Boku

Oct 25, 2019

In this Partner Spotlight, we’re focusing on Boku, a leading provider of ID verification and TCPA compliance solutions. Tim Maciejewski, Director of Identity at Boku, spoke with Casey Ferguson, VP of Marketing at Zoot. Enjoy the audio recording or peruse the transcription for details.

Casey Ferguson

I’m Casey Ferguson. In this Zoot Partner Spotlight, we’ll be focusing on Boku, a leading provider of ID verification and TCPA compliance solutions. We have Tim Maciejewski in the studio and he’s the Director of Identity for Boku. He’s going to share some details with us. Welcome to the studio, Tim.

Tim Maciejewski

Yeah, thanks for having me. I appreciate it. It’s beautiful country out here.

Casey Ferguson

Tell me a little bit about your background and kind of your career leading up to Boku.

Tim Maciejewski

I’ve been in the fraud and identity credit collections world for probably… I was at AT&T around 16, just under 16 years. So over the course of those years I ran some commercial credit stuff, consumer credit, risk analysis, and then as I was off boarding from AT&T or probably the last couple of years at AT&T, I was working on an omnichannel risk strategy. So AT&T offered some buyout packages, which I accepted and we started a little small company called Danal. They were a startup in the identity world and probably three weeks after my start at Danal, we were acquired by Boku.

Casey Ferguson

Right.

Tim Maciejewski

Boku is a global payments provider. So using your phone number to pay for goods or services. So when you think Netflix, Spotify subscriptions, iTunes subscriptions, everywhere else outside the United States, people use their phone number, and when they charge those things, that just ends up on your phone bill. So Boku said our payments side will probably mature within the next two to three years, and what’s the next step? So they were starting an identity business, right? They had about a few people within Boku working on identity. I think they looked at Danal and they said, “Man, you’ve got that aggregation platform that has the realtime call in to the carriers.” So they bought Danal really for that platform and the people. So they said that’s going to be our way to scale our identity business. So when you think about a payments transaction, you’re authenticating that transaction. So there’s other signals that are available, and so why don’t we build an identity business around that so we can help prevent fraud in those onboarding flows, especially on on-device.

Casey Ferguson

What makes a good partnership between Zoot and Boku?

Tim Maciejewski

Yeah, so I think we’ve had previous discussions where I think we had joint customers, right, that wanted to use our services or using your platform and wanted to consume our services. So I think that discussion probably started 12 months ago. So how do we really become a better partner? So working on one opportunity kind of led to discussions of why aren’t there multiple opportunities, especially in the fraud arena is getting very big, authenticating transactions, looking for fraud, it’s a large driver of bad debt. So what could be done? Our data’s very valuable in the financial space. So from an onboarding perspective, to make sure you’re dealing with the actual person, you have confidence that that is the right person that’s signing up for your service. So I think there was just kind of a natural synergy from a platform perspective to utilize some of our services in that onboarding flow.

Casey Ferguson

Yeah, absolutely. So kind of diving in, I guess to the onboarding piece of the lifecycle, what specific, kind of dive into the detail on what specific problem Boku addresses.

Tim Maciejewski

Yeah, so I think there’s probably three things and then I’ll go into a fourth opportunity that we have. So the first and foremost is that OTP, the one-time pin SMS, is a very exploitable transaction. So account takeover, when you think about a device, a fraudster coming to take over your mobile number or move the mobile number to their device. In fact, it was just in the news and we just wrote a blog post on it at Boku for Jack Dorsey, the CEO of Twitter was hacked, right? It was an account takeover. So the OTP was able to go to the fraudster’s device. They were able to log into his Twitter account and post different things on his Twitter account. Had you look to see if the SIM had moved devices, you would have been able to prevent that. So that’s one of the solutions that we do is we have a solution that can actually silently authenticate your mobile device.

Tim Maciejewski

So when a customer is on device and rather than sending an OTP, which is a very exploitable transaction, it’s based on old technology, we can fire off a URL on the background of that device, detect it on the network that’s tied to the SIM card of that device. And so the customer can then move forward without being interrupted by having to change over to a text message to input a pin into that transaction, they can just move forward and it increases conversions by about 15% when you silently authenticate. So we feel like people are falling out of the flow because they don’t want to take that extra step.

