How Toopher Is Using Your Mobile Phone To Prevent Fraud, with Josh Alexander

It seems like nowadays, just about everyone is now using an iPhone or Android smartphone. That shift--which has happened in only the past few years---is the inspiration behind Austin's Toopher (, which is using the ubiquity of smartphones to make it easier for websites and businesses to prevent fraud. We spoke with co-founder Josh Alexander about the startup, and how the company is using smartphones to implement easy-to-use, two factor authentication, all geared around preventing online fraud and securing online services.

What is Toopher?

Josh Alexander: Toopher's goal is to save consumers and businesses billions of dollars, by preventing online fraud from happening. The way we do that, is by using the location awareness of smartphones. It's simple, secure, and never has to leave your pocket. We've providing leading edge technology, which is the best security available, and is strong, out-of-band, two-factor authentication--and which is nearly invisible to consumers. You can have the best level of security available, you don't have to do anything, and it doesn't change consumer behavior.

Can you explain how that works?

Josh Alexander: What you do, is you bolt into the web service. How that works, for example, in the use case of a financial institution, is you would log in as your normally would using your username and password. As soon as you submit that request, a request is pushed directly to your phone, which will buzz you. It will say, someone is trying to log in, using this specific computer, do you want to grant or deny the request? If it's the first time they've ever done that from a specific location, you have to grant access on the phone, by pushing a button on Toopher. You then have the option to automate logins near here, so next time there's the same exact request, and you want to log in to someplace like Citibank, and you're in the same area plus or minus a few hundred feet--your phone automatically answers for you, and doesn't require you to pull it out of our pocket and type in an SMS text message, providing strong, out-of-band two factor authentication, but which is now completely in the background.

What's the story behind the company?

Josh Alexander: One of my best friends from high school, Evan Grim, also went to college together. He took the computer engineering route, and I went the business school route. He ended up working in applied research in San Antonio, focused mainly on security, network, and aerospace engineering. We then both got the bug to go to grad school. I went to grad school for business, he went for software engineering. He'd enrolled in a Ph.D. program, and then joined the pervasive and mobile computing lab. The basis behind pervasive computing is the idea that there is all of this incredible technology around us, but we're only using it when we're physically active using it.

The idea is it's an untapped resource, and should be working for us even when we're not actively engaged. The idea is, with Web 1.0, you buy dog food online. With Web 2.0, you tell everyone you bought dog food online. With pervasive computing, when your pantry runs out of dog food, it automatically orders more dog food, and it shows up on your doorstop automatically. That's what Toopher does.

That's quite unusual to hear of a couple of grad students being entrepreneurial enough to actually start a company. How did that happen?

Josh Alexander: He and I had played in several ventures before, and I think we both have had the entrepreneurial bug. I think it was a matter at this point of the circumstances, and having the right idea, the right problem in the industry, and the right timing. We have definitely been a beneficiary of good timing and luck, in that regard. If we had the idea to solve this problem four or five years earlier, before phones were location-aware, this wouldn't have been a viable solution. Even three years earlier, even as phones were location aware, adoption hasn't been where it is now to support what we're doing. As it is, things lined up, and we were able to move literally into full time entrepreneurship after a Series A financing. It was a matter of luck.

You have some good investors--how did you run into them? We hear lots of Texas startups talking about how hard it is to connect with investors.

Josh Alexander: Honestly, and this might sound weird, is we had a fun time raising money. We weren't actually looking for money until it was sitting in front of us. We had taken the concept of the idea and built a prototype in 2011, and then in late 2011 started doing market research and testing the business plan on the pitch circuit. We entered the Austin Business Journal tech investment innovation award, and were named a finalist. Two months later, we applied for an accelerator program at SXSW. We had the good fortune to run into Matt Marshall, the executive producer of Demo there, so we went out to Demo. While we were there, I called some of my grad school buddies, telling them that we weren't looking to raise money, but really did want to meet with VCs to help us with our business plan. We set up conversations with several VCs in California, telling them to leave their checkbook at home, and instead asked them to help us figure out why our business wouldn't work, and why they would not invest. We wanted them to help us find everything wrong with it, and tear into us. Instead, that jumped on this, and told us that we had a compelling idea, and that when we were looking for money, to come back and talk to them. It was a lot of fun, and we got to meet many bright, interesting people, and was a really fun process.

Are there typical kinds of customers that would use your software?

Josh Alexander: It's all over the map. Clearly, financial institutions have a high need for this. Banks, brokerage firms, payment transfer companies. It's clearly companies with lots of value on the other side of the wall. Where we started, is in identifying those businesses with high value information or data on the other side of the login, because they're moer likely to adopt faster. Financial institutions have a high need, and so do social communications websites. If you look at them, they have what we consider high reputation risk. If someone hacks into LinkedIn, and says something belligerent in your behalf, that has some pretty large liability from your perspective. This is something also important in retail. If you're like me, you have your credit card memorized a half dozen times at different retailers, and you don't want someone buying a $3000 toilet on using your card. There's also a huge market in cloud storage and software. If you look at the example of Dropbox, they have an incredible product, especially because the way it works feels no different that a file on your computer. But, it's not nearly as secure as it could be. But using something like two factor authentication in a meaningful way means you can't force a user to interact every time someone opens a Dropbox folder. We can present this to them, and have the highest level of security available, and it won't affect the customer experience. There are all sorts of use cases. The idea is, since it's so easy to use and deploy, we can also move well beyond online security into other markets, and add lots of value there.

What's the next big thing for you?

Josh Alexander: We're really looking at 2013 to solidify some really incredible relationships. We have some bigger clients who are moving forward in their deployments, and I think we've now built our model and can tell our story. We now have all the pieces in place, the development staff, the sales staff, to make 2013 a really meaningful year. I think there's going to be a concerted land grab to standards when it comes to online identity. I think you're already seeing this with Facebook, Google, Amazon, and Twitter, who are all using single sign-on to authenticate their sites. I think we offer a really compelling, complimentary service to make any or all of them far more secure than they currently are.

Thanks, and good luck!