Good Contents Are Everywhere, But Here, We Deliver The Best of The Best.Please Hold on!
Your address will show here +12 34 56 78

Blue Cedar Enforce Launches on the Microsoft Azure Cloud Platform; Available through the VAR Channel

SAN FRANCISCO, Dec. 13, 2017 – Blue Cedar today introduced Enforce, a mobile app security solution that is tailor-made for the cloud. Blue Cedar Enforce enables customers to secure existing mobile apps automatically using in-app embedded controls that enforce a broad range of security policies, including those governing mobile access, data encryption, and attestation, among others. Additionally, users can now enjoy the benefits of greater modularity and the nimbleness of cloud-native architecture. The service will launch Dec. 13, initially on the Microsoft Azure Cloud.

“Corporate workloads are moving en masse to the cloud and—true to our philosophy of security following the app everywhere it is used and connected—we are now offering our core functionality as a native cloud service,” said Blue Cedar CEO John Aisien. “We’re very excited about this release, which serves as the foundation for deeper integration between Blue Cedar and the Microsoft cloud stack over time.”

Enforce comprises a subset of the functionality in Blue Cedar’s flagship Enterprise solution. Building upon Blue Cedar’s industry-leading code injection technology, the new cloud-based Enforce solution includes data-at-rest encryption, local app authentication, and integrity verification to ensure that its in-app security controls are not modified after deployment. The more modularized client also enables incremental Blue Cedar cloud services, such as dynamic policies, encryption key management, and codeless custom screen modification and does not require an SDK. “Think of Enforce as the iPod Nano of mobile app security solutions—with all the power of our incumbent solution but with more flexibility, agility, and elasticity,” said Aisien.

Healthcare is one of many industries where Enforce will be especially useful. The rapid proliferation of digital health mobile and IoT apps is critical to patient telehealth service delivery, management of medical devices for chronic conditions, managing the efficacy of patient clinical trials, personal health management, and numerous other use cases that improve healthcare outcomes and efficiency. Healthcare organizations are acutely aware of the risks that insecure apps can pose to patient and clinical data. 

“We look forward to working with Blue Cedar to deliver a unique service to Microsoft’s public cloud customers, especially in the healthcare space,” said Hector Rodriguez, Microsoft’s Worldwide Health CISO. “Enforce can play a key role in providing secure use of the processing power and data storage capacity of modern smartphones and tablets—which is essential to improving healthcare outcomes and aligns with Microsoft’s healthcare digital transformation pillars.”

The cloud-based Enforce solution will be sold primarily through value-added resellers (VARs). Blue Cedar plans to move more functionality to the cloud, in keeping with the larger industry trend that has seen everything from application, platform, and data services workloads migrate to public clouds. The company’s current offering, Blue Cedar Enterprise, will continue to be available through the company’s direct sales organization. Visit this page for more information about Enforce.




The following was posted by Julio Casal of 4iQ on December 8, 2017:

A Massive Resource for Cybercriminals Makes it Easy to Access Billions of Credentials.

Now even unsophisticated and newbie hackers can access the largest trove ever of sensitive credentials in an underground community forum. Is the cyber crime epidemic about become an exponentially worse?

While scanning the deep and dark web for stolen, leaked or lost data, 4iQ discovered a single file with a database of 1.4 billion clear text credentials — the largest aggregate database found in the dark web to date.

None of the passwords are encrypted, and what’s scary is the we’ve tested a subset of these passwords and most of the have been verified to be true.

The breach is almost two times larger than the previous largest credential exposure, the combo list that exposed 797 million records. This dump aggregates 252 previous breaches, including known credential lists such as Anti Public and, decrypted passwords of known breaches like LinkedIn as well as smaller breaches like Bitcoin and Pastebin sites.

This is not just a list. It is an aggregated, interactive database that allows for fast (one second response) searches and new breach imports. Given the fact that people reuse passwords across their email, social media, e-commerce, banking and work accounts, hackers can automate account hijacking or account takeover.

