- What AuthID (AUID) claims is a “key partner” denies having a partnership with AUID.
- Upon a closer look, AUID’s new leadership doesn’t have impressive resumes.
- AUID’s new CEO, Tom Thimot, refers to himself as a “Pivot CEO”, similar to the disgraced CEO of Intrusion (INTZ) we published on earlier in 2021.
- We found AUID’s previously announced selfie-ID customers either weren’t real companies to begin with, or went out of business quick.
- A closer look into AUID’s selfie technology shows that it can be tricked.
See our interview on zer0es.tv highlighting this report here.
- What AuthID (AUID) claims is a “key partner” denies having a partnership with AUID.
- Upon a closer look, AUID’s new leadership doesn’t have impressive resumes.
- AUID’s new CEO, Tom Thimot, refers to himself as a “Pivot CEO”, similar to the disgraced CEO of Intrusion (INTZ) we published on earlier in 2021.
- We found AUID’s previously announced selfie-ID customers either weren’t real companies to begin with, or went out of business quick.
- A closer look into AUID’s selfie technology shows that it can be tricked.
See our interview on zer0es.tv highlighting this report here.
CU NextGen’s CEO Denies Having A Partnership with AuthID
authID.ai (AUID) made a big deal about their “partnership” with CU NextGen. They display the name on page 11 of their Q321 earnings call slide deck, shown below:
Source: Q321 Earnings Call Slide #11
CU NextGen is listed on AUID’s Partner Network shown on their website:
AUID’s CEO, Tom Thimot, even specifically mentioned CU NextGen in the earnings call, and quoted its CEO. He didn’t mention any of the other “partners” in the earnings call, which implies that their relationship with CU NextGen must be special in AUID’s eyes. He stated in the Q321 earnings call on 11/8/21:
Another key partner launched in the third quarter was CU Nextgen, a credit union service organization supporting more than forty credit unions across the U. S…. let’s turn to what our client Kent Zimmer, CEO of CU Nextgen has to say about authID:
(Thimot quoting Zimmer) “By adding authID’s biometric identity services to our platform, we can help our members reduce risk, deliver enhanced identity trust and offer the seamless convenience of password list login for credit union members.”
We decided to try calling CU NextGen to inquire about their relationship with AUID. In the afternoon on 1/11/22, we called the number on their website: https://cunextgen.com/contact/.
CU NextGen’s CEO, Kent Zimmer, is the one who answered the phone, not a receptionist, and briefly spoke to us about their relationship, if any, with AUID. What he revealed to us was shocking. It appears that CU NextGen isn’t recommending or selling AUID’s services.
“I don’t have a partnership,” replied Zimmer after being questioned on the phone by White Diamond Research about a partnership between CU NextGen and AuthID.
“We may have clients that work with them. I don’t even know off the top of my head,” he stated.
“Are you selling their technology to credit unions?” we asked him.
“I don’t really know”, he replied.
Listen to the phone call here.
AuthID’s New Leaders Haven’t Accomplished Much
On 6/14/21, AuthID, formerly known as “Ipsidy”, announced its rebranding. That’s what has fueled the stock’s huge uptrend. But the rebranding was only changing the leadership and changing the name of the company. The new leadership is Tom Thimot took over as the new CEO and Tripp Smith as the new President and CTO. They didn’t change the product. It’s the same exact product that they’ve had since 2018. I spoke with an AUID shareholder, who showed me that he doesn’t understand the technology or the industry on any deep level, but he is bullish only because he has faith in AUID’s new leadership. Primarily Thimot because he was previously the CEO of currently multi-billion dollar valuation private company Socure.
Tom Thimot, CEO
Before AUID, Thimot was the CEO of Socure from April, 2018 until November, 2020. Socure is a security company with a SaaS solution to fight against identity theft and related fraudulent activities. It grew from a startup in 2012 to a multi-billion dollar company today. However, the growth wasn’t from Thimot’s leadership, who only served as CEO for a little over 2 years. Thimot is primarily an operations guy. He’s a good talker and marketer, but he isn’t an inventor or technology innovation type of guy.
