authID Inc. (AUID) Earnings Call Transcript & Summary

Good day, and thank you for standing by. Welcome to the Q3 Fiscal Year 2022 Earnings Conference Call and Webcast. [Operator Instructions] I would now like to hand the conference over to your speaker for today, Grace de Fries. You may begin.

Thank you, operator. Good afternoon, everyone. With me on today's call are Tom Thimot, our CEO; Tripp Smith, our President and CTO; Annie Pham, our CFO; and Graham Arad, our General Counsel. By now, you should have access to today's press release announcing our third quarter 2022 results. If you have not received this, the release can be found on our website at www.authid.ai under the Investor Relations section. Throughout this conference call, we will be presenting certain non-GAAP financial information. This information is not calculated in accordance with GAAP and may be calculated differently from other companies' similarly titled non-GAAP information. Quantitative reconciliations of our non-GAAP adjusted EBITDA information to the most directly comparable GAAP financial information appear in today's press release as well as explanations of our BARR and our ARR KPIs. Before we begin our formal remarks, let me remind everyone that part of our discussion today will include forward-looking statements. Such forward-looking statements are not guarantees of future performance and, therefore, you should not put undue reliance on them. These statements are subject to numerous risks and uncertainties that could cause actual results to differ materially from what we expect. Some of these risks are mentioned in today's press release. Others are discussed in our Form 10-K and other filings, which are made available at www.sec.gov. For those on the webcast, please note that we will advance the slides on our end. We will have a Q&A session following our presentation. To participate in that Q&A, you must be registered on the telephone. Telephone number is listed on our Investor Relations section of the website. I'd now like to introduce our CEO, Tom Thimot.

Thank you, Grace. Turning to Slide 3. Legacy MFA doesn't cut it. Yes, legacy multifactor authentication and password no longer create a safe digital world. Nearly every day, we read about a significant data breach at large organizations, including Twilio, Cisco, Intuit and just yesterday, American Airlines. All of them have one thing in common. They all use social engineering attacks that exploited human behavior, and in particular, vulnerable legacy MFA technology. As quickly as Chief Technology and Information Officers and the identity access management architect supplement password with phishable onetime passwords or clunky push MFA apps, hackers are finding new ways to exploit security's human element. In the 2022 Verizon data breach investigation report, the human element was identified as the root cause of 82% of the 4,000 data breaches study. So after 60 years of passwords, we are in the midst of a fundamental evolution in the science of authentication with a renewed push to replace those hated and insecure credentials with cryptographic FIDO2 passkeys or a FIDO token found to a device. According to research and markets, the market for passwordless authentication is projected to grow over the next 10 years at a CAGR of more than 16% on to almost $54 billion by 2030 from approximately $13 billion today. North America is expected to dominate the global passwordless authentication market currently accounting for at least 38% of the worldwide market. In addition, with new research data showing that banking and health care are dominating the shift to passwordless authentication, we feel confident that we are targeting the right market segments. Turning to Slide 4, Q3 technology enhancements. With passkeys replacing something you know with something you have, it is an improvement. But deploying passwordless authentication alone creates security and usability challenges, including limited portability and complex account recovery methods that often fall back to insecure identity authentication. For instance, with the Cisco breach, it appears that once the hackers gain control of a user's device, they enrolled and redirected step-up to new devices. Device authentication was now something hackers had, not the users. The White House Zero Trust mandate also specifies that strong authentication include both device and identity authentication. These shortcomings of passkeys create a tremendous opportunity for authID and allow us to differentiate our solutions. In anticipation of the ramping passwordless evolution, we made a strategic decision midyear to significantly upgrade and innovate our Verified platform. Our stellar product and engineering teams quickly developed and received certification of our platform by the FIDO Alliance. In October, we launched Verified 3.0 and Human Factor Authentication or HFA, which we believe is a pioneering solution. HFA binds strong unphishable passwordless authentication with cloud biometric identity to authorize the human behind the device. HFA fortifies something the user has with something the user is, which is their unique face. If the human element is the problem in 82% of breaches, then solving for the human element with cloud biometrics is the ideal solution. Verified 3.0 and our differentiated Human Factor Authentication address cyber risks that exploit human behavior with passwordless authentication bound with strong identity assurance, offer adaptive authentication that balances high security with speed and ease of use. Driven by customer demand, these features are designed to improve workforce productivity and reduce friction for customers, include support for the OpenID Connect authentication protocol, allowing our customers to integrate our solutions in under 10 minutes. Further, Verified 3.0 makes the move to Zero Trust easier because it offers our customers streamlined access to the ecosystem of identity access management, privileged access management and endpoint detection and response providers. A few of the identity ecosystems providers we are now working with include Okta, Auth0, BeyondTrust, Senhasegura and VMWare. As we complete the launch of these services, we will provide more information in the coming weeks. Turning to Slide 5. Rather than simply talk about HFA, I want to share a video of Verified HFA in action using our recent CloudConnect integration with Okta, the identity access management provider. Watch how an enrolled Verified user seamlessly logs in with our FIDO2-certified passwordless authentication on any mobile device or a desktop device. Once the user is inside the corporate network, Verified seamlessly elevates authentication with a quick selfie to authorize user access to sensitive applications. Let's see HFA in action on the left-hand side of your screen. Operator, can you play the video? [Presentation]