This database makes finding passwords faster and easier than ever before. As an example searching for “admin,” “administrator” and “root” returned 226,631 passwords of admin users in a few seconds.

The data is organized alphabetically, offering examples of trends in how people set passwords, reuse them and create repetitive patterns over time. The breach offers concrete insights into password trends, cementing the need for recommendations, such as the NIST Cybersecurity Framework.

While we are still processing the data, below are the technical details of our initial findings, including:

  • Sources of the Data
  • Details about the Dump File
  • Data Freshness
  • Discoveries regarding Credential Stuffing and Password Reuse

Source of the Data

The dump includes a file called “imported.log” with 256 corpuses listed, including and with added data from all those in the and Anti Public dumps as well as 133 addition or new breaches. Some examples of the breaches listed the file we found:

Last breaches added to the database

About the Dump File

The 41GB dump was found on 5th December 2017 in an underground community forum. The database was recently updated with the last set of data inserted on 11/29/2017. The total amount of credentials (usernames/clear text password pairs) is 1,400,553,869.

There is not indication of the author of the database and tools, although Bitcoin and Dogecoin wallets are included for donation.

The data is structured in an alphabetic directory tree fragmented in 1,981 pieces to allow fast searches.

Data is fragmented and sorted in two and three level directories

The dump includes search tools and insert scripts explained in a README file.


We’ve found that although the majority of these breaches are known within the Breach and Hacker community, 14% of exposed username/passwords pairs had not previously been decrypted by the community and are now available in clear text.

We compared the data with the combination of two larger clear text exposures, aggregating the data from and Anti Public. This new breach adds 385 million new credential pairs318 million unique users, and 147 million passwords pertaining to those previous dumps. 

Data comparison with and Anti Public breaches

Credential Stuffing and Password Reuse

Since the data is alphabetically organized, the massive problem of password reuse — — same or very similar passwords for different accounts — — appears constantly and is easily detectable.

A couple of the constant examples of password reuse that can be found: 

password reuse examples discovered

And how password patterns changes over time:

password patterns discovered

Top Passwords

The list of top 40 Passwords and volume found:

More Analysis, Stay Tuned

This experience of searching and finding passwords within this database is as scary as it is shocking. Almost all of the users we’ve checked have verified the passwords we found were true. Most reactions were

but that’s an old password…

commonly followed by an

Oh my god! I still use that password in <this> site…

a few seconds later.

mission is to protect your digital identity in the new data breach era by scanning the surface, social and deep and dark web.

We will be following up with more information soon and will provide solutions to protect consumers and companies from this and other alarming exposures.

UPDATE — 12/12/2017

Some answers to a number of requests we’ve received:

Can you provide a link to the database?

Quite a few people have asked for a link to the database, but we cannot do that. Our policy, is not to share links or details open resources that can spread such sensitive information.

Password Verification

As several people pointed out, including Tony:

You can use Troy Hunt’s where you can type a password and verify if it is exposed in his compilation of 320M passwords.

We are happy to send exposed passwords (truncated) to you.

If you write us an email to with subject line: Password Exposure Check we will respond with the truncated list of found passwords for that email. Of course we will only report the passwords related to the specific email from which you write us. So if you want to verify different emails you will have to send an email from each of them.

We would appreciate help in verifying the authenticity of the data. 
Once you get our reply from, be sure to reset your passwords and for those that are no longer in use, let us know if the truncated password is correct — we will publish statistics on these findings.




The following was written by Garrett Gafke, CEO of BGV II portfolio company IdentityMind Global, for Forbes magazine, December 7 2017.

If the digital economy takes our analog products and services and transforms them for the digital channel, the shared economy takes our analog experiences and removes the burden and expense of ownership. Many have taken the shared economy’s taxi cab alternative and maybe even stayed in a hotel alternative. The shared economy is like a modern timeshare without the time requirement or the awkward marketing pitch. However, like all new areas, the transition into it is still built on analog models.

