IoThenticate was a project Eric, Uros and I built at Startupbootcamp FinTechathon where we researched and prototyped a solution to help banks better secure their customers using modern technology. We spoke to the folks running the hackathon who explained how banks were pretty confident in how their own technology runs however a problem they’ve never managed to mitigate is their customers being manipulated through social hacking to giving away their account details to hackers.
They explained how it was incredibly hard to educate such large amounts of diverse customers and how they needed help in automating the checks and balances which go into place to make sure that the person logging into a bank account online is actually the correct customer and not a hacker. The CTO of LLoyds Bank explained how they really needed young fast paced technologists who were who were familiar with modern technology such as IoT, machine learning, AI, VR etc as banks felt hopeless in staying up to date with those kinds of things. Trying to not only understand new technology but also build solutions which utilise it for their customers and then deploying them globally something LLoyds has struggled to do for many years now and feels left behind.
What we ended up building was a mobile authentication system which LLoyds could deploy within their own banking app where a simple AI model to run predicting the likelihood that the customer logging into a bank account was the correct person by using a mesh of different data points. We mostly relied on bluetooth devices which the mobile would be connected to such as speakers or watches would help us confidently predict that the customer was within their own home. We also took in typical security features such as IP address but extended it to taking a fingerprint of other devices in your local area network too. This means we could automatically detect suspicious devices and display an additional security question for added safety.
The most interesting part of this app was that we could build a loose fingerprint of all bluetooth devices in your area regardless if you were connected to them and the same goes for wifi networks too. Using all of this we could confidently predict patterns over time around the customers behaviour and help flag when something didn’t feel right and we could take extra precautions before allowing the customer to access their information. This is something banks have been doing for many years using IP addresses and cookies however by taking in this new fingerprint of bluetooth devices & wifi networks along with our AI model we could significantly upgrade the amount of data points banks have to allowing access to private information of customers.
In the end our project was a great success and we ended up winning the prize for the Best Technical Solution and Pitch at the hackathon. What’s even better was that we were later invited back by LLoyds Bank to their London offices to explain our project to management there who could look into taking our ideas further to securing their customers from hackers.