Launch HN: Berbix (YC S18) – Instant ID checks to fight fraud and stay compliant

106 点作者 ericlevine超过 5 年前

Hi everyone!We’re Steve and Eric, the founders of Berbix (<a href="https://www.berbix.com" rel="nofollow">https://www.berbix.com</a>). We make it easy to instantly verify photo IDs. Our goal is to empower platforms to accurately identify their users while being responsible stewards of sensitive information.Today, we’re launching our self-service ID checks (<a href="https://www.berbix.com/pricing" rel="nofollow">https://www.berbix.com/pricing</a>) to organizations of any size that need to answer the question: Are you who you say you are?We’re taking a privacy-first approach to identity verification. Your government-issued photo ID is one of the most sensitive pieces of information you own, and sharing it with a company online can be scary. We’ve invested significant effort to try to do this the right way from a security perspective, ensuring all images that ever leave our system are aggressively watermarked, and enforcing short retention policies to automatically purge data. We aren’t—nor do we ever intend to be—in the business of selling personal data.Unless you’re a credit card processor, everyone knows that you’d be crazy to collect credit card numbers directly without using a system like Stripe because of PCI compliance. But there’s no equivalent standard for identity documents. It’s still the wild west when it comes to best practices around this extremely sensitive data. Companies inevitably will need to collect this data, whether to comply with regulations to verify age, confirm the identity of a GDPR or CCPA request, or deter fraud on a marketplace. It may come across as self serving, but we’d rather have a privacy-oriented company collect that data on their behalf.We were the product and engineering leaders of the Trust & Safety team at Airbnb for several years where we were tasked with stopping all bad things from happening on Airbnb—both online and offline. This was a challenging problem as it included your typical online fraud like chargebacks, account takeovers, and wire scams in addition to much more novel offline risks like property damage and personal safety issues.We learned to distinguish between “premeditated” bad actors who come to a platform with the intent to cause harm and “opportunistic” bad actors who would swipe a $20 bill on a nightstand, as an example. Some techniques work well against one group, but not the other. One effective means to fight both is to check a government-issued photo ID. Premeditated bad actors will often leave to find another platform with fewer protections, and opportunistic bad actors will think twice before doing something malicious in the moment when they know their ID has been checked.Historically, checking IDs online has been hard. It required a 5-figure contract with a legacy ID verification provider, would take minutes or more, and the quality of the data returned left a lot to be desired. We knew there had to be a better way, and so we started Berbix. Our product returns a result in 2 seconds or less and leverages the machine- and human-readable components of a photo ID to maximize accuracy.We’ve designed Berbix in a way that we, as developers, would want to use it (<a href="https://docs.berbix.com" rel="nofollow">https://docs.berbix.com</a>), with backend API libraries that make an integration simple and intuitive. We offer client-side SDKs for a number of platforms including React, iOS, Android and more (<a href="https://github.com/berbix" rel="nofollow">https://github.com/berbix</a>). We make integration simple enough to be completed in a matter of minutes, while also providing flexibility to offer custom configurations if desired. Using our API, you can request the information you need to verify your users, while isolating your servers from ever handling the sensitive user-submitted ID images directly.We’d love feedback from the HN community. Looking forward to hearing your thoughts!

19 条评论

Animats超过 5 年前

privacy-first approachSo, let's take a look at your terms.[1]However, we cannot guarantee that unauthorized third parties will never be able to defeat our security measures or use your personal information for improper purposes. You should always use caution before sharing your sensitive personal information online.we each agree to resolve any claim, dispute, or controversy (excluding any claims for injunctive or other equitable relief as provided below) arising out of or in connection with or relating to these Website Terms of Use, or the breach or alleged breach thereof, by binding arbitration by JAMS, Inc.Not only mandatory arbitration, but arbitration with JAMS, which has problems.[2] Not the American Arbitration Association consumer rules. The AAA will often send small claims to Small Claims Court, which is cheaper, and has real judges.These Website Terms of Use, and any rights and licenses granted hereunder, may not be transferred or assigned by you, but may be assigned by Berbix without restriction.So if you exit by being acquired by Google or Facebook or Tencent, they get all the data.There's nothing in the terms which places any legal responsibilities on Berbix beyond minimal compliance with the law. The terms are no better than the average web site, and worse than many.So, "privacy last".[1] <a href="https://terms.berbix.com/terms/website" rel="nofollow">https://terms.berbix.com/terms/website</a> [2] <a href="https://www.sfgate.com/news/article/PRIVATE-JUSTICE-Can-public-count-on-fair-2870731.php" rel="nofollow">https://www.sfgate.com/news/article/PRIVATE-JUSTICE-Can-publ...</a>

评论 #21601437 未加载

allworknoplay超过 5 年前

Oh! You're the company who -- when I was requesting the non-consensual tome of personal data that Sift keeps on me (and basically everyone else in the US and other coutries) -- refused to accept my straight-faced selfie and instead specifically insisted over and over again that I need to look "joyful or happy" and try again.I get (in retrospect, after research) that you're asking for a real-time face pose change for better identity verification, but do you realize how dystopian it feels when someone is fighting with an opaque bureaucracy and the process demands that they smile about it?You should try expressing a rationale up-front so it's not so Orwellian.

评论 #21600300 未加载

评论 #21600364 未加载

philsnow超过 5 年前

disclaimer: I know some of the folks involved with BerbixI love this, for the same reason I love Stripe (and before them authorize.net et al): I don't want every vendor I use that has KYC requirements to implement their own controls on the screenshots/scans/videos/whatever of government IDs, because then there will be a huge amount of variation and some of them will inevitably get it very very wrong.Putting it all under one roof (or a