PixelPin is a cyber-security company that was nominated as one of the most innovative mobile start-ups by UKTI and SMART in January 2013. PixelPin has developed a new approach to online authentication using personal pictures to replace passwords. We are currently on the WAYRA accelerator programme.
The PixelPin solution is simple and quick to use, yet very secure. PixelPin eliminates the traditional alphanumeric password by using a picture based approach. The user chooses an image that’s personal to them (eg a photograph of their family or a memorable holiday photo). Then they choose 4 pass-points in sequence. The PixelPin process eliminates the risk of phishing, dictionary attacks and brute force hacking. We have a pending patent under application No. GB2482886. There’s also a growing body of academic research suggesting that people remember pass-points on a personal image more easily given the emotional connection evoked during the process. The user can login to web services from any device, phone, tablet or PC.
No matter how complex or unique, passwords are a single point of failure open to many avenues of attack: dictionary attacks, phishing and brute force hacking. But possibly the weakest link of all is human memory as we reuse, write down or simply never change passwords.
90% of passwords are vulnerable to hacking according to the Daily Telegraph yet most companies still use passwords to login their users. Consequently, companies are losing customers passwords through hackers attacking their sites. Recent examples include Twitter, LinkedIn and Yahoo.
Passwords are also a pain point in any web user experience, and companies are losing opportunities to sell, as their users forget their passwords and fail to complete purchase transactions. On mobile and tablets the user experience is even worse. Nearly 60% of mobile users say they would use their mobile phone for eCommerce if it were an easier experience.
Passwords are especially difficult for certain groups of people, eg those with dyslexia, or learning difficulties. They struggle with the complex sequences of numbers and characters that strong passwords require leaving them more exposed to online fraud.
PixelPin addresses all of theses issues:
PixelPin does not use passwords at all, but is a mathematical based solution designed to military level encryption standards. As such it’s far less vulnerable to the usual attacks made on traditional password solutions such as phishing and hacking. It eliminates dictionary attacks.
PixelPin provides a personal and engaging login experience. People remember personal pictures more easily than complex passwords. This is referred to as the Picture Superiority Effect (PSE).
The touch method on mobile devices leads to an improved mobile experience.
The mobile and tablet login no longer requires the user to enter passwords which is difficult on soft touch screen keyboards.
PixelPin is language independent, inclusive and accessible to those who struggle with entering complex sequences of numbers and letters.
Substantial accomplishments to date
Last year we raised £50K from Telefonica through a competition for their accelerator, Wayra, and £50K from a company investor. We also tried to raise £55k on Crowdcube, but unfortunately the deal was cancelled due to Telefonica's concern with the lack of a Crowdcube nominee structure. Telefonica have confirmed that the Seedrs nominee structure will address this concern.
PixelPin has a patent pending from Aug 2010, and is in the process of getting IP protection for its trademark.
In the last 6 months PixelPin has:
• Implemented 2 closed Beta trials with 2 large eCommerce companies which are providing us with marketing collateral to scale our product.
• Unlocked a Technology Strategy Board Grant worth £100,000.
• Won stands at Mobile World Congress 2013 from UKTI and Mobile Marketing
• Won a place in the pitching event at Business London Network Making It Mobile
• Been nominated as a top 20 Innovative mobile company in Jan 2013 by Smart UK
PixelPin has researched both B2C and B2B business strategies used by competitors. In our view, although many consumers want to use PixelPin, we believe that the most efficient route to profit is through companies that have 100,000s and millions of users. This business approach also sits well with the team’s background in terms of B2B sales and delivery.
There are two aspects to delivery and price:
a. The Software as a Service model allows businesses to integrate PixelPin directly into their websites and apps. We plan to charge on a monthly per user basis as a recurring fee. We have created a self-registration mechanism for companies, to be able to integrate PixelPin with minimal technical effort.
b. Even though it is not the primary source of revenue the technology could be sold as a renewable Annual Licence + monthly maintenance fee for large enterprises such as banks or Government departments who insist on hosting PixelPin on their own servers and infrastructure.
Use of proceeds
The investment is required to continue and commercialise the trials already started, start new trials and to broaden the sales and business development activities to grow the sales pipeline. The product is being continuously improved using agile development techniques as we learn from the user trials, and we add more features.