This is suggested from an exchange on LinkedIn that Thimot had with Pablo Abreu, the Chief Product Officer of Socure. The following exchange occurred 4 months ago:
Source: LinkedIn
Socure’s co-founder, Sunil Madhu, brought on Thimot to be the CEO of Socure in April 2018. Madhu then shortly resigned from Socure in March, 2019. In May 2019, Madhu then founded “instnt.org”, a fraud prevention and onboarding company, just like Socure.
Thimot did an interview in November, 2020, claiming to still be the CEO of Socure. Then, the same exact day on November 2020, Socure announced:
“Current CEO Tom Thimot, who joined Socure in early 2018, is leaving to pursue new endeavors.”
So having only served as CEO for 2 years before being pushed out, it’s unlikely Thimot had a significant impact on the company. Then it took Thimot another 7 months before joining AUID as CEO. That suggests he didn’t have a job lined up immediately after leaving, or most likely being kicked out of, Socure. He missed significant increases in the value of Socure through funding rounds, announced here and here, after Thimot left.
A key statement that Thimot stated on LinkedIn:
“This was my fourth CEO adventure, but not my last.”
Source: LinkedIn
Thimot refers to himself as a “Pivot CEO”. He joins a company in their “pivot stage”, he makes his money, then he goes on to the next endeavor. Here is his website:
Source: pivotceo.com
He goes to a company that needs help, makes his money, and then leaves. We expect him to sell his shares of AUID at a nice profit, then leave shortly as the stock declines to our price target of $1 per share.
This is similar to Jack Blount’s MO, the former CEO at Intrusion (INTZ). We published on INTZ a year ago when it was at $28. Now it’s at $4, and I expect it to fall to $1 shortly. Blount got fired from INTZ recently, and there’s an SEC investigation on the company as well as a class action shareholder lawsuit coming up.. We’re still short INTZ. If you look at jackblount.com, it shows that he is also a serial CEO and Board Member.
Tripp Smith, CTO
Tripp Smith worked with Tom Thimot at Clarity Insights between 2011 and 2019. He was a consultant for much of his time there, and then was a consultant at Socure for one year. He has experience with legacy technology and databases. There’s nothing in his history that suggests he’s an inventor or innovator of new technology. And he isn’t a software engineer.
AuthID Has Been Trying To Sell Their “Selfie-ID” Product For Years With No Luck – Announces Customers That We Found To Be Fake
AUID hasn’t had any luck selling their products, and evidence suggests they won’t sell in the future. Their rebranding and management change won’t improve the product.
The following has been the company’s very poor financial results:
Source: AUID SEC Filings
The evidence we show in our reports suggest that their financials won’t improve. The customers and partners that AUID has claimed they had, have either been fake customers or only temporary customers. The following are some examples.
On 11/27/18, AUID announced a new customer, Unibank Panama. Below, a screen shot of the PR shows they were still pitching the Verified product with the selfie facial recognition back then:
Source: authid.ai Website
AUID advertised that they got this customer with Proactive Investors. But there’s no evidence online from Unibank Panama that they ever used the product.
On 10/10/18, AUID issued a PR announcing a partnership with Safetrade Africa to sell products in African countries south of the equator. They did a video with Proactive Investors describing this partnership. However, Safetrade Africa is a fake company, likely just setup so AUID could announce the fake partnership. Their last post on facebook was on 3/7/19, and shows some girls taking a selfie.
Source: facebook
On 5/10/21, AUID issued a PR stating:
However, BPSmart appears to be a fake company and a fake AUID customer.
What’s ironic about this PR, is that BP Smart’s own chatbots on its website don’t even work! As shown below:
Source: bpsmart.ai
AUID’s CEO at the time, Phil Kumnick, made a video on Proactive Investors about this partnership. Kumnick is misleading investors with this announcement of a fake customer.
