AI for Founders Logo
All Episodes

Your Face, Voice, and Data Are Fakeable. Here's What Isn't.

with André Ferraz · Incognia

May 21, 202600:59:38Palo Alto, CA

Your Face, Voice, and Data Are Fakeable. Here's What Isn't.

0:000:00
Listen on SpotifyApple PodcastsIncognia

Show Notes

André Ferraz grew up in Brazil with two computer scientist parents, an early love of code, and a peculiar fascination not with building systems but with breaking them. He was twelve years old when a stranger pointed a gun at his face to steal his bike. Three decades later, that instinct for thinking like an adversary became the foundation of Incognia, a company now embedded in 1.2 billion monthly active devices and built on a single contrarian belief: your location behavior is the strongest signal of who you really are.

The road to that company nearly ended before it began. André moved to the United States six years ago with a thriving location-based advertising business. Then the pandemic hit. Physical retailers shut down. Revenue collapsed 95% in a single month. The team went from 250 people to 50, keeping only the engineers. Most founders would have folded. André and his co-founders looked at the precise location technology they had spent over a decade perfecting and asked a different question: what else can this do?

The answer was fraud prevention, and the world needed it desperately. Incognia now serves banks, fintechs, crypto exchanges, and marketplaces — answering one deceptively simple question for every login, transaction, and signup: is this user who they say they are? The results speak loudly. Triple revenue growth. Six times the return on investment delivered to clients. A 100% trial-to-paid conversion rate. A 180% net dollar retention rate that means customers keep expanding once they see the data.

The conversation gets genuinely unsettling when André lays out the asymmetry of modern fraud. Criminals run 60,000 fake accounts in two days, factory-reset devices in 30 seconds to dodge detection, and share open-source tools while the banks defending against them stay siloed. The money pouring into making deepfakes dwarfs the money fighting them. Incognia's answer is to stop playing on the attacker's terms entirely — rather than analyzing whether a video is a deepfake, they check whether the camera feeding that video is even real.

Frameworks from This Episode

The Asymmetry of Fraud

André's core mental model for why defenders are structurally disadvantaged.

  • Criminals break rules freely while banks must follow heavy financial and privacy regulation.
  • Fraudsters collaborate and share open-source tools while competing banks stay siloed.
  • Deepfake generation attracts vastly more capital than deepfake detection ever will.
  • The takeaway: never fight on the attacker's terms — find a different angle entirely.

The Real-World Anchor

The strategic foundation of the entire product.

  • AI can fake your face, voice, and data — but not your authentic footprint in the physical world.
  • Identity is built from location behavior plus device telemetry rather than from documents or selfies.
  • Defense shifts from analyzing the fake (the video) to verifying the source (is the camera real).
  • Scale is the moat: replicating fresh physical-world data across 1.2 billion devices is economically unfeasible for attackers.

Forged in the Hardest Market

Why building in Brazil created a more resilient product.

  • Brazil has extreme fraud pressure and almost no online-crime enforcement, forcing banks to build defenses a decade ahead of the United States.
  • A product hardened in the toughest market wins easily in calmer ones.
  • Proof point: a European bank tested Incognia in Brazil, got overwhelmed by fraud in two weeks, saw data showing 95% was preventable, then deployed across all its markets including Europe.

Zero-Distance Product Development

The operating principle that powered the pivot.

  • Put engineers directly in every commercial conversation so they hear the customer's problem firsthand.
  • Eliminate the gap between the people with the problem and the people building the solution.
  • Ship use case by use case, then replicate across similar companies once each case study lands.

Founder Experiment: Map Your Behavioral Fingerprint

André's bet is that your location behavior is the hardest signal to fake at scale. You can test the logic yourself — and find the equivalent moat in your own product — with this week-long exercise.

  1. 1For seven days, log every place you use your most critical apps — banking, email, primary SaaS tools. Note the device, the time, and the Wi-Fi network.
  2. 2At the end of the week, review the log. Notice how consistent the pattern is: same coffee shop on Tuesday, same home network at 7am, same office network from 9 to 6.
  3. 3Now ask: what is the equivalent behavioral fingerprint in your own product? What does a real customer do that a fraudster running 60,000 fake accounts simply cannot replicate at scale?
  4. 4Write down that signal. Build your defenses and your differentiation around it.

The deliverable: A clear articulation of the hard-to-copy signal in your product. That signal is your version of André's location moat.