Just as web browser encryption in the early days of the web was treated as a munition by regulators until a more appropriate way to classify or treat it was created, the shared economy often relies on physical identification that represents only a single piece of the risk management puzzle — and one that can’t keep up with our multi-channel world. For instance, the terrorist who recently perpetrated a large scale act of violence in New York had a valid drivers license, which was enough identification for him to rent the van he used in the attack.


On a daily basis, this same type of information is used to identify the people who deliver the packages ordered through major online retailers, drive for ride-sharing services, run errands for on-demand task services and more. As it turns out, companies today are far too reliant on drivers licenses, passports, birth certificates and even a basic background check. These old methods can’t track relationships and are not very informative of a person’s trustworthiness or reputation. The old methods can’t keep pace with a new generation of criminal and fraudster and, typically, are not very secure.


A poor link in the security chain or a bad decision can open the door for personal information to be discovered. Then the floodgates to a wide variety of fraud types are open. And, while network security and personal security habits can be improved, hackers are savvy and can often gain access to most systems given enough time.

With all the recent data breaches, it is safe to assume that essentially all physical data has been stolen or generally compromised. While physical or static identity data has value, there is too much at risk to solely rely on it. Online activity provides a digital footprint — a footprint that can be analyzed to help better understand users and their relationships. It is this footprint, in combination with physical information, that becomes fundamental to assessing the risk of an individual.


Digital identities combine the digital and physical attributes of an individual. The resulting identity can be an evolving asset that enables better identity proofing and risk assessment. A digital identity can update at the speed of digital transactions to capture the dynamic nature of online behaviors, and those behaviors, in turn, can be used to assess the true identity and the intent of the individual. More importantly, a digital identity can ensure that we can distinguish between the real user behind an identity and a fraudster who has stolen it.

When we started building our platform and patented Electronic DNA (eDNA™) technology, it was the only commercial technology focused on and speaking about how to connect the digital and physical aspects of an identity to perform a better risk assessment. Fast forward a few years and digital identity is a term that the market is starting to accept as fundamental in identifying the risk of dealing with online users and in establishing trust online.

Ultimately, digital identities can become assets that can be monitored for changes in behaviors. That is how one can detect compromised accounts and identity theft. You definitely want to know that the person you originally vetted is really the person you continue to deal with, and you want to know that the data that is being presented to you by a user actually belongs to that user and hasn’t been stolen.

Back to shared economies, we would all certainly feel safer if we knew that the driver we were riding with, the guests in our shared house or our food delivery person had been properly vetted by the service we were using. The growing economy around these services could be severely damaged if it chooses to ignore the risks of dealing with poorly validated members — both as providers and consumers of these services. As pointed out earlier, it only takes a quick review of the New York incident or Colorado’s nearly $9 million dollar fine on Uber to begin seeing the risk these services face. The shared economy is not going away. Nor is the need to vet people at a digital identity level.