Starting at 0:59 of the video:
“BP Smart has all kinds of customers, they range from banks, to utility companies, to anywhere you might have interaction”, said Kumnick.
Then at time 4:50, Kumnick says:
“I’m very excited about this. This is a good area for us and our technology, and they’re a great partner.”
BP Smart’s Client Access Button on its webpage doesn’t go anywhere:
BP Smart hasn’t received any updates on its facebook page for a year and a half:
Source: facebook
BP Smart’s phone numbers don’t work.
BP Smart’s CEO Linkedin Profile doesn’t seem real:
Source: LinkedIn
authID Lacks Engineers Compared To Competitors
AUID has very few employees with technical security or development experience. The following are AUID’s employees on LinkedIn. The only two employees with software engineering experience seem to be their former Chief Technology Officer, Chris White and Max Umarov, the VP of Solution engineering. They seem to be the only two employees who can code. Even the new CTO, Tripp Smith, is more of a consultant and manager, he isn’t a software engineer.
authID Lacks Engineers Compared To Competitors
AUID has very few employees with technical security or development experience. The following are AUID’s employees on LinkedIn. The only two employees with software engineering experience seem to be their former Chief Technology Officer, Chris White and Max Umarov, the VP of Solution engineering. They seem to be the only two employees who can code. Even the new CTO, Tripp Smith, is more of a consultant and manager, he isn’t a software engineer.
authID’s Relationship With Auth0 Isn’t An Exclusive Deal
Some bulls have been recently promoting authIDs relationship with Auth0 a company bought last year by Okta (OKTA). Such as this post on Stocktwits:
Source: Stocktwits
However, we looked into this type of partnership and it is not something exclusive to authID. It’s equivalent of a company selling their product on Amazon, they aren’t really partnering with Amazon. The partnership just means authID can list their product in the Auth0 marketplace alongside 30+ other integrations. They are just one of many options that Auth0 clients can consider. However, there are few benefits authID’s multifactor authentication provides over Auth0’s own passwordless product (https://auth0.com/passwordless).
The Onboarding of AuthID’s Products Aren’t Really Self-Service
AUID claims that its products are completely self-service. Our investigation has found that to be false. On 10/25/21, AUID issued a PR stating (emphasis ours):
“AuthID’s suite of self-service biometric identity proofing and authentication solutions”
In the Q321 earnings call, Thimot stated:
“here we unveiled authID verified, a self-service solution”
Smith stated in the earnings call:
“we were able to achieve our goal of offering new customers and self-service onboarding process that includes developer quick start documentation API documentation and a simple self-service sign-up process”
What self-service means is there’s no need for a person to get back to you and help you sign up. It’s all automated. That’s not the case with the authID verified signup process.
If you go to their signup page and fill it out, it then sends you to this page:
Source: authID signup page end
That page is proof that authID’s signup process isn’t self-service. It says “We will be in touch soon”, which means a person will get back to you after receiving your info. An associate of ours went through the signup process and got no response from AuthID. This is different from most vendors who will email back within a day after receiving a new lead.
Let’s compare this to Twilio’s signup process which is self-service. It starts at the twilio.com home page showing the “sign up and start building” button. After you fill it out and get your email and phone verified, it goes to this page:
Source: Twilio Welcome Page
After you choose what your plans are with Twilio, you immediately get started, as shown above. That’s what self-service is.
Thimot’s Claims Of Why AuthID’s Verified Program Is Unique Is False And Misleading to Investors
In AUID’s annual shareholder meeting webcast on 12/29/21, Thimot was asked how AUID’s technology is different and better than the competition. Thimot responded:
“We keep a map of your face, we don’t even keep an image. We also don’t have your PII. Your name, your birthdate, what can reference you. Other competitors have that to recognize users. We keep that in the customers hand. What we are doing is actually storing the mapping of your face, the biometric represented in mathematics, we are storing that in the cloud. And why we are different, is we are storing the mapping at a turn of the wrist, and the reason why we can do this very quickly, where others have failed, is in the past, people would try to move across the internet, an image of someone’s face, move it up to the cloud, and have it answer down.”