Key Terms

Device fingerprint: A profile built from a device's characteristics used to track it over time and flag fraud.
Factory reset: Wiping a device to default settings, which generates new device identifiers and lets fraudsters dodge detection blocks. Now takes about 30 seconds on an iPhone.
OTP (One-Time Password): A single-use code, often texted to a phone, used as a second authentication factor. Increasingly weak against social engineering. André notes 48 of the top 50 US banks still rely on them; zero of Brazil's top 50 do.
Liveness detection: Checks that confirm a real, live person is present, often by asking for head movements during a selfie. Now defeated by deepfakes.
Deepfake: AI-generated video, image, or audio convincing enough to impersonate a real person.
Camera spoofing: Injecting fake video into a device as if it came from the live camera. Incognia detects the spoof rather than the fake video itself.
Location spoofing: Faking GPS or IP-based location data — relatively easy to do, which is why Incognia fuses many signals instead of trusting any single source.
Account takeover (ATO): A fraudster gaining control of an existing user's account, often to drain funds.
Net dollar retention (NDR): A metric showing revenue growth from existing customers. Incognia's was 180% last year — meaning customers collectively spent 80% more year over year.
Behavioral biometrics: Identifying users by their unique behavior patterns — location routine, typing cadence, device usage — rather than physical traits or credentials.

Tools from This Episode

Incognia

Location identity platform embedded in 1.2 billion devices — verifies users silently in the background with eight-foot accuracy, no friction for legitimate users, no easy path for fraudsters resetting devices or running fake account farms.

View in ResourcesVisit Incognia

Q&A

Who is André Ferraz?

André Ferraz is the co-founder and CEO of Incognia, a location identity company that helps banks, fintechs, and marketplaces prevent fraud. He previously founded In Loco, a location-based advertising company acquired by Magalu in 2020. He grew up in Brazil with two computer scientist parents and has spent his career thinking like an attacker to build better defenses.

What is Incognia?

Incognia is a fraud prevention platform embedded in 1.2 billion monthly active devices. It uses location and device behavior to verify user identity silently — no friction for legitimate users, no easy path for fraudsters. The platform serves banks, fintechs, crypto exchanges, and marketplaces worldwide.

How does location-based identity prevent fraud?

Incognia fuses Wi-Fi, Bluetooth, cell tower, compass, accelerometer, and gyroscope signals to locate a device with eight-foot accuracy. Because each person has a unique physical-world behavior pattern, the system can verify legitimate users silently and flag fraudsters who reset devices or cluster many fake accounts in one location.

Why are text message OTPs insecure for banking?

OTPs can be intercepted, socially engineered, and increasingly defeated with AI-generated phishing. André notes that 48 of the top 50 US banks still rely on them, while zero of Brazil's top 50 do — because Brazil's fraud environment forced banks to build better defenses a decade earlier.

How does Incognia defend against deepfakes?

By verifying the source instead of the media. Incognia checks whether a device's camera is genuine rather than analyzing whether the video is fake, because fraudsters must spoof the camera to inject a deepfake. Defeating the spoof is more durable than detecting the fake.

How did Incognia survive losing 95% of its revenue?

When the pandemic collapsed their location-based advertising business, André cut from 250 to 50 people, kept the engineers, and redirected their precision location technology toward fraud prevention. The resulting product is now multiple times larger than the original business.

What kinds of companies need fraud prevention most?

Banks, neobanks, fintechs, and crypto exchanges face the largest losses. Marketplaces dealing with refund abuse, promotion abuse, and chargebacks are also high-priority. Any company where a successful fraud attack generates asymmetric financial damage is a core use case.

Where can I learn more about André and Incognia?

Visit incognia.com or connect with André Ferraz on LinkedIn at linkedin.com/in/andreferraz.

Links from This Episode

Links & Resources

Sponsors

Inbox Alchemy

The number one sales motion for founders.

inboxalchemy.co

Howdi

Your podcast deserves partners. Let us connect you with brands that actually align with your show.

gethowdi.com

AINative Student

The career edge every student needs is AI fluency.

ainativestudent.com

Nina

We Write Content. You Rank Higher.

trynina.co

Snipd

The AI-powered podcast app. Save insights by tapping your headphones, chat with episodes, discover the best highlights — try premium free.

snipd.com

Interested in partnering with us?