Casey Ferguson

When you’re talking about that authentication, that’s that token you’re sending out, that’s that one time token plus the return of the confidence score or is that kind of a wholly separate piece?

Tim Maciejewski

Wholly separate piece.

Casey Ferguson

Okay, okay.

Tim Maciejewski

So that’s kind of we can kind of step up. So when you think about that, that’s kind of the first step is that silent authentication. As a secondary step in authentication, you can take that mobile number and ping our services and we will return what we call an identity match score. So that’s based on first name, last name, address, city, state, ZIP, email, date of birth, and we will return a score, not PII. We’ll return a score, or you can tie all of those together into what we would call a confidence score. We don’t make customers utilize all of our signals in a confidence score. We let them pick and choose what’s important to them. So they can use that one for one match on first name, last name. We do that because some customers like to bundle it together, some like to break it apart and understand if, does my first name match one for one, does my last name match one for one? If it doesn’t, my address doesn’t match one for one, oh, why doesn’t it?

Tim Maciejewski

So we’ve got very good data. So we don’t solely rely on the carrier network or carrier billing records for this type of information. So we will pull from multiple sources and we build an identity graph. So we’ll paste on that identity graph the information from this provider, this provider, this provider, this provider, put it all together so we make sure that we’re highly confident that that is the actual person it is returning. If it’s not them, we let them know that it is not. We have those identity, that identity match score process, and then you have also other signals that are attached to device that you can only get from the carrier. So you think of last SIM swap date, last port date, account status, those type of things that are important when you’re actually loaning money that you want to make sure that that device hasn’t, the SIM hasn’t changed in the last couple of days, right? Because that could be a fraudster entering your channel to try to come through.

Tim Maciejewski

So there’s probably 40 signals that we have in our database, but we let them pick the signals that are important to them. So if they only need to use three signals for their flow, we allow them to do that and we’ll build a confidence score off of that. So we can build a confidence score off of anything that you want in the background. But a lot of times they use it as a step up flow in the process.

Casey Ferguson

So we’ve kind of talked about these sources, signals, talk about the timing of all this, right? There’s some advantages that Boku has over some more traditional methods of gathering information and intelligence on your customer. What makes Boko unique in that respect?

Tim Maciejewski

So I think what we have is the carrier information is realtime. So we have our aggregation platform allows for realtime call-ins to the actual carrier billing records. So you can see instantaneously what is happening on that. So a lot of the … When you’re talking about carrier information though, then you have to go down the path of gaining consent from the customer, right, within the flow of their transaction. So it’s similar to anything we do from a terms and conditions perspective, right, of clicking a box and gaining the consent. But then once you have that consent and it’s if you go into your American Express online portal, do you have a card? You’ll see that that is within their T’s and C’s already have using carrier information for authentication or fraud purposes, which consumers like, right? You’re taking that added step to make sure that they’re not getting your information.

Casey Ferguson

Who’s a good fit for Boku when we start thinking about a couple of different verticals?

Tim Maciejewski

I think from an authentication perspective, the use case is applicable across all verticals, right? So when I think about identity match, that can be used anywhere, right? So identity match scores based on the information from the application attached to your phone, that’s use case across all verticals. I think anyone who’s dealing mostly on mobile device. So when you think, if Zoot’s running something in the background for a mobile device where applications are coming through or input on that device, that’s obviously a great use case. So I’m thinking more along the fintech lines where you think of the SoFis and the LendingTrees and those types of things that if you’re looking to do that, you get a lot of emails and you click on those links and you’re actually signing up on device.

Tim Maciejewski

That’s a large use case of actually authenticating the device there. So that’s kind of where that surface would be. But I think these signals, when you think about an actual phone, that SIM is becoming more and more your identity, right? So everybody is keeping their phone, everybody has a phone. So that’s really moving away from social security number too. Your SIM is really your new identity attribute.

Casey Ferguson

Yeah. That’s interesting. Where do you think we’re at in terms of timeline in the States for more adoption? You’re kind of talking about overseas, maybe Europe and Asia, your phone number is your bill, right? Or they’re billing through your carrier. Where do you think we’re at in the United States?