We have found that this feature that Thimot describes as an “advantage” is nothing unique at all about authID’s verification product, and their competitors do the same thing. They keep a mathematical mapping of users face, and don’t store images. For example, look at Microsoft Azure’s face verification technology. It’s using a map of the user’s face in the following example:
Source: Microsoft.com
At the bottom, it states the verification result giving a confidence score from using its mathematical map.
In regards to saving images, it also says on the page:
Source: Microsoft.com
Like AUID’s product, Microsoft Azure’s facial recognition software also doesn’t save images on the cloud.
An executive of one of AUID’s competitors said regarding Thimot’s quote when we asked him about it:
“It’s not even a feature. Zero tech behind it…Given there are 50+ vendors in the doc auth segment, and almost all are larger and growing faster than these guys, no one cares.”
A consultant from a competitor said regarding this quote:
“Our solution uses the biometrics that are already in the users device. For example iPhone Face ID. Is there a reason why a company would prefer to use a different biometric than the biometrics already given in the device?”
A Deep Dive Into authID’s Selfie Technology Shows It Can Be Tricked
We did a deep dive into authID’s selfie technology to see how it compares with other solutions. We found authID is not as secure as they state with the possibility to login with anyone’s face. Yes, that is right. If your photo is anywhere online a hacker could use the image to gain access to an account secured by authID. The problem lies with authID’s liveness checks. Their software requires a simple smile and blink which is an antiquated security measure that can be tricked easily as seen in this demo that we made. You can test it yourself by downloading their Ipsidy app which we might add only has 500 installs over 4 years of being available. Also, their web offerings mimic their app with the same flaws. Even more robust solution with complex liveness checks beyond authID’s product can be spoofed too as seen in another video on YouTube.
Now comparing the two liveness spoofs you can see that authIDs checks are so basic that anyone able to manipulate a photo can bypass their verification.
Furthermore, authID’s product has features that are not unique in the marketplace. While submitting an ID you can see their service is communicating with another software called BlinkID. This software is already used by many identity verification companies which is the basis of ID scanning. If they were building a proprietary product they would employ AI machine learning engineers but they don’t do that, and instead, license another software.
Conclusion
AUID is a great short for a few reasons. Its product has been around for many years, without being upgraded. It’s a basic version of a facial recognition identity verification. For years the company has claimed certain partners and customers, which we’ve found to either be a fake company, or a company that never used AUID’s products.
Even AUID’s recent partner that was important enough for AUID’s CEO Tom Thimot to mention on the latest earnings call, CU NextGen, its CEO denied being a partner of AUID’s in a phone conversation we had. AUID’s rebranding in June 2021 has simply been a change of the company’s name, and a new CEO and CTO. The new leadership don’t have impressive resumes. And Thimot even refers to himself as a “pivot CEO”. He is a serial CEO for hire to help companies turn themselves around and then he moves on to the next CEO job. This is similar to the disgraced CEO of cybersecurity company Intrusion (INTZ), that ended in disaster and he was fired from the company.
AUID has almost zero software engineers, only one their CTO. Everyone else is in business development, marketing, consulting, etc. Whereas if you look at their competitors on LinkedIn, they have a lot of software engineers and technologists who write software code.
Thimot states that certain features of its selfie ID verification technology put it ahead of competitors, but these are actually not unique features and don’t put it ahead of the competition because all meaningful competitors do the same thing but with more updated technology. We found that AUID’s selfie technology can be tricked by using a photo of anyone’s face and then photo shopping a smile on the photo and photoshopping eyes closed to mimic blinking and smiling.