Queensland startup CryptoPhoto is a login security system protecting users from phishing

- March 18, 2016 4 MIN READ

No one is safe from hackers, from the average user through to the big players like Sony, Adobe, Ebay, and Facebook. As such, passwords these days require such strange assortments of numbers, letters, and random figures that when it comes to online personal services like internet banking you may end up with a password that reads ‘margaretthatcheris110%SEXY.’

While SMS alerts have lately developed as new method of providing accurate authentication, the generated numbers and codes can be easily compromised. Technology exists that hackers can use to read SMS codes or messages, poking holes into the once thought most secure online systems.

More than half of all break ins start from phishing, where people are tricked into revealing passwords or token codes to imposters. Queensland startup CryptoPhoto aims to prevent these imposters from taking important personal information and data through their secure login security system.

The startup uses technology called imaged or mutual authentication images; for example, when a user provides a bank with their username and password, an image of, let’s say, a banana will pop up. On the CryptoPhoto app the user will have to identify the corresponding image of the banana from a grid of other images as a way to verify and authenticate they are not an imposter.

“It’s just like the card game snap between your browsing session and the secure app on your smartphone,” explained CEO of CryptoPhoto Andrew Grant.

The core focus of CryptoPhoto has been on trying to find proof of concept and gain customer feedback of technology. It is important for the team to use this data as security technology needs to constantly be refined and updated as a way to stay ahead of the hackers.

Founder of CryptoPhoto Chris Drake worked in the IT and security industry for 30 years where in 2007 he lodged a provisional patent on the technology and finally in 2012 it was granted. In 2014 the company was accepted into Microsoft Ventures and grew substantially from there. Their first interest came from the Internetbs.net, which is part of the CentralNic Group, a domain name hosting company in the UK. Last year CryptoPhoto applied for accelerated commercialised funding of $1 million to prove its concept, which it was granted.

The three core frequent concept customers include Internetbs.net, Atmail, an email solution provider in Queensland, and MPR, an asset management company in the Philippines. CryptoPhoto has been able to re-sell its product to Internet BS customers and hopes to continue this through working with other national and international companies.

Last year CryptoPhoto was invited to present its security system at the TCS co-innovation event where it won the Australia and New Zealand award and then went on to present its idea at the event in Silicon Valley.

Currently the startup is in talks with some big name companies including Wells Fargo and Peter Crisler. From that event CryptoPhoto is now working with a platform called BANCS, which is used by a number of leading banks globally. Back in Australia the system is also working with the big four banks and is currently creating a customer-facing pilot project.

In terms of challenges for the startup, Grant explained that it has been tricky trying to get companies on board, especially because the most value the CryptoPhoto solution brings is for tier one customers, so those direct suppliers like banks.

“I’d definitely say off the cusp, with cyber security…it’s been hard getting in the door, the reason being is there’s so many people that are putting snake oil out there,” said Grant.

Having a good team who really understand how to sell an idea and provide real impact solutions is crucial for companies who provide services to tier one customers. Grant explained that working with his cofounder Drake has enabled the startup to work with some of the biggest names in the industry.

Traditionally people who work in cyber security are clever, however Grant explained that they lack the user experience side of the equation.

“If I could say to you right now, you can either type out four, six, or eight digits into your keyboard to authenticate something, or you can tap your phone once, what would you choose? And see, from that side, for you and me as sort of EQ rich operators, it’s a no brainer, whereas some of the technical people go, well hang on, if it’s that easy it mustn’t be secure, but it’s more secure,” Grant said.

“The beauty of having someone like Chris Drake at the helm on the technical analysis side is that he’s just got one of those brains, he can analyse tech in different technologies and sees loopholes in everything. So usually where you’d walk into a bank and you’d have people with their arms crossed because they’re thinking, what’s this about, by the end of the meeting they’re like, wow that’s mutual authentication, that’s actually really clever, that’s faster than having to type codes, it’s more secure, it’s easier to use.”

In the last 12 months there have definitely been some changes to the mindsets around corporate venturing and a lot of big Australian companies are more open to talking to startups and taking on alternative tech solutions.

“I think there’s a huge opportunity that many corporates miss on not saying to people like us, you know what, let’s grab your tech, let’s plug it in, let’s do a pilot project, let’s compare apples with apples with what we’ve got now,” said Grant.

“When you’re dealing with big companies, sometimes partnering with an existing service provider, so in our scenario working closely with Tata Consulting Services, TCS have been able to create a number of introductions and have championed our relationship with the bank.”

Grant explained that the company is working harder at the partnership model and is focused on concluding proof of concept projects. Around Christmas time this year CryptoPhoto will look to raise another $1 or $2 million to expand and continue to refine their services.