Mobile theft continues to be an ever-present threat. Combine this with the sudden realisation that digital wallets and other sensitive data have also been obtained, and this becomes a fight on multiple fronts.
This was a story James O’Sullivan, CEO & Founder of Nuke From Orbit, knows all too well about, which inspired him to create the smartphone security company.
After the firm completed a recent £500,000 funding round, Payment Expert spoke to O’Sullivan on how mobile fraud and theft has evolved over the years, and what solutions are needed to tackle new and emerging threats.
Payment Expert: Firstly, how significant is the recent £500k funding round Nuke achieved in being able to enhance and expand its current and future offerings?
James O’Sullivan: The difficulty with Software-as-a-Service (SaaS) is that you need to write the service before you can bring in any revenue, and to do that, you need to raise some money. This raise gives us ample runway to develop the product and get all the security and privacy accreditations we need to partner with other players in the financial services space.
It also enables us to invest time and resources into getting those partners on board, both in terms of interpersonal connections and technical integrations. Establishing these partnerships is crucial because, without them, we have a great idea but not a business.
PE: Prior to the creation of Nuke, what were some of the prevalent fraud types that were plaguing the smartphone industry and how is Nuke helping to resolve these?
JO: The introduction and rise of payment verification for card payments has had such a profound impact on card-not-present fraud that criminals are looking for other vulnerabilities to exploit. When we think about cybercrime, we think about the hacker sitting behind his computer inflicting misery on people thousands of miles away, but criminals are returning to the ‘shoulder-surfing’ tricks that existed around ATMs for years, but now, rather than one card, they can access them all.
This exact scenario in my personal life led to me setting up Nuke From Orbit. Out with friends, my phone went missing. I tried to track it from another device, only to find that my password had been changed, indicating that the device had indeed been stolen.
Panic started to set in as emails began coming through saying bank cards had been declined in various shops, and I couldn’t reset my account password without my phone, creating a catch-22. So I started calling the banks, only to discover that the thief had spent tens of thousands of pounds across the cards in my mobile wallet.
It took me about six hours to cancel all of my cards and change the passwords on various accounts accessible via the device, but by that time, the damage was already done.
I searched high and low for a better “in case of emergency break glass” solution but couldn’t find one. And so, taking inspiration from Ellen Ripley’s immortal words in the film Aliens, Nuke From Orbit was born.
PE: Are there any modern day solutions to mobile theft when it pertains to blocking thieves from accessing the users’ personal data, such as payment information?
JO: While many services and apps have security that incorporates biometrics or two-factor authentication (2FA), these can be easily circumvented by a single weakness: a phone’s PIN.
Security, for the most part, is aimed at protecting you from people at a distance, not someone who has access to your primary device. If criminals take an open phone or gain knowledge of the PIN, they can bypass most security measures and credibly act as you to merchants in person and online.
Currently, you can access the functionality of your iPhone via a biometric (face/fingerprint) or a PIN code (four-digit, six-digit or complex). Such redundancy works well because sometimes the biometric doesn’t work. In short, the camera might be damaged, you’ve got a cut on your finger, or you’ve tried your biometric too many times.
So, the PIN ensures you’re always able to access your phone, but it is also the gateway to someone else accessing your device, as a passcode is much easier to duplicate than a biometric (although we’ve seen plenty of examples of spoofed biometrics).
And it’s a problem that is getting worse, not better. In London, recorded mobile phone theft and burglary have risen dramatically in the last two years, with a mobile phone stolen every six minutes in London alone.
Our research shows that in 62% of cases of smartphone thefts in the UK, the repercussions extend far beyond the initial loss of the device. One in four individuals also fell victim to digital wallet theft, resulting in monetary losses. Meanwhile, one in five respondents experienced compromised personal bank accounts through unauthorised access via mobile banking apps.
PE: Whilst being London-based, following the funding round, does Nuke have any plans to expand into other UK cities and potentially across Europe too?
JO: Absolutely! It will be available across the UK when we go live, but that is just the start. Our vision is that, eventually, this will be available globally, taking the fight to fraudsters and thieves everywhere.
When we attended Web Summit in Lisbon last year, it was instructive for us that there was a global demand for a solution like this, which will, to some extent, dictate our global expansion roadmap.
We had numerous positive conversations with people from countries like Brazil, which has a fascinating smartphone-powered digital economy but also a high crime rate. That’s the environment where a service like Nuke From Orbit will shine. I don’t say that with glee because our service is one borne of necessity, but we will go where our protection is needed.
Our technology isn’t limited by geographical borders but by the number of partners we have integrated with. So, for example, if at launch, we have most retail banks operating in the UK, most mobile network operators, maybe some social media companies, and email service providers, we’ll have a service that someone in another geography could sign up for, but its usefulness is limited by the partners that are on the platform.
As we grow and learn from the integration process, we can accelerate the timeline for country-specific deployments.
PE: Lastly, and thank you for your time, are there any emerging technologies, such as blockchain and AI, that can further support some of Nuke’s solutions?
JO: Before the Open Banking revolution, a start-up tackling this problem would have encountered some heavy-duty roadblocks. Now that third-party access to consumer banking through APIs has become more available (and even mandated in some places), Nuke From Orbit is a relatively low-risk addition for our prospective partners.
It goes without saying that crypto assets are another class we will look to protect, especially with the finality of any loss and the unlikeliness of redress for the victim.
AI will be interesting across the board, but with the speed at which you can now clone a voice, the protection that previously very safe biometrics offers will undoubtedly decrease. I wouldn’t be surprised if AI could create a passable 3D version of someone’s face from a handful of photos from Instagram within 12 months (if it can’t already).
If voices and faces can be copied and PINs can be stolen, there needs to be a damage limitation service for when whatever defences you have are breached, and that service is Nuke From Orbit.