Lockheed Martin to Distribute Blue Cedar Mobile Security Technology to its Defense, Aerospace, and First Responder Customers SAN FRANCISCO, September 13, 2017 — Blue Cedar today announced that Lockheed Martin, a global security and aerospace company, has selected Blue Cedar’s mobile security technology for inclusion in its Universal Communications Platform (UCP) mobile app, or UCP Communicator.  The collaboration provides Lockheed Martin with a solution for UCP users that have both iOS and Android devices, who will for the first time be able to connect quickly and securely to deployed military, first responders, or remote commercial operations teams who require interoperability between multiple types of secure radio and cellular communications. In a first for Blue Cedar, the company also announced that Lockheed Martin will distribute the Blue Cedar platform to its customers and prospects via solutions that meet a wide range of mobile security needs. “We are pleased to have entered into this strategic relationship with Lockheed Martin,” said John Aisien, chief executive officer of Blue Cedar.“We believe that mobile communications security starts by securing the app, and this unique approach meets the stringent requirements of the most security-conscious organizations, such as Lockheed Martin.  Our relationship also demonstrates the versatility of Blue Cedar technology and is just one example of a wide range of powerful, potential applications for a variety of commercial and public sector markets.” Lockheed Martin’s UCP integrates all types of fixed and mobile radio systems, enabling interoperability between multiple agencies and coalition force diverse communication and data systems. With Blue Cedar technology, it now enables consumer-grade smartphones to be used to extend and expand secure communications networks to users without access to radio equipment. The collaboration between Blue Cedar and Lockheed Martin will allow users with commercial smartphones and tablets to download and launch the UCP Communicator app, which is inserted with Blue Cedar’s layer of encryption and other security controls which are already included in the app. There is no need to write any security code—accelerating time to market, increasing ease of use, and protecting privacy for users. The combined Lockheed Martin UCP products and Blue Cedar solution provides a number of benefits, including:
  • Simplicity: Users can use the devices they already have. Downloading and launching the app is easy—and users don’t have to do anything else.
  • Security: The app meets mobile security requirements, such as FIPS 140-2 compliance, establishing a secure, encrypted connection and authenticates users for military-grade security.
  • Cost effectiveness: Users and organizations don’t have to purchase additional specialized equipment to enable spontaneous communication.
“Blue Cedar supports our goal in providing our customers with an expanded communications capability to enhance interoperability and mission needs,” said Jim Quinn, Lockheed Martin business development manager. “The app will provide critical security and encryption capabilities to UCP Communicator customers, giving them the latest mobile security and encryption technology available.” To learn more about Blue Cedar’s security solutions for mobile apps, visit To learn more about Lockheed Martin’s Universal Communications Platform products, visit   About Blue Cedar Blue Cedar transforms enterprise mobility with the industry’s most innovative mobile security solution. By securing the app rather than the device, Blue Cedar gives enterprises robust, consistent protection of corporate data across both managed and unmanaged devices, without the cost, complexity, or risk to privacy of device-level security. Blue Cedar’s “follow the app” security sets enterprises free to fully realize the benefits of secure mobility for both employees and customers. The company is privately held and headquartered in San Francisco. For information about Blue Cedar, visit

IdentityMind Global, today announced the latest version of its Enterprise Fraud Prevention platform, designed to increase operational efficiency and reduce manual review time for medium to large Etailers. The new version extends the user interface with customizable dashboards, queue management, reporting, and machine learning analysis intelligence, in addition to IdentityMind’s eDNA™ trusted digital identity core technology.

According to the Merchant Risk Council (MRC) Global Payments Survey, the typical manual review rate for online orders was 8% in 2016 with an average per transaction review time of 5.6 minutes (2015). In the same survey, 46% of merchants site “lack of sufficient internal resources” as a major fraud challenge.

Version 1.29 of the IdentityMind platform addresses this head on by enabling fraud analysts and managers to configure operational dashboards with widgets tailored to expedite transaction review. Through the dashboards, analysts can quickly see overall transaction processing statistics as well as exceptions that require manual review, and they can resolve transactions in bulk, assign to queues, and review individual or escalated transactions. The average manual review time is below 4 minutes for IdentityMind’s enterprise etailer beta clients, versus the average of 5.6 minutes per transaction reported by MRC. This average reduction of nearly 30% translates into better processes and better cove rage by fraud analyst teams. In addition, through its use of graph intelligence to analyze digital identities, IdentityMind can reduce transaction fraud by 60% and review of card not present (CNP) transactions by 50%.

“Etailers and other enterprises require solutions that can efficiently handle large volumes of transactions seen online,” said Garrett Gafke, CEO of IdentityMind Global. “IdentityMind not only provides a highly scalable solution that leverages digital identities to help Etailers make the best automated risk decisions, but we provide a solution that increases the efficiency of your manual operations to reduce manual review time and make every one of your fraud analysts, your most efficient fraud analyst.”

