like younger entrepreneurs.
Figure out how to build a business. So I'm both mentor, but also mentee and this process. And it's, it's really good to be like, and you also learn a lot from like learning about the challenges that the other entrepreneurs are facing, etc. So it's a really interesting community. I'm very happy to be a part of it.
Steve:
Yeah, that, that cycle is, you know, you learn things so you can share it, but then as your business scales and grows, like you run into new challenges and then you have that network. So that's a great, it's a great organization to be involved in.
Well, we're at time. Thank you so much for being on the podcast, for the audience that's watching or listening, what types of conversations would you like to have, or would you like them to reach out to Incognia directly?
What are you looking for from a market standpoint?
André:
Well, on my end, I'd say that, yeah, the most interesting conversations are like for me, when I learn about a new attack, I'm always like super curious to know what's going on with companies in different spaces. Because what's interesting is that when you, when you analyze the attacks usually pretty much everything boils down to account security.
So if you are able to ensure that all of the accounts in your platform are legit, like people are not being able to create fake accounts people are not being able to create like multiple accounts at the same time and also that people are not being able to take over existing accounts from legitimate customers.
Like if you ensured that piece and you do this really well you can get rid of pretty much every fraud related problem. Obviously there are other things like device security and other potential threats, but if you do this part really well, I think you're in a good place.
So yeah, I'm always curious to learn about the attacks and learn about the specific consequences of each attack in each industry. And try to connect it to these like underlying issues related to account security. So, so yeah, I'd say that's certainly the topic I'm most interested about. And if anyone in any industry is willing to share and chat more about it, I'll be happy to.
Steve:
Excellent. Excellent. I'll include some contact details in this episode, like your LinkedIn profile. I highly recommend anyone who's watching and listening, follow André on LinkedIn. He posts really good content about these fraud attacks and what's happening in the market. Again, André, thank you so much for being here.
André:
Thank you.
Steve:
I really enjoyed this conversation. I think we could spend another hour just talking about fraud attacks. It's really fascinating, but thank you for the time. Thank you.
André:
All right. It's a pleasure to be here.
Location Identity Security with Co-founder and CEO of Incognia, André Ferraz