Exclusive: How Seema Khinda Johnson of Nuggets plans to thwart hackers by breaking our password addiction
View transcriptWith so much of our economic lives taking place on the Internet, it is practically impossible to avoid leaving personal data in potentially vulnerable situations. Methods of protecting all that sensitive information mostly consist of firewalls, encryption and passwords. These are far from ideal solutions, especially considering how bad a lot of us are at choosing good passwords. The most commonly used ones still include "123456" and "password."
Even when stronger passwords are used, though, consumer data can still be a magnet for hackers and identity thieves. Every year, there are hundreds of data breaches globally across businesses sectors, involving sometimes many millions of records, and those numbers have been steadily marching upward over the past decade. With the rise of the Internet-of-things, and more activities moving online amid the pandemic, risks are only growing. So far in 2021, hacks and other data breaches have already affected Ubiquiti, Parler, Facebook, LinkedIn, Bonobos, T-Mobile, Kroger, Hobby Lobby, and the California DMV, among other entities.
Enter Seema Khinda Johnson and husband Alastair Johnson. The U.K.-based couple founded fintech startup Nuggets after Alastair's credit card and personal identity information were stolen by hackers in 2015. The nightmare of trying to sort out the situation with banks and other financial companies, and learning how much data was stored through "random" third-party vendors, got both Alastair and Seema thinking that there should be a better way. And they found one.
Using blockchain and "InterPlanetary File System" technology, the husband-and-wife team developed a decentralized, "self-soveriegn" payments and ID platform, storing personal data in a format that is impenatrable to hackers, while offering authentication financial firms and merchants need to effectuate transactions. The nifty idea has secured much acclaim for the team, particularly for Seema who was named the winner of Deutsche Bank's 2020 Female Fintech Competition.
She shared her experiences founding Nuggets and what she thinks it will take for us all to break the bad habit of relying on passwords.
-
Keeping data safe with the InterPlanetary File System
00:00:01Business of Business: Seema, I would love to start by asking you about Nuggets and just kind of explaining how it works, because it sounds really cool.
Seema Khinda Johnson: We set up Nuggets I think in late 2016, after my husband had had his credit card use fraudulently online. [It was an] incredibly frustrating process, of having to cancel your cards and not knowing where your information was compromised, whether it was at a shop, over the phone, or online. We just realized there needed to be a better way, essentially. And you know, the control of personal information in our everyday interactions, whether we were buying something or we were logging on.
"It's all around taking back control of your data as an end user, but also enabling businesses to better protect their customer data."
So Alastair, and I set up Nuggets. It's all around taking back control of your data as an end user, but also enabling businesses to better protect their customer data. And we've built a "self-sovereign" ID and payment platform that allows them to do exactly that.
Right. So I think I've seen it written that it's based on the blockchain, right? It sounds great. Like I mean, you save all your stuff on blockchain. And then you have some kind of key, but how is it really supposed to work?
That's a great question. So yeah, let me just explain how the product works. We are essentially a B2B2C business. Businesses like financial services, insurance companies, telcoms, logistics organizations, white-label our platform. They integrate our product within their existing apps and services. And so what happens is a user would actually take a picture of a government issued ID, they would do a moving selfie, and then they would upload a payment card. And what we do is that we encrypt all that data, it's componentized into bits of nuggets, because we like to share the minimum amount of information required to carry out particular transaction. We don't save anything on your mobile device.We actually save your data in something called IPFS, which is decentralized storage. We really love the name of this product. I think it's something like InterPlanetary File System. And then what we do is we use the blockchain, because it's an immutable ledger. We don't save any of that personal data on the blockchain. But we save a hash, which is essentially a location of where that data is saved in IPFS. So hopefully, you still with me, as I explained that. We use the blockchain in a particular way.
We never save any PII, which is personal information on the blockchain. Because as you can imagine, there's lots of regulations. Also in the States, you know, in the Europe, we have GDPR [General Data Protection Regulation], which means that end users have the right to be forgotten. So you can imagine if you save anything like that on the blockchain one, there's the transparency there. And we need to make sure users are private. But we also need to make sure that they've got the right to be forgotten. And that's the same as well, with CCPA [the California Consumer Privacy Act] in California.
Yeah, that is a lot of different things to juggle in this whole concept.
Yeah, absolutely. You know, and I think one of the things that's really key is that it's interesting. You talked about blockchain, because we hardly talk about the use of blockchain in our solution, because I think, Alastair and I, when we were coming at this problem around personal data, privacy, sharing the minimum amount of information and all of those sorts of things. We didn't actually go into this thinking, what can we do with the blockchain? We're actually trying to solve this problem. And then we read about the blockchain. And we thought, "Oh, my gosh, it gives us all of these components."But it isn't the entire solution. So I think that's really key to say that, you know, that Nuggets came at this problem first, versus looking at the technology and going, what can we do with blockchain? It just really brilliantly lends itself to the problem that we're solving.
-
Husband-and-wife-team startup challenges
00:10:43Can you talk a little bit more about your background as well as Alastair's background? And how that led to to where you are now?
