CEO, ScrambleID
Jubin Jose is the founder and CEO of ScrambleID. He's spent his career building identity and access management systems, with a focus on phishing-resistant authentication for environments where traditional MFA breaks down.
Jubin Jose on LinkedIn14 articles published.
How modern financial institutions deploy phishing-resistant, omnichannel authentication across online banking, contact centers, branches, wire authorization, and payment rails. Covers FFIEC, NYDFS Part 500, PCI DSS v4.0.1, GLBA, and PSD2/SCA requirements with concrete deployment patterns.
How federal, state, and local agencies and their contractors deploy phishing-resistant authentication aligned with OMB M-22-09, NIST SP 800-63-4, FIPS 201-3 PIV, FedRAMP, CISA Zero Trust, ICAM, and CJIS. Covers PIV/CAC, derived PIV, FIDO2, citizen-facing services, and the realities of legacy systems.
How healthcare organizations deploy phishing-resistant authentication across clinician workstations, EHR access, telehealth, contact centers, patient portals, prescribing, and medical-device identity. Covers HIPAA, HITECH, DEA EPCS, 42 CFR Part 2, and the practical realities of clinical workflow.
How retailers, restaurants, and hospitality brands deploy phishing-resistant authentication across associate POS access, store-back-office, contact centers, loyalty/CRM, e-commerce, payments, and franchisee networks. Covers PCI DSS v4.0.1, deepfake-driven gift-card fraud, and the realities of seasonal workforce.
How modern SaaS and cloud-services companies build phishing-resistant authentication for workforce, customer-facing apps, support, partner integrations, AI agents, and machine-to-machine, without slowing engineering velocity. Covers SOC 2, ISO 27001, FedRAMP, customer trust, and cloud-workload identity patterns.
How one of the three major US credit bureaus deployed ScrambleID across five surfaces (voice, web, agent, people, frontline): the two-week deployment pattern, 90%+ fewer password reset tickets, and 34% faster caller verification.
AI-generated voice and video are now commodity capabilities, and the Arup Hong Kong $25.6M deepfake fraud (2024) made the failure mode public. This guide explains why detection-based defenses (voice biometrics, liveness detection, behavioral analytics) lose the cat-and-mouse race against generative AI, and why cryptographic people verification is structurally immune.
A detailed playbook to eliminate KBA for account recovery and high-risk call flows: threat model, migration steps, scripts, metrics, and how to avoid common fallback traps.
A canonical guide to omnichannel authentication: why attackers route around single-channel MFA, how ScrambleID closes every surface gap (web, voice, people, frontline, agent, machine, bot, workload) with one proof rail, and how to roll it out and measure it.
How finance, treasury, and accounts payable teams use person-to-person cryptographic verification to defeat the executive-impersonation, vendor-impersonation, and authorized push payment (APP) fraud patterns that have driven nine- and ten-figure losses across enterprises in 2023-2024.
How corporate security, branch banking, healthcare facilities, and high-security sites use person-to-person cryptographic verification to confirm contractor, vendor, visitor, and counterparty identity in person, without depending on physical badges that can be forged or phone trees that can be social-engineered.
Prompt injection cannot be eliminated by better prompts because the LLM cannot distinguish data from instruction at the input layer. The defense that works is moving consequential authority out of the agent's reasoning and into cryptographic authorization boundaries that the agent's compromised reasoning cannot reach. This guide covers the identity-control patterns: scope-per-tool tokens, dual-control on irreversible actions, human-in-the-loop step-up, and chain-aware delegation.
Help-desk impersonation has driven some of the largest breaches of the past three years (MGM, Caesars). Knowledge-based questions and callback-to-known-good no longer hold under AI-driven social engineering. This playbook covers how to use person-to-person cryptographic verification to lock down credential resets, MFA re-enrollment, device adds, and privileged access requests across the help desk.
Passwordless authentication and multi-factor authentication (MFA) are different concepts that are often conflated. Learn how they overlap, where they diverge, and what 'phishing-resistant passwordless MFA' actually means.