Enterprises require highly scalable solutions that aid account opening and transactional fraud decisions in real time across all channels where they interact with their customers. IdentityMind addresses this requirement starting with its core strength in digital identities. IdentityMind’s patented eDNA™ engine continuously builds and validates identities. These identities grow with each customer interaction across the secure IdentityMind Identity Network and are validated through a variety of third party data services available through the IdentityMind API. Using machine learning and graph intelligence, IdentityMind builds reputations for each identity allowing enterprises to understand the true risk of doing business with any particular entity. The Rize report allows enterprises to understand where they can maximize revenue and minimize risk, and which rules they need to modify to get there.

IdentityMind’s Enterprise Fraud Prevention platform can be leveraged as a platform with dashboards, graph intelligence, reports and digital identities included, or a la cart via the IdentityLink API that allows companies to integrate IdentityMind’s advanced analytics into their existing risk management platform. IdentityMind’s newest platform is readily available worldwide.

About IdentityMind Global

IdentityMind, creator of Trusted Digital Identities (TDIs), offers a SaaS Platform for online risk management and compliance automation. We help companies reduce and improve client on boarding fraud, transaction fraud, AML compliance, sanction screening compliance and KYC compliance. IdentityMind continuously builds, validates and risk scores digital identities through our eDNA™ engine to ensure global business safety and compliance from customer onboarding and throughout the customer lifecycle. We securely track the entities involved in each transaction (e.g. consumers, merchants, cardholders, payment wallets, alternative payment methods, etc.) to build payment reputations, and allow companies to identity and reduce fraud, evaluate merchant account applications, onboard accounts, enable identity verification services, and identify money laundering. For more information, visit:



SAN RAMON, CA–(Marketwired – July 25, 2017) –

  • Cyberinc, a global leader in cybersecurity continues to accelerate the expansion of Isla web malware isolation system powered by HPE as its OEM and GTM partner
  • Isla delivers complete web freedom through an industry pioneering isolation approach to preventing malware from entering an enterprise’s network
  • The partnership with HPE enables a seamless and simplified global rollout for Isla around the world leveraging HPE’s advanced go to market infrastructure and fulfilment supply chain

Cyberinc, a global leader in cybersecurity, today announced that it has signed a global OEM partnership agreement with HPE for powering Isla, its advanced web malware isolation system. The collaboration with HPE will enable Cyberinc to aggressively sell and deliver Isla, backed by HPE’s advanced go to market infrastructure and efficient fulfilment supply chain.

HPE will drive accelerated expansion and adoption of Isla through its world class manufacturing, distribution and support infrastructure. Collaboration with HPE will enable Cyberinc to strategically gain leadership in the end-point security market with Isla system, an industry-pioneering innovation that eliminates all external malware based threats emanating through the browser.

HPE’s expansive capabilities to meet the requirements of high quality production and timely delivery, along with its ability to give support and coverage across 120 countries will position Isla to rising customer demands across markets.

Security in a Digital Era The digitization wave has resulted in reshaping the cyber-security landscape with advanced, sophisticated web malware attack techniques such as Ransomware, Spear Phishing, Malvertising and Drive-by-Downloads. These advanced cyber-attacks which routinely bypass traditional defenses can be devastating to enterprises and require specialized technology and personnel to effectively counter such attacks. With browser-based malware emerging as a prime attack vector there is a clear need to shift the focus from malware detection — which can never be 100% accurate — to malware isolation to ensure malware free web-browsing.

Cyberinc’s Isla presents a new approach to defeating web based malware with innovative isolation technology that isolates all web content outside the network perimeter. Isla adopts an ‘isolate’ approach versus the traditional ‘detect and respond’ approach, thereby redefining how one secures the enterprise from Malware Based Threats.

“Isla is a game changing innovation in Cybersecurity and we are investing to scale it to meet the surging demand. HPE’s leadership position in the worldwide server market with over 23% market share, its rich OEM expertise and global market reach will help us drive leadership for Isla across the key markets globally. Isla’s disruptive isolation technology combined with HPE’s world class go to market capabilities will help us win in the marketplace,” said Samir Shah, CEO, Cyberinc. “We are looking forward to expanding adoption of Isla across global markets by addressing the toughest security concerns of enterprises, and delivering security solutions that exceed expectations.”