I suppose it's quite unique. I mean, there's lots of other businesses that are founded by husbands and wives. So I started my background as a project manager used to work for a large American digital agency and just worked my way up, you know, working on bigger and more complex programs, essentially. And then I found myself at Skype, where I headed up, go to market globally for them. And then after them, Microsoft acquisition, headed up go to market there as well. So I had a lot of experience in commercializing and operationalizing products and launching them within markets.And Alastair. So I think that was over 20 years, I keep saying 20 years, but I'm sure it's a bit over that now. And then Alastair's background has been in tech, he's been in tech for over 25 years, and actually, prior to setting up Nuggets was also working at Skype. And Microsoft had his own tech business for some time. But he's more on the strategic and on the technical side. So when Alastair would come up with you know, "we really need to solve this problem."
"We both just looked at each other: 'We need to do this together.'"
It was one of those things where I think we were a bit bonkers, really, because, you know, setting up a business together, with young children with bills, and all of those sorts of things that we all struggle with. And we just both looked at each other: "We need to do this together, because we both do entirely different things."
So yeah, we started the journey about four years ago. And yeah, it's going great... The only problem with it is though, it's knowing when to stop, like stop talking shop, we've had to come up with some real rules around, you know, especially during the pandemic, right, where you're working from home, and you're living at home, and you're bringing up children. We've almost had to create the do's and don'ts. And you know, when we can talk about Nuggets and when we can't.
That is fascinating. Yeah, I imagine that is a challenge that many, many teams who are also life partners have?
Exactly. We're all in. We're all in. -
Overcoming obstacles for women in fintech
00:13:08I hate that I have to keep asking this question. Or this question keeps coming up about women in Fintech. It is an area where you don't see a lot of women. Have you encountered any difficulties related to that? And if so, like, how have you pushed back or dealt with that?
It is a shame that we have to talk about all of this. But you know, this is exactly the forum in which we need to shine a light on really the disparity between those that get funding and those that don't. I think, you know, it is tough, there is no denying, it's really hard to raise money. It's really hard to carve out a career and incredibly, especially in tech, male dominated environment, you know, there's been typically roles that women would take up, whether they're marketing or PR versus the tech side, or setting up their own organization, because just the stakes are again, you know, it's too high in raising the cash."I feel incredibly fortunate that there are women on our cap table as well as men. I think that's key as well."
Unfortunately, the stats are the stats, right? I think, you know, the U.K. is not much behind the U.S. and Europe. I think it's something like 2%, of female founded organization get funding from VCs. So it is VC and what, what's tough about that it obviously is the network as well. So it could be the person that you're sitting in front of might be male, you know, it's very, I mean, I've been incredibly fortunate we have been funded by an organic women-led an angel investment network.
I feel incredibly fortunate that there are women on our cap table as well as men. I think that's key as well. So I think one it's access to funding is just tougher, the network is tougher. Normally we're sitting opposite. And someone that's been to a particular school normally, it's a one male. And you know, you can't get around from the fact that they like to fund people that they can see a pattern in that, you know, other founders that have been successful before. Maybe this is their second startup.
So it's just harder to get to get in the door with the warm introductions, there's loads of reasons why but, you know, I've said this before, I am really hopeful.
I'm hopeful that I really feel that the tide is turning and, you know, with, with discussions like this and wider discussion as well, I really think diversity is a huge, huge thing. And not only is it good, it's incredibly good for business. I mean, all the data is there, diverse teams and female founded organizations outperform those that aren't. So I think, given that there will be pressure on those investors that only fund, you know, a particular type of a particular type of founder on why are we not founding and I really think they'll become irrelevant. Because, you know, despite it being tougher, women are still doing it, when they do get funded outperform and diverse teams outperform.
And the other thing is, I've read a article the other way, or a few months back, I think it was, I can't remember the source, but it was all around a third of the world's wealth will be managed by women in the not so distant future, which means that, you know, that's an incredibly exciting prospect that given all the challenges, we will be managing considerable amount of the world's resources. And because of that, I'm hoping that there'll be more women across the table, making those funding decisions.
-
Getting buy-in from banks
00:16:44Yeah, that would be definitely a major shift and definitely be interesting to watch. And you clearly know your stuff, you've gotten into this area, you focused on this very huge problem. So I'm sure that also helps. But what do you think just from what you've learned so far, what is like the sea change? What will it take for us to break our bad password habits? And for our data to be much more secure?
Yeah, brilliant question. You know, and this is one that we grapple with all the time, when we think about, you know, what vertical Should we be targeting. Where will we get the quickest deal over the line? I really think what's tough is the fact that it will need large financial organizations to get behind self-sovereign identity. Today they are our most trusted custodians of our data. And I really think they will play a huge role in self-sovereign identity and being able to enable you and I to be able to take back control of our data."There is so much in it for organizations that will enable it, I think it will be hard to ignore. But it does need those stars to align, essentially."
So I don't think this is going to be I don't think this is going to be a product that only the end user downloads and makes a decision. I think, actually, financial services will play a huge, huge role in this. And I think, you know, what's exciting about that, is that distributed and decentralized technologies are bringing great advantages. And actually, what's in it for the banks then. So I think, you know, what's in it for the banks is the thing with self sovereign identity is it will bring faster it will bring products faster to market operational efficiency, reduce fraud. So there is so much in it for the organizations that will enable it, I think it will be hard to ignore. But it does need those stars to align essentially.