In more detail we plan to use the funds as follows:
1. product development £70K
2. commercialisation of trials £40K
3. sales, marketing, PR initiatives and admin costs £40K
The customers for PixelPin fall into the following categories:
These customers would be well-known eCommerce companies that can identify with the pain points that PixelPin is addressing (ie high customer dropout rate at basket, high levels of phishing and fraud). We are already well into user trials with 2 large eCommerce Companies who have over 5 million customers and have been integrated into a service managed by Atos. We have also started discussions with other eCommerce companies and financial institutions and banks. We plan to target eCommerce brands and betting and gaming companies.
Smaller eCommerce Companies
We think that these companies have the same pain points as above, but are agile in behaviour and more likely to become early adopters. We have been requested to trial with education providers.
Not for Profit Organisations
We are currently in discussions with Dyslexia Action and Sirona Care & Health.
Characteristics of target market
In the past 2 years there has been an increasing amount of media publicity on businesses that have been hacked and several famous brands have recently disclosed breaches which placed their customers at risk and damaged the businesses reputation. There has been a large surge of users conducting their affairs on mobile. We feel that Tablets and Mobile will soon become the predominant source of eCommerce revenue for businesses and there is a lot of interest in usable secure mobile solutions. The eCommerce and financial markets are very competitive, and are keen to adopt new technologies that will give them a competitive advantage.
The mobile authentication market alone is valued at $760M in 2014 by Goode Intelligence. Businesses currently tend to purchase authentication products such as tokens and to a lesser extent biometrics solutions. The penetration of these technologies is largely confined to banking and financial institutions leaving a large gap for B2B2C solutions.
We plan to reach customers in 2 main ways:
1. Approaching customers directly, from contacts made at events, or through direct contact.
2. Using the online presence to enable potential customers to discover the product, self-register and adopt the service.
The following activities are underway:
• The PixelPin web site is being developed to allow customers to self sign up and trial the software.
• A social marketing campaign aimed at potential buyers and decision makers. The campaign includes strong content that is broadcast through Facebook, Twitter and LinkedIn. The online campaign aims to draw customers to the web site so that they can engage with the product. It takes into account the key decision makers and influencers within a company including Security Lead, UX lead, CTO and the Financial Director. The campaign also targets journalists and bloggers who are influencers in the security space and ecommerce.
• PixelPin has been successful at winning competitions and will continue to exploit this approach. So far PixelPin has won free stands at a number of shows (Mobile Marketing and Mobile World Congress). PixelPin has also won places at pitching events, e.g. Business London Network (BLN). PixelPin was voted one of the top 20 innovative companies in mobile by Smart UK in Jan 2013.
• PixelPin talked to BBC and Sky News in Feb 2013.
PixelPin has a dedicated Business Development Lead and the co-founders both have a strong sales background. Please see our profiles for more detail about our very strong backgrounds.
PixelPin operates in the authentication market. "The ultimate solution for mobile authentication has not yet been seen" Dec 2012 quote Ed Hodges Head of Mobile RBS.
1. In our opinion, Biometrics continues to disappoint, as the promises of easy authentication have not materialised. We also think that that there is consumer resistance to using such strong technology for everyday use, and companies do not want the responsibility of holding its users biometrics.
2. Our view is that hard tokens will stay primarily within corporate environments as users will not want multiple tokens, and they do not work for mobile. The trend to BYOD adds additional problems for hard token solutions as they tend to require common hardware.
3. There are a number of new companies emerging using soft tokens based on QR codes or additional authentication on the phone. They tend to be overly complicated, or not applicable to mobile.
4. A number of companies are offering password aggregation and single access to a safe password storage area. We believe that these companies are primarily consumer facing and have fundamental weaknesses. In our view, some of the solutions need a technical understanding of the internet and are not aimed at the wider population. Fundamentally they continue to place users at risk because they are still using passwords of all login and authentication transactions.
5. Social Logins, eg. Using Facebook, Google or Twitter accounts to login to other sites are becoming more popular. Although simple in operation, there are a number of concerns. Facebook etc are not security companies and Twitter has recently suffered from a number security lapses in their social login mechanism. We believe many people are concerned about the privacy issues and impacts of using social logins. These companies use the information of the sites and services a user visits, to then target the user with product advertising. There is also a strong risk of this information being shared with third parties.