Hewlett Packard Enterprise (HPE) on the partnership “Cybersecurity is a paramount concern for businesses large and small. Cyberinc’s isolate strategy is a unique approach to the traditional detect and respond model. Partnerships like this enable both HPE and Cyberinc to utilize our strengths to deliver unique solutions that bring value to customers,” says Phillip Cutrone VP & GM WW OEM DCIG Business, HPE. “Consistent global execution is one of the cornerstones of the HPE OEM Program. We provide the technology portfolio, supply chain and services that enable partners like Cyberinc to quickly scale their business so they can focus on and build upon their unique value.”

About Cyberinc Cyberinc is a subsidiary of Aurionpro and delivers advanced security solutions for enterprises. Its offerings include secure, scalable, high performance security products that protect from cyber-attacks, and services that help enterprises transition to next generation access management systems.For more information, please visit:

Accuracy Scores Are One Of The Highest In The Industry
SAN JOSE, CA, July 20, 2017 – IntelliVision, a pioneer and leader in AI/Deep Learning video analytics software for Smart Cameras, today announced that the latest version of its face recognition and detection software, which uses a combination of AI, CNN (convolutional neural network) and Deep Learning, has achieved accuracy benchmarks comparable to industry leaders like Google and Facebook.“Our AI and deep learning video analytics software has always been at the forefront of this technology, as our portfolio of products includes over 100 patents,” said Vaidhi Nathan, IntelliVision’s CEO. “By sharing the computing load between the camera and the cloud we can maximize the power of Smart Cameras built with all the popular video chipsets.”IntelliVision’s “Face Recognizer” product is a highly accurate face recognition and detection solution that detects, recognizes and records people’s faces from a camera’s field of view. It identifies/verifies one or more persons in the scene using a stored database of faces. The product’s detection capability allows it to identify and extract human faces from a camera’s field of view and record them for future retrieval and forensic analysis. Face Recognizer is a key tool for security professionals at government, commercial and industrial sites. IntelliVision Face Recognizer scores the following accuracy in the leading public test databases: LFW: 99.6% YouTube Faces: 96.5% MegaFace (with 1000 people/distractors): 95.6% IntelliVision’s Face Recognition product also includes Face Detector and Face Similarity Search capabilities, also using CNN and Deep Learning technologies. “IntelliVision’s portfolio of AI and Deep Learning technology products along with patents is defining the next generation video analytics segment,” said Nathan. “Our analytical intelligence evolves as the applications run, picking up more and more nuances and details, and giving us one of the highest accuracy ratings  in the industry.” About IntelliVision IntelliVision is a market leader in AI and Deep Learning video analytics software for Smart Cameras, providing video analytics solutions for several markets including Smart Home/IoT, Security, Smart Retail, Smart Business, big data analytics and video search. IntelliVision technology has been recognized as the Brains Behind the Eyes™ for many applications deploying and using cameras to analyze video content, extract metadata, send out real-time alerts and provide intelligence to other home, business and security systems. IntelliVision provides the largest suite of video analytic products in the market today. Its products are used by Fortune 500 companies, the US Government and many leading brands. IntelliVision is headquartered in San Jose, California with offices in Asia and Europe. For more information, visit: Email: Phone: 408-754-1690


IdentityMind Global and, today announced a partnership that combines IdentityMind’s risk management and compliance platform with Confirm’s ID authentication APIs and SDKs. The partnership exclusively offers Confirm’s advanced document authentication technologies for US driver’s licenses and IDs within IdentityMind’s RegTech platform.

Javelin Strategy and Research’s “2017 Identity Fraud Study”, found that $16 billion was stolen from 15.4 million U.S. consumers in 2016, up from $15.3 billion the prior year and amounting to $107 billion over the past six years.

