Capturing a personal memory to create a secure authentication is now a reality. Georgia Steele Matthews, chief product officer at PixelPin, details the cybersecurity business’s journey and vision for the future of online security. Briony Richter reports

PixelPin’s goal is to create an online environment where consumers can safety and easily navigate through various sites and their personal accounts. Cybersecurity is massively important for all organisations and merchants around the world.

It is especially vital for banks that carry important financial information about their customers. Data breaches and failed purchases are serious problems for retailers and consumers: they cause a brand to lose trust, and heighten customer insecurity.

A robust, simple and secure authentication process is, therefore, absolutely critical. This is even more necessary across Europe, as from 14 September 2019 new requirements for authenticating online payments will be introduced as part of the second Payment Services Directive (PSD2).

PixelPin believes it has the solution to revolutionise the way consumers access online services and accounts. Its security solution completely eliminates passwords. Using visual and cloud-based technology, consumers can log into their accounts using a photo that holds a personal memory.

With the amount of online accounts gathered over time, it is hardly surprising that consumers – including this writer – repeatedly forget their passwords. Studies have shown that many consumers are visual learners, and this is the area that PixelPin is optimising. Instead of frustratingly digging through their memories, users can log in using a favourite photograph.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Electronic Payments International.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Georgia Steele, chief product officer at PixelPin, is responsible for the overall proposition. She sits between the sales, marketing and tech departments to develop and deliver the finished product.

Defence and security

Discussing the PixelPin journey, Steele says: “Our founders both come from military defence and security backgrounds, and the idea came from working with the Metropolitan Police. One of our founders was working in the surveillance team. They both saw issues with current security systems, and started to look at alternative ways to log in.

“Around 65% of the population are visual learners, so they focus on patterns and colour balances much better than print and audio. That’s why we started looking into pictures.”

Aimed at delivering a smoother online payment experience for consumers, PixelPin’s approach dramatically shortens checkout time, improves security and reduces cart abandonment rates. “We have been talking to retailers, and a fashion site in the UK used us purely because it had a high drop-out rate. We are also live on a ticketing site in Asia; its issue was that the password process was so long and users couldn’t remember their password, so many just didn’t get in. It wanted an easy-to-use, secure and convenient solution.”

Asked why it is time to rethink the login process, Steele adds: “I think there are several reasons why people should ditch passwords.

“Firstly, around 75% of people are not completing purchases online due to password resets, so there is a cost issue and that is affecting retailers a lot. People themselves don’t know how to properly use passwords; around 10% of people are using the password 1234, which is shocking. The majority of passwords are on hackers’ lists.

“Hackers often conduct what we call visionary attacks – this is where the hacker will put in every word found in the dictionary and numbers at the end, and can find 90% of passwords used. So it’s really time to ditch the passwords.”

For years, the financial and security sector has been talking about the need to replace passwords with more secure and reliable methods.

The number of passwords needed in an average day has become a burden, and their security vulnerabilities are not lost on the organisations that use them. Especially in the financial sector, organisations must take into account, security, availability and usability when offering a different authentication solution.

At a time when more data and security attacks are caused by password compromise, it is going to be increasingly difficult – and soon impossible – to make the case that password only authentication is appropriate security.

The PixelPin solution

The cybersecurity business allows users to get rid of complicated and numerous passwords.

The consumer simply chooses a photograph and selects four points that can create a story to log in. “PixelPin itself is a picture-based authentication. We allow users to log into their accounts, wherever that may be, using a personal picture and four points. On registration they upload a personal picture, or they can set it to gallery images. They then press four points. Now, as they pick their four points we encourage users to create a story and this helps in the memory process – so the picture itself acts as a visual aid.”

Steele adds that the image does not have to be a picture of the user; in fact, PixelPin encourages users to pick a memory of something that resonates with them. For example, an individual could pick an image from their favourite music gig or their dog’s collar. It is all about giving choice in a more secure and visual way.

“We wanted to provide a unified authentication product, so we provide that Across android, iOS and desktop,” Steele notes.

“The story is kept in the user’s mind and is told as they press the four points. The reason we are called PixelPin is because all the information, when you press on one of the points, is taken down to pixel level and then expanded back up where we can work out where the customer has selected.

“If someone is watching over your shoulder, they won’t know the pattern that you are following. We have some blocks, but really we encourage users to use images of friends, family, favourite past times. It’s not biometric and it’s not facial recognition.”

Better than biometrics

The industry as a whole has come a long way towards developing alternative authentication methods; however, because society is so used to passwords, it is unlikely that they will disappear overnight. That being said, there are also numerous choices available now.

Biometrics is being used more extensively by banks and financial organisations, but Steele believes there is a space in the market for biometrics and PixelPin’s solution – and that there are flaws with biometric authentication.

“I think the weakness with biometrics is that when that solution doesn’t work for whatever reason, it’s backed up with a password. Therefore, you could have the most secure biometric in the world, but if it fails and your PIN is still simple, hackers will easily get in.

“There is a lot of human error that goes along with biometrics, but we think there is a space for both; it’s giving users options.”

PixelPin’s solution is arguably more secure for the future of the industry. The number of different points that can be chosen on a picture are much greater than the number of characters for a password. Furthermore, the points that an individual chooses cannot be guessed by a hacker.

There is no algorithm that can be used to follow a visual pattern. Developing a product that delivers this level of accessibility and security is hard, and will always need worked on as other ideas and consumer demands come to light.

Speaking about the hurdles the company has faced, Steele states: “As we grew, we had to work out how we could make our technology applicable to all devices. We evolved the product several times to continue to make it easy as possible. I would say the product is always evolving; if, for example, a user is confused about the four points, then we as a team should embed more information to guide them.

“We are always developing, and this is how we see the future of authentication. It’s about the talking to customers and really listening to their needs.” Steele highlights that one of the biggest hurdles facing the whole industry is being able to properly manage and defend against automated bots.

Hackers are creating their own bots that can attack business systems and access consumer details. Security measures are certainly improving, but different countries are moving at very different paces. PixelPin has opened an office in Japan, where everything is described with picture, making it the perfect place to launch picture-based authentication.

Steele notes that Asia in general is far more fast-paced than the UK and Europe. The UK in particular is a little more hesitant about fully adopting solutions like PixelPin’s.

Consumers do not necessarily like passwords, but they know them, so the challenge is to change mindsets on alternative authentication methods. With all this in mind, Steele turns to the next part of the PixelPin mission.

“In terms of evolving, we are currently looking at how we can partner with other different solutions to make our offering stronger,” she explains.

“For example, we may partner with a behavioural biometrics company. With a partnership like that we could actually track how you authenticate. We could also track the length of time and monitor changes in patterns.

“From an innovation perspective, we are looking at pictures and perhaps moving images. We are very live in Japan, and they are very big on Pokémon. Potentially you could use your favourite Pokémon character, and as you move between points, the Pokémon moves. It’s a prototype currently, but definitely something on which we are gathering insight.”

Sign up for our daily news round-up!

Give your business an edge with our leading industry insights.

Sign up