Tim Maciejewski

Yeah, so with my carrier background, the US carriers actually tried this about five years ago and so Danal was actually had a platform for the payments back. You think back five years, all the carriers in the US tried to do it, but what was happening is marketing and sales wanted the credit limits to be bigger, right? So more revenue to come through that, instead of just accepting the $8.99’s and the $12.99’s on your phone bill. So the carriers actually killed it and that’s kind of where Danal was born of. Danal was doing the payment side of it and the carrier said, “Okay, hold on. We have all these signals, we’re going to give these to you because, and so now you can create an identity business around that.” So that’s the way the carriers are trying to start monetizing data, probably the first step in monetizing data.

Casey Ferguson

What are some scenarios where you see Boku playing a big part in making sure that any type of company has KYC under control?

Tim Maciejewski

Yeah, so I think the trend that probably is top of mind is strong customer authentication, which is launching in the UK. We know California has a bill out there too to strengthen the KYC laws, right? So I think as Know Your Customer laws become more widely adopted, I think our services can absolutely be utilized in that because you can actually identify the actual device, you can identify the actual person tied to that device. So as part of your onboarding flow, utilizing a service like Boku’s from an identity perspective is probably the way a lot of us, a lot of customers or merchants will start thinking about that is how do I make sure I’m highly confident that that is the actual person transacting with me.

Tim Maciejewski

So I think that the services will just grow as stronger laws are adopted of making sure you are dealing with the right person. Ours may be just one of those plays. I don’t think that we … We never say we’re replacing anything like a fraud score or any type of consortium information. It’s more or less the realtime transaction as it’s coming through.

Casey Ferguson

Yeah, that definitely makes sense. We talk with a lot of customers and others they say use everything available to you. You use every technology platform available to you to fight fraud. Let’s pivot a little bit. With that in mind, how does data hygiene impact ID verification and maybe even TCPA compliance?

Tim Maciejewski

Yeah, so I mean we have a solution to make companies compliant with the Telephone Consumer Protection Act. So when you think about it, and the data hygiene is actually a good lead in, so when customer, when we see customers that have portfolios of phone numbers that they’re trying to collect debt on, it’s the merchant’s or a customer’s responsibility to make sure they’re calling the right phone number, right? So if I owe the debt, but I changed my line, they need to know that because now the phone number may be attached to you. So if they’re calling you to collect a debt, then that’s a violation because you don’t actually owe the money. So what we do is we take the data and we baseline it and we actually look to make sure that the account, the line hasn’t been ported and that the account had not been disconnected, right? Or the phone number has not been reactivated to a new person.

Tim Maciejewski

So we baseline that database and we’ll tell you the numbers that are good that you can call and the numbers that are deactivated. We also do a monitoring service. So what we recommend is monitor those phone numbers to make sure they’re not disconnected and that they’re still live and attached to that person, to make sure you’re dialing the right number for that. So that allows collection call centers and dialers to make sure with confidence that you’re dialing the right number associated to that person. We really built the solution for a TCPA solution because the fines when you think about class action can be in the tens of millions of dollars, when you think about the large companies. Of course the lawyers are going to go to large companies, you find one person that you dialed wrong and then they’re just going to get, find others that were also getting called.

Tim Maciejewski

So to prevent, for a solution that can be done and make you have a high confidence that that’s the actual person tied to that phone number that you’re trying to collect debt from, it’s a really, really good solution that keeps you out of the hairs of legal battles and fines and all those types of things.

Casey Ferguson

Anything else you kind of want to share?

Tim Maciejewski

Yeah, I would say the only thing I would want to share is that I love Boku. Boku is what I would say has got global ambitions. We are going to be the global provider of identity solutions. We have 60 plus countries in our payments right now, in that, that’s about 170 plus carriers that we do payments on today. So as we work towards the end of 2019, first quarter of 2020 the plan is to have identity solutions across the globe.

Casey Ferguson

Well, a big thanks to Tim for joining us in the studio today. If you have interest in Boku or if you have questions about Zoot’s network of data providers, we’d love to talk to you. Thanks again for listening to this Zoot Partner Spotlight.

Ready to incorporate a Zoot Solution into your stack?

Merchant Fraud
Merchant Fraud

Merchant Fraud

Merchant fraud victimizes consumers and financial institutions. Techniques to scam banks and cardholders continually evolve, requiring ongoing...