The partnership strengthens regulatory and compliance automation with fully integrated, real-time mobile identity authentication services in support of Know Your Customer (KYC), Sanctions and PEP screening and Fraud Prevention. For instance, account opening and customer onboarding processes require verification that the information being presented is real and can be used by the entity providing it. enhances IdentityMind’s Platform coverage of identity document validation, and specifically with’s strong support for US state driver’s licenses and state identification.

“Trusted Digital Identities requires strong validation of the underlying identity attributes,” said Garrett Gafke, CEO of IdentityMind Global. “ provides best in class identity document validation for the United States, especially for the very difficult to validate state IDs that are very common with our Millennial generation. The partnership also delivers on the promise of a frictionless user experience that provides the ability to understand and guard against risk while also keeping customers happy.” enables secure transactions between businesses and consumers by authenticating Government issued ID documents with easy-to-use mobile SDKs and RESTful APIs. Through remote identity proofing, its solution aids customers in solving the ‘Know Your Customer’ problem that exists in highly regulated industries such as banking, insurance, and healthcare.

“Confirm’s ability to tie credible data to a trusted document at account origination strengthens downstream authentication checks and services. This adds tremendous value to any KYC process requiring remote identity proofing,” said Confirm’s CEO and co-founder, Bob Geiman. “The partnership provides IdentityMind Global with fast and accurate identity document data for it’s RegTech platform.”

About Confirm

Confirm provides APIs and SDKs that help organizations rapidly validate customer identity from a driver’s license or ID. The solutions utilize proprietary machine learning and computer vision technologies to conveniently and accurately capture, extract, classify and authenticate consumer identity document data for downstream authentication.

Follow Confirm: Twitter: Blog: LinkedIn:

About IdentityMind Global

IdentityMind, creator of Trusted Digital Identities (TDIs), offers a SaaS Platform for online risk management and compliance automation. IdentityMind continuously validates and risk scores online identities worldwide through its eDNA to ensure global business safety and compliance at customer onboarding and throughout their lifecycle. It securely tracks the entities involved in each transaction (e.g. consumers, merchants, cardholders, payment wallets, alternative payment methods, etc.) to build payment reputations, and allows companies to identity and reduce potential fraud, evaluate merchant account applications, onboard accounts, enable identity verification services, and identify potential money laundering. The Identity Bureau is a registered trademark of IdentityMind Global.

For more information, visit:



Financial institutions are required to carry out due diligence to identify their customers and satisfy themselves of all relevant information before doing business with them. This is intended to ensure that no financial institution is used by criminals in furtherance of money laundering. Here are 10 startups operating in the KYC/CDD space.
  1. Albany
Founded in 2007, Albany is a due diligence solution provider based in the UK. It has worked with banks and insurance companies to create a suite of platforms which interact with each other and can be customized to your compliance needs and regulatory obligations.
  1. ComplyAdvantage
ComplyAdvantage is a UK based firm established in 2014 and provides AML data and surveillance solutions. The firm’s global proprietary database on AML risk exposure covers politically exposed persons, global sanctions, watch lists and adverse media. ComplyAdvantage provides such solutions as AML screening, identity verification, live transaction monitoring and screening.
  1. Contego
Contego was founded in the UK in 2011 and provides KYC validation tools to companies and individuals. It enables you to conduct identity verification and screen for multiple risk factors. Its SaaS model with a browser-based interface that has a full featured API makes it possible to handle more data in real time.
  1. Cynopsis Solutions
Cynopsis Solutions is a Singaporean regtech startup that was established in 2014. Its services include transaction monitoring for combating criminal activities involving money laundering and terrorism financing. The firm focuses on three key areas; risk, compliance, and regulations in the professional and finance industries.
  1. Encompass
Encompass was founded in 2012 and is headquartered in the UK. It provides automated due diligence and onboarding solutions to financial services companies. As a result, the companies are able to comply with internal KYC procedures and ultimately meet the regulatory requirements.
  1. Fenergo
Fenergo is an Irish based regtech firm founded in 2009. It provides client lifecycle management solutions including KYC data management and client onboarding. More specifically, Fenergo offers:
  • AML and KYC compliance
  • Client onboarding and lifecycle management
  • Client and counterparty data management
  • Digital client journey
  1. Arctic Intelligence
Arctic is an acronym for audit, risk, compliance, technology innovation company. The firm focuses on several areas. The company has developed a platform for batch populating AML, CRS and FATCA self-identification forms used for obtaining customer declarations. These enable organisations to obtain client information quickly, cheaply and in a non-intrusive manner.
  1. IdentityMind
IndentityMind was founded in the U.S in 2011 and its KYC solutions involve risk assessment for merchant accounts. in addition to KYC automation, the company deals with fraud prevention, AML compliance, and automated onboarding among others.
  1. KYC Exchange
KYC Exchange is a Swiss-based firm founded in 2013. Its main object is the collection of KYC data over its platform. It has developed a platform designed like a front office system which enables the client onboarding team or relationship managers to get KYC data directly from clients.
  1. SimpleKYC
SimpleKYC was founded in 2015 and is based in Australia. It provides solutions in the KYC workflow space including visualization and identity verification for different entity ownership structures such as trusts and companies. Read More  