Turning to Slide 6. There, that's the beauty of HFA in less than 1 minute in the same interface with no searching or recalling a password, no fumbling for a secondary authentication application or looking for a phishable onetime passcode. The Verified users simply entered their user name and used their passkey and device biometrics, in this case, Touch ID to log into the company's network. To authorize user access to the company's gated assets, their Intranet, Verified seamlessly elevated authentication in the user's browser. The user accepted the activity request and then capture a quick selfie. Now on that selfie was something you might have missed, a key UX change that we made with Verified 3.0 that users no longer need to smile during a selfie, resulting in instantaneous image captures that are secured with our iBeta PAD level 2 liveliness (sic) [ liveness ] detection. That's it. That's Human Factor Authentication. Human Factor Authentication secures both log-in access with a FIDO2 passkey and seamlessly gates use of enterprise assets by verifying the human behind the device. Delivering enhanced enterprise security, Human Factor Authentication also offers the ease of use and portability, both workforce and consumers and all of us are demanding. Turning to Slide 7. Verified 3.0 is now a market compelling product and our sales efforts and marketing campaigns continue to focus on 2 offerings: workforce and consumer. Verified HFA closes security gaps for both enterprise workforce and consumer applications by combining passwordless authentication with biometric certainty to shut down access privileges and lateral movement for unauthorized users. Chief Information Security Officers need solutions that replace legacy MFA solutions and stop hackers from logging into corporate production systems with stolen credentials. We believe that these needs will outweigh the hesitancy with buying decisions in the current uncertain macroeconomic environment. We have also taken a very targeted and thoughtful approach to the markets where we can best impact sales. These 3 markets, financial services, health care and cybersecurity, have been identified by industry researchers as ready for passwordless, and are the segments we believe can most benefit from Verified Human Factor Authentication. With highly valued assets and data, these segments are frequently targeted by social engineering and account compromise attacks that can cause significant damage to reputation, positioning and market trust. Turning to Slide 8, where we are on our journey. In early 2022, we started working with early prospects to foster product adoption. Our efforts to harden our platform security and comply with ISO 27001 standards, iBeta PAD specifications and FIDO2 protocol have strengthened our competitive positioning. A further note, the successful transformation of our platform has not gone unnoticed by industry experts. In October, Juniper Research awarded authID the Gold Winner for Best Biometrics Use in Payments. Juniper's future digital awards recognize the most impactful financial products and services that are driving innovation across banking, retail, fintech, payments. The increased cybersecurity attacks exploiting human behavior have also helped significantly to advance the understanding of why products like Verified should be adopted. We are moving along our journey with customer wins and implementations within financial services and health care, admittedly, not as quickly as we would all like to see. During the quarter, we signed several new financial services customers, including various regional U.S. credit unions and as we announced in September, Kompliant, a U.S.-based, AI-driven, business onboarding and risk-scoring company. We continue to work on developing and closing opportunities generated by our marketing activities. Our customer success team is actively supporting new clients for the streamlined implementation plan. They are also diligently working to upsell our new passwordless authentication services to existing customers. Now let me turn the call over to Annie, who will give you an update on our financial results and KPIs. Annie?

