Biometric-assured identity has moved from a fringe idea to the center of enterprise security, and the video call is now one of its biggest pressure points. Kevin Surace shares where TokenCore is headed, why banks are extending identity assurance to the customers who move money, and what security leaders should do before the next wave of announcements.
In this Brand Highlight, Kevin Surace, CEO of TokenCore, catches up on a market that has accelerated faster than even his team expected. Biometric-assured identity has gone from the fringes to the core, and the clearest example is the video call: on Zoom or Teams, there is often no reliable way to know whether the person on screen is real, human, or an AI avatar. Surace points to cases where employees wired money because a synthetic version of their boss appeared to ask for it.
That risk is pushing the work outward. Beyond using TokenCore internally, the larger banks are asking how to extend biometric assurance to the customers who move wires, because a phone call no longer confirms who is actually on the line. The goal is to know that it is the right person, on the right domain, within a few feet of the device, and not someone operating from another country.
For security leaders, Surace offers direct advice: start moving off MFA and authenticator apps now, since those methods are being compromised constantly. He acknowledges the change is hard, often for cultural reasons more than technical ones, and suggests starting with admins and the people who touch real data before expanding over roughly a year. The upside, he notes, is that employees tend to welcome it, going passwordless or even ID-less and logging into tools like Salesforce in under two seconds.
This is a Brand Highlight. A Brand Highlight is a ~5 minute conversation that captures a focused idea, update, or perspective from the guest. Learn more: https://www.studioc60.com/creation#highlight
GUEST
Kevin Surace, Chief Executive Officer, TokenCore
LinkedIn: https://www.linkedin.com/in/ksurace/
RESOURCES
Learn more about TokenCore: https://www.tokencore.com
Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight
KEYWORDS
Kevin Surace, TokenCore, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, biometric assured identity, identity security, deepfake, AI avatar, video call security, MFA, passwordless, FIDO2, CISO, account takeover, wire fraud, Zoom security, identity assurance
When You Can't Trust the Face on the Call | A Brand Highlight Conversation with Kevin Surace, CEO of TokenCore
[00:00:20] Sean Martin: Hello, everybody. I'm with Kevin Surace from TokenCore. Uh, we're gonna have a nice brand highlight conversation here. How are you, Kevin?
[00:00:26] Kevin Surace: I'm great. How are you?
[00:00:27] Sean Martin: I'm fantastic. And this is a chance for us to kinda catch up and, and see what TokenCore is up to, what are some of the things that you're seeing in the market, and more importantly, where, where, uh, the company's headed
[00:00:39] Kevin Surace: Uh, look, I think, uh, a, a lot of people know us. I mean, biometric assured identity has, uh, moved from the fringes to core. I guess that's why it's called TokenCore now. And, uh, you know, every- everybody is trying to close that identity gap. And, and, and so there's, there are a lot of announcements upcoming with major partners. But, but think about things like Zoom, and Teams, and stuff like that, where we... One, we don't know if you're really you, and two, we, we don't know if you're an AI, uh, you know, avatar on there. Um, that has actually happened several times. People sent money because they thought their boss told them to. Um, so you can imagine some announcements around that, around leveraging, you know, some of our products like Token Ring, or Token Portable, or Token Node, or any of these various formats, to make sure that Sean is really Sean on here. Like, it's really Sean. It's not the AI version of Sean that's gonna tell me to, to send money. And I, and I think we're gonna see that, um, a lot more. We're see... You know, not only are banks using our product internally, the larger ones are talking to us about, "How do we get these to our large customers who move wires? 'Cause I need to know..." J- just calling them anymore isn't, doesn't answer the question, right? I need to actually know that it's biometrically assured that it's them, it's them on the right domain, and it's them within three feet of the computer that they're working on. It's not someone in Russia or somewhere else, right? So, um, I think you're gonna see a lot of announcements around that, which has surprised us on how fast and how rapid this market has accelerated. It's, um... You know, we're a little overwhelmed, but it's a good, it's a good kind of overwhelmed because are saving people from the bad actors.
[00:02:21] Sean Martin: So some of these announcements, um, if I'm a, I'm a chief risk officer or chief security officer or somebody in IT, uh, a CIO or a CTO kind of looking at the future of, of how we operate our business and how we do that securely and compliantly perhaps even, um, what are some of the things they should be thinking about now so that they're ready for when these, these announcements come out?
[00:02:47] Kevin Surace: Uh, look, I, I, I think, um, you have to, have to move from Auth Apps and MFA. are-- They're hacked ev-every minute, right, at this point. They're compromised every minute. Most CISOs know that, but believe it or not, I mean, I was just at a conference last week, keynoting a CISO conference. There were some that, you know, they've got a lot on their plate, right? And they really haven't paid a lot of attention to the attack vectors lately. And so when I talk to them about identity, they go, "I don't know. We rolled out MFA last year." I go, "But that's 100% hackable today, every day," and it is being hacked by around the world. So, uh, you know, the way you get ready is start to move towards a, a, uh, posture that recognizes that biometric-assured identity is the way you're gonna lock that down and keep, and keep these out. That is hard culturally sometimes 'cause the number one thing I hear is: "But Kevin, I know you're right, but we just finally got MFA rolled out three months ago," or, "Auth Apps rolled out three months ago. How am I ever gonna tell the entire company that that's no longer secure at all? It's no longer secure at all." That's, that's a... That's hard. I mean, that's just hard for people to take. So, um, uh, I think I would get the posture of let's get admins on this. Let's get our most important people, people who have access to real data. We can slowly roll this out perhaps over the course of a year. And, um, uh, uh, lastly, the other thing is, um, employees love the thing because it lets you move to passwordless, and all of a sudden they're logging in in two seconds instead of thirty seconds. So they actually come back and thank you for making their life easier, 'cause now I go to Salesforce and it... all I do is touch that item and in. We've got people even doing ID-less. Not, not just passwordless, but ID-less. Like, literally, you go, you click a button, you touch this, you're in, in, in under two seconds. So, um, I'd, I'd, uh, get the posture that the time is now for biometric-assured identity. There's not, there's not really any choice, and whether you do it today or tomorrow, get, get aligned so when these announcements happen, you'll already be there
[00:04:55] Sean Martin: Yeah. That's good advice, Kevin, and I'm gonna encourage everybody to connect with you and the co- TokenCore team. Uh, get that posture, start, start planning that, uh, that rollout. And I mean, so many applications for this thing and such cool technology too, so
[00:05:12] Kevin Surace: And every application that has data is one that's at risk, right?
[00:05:16] Sean Martin: Yep. Good stuff. Well, thanks again and, uh, hope everybody, uh, learned a little bit about identity and, and the future of where things are headed and, uh, connect with the TokenCore team and Kevin
[00:05:29] Kevin Surace: Thanks, Sean