Interview: Tackling Identity Theft

Shamsh Hadi, co-founder & CEO at ZorroSign, tells Anita Joseph, Editor, Security Advisor, how this multi-chain blockchain platform leverages the cryptographic security capabilities of blockchain and also integrates Identity-as-a-Service technologies into its solutions in order to combat fraud, identity theft and cyber-attacks.

Tell us about Zorro Sign’s presence in the region and what its business profile is?

I am a third-generation member of the Hadi family, and we have called Dubai our home for the last over 55 years.

ZorroSign, Inc., was conceptualised and founded in Dubai, UAE. This multi-chain blockchain platform was invented to move documentation and digital transactions from a relationship built on trust to a relationship built on truth—providing global customers the ability to positively impact the environment through sustainable practices, and securely transform paper-based workflows to digital. Our technologies decrease operating costs, reduce paperwork errors, and increase productivity.

Too often, we see high environmental costs for new technologies that neglect to consider sustainability and the conservation of natural resources, but ZorroSign set out to advance sustainability while advancing technology.

Personally, HH Sheikh Mohammed bin Rashid Al Maktoum’s Digital City Vision for Smart Dubai has been a guiding principle for ZorroSign, and we share his goal of a paperless life in the UAE by 2030. At ZorroSign, we actively support the Dubai Blockchain Strategy – Digital Dubai by helping Dubai lead digital transformation and transparency as a beacon to the world.

Identity theft is a huge concern today. How does Zorro sign go about addressing this issue?

Not only does our web3 platform leverage the cryptographic security capabilities of blockchain, but it also integrates Identity-as-a-Service technologies into our solution set to combat fraud, identity theft, and cyber-attacks.

For example, blockchain’s distributed ledger technology—originally built for zero-trust environments and further secured in private, permissioned configurations—gives organisations a compelling alternative to centralised databases and a strong defence against phishing and ransomware attacks.

Further, ZorroSign delivers IDaaS by leveraging the biometric capabilities of hardware endpoints to verify user identities, we are the first to adopt password-less login amongst our digital signature competitors, and our multifactor authentication (MFA) provides superior security, as before a user can sign a document, our platform can validate multiple dimensions of authentication based on the transaction security needs: What you know (i.e., your ZorroSign login password), what you have (e.g., your laptop or mobile device), who you are (e.g., biometrics such as fingerprints or eye iris on the device securing who can access it), etc.

Additionally, ZorroSign users can optionally use the dynamic knowledge-based authentication (KBA) feature provided by LexisNexis. KBA requires the knowledge of the private information of the individual to prove that the person providing identity information is the actual person—reducing the opportunities for fraud and identity theft.

Finally, ZorroSign’s patented Z-Forensics token is a tamper and fraud-detection seal for digital documents, creating an unprecedented, immutable audit trail and complete chain-of-custody validation. Z-Forensics can prove that the individual signing the document is who they claim to be (verification); apply a digital equivalent of a wet-ink signature to the document (legal intent); and, prove the authenticity of the printed copy or digital version of an electronically signed document, its content, attachments, and the signatures on it (authenticity).

Unlike any other digital signature solution, ZorroSign seals all documents (paper and digital) with Z-Forensics token—capturing the complete audit trail and accompanying attachments and signature workflow. The token is encrypted and contains all the details about the transaction: time stamps, user authentication, documents, and attachments.

What are some of the main security trends in the market today?

It is no secret that cybercrime has skyrocketed in the last few years. With data breaches and digital theft making headlines almost daily, there are more and more risks as the world moves to more and more digital information and transactions.

However, by using distributed ledger technologies—originally built on Hyperledger Fabric and recently expanded to include the Provenance Blockchain—ZorroSign helps organisations tackle that risk, offering greater privacy and security for their (and their customers’) digital transactions, while preventing fraud and ensuring regulatory compliance.

How? First, blockchain technologies provide structural layers of protection from cybercrime, like ransomware, malware, or phishing attacks: One, by decentralising the data set itself (preventing anyone from breaching to accessing the entire data set); and two, by giving endpoints (or nodes) a quick path to recovery, even if they are themselves breached or their access ransomed. Unlike centralised databases—which can be breached at unsecured endpoints (users and devices) or even at managed service providers (MSPs) hosting them—giving attackers complete control once they gain central access, blockchain technology distributes data physically across separate nodes. By decentralising data storage, blockchain effectively prevents anyone endpoint (even if compromised) from gaining control of the full data set.

This distributed nature so defeats any attack seeking to breach a system and holistically encrypts the data files stored inside: a single endpoint node might be breached, and its files held for ransom, but the larger data set cannot be controlled by anyone endpoint (or central authority) and so attackers cannot capture the full data set for encryption, ransom, and shutting down the network.

There are some huge players in digital signatures, but none have figured out how to cost-effectively map their legacy technologies to web3 and blockchain solutions for decentralised security.

At ZorroSign, we have solved all these problems with blockchain for digital signatures!

Again, our platform is built entirely on blockchain—as opposed to the blockchain as a bolt-on addition to a legacy platform. We have pioneered a way to manage blockchain-based digital documents more securely and more cost-effectively than any other digital signature solution—able to scale our blockchain architecture to meet customer needs in a way our big competitors simply could not solve.

What is ZorroSign’s plan for the market in 2022?

At ZorroSign, our mission is to leverage blockchain technology to deliver a lifetime of security and privacy for your digital signatures, documents, and transactions that are easy to use and legally compliant.  We believe almost every organisation, business, and individual can benefit from our technologies, but we realise early adopters are eager to embrace web3 solutions and so gain an early-mover advantage.

We have found that financial services organisations, legal services firms and departments, and information technology (IT) providers and departments are most eager to bring superior privacy and security to their clients and customers. As such, ZorroSign’s plan for 2022 includes embracing financial services, legal services, and IT companies to help them ensure user authentication and document verification for legally enforceable digital transactions worldwide.