Thank you, Tom. Turning to Slide #9. The following highlights comprise results from continuing operations and reflect our previous announcement that we are exiting the company noncore businesses in South Africa and Colombia. The Cards Plus business was sold on August 29, 2022, and the exit from the noncore business in Colombia is in process. These businesses are classified in authID financial statements as discontinued operations and assets held for sale. Accordingly, all of my remarks will compare results from continuing operations for the quarter and 9 months ended September 30, 2022, with the quarter and 9 months ended September 30, 2021, unless otherwise specified. For both the 3- and 9-month period, Verified software license revenue increased year-over-year. Verified revenue for the quarter increased over the prior year by 144% to $0.03 million. For the 9 months in 2022, Verified revenue increased over last year by 158% to $0.1 million. Total revenue for the quarter, comprised of Verified software license revenue, was $0.03 million compared with $0.2 million for the prior year, of which $0.1 million (sic) [ $0.01 million ] was from licenses of Verified software. For the 9 months in 2022, total revenue was $0.3 million, of which $0.1 million was from licenses of Verified software. This compared with total revenue for the same period in 2021 of $0.5 million, of which $0.5 million (sic) [ $0.05 million ] was from licenses of Verified software. The reduction in total revenue was due to the discontinuation of a legacy product. Operating expenses for the quarter totaled $5.7 million compared with $5.6 million for the prior year. Operating expenses for the 9-month period totaled $16.9 million compared with $11.2 million for the prior year as we accelerated our investment in staff, technology, sales and marketing, starting in the third quarter of 2021. Net loss for the quarter was $6.3 million compared with $5.2 million for the prior period. For the 9 months, net loss totaled $18.2 million, including noncash charges of $8.3 million compared with $10.7 million, which includes noncash charges of $5.3 million for the prior year. Net loss per share for the quarter was $0.25 compared with $0.22. For the 9-month period, net loss per share totaled $0.73 compared with $0.50. Adjusted EBITDA loss for the quarter was $3.3 million compared with $2.6 million. For the 9-month period in 2022, adjusted EBITDA loss was $9.1 million compared with $5 million. Now let me present our KPI. Booked annual recurring revenue, or BARR, as the amount of annual recurring revenue represented by the minimum or estimated amounts payable under contracted orders for our Verified product. The cumulative amount of BARR through September 30, 2022, is approximately $0.2 million, up about 25% over the second quarter. Annual recurring revenue, or ARR, as the amount of recurring revenue as determined in accordance with GAAP and derived from sales of our Verified products during the last month of the quarter multiplied by 12. ARR as of September 30, 2022, is approximately $0.1 million, down about 14% from the second quarter. Deferred revenue, a GAAP metric, is the cash collected or billings from customers for our Verified products, which will be recognized as revenue in future periods. Deferred revenue recognized as of September 30, 2022, is approximately $0.1 million, up approximately 100% from the second quarter. With deals in our pipeline, we expect our Verified subscription revenue will continue to expand. Turning to our balance sheet. At September 30, 2022, cash and available credit facilities totaled $17.1 million. Looking ahead, our cash burn rate will reduce to approximately $29 million per month. We then expect to improve our cash flow as we add revenue from Verified 3.0 sales. Our previous guidance of having sufficient financing to fund operations through 2023 remain unchanged. Our revised target is to achieve positive cash flow on a current basis by late 2024. Let me now turn the call back to Tom for additional remarks.

