As part of IdentityNORTH’s mandate to promote Canadian innovations and organisations, we have launched the ‘Startup Spotlight.’ Proudly supported by TD, this series shines a light on emerging Canadian companies who are driving innovation across the digital ID ecosystem.   

Headquartered in Ottawa, Ontario, Zighra offers AI-powered continuous authentication and fraud detection, powered by AI. The IdentityNORTH team connected with Zighra team to learn the ins-and-outs of Zighra.

What’s the Story?

Zighra has its origins in academia, with the vision of making security and authentication invisible for users while protecting app owners against cyber crime. The Zighra team took on the challenge of how to seamlessly and continuously authenticate users based on their natural habits and interaction patterns. Many technology users find authentication methods such as passwords or two factor SMS texts to be a hassle, interrupting the flow of their productivity. Poor “password hygiene” is common because it is a bother to properly manage, and most people would prefer it to be managed on their behalf by a smart solution. Zighra provides this option, while simultaneously respecting a user’s privacy by offering the option to have a cloud or user controlled ‘on device’ profile.

Zighra specifically targets fraud attacks such as account takeover, remote/bot attacks, and SIM swap fraud attacks. Zighra is the first solution in the market that can run AI-powered behavioral biometric algorithms entirely on-device where no user data has to leave the device, which makes it compatible with privacy regulations such as General Data Protection Regulation (GDPR), and authentication standards such as FIDO.

Who Benefits?

Company application owners, customer experience and fraud detection teams benefit by knowing that it is the real user executing their applications at all times throughout a transaction or engagement. They are immediately notified when user behaviour looks suspicious and instigate additional ‘step up’ validation. Alternatively, they can choose to stop the engagement immediately, depending upon the metrics and their processes. This prevents scripts, bots, code injections, and account takeovers using stolen credentials purchased from the dark web – which are becoming more common due to today’s sheer volume of data breaches.

Users benefit by not having to take specific actions to authenticate, with the peace of mind that there is a very effective and accurate tool in the background working on their behalf. They are only asked to engage for ‘step up’ actions when conditions deviate from regular behaviour.  If their behaviour changes, it is a short training cycle to retrain Zighra’s engine.

What’s the Future of Identity?

Zighra sees the biggest opportunity in digital identity as that of decentralized self-sovereign identity architecture, which is driven by the need to respect the privacy and enable the option for user control. Additionally, there is the opportunity to avoid centralized data storage, which are ‘honey pots’ for data and identity credential breaches by threat actors who are interested in generating revenue by selling them on the Dark Web. Zighra offers a decentralized and centralized approach to meet both requirements and strategies.

Yet, there are various challenges in digital identity that must be overcome, such as centralized players wanting to influence the ecosystem, and existing business models, which are skewed towards monetizing user data.

It is important to educate the customers and users, to make them aware that there are better options available today and that they can and should be demanding these solutions of their app providers, be it their banks, government, retailers, or employers. Consumer acceptance of current authentication platforms including facial and fingerprint, which are known to be compromised through stolen data or AI, is stalling the industry from moving forward with the next generation of technologies.

What is the Ecosystem and Who are the Other Players?

Zighra is closely aligning its work with the recommendations from organizations such as the DIACC, FIDO, Decentralized Identity Forum and others in the identity ecosystem.

Today, there are various players that have entered the identity ecosystem – from governments to banks to large enterprises (such as Microsoft and Mastercard), to Biometric vendors – touting centralized and decentralized architectures and solutions. Governments, banks and payment providers are looked upon as the trusted entities setting the usage standards in their respective markets, and have an opportunity to play a leading role in the next generation of trusted privacy respecting identity.

Zighra believes that these players hold a responsibility to help model and define the future industry standards for their respective countries and banking/payments industries.

What’s Next?

With the aim to play a meaningful role in the global digital identity ecosystem, Zighra has looked to multiple identity projects and models around the world, from systems in Estonia, to centralized biometric identity systems in India. Zighra is also keeping a close eye on the World Economic Forum’s Platform for good digital identity, which aims to be a neutral and connective tissue between public and private digital identity efforts, and to spark mission-driven collaborations between governments, businesses, and civil society.