Ideas on how best to protect cyber information belonging to individuals, organizations and governments are constantly evolving, with a mix of older and newer methods existing side-by-side. Passwords and keys are still widely used, as two-factor authentication also grows. Surprisingly few people, though, are talking about secret sharing, a security option that takes data and uses randomization to compute different numbers (shares) that only together define the secret/data. TechDigg spoke to Amit Rahav, VP Marketing & Business Development at Secret Double Octopus to find out more about secret sharing.

What exactly is secret sharing and how does it work?

The system that we use at Secret Double Octopus utilizes multiple security matches using multiple routes – based on “secret sharing”- an algorithm established in 1979 by cryptographers Adi Shamir and George Blakely. Secret sharing takes data and uses randomization to compute different numbers (shares) that only together define the secret/data, meaning it’s almost impossible for hackers to piece together.
Secret sharing is mathematically unbreakable, and is so strong in its inherent security methodology that it has been used to prevent accidental or malicious launch of nuclear weapons.

Why is it safer than other methods?

It’s safer because it’s information that’s theoretically secure. For example, there’s not enough information to solve A + B = 100. You’re presenting the hacker with a problem that they don’t have enough information to solve. This enables the implementation of multi-layer cyber security, where each hacking breakthrough merely yields a useless piece of information.
Secret sharing prevents accidental launch of nuclear weapons.
Secret sharing prevents accidental launch of nuclear weapons. Source: YouTube

Where was it used to help prevent accidental or malicious launch of nuclear weapons?

In secret sharing, a secret is transformed into several meaningless ‘shares’ where several – or all – of them are needed in order to reconstruct the secret. This mathematical concept is often used as a security measure taken to prevent single-person access to secured environments. For example, the US Air Force is operating under “The Two-Person Concept” directive which is designed to prevent accidental or malicious launch of nuclear weapons by a single individual.

Is the method expected to overtake others in the future?

We believe that single-point-of-failure security is a thing of the past. The only way to ensure long and everlasting security is by applying secret sharing-based security to Mobile cloud and Internet of Things (IoT) environments.

The end of the password?

The Secret Double Octopus website declares that “the password is dead.” The company believes that: “No password security means more protection, not less”, because “in the hands of users, passwords are a vulnerability”, and that “password-based security is a poor fit for fast-growing architectures, such as cloud, mobile, and IoT. There’s too much to remember – too much complication and exposure.” The alternative, they believe, is an “authentication wall is invisible to the user. There are security factors, but the user does not need to remember or operate” them. Instead, the company creates “a password-free environment with trust channels established via a mobile phone app.” It’s certainly true that passwords are far from ideal, and an eventual move away from them is almost inevitable. The use of secret sharing on a widespread basis, including by the majority of individuals, is a direction in which cyber-security could and perhaps should evolve.