Thank you, Annie. Before we move into Q&A, I wanted to say a few words. Certainly, we are disappointed that our sales goals have not been achieved on the time line we anticipated. But our goals have not been lowered. We have seen macroeconomic conditions, extend decision-making and delayed sales cycles, but we know the opportunities remain. We have taken steps on several fronts to achieve our goals. Now that we have invested in a highly competitive and compelling platform, there are several areas where we will reduce costs. This year, we performed a number of costly activities, including expanding our platform capabilities, hardening security and performance, securing compliance with ISO 27001, FIDO2 and iBeta standards as well as running brand awareness marketing campaigns. A number of these areas will not be as costly in 2023. We firmly believe that Verified 3.0 is the right product for the right time and that with its launch, we will start to make headway in achieving our sales targets across the right vertical markets for Human Factor Authentication, financial services, health care and cybersecurity. Our work remains focused on converting opportunities generated through our pipeline and made more accessible through our expanded CloudConnect ecosystem. Now with Verified 3.0, we are well positioned to take our share of the vast total addressable market for passwordless authentication secured with identity assurance. And with that, I will turn it over to the operator, and open the call to Q&A. Graham?

Operator, if you can just explain how people can raise questions, if they wish.

[Operator Instructions]

Thank you. Whilst we're waiting for questions to raise, Tom, perhaps you could take a few minutes just to explain the -- with respect to Verified 3.0, what makes it -- what gives the competitive advantages in this market? Obviously, there are many, many competitors out there with claiming all kinds of different benefits of their products. What really makes our product different?

What makes Verified 3.0 very different than the many, many passwordless authentication providers that you see at all the trade shows today is that most passwordless companies and the FIDO standard itself calls for you to bind an identity to a specific device. Basically, a passkey or think of it as a software token is put on your phone. And when that phone is present, it logs you in. You don't need the password anymore. That's great except for when you're accessing a particularly sensitive area or you don't have that device or you want to access that information from a different device. The fact that we also bind a biometric that is stored in the cloud not on the individual device gives you a second layer of authentication, a multifactor authentication that we have now branded ourselves as Human Factor Authentication because that second factor, that multifactor is now human. It's your biometric. It's you. And that allows us, unlike every other password -- passwordless provider to bind that identity and allow you to recover your passkey on a new device, allow you to have your authentication stepped up to make sure it's really you before you access a very sensitive area of your company's Internet or you make a very sensitive transaction as a consumer. And this greatly differentiates us. In the past, with Verified 2.0 and since we launched authID at Money20/20 in 2021, we were focused on the step-up. We talked a lot about Twilio and the onetime password and how we were going to replace it. But in the passwordless world, people view both factors together. The factor that is tied to your phone and the factor that steps you up. And that is the difference that we shifted with Verified 3.0 to also offer a passwordless fundamental that we can add all of the biometric step-up capability that we originally developed. We've made a platform that is now turnkey and allows our customers to come to 1 provider to replace their passwords and replace their PIN codes in 1 step. Thanks, Graham.

Thank you, Tom. I have one more question. You mentioned the expansion of the CloudConnect ecosystem and some of the new partner relationships that we've developed and integrated to over the last several months. Can you expand a little more on the significance of those relationships and how they're going to help us with our future sales?

Absolutely. One of the key ones is being able to integrate seamlessly with Okta and all of their partners. You will recall, in the past, we talked an awful lot about a REST API and going from low code to no code. What that means is you used to replace a call that is today done typically to Twilio and a REST API call, you would have to have programmers in your IT staff go and program that integration, test it, integrate it, trial it before they could roll it out. Now for anyone that works with OIDC, you can integrate our solution in minutes because it's already integrated. And this is a huge step for us. One of the keys of Verified 3.0 is the partner ecosystem. And an example was at the Gartner Identity & Access Management conference, we developed a relationship with Senhasegura, 2 CEOs, and we said, "Let's integrate this." And they expected that it was going to take us, we'll get a team of product people and engineers and we'll do it over Zoom over the next few weeks. The 2 engineers got together in our booth and did it in 7 minutes. That's the power of OIDC. That's the power of our Verified offering, and it really opens up a broad market to us that's very, very simple for our customers to implement.

Thank you. I'm showing no further questions at this time. I would now like to turn the call back over to Tom for closing remarks.

Thanks for the questions and I appreciate everyone's time today. I think I speak on behalf of the entire management team here that we believe that we have the right product for this market. The macroeconomics has made some headwinds, but this is a change that will happen in technology. It will move to passwordless and it will need a step up to a biometric. And we're the only company that offers those integrated together with a great platform of partners. Thanks for taking the time to spend with us today.