Friday, March 15, 2019

Passbase is building a full stack identity engine with privacy baked in

Digital identity startup Passbase has bagged $600k in pre-seed funding led by a group of business angel investors from Alphabet, Stanford, Kleiner Perkins, EY; as well as seed fund investment from Chicago-based Upheaval Investments and Seedcamp.

The 2018-founded Silicon Valley-based startup — whose co-founder we chatted to briefly on camera at Disrupt Berlin — is building what it dubs an “identity engine” to simplify identity verification online.

Passbase offers a set of SDKs to developers to integrate facial recognition, liveness detection, ID authenticity checks and ID information extraction into their service, while also baking in privacy protections that allow individual users to control their own identity data.

A demo video of the verification product shows a user being asked to record a FaceID-style 3D selfie by tilting their face in front of a webcam and then scanning an ID document also by holding it up to the camera.

On the developer front, the flagship claim is Passbase’s identity verification product can be deployed to a website or mobile app in less than three minutes, with just seven lines of code.

Co-founder Mathias Klenk tells TechCrunch the system architecture draws on ideas from public-private key encryption, blockchain, and biometric authentication — and is capable of completing “zero-knowledge authentications”.

In practice that means a website visitor or app user can prove who they are (or how old they are) without having to share their full identity document with the service.

Klenk, a Stanford alumni, says the founding team pivoted to digital identity in the middle of last year after their earlier startup — a crypto exchange management app called Coinance — ran into regulatory difficulties right after they’d decided to go full-time on the project.

He says they got a call from Apple, in August 2018, informing them Coinance had been pulled from the AppStore. The issue was they needed to be able to comply with know your customer (KYC) requirements as regulators cracked down on the risk of cryptocurrency being used for money laundering.

“With a quick call to our lawyers, we learned it was because we now needed to complete strong identity verification with every exchange integrated for every user in order to fulfil our KYC obligations,” explains Klenk. “This is how our pivot to Passbase began.”

The experience with Coinance convinced Klenk and his two co-founders — Felix Gerlach (an ex-Rocket Internet product manager/designer) and Dave McGibbon (previously an investment associate at GoogleX) — that there was a “huge opportunity” to build a ‘full-stack’ identity verification tool that was easy for engineering teams to integrate. So it sounds like it’s thinking along similar lines to Estonian startup Veriff.

Klenk claims current vendors “take weeks to integrate and charged thousands of dollars from the start”. And in classic startup formula fashion he too condenses the idea down to: “Stripe for Identity Verification” — arguing that: “In order to solve digital identity verification, you cannot only streamline the identity verification process, you need to enable identity ownership and reuse across different services.”

At the same time, Klenk says the founding team saw a growing need for a privacy-focused identity verification tool — to “protect people’s information by design and help companies collect only the information they need”.

On this he freely cites Europe’s General Data Protection Regulation as an inspiring force. (“GDPR is built into the DNA of this product,” is the top-line claim.)

“Companies gain access to users information in a secure enclave, and avoid the dangers of getting hacked and leaking sensitive information,” says Klenk, describing the system architecture for verification as the core IP of the business.

They’re in the process of filing patents for the “developed technology”, working with two technical advisors, he adds. 

Passbase’s verification stack itself involves modular pieces so that it can adapt to changing threats, as Klenk tells it.

The startup is partnering with service providers for various verification components. Though he says it also has in-house computer vision experts who have built its anti-spoofing and liveness detection.

“This will always be an arms race against the latest spoofing tactics. We plan to stay ahead of the curve by introducing multi-factor authentication techniques and partnering with the best technology providers,” he adds on that.

He says they’re also working with a US-based security company and other security experts to test the robustness and security of their system on an ongoing basis, adding: “We are planning to obtain all required certifications to ensure the security of our system e.g. ISO, Fido.”

Passbase’s product is currently in a closed beta with more than 200 companies signed up to its early access program.

Five have been “handpicked and onboarded” for a closed pilot — and Klenk says it’s now running tests and figuring out final requirements for an open beta launch planned for the middle of this year.

“Our early customers are mostly trust-based marketplaces (like an Airbnb),” he tells TechCrunch. “We are adding features such as PEP, OFAC, and others over the next month to allow us to also service the mobility space, age-restricted products, and eventually online banking and fintechs with KYC obligations.”

The startup’s first tranche of investor funding will be used for building out its core tech and mobile apps — while also “delighting our first clients with our B2B solution, getting traction, nailing product market fit”, as Klenk puts it.

He emphasizes that they’re also keen to nail a healthy startup culture from the get-go — saying that building “an exciting and inclusive place to work” is a priority. (“Since many high growth startups dropped the priority for this in order for growth. We want to get this right from the beginning.”)

On the competitive front, Passbase is certainly driving into a noisy arena with no shortage of past effort and current players touting identity and digital verification services — albeit, all that activity underlines the high demand level for robust online verification.

Demand that’s likely to rise as more policymakers and governments wake up to the risks and challenges posed by online fakes — and prepare to regulate Internet firms.

Discussing the competitive landscape, Klenk name-checks Jumio, Onfido, and Veriff in the identity verification space, though he argues Passbase’s “developer-focused go-to-market and focus on creating digital identity” creates a different set of incentives which he also claims “allow us to get really creative on price and auxiliary offerings”.

“Our competition cares about price x volume. We care about creating a robust and secure network of trusted user-owned digital identities,” he suggests.

On the digital identity from he points to Civic, Verimi, and Authenteq as being focused on “digital and self-sovereign identity”, though he says they have “tended” to take a B2C approach vs Passbase’s “full-stack” developer offering which he claims is “immediately useful to a large market of players”.

There’s clearly plenty still to play for where digital identity is concerned. It remains a complex and challenging problem that loops in all sorts of entities, touchpoints and responsibilities.

But add privacy considerations into the mix and Passbase’s hope is that, by going the extra mile to build a zero-knowledge architecture, it can become a key player.

 



from TechCrunch https://ift.tt/2T7Tuab

No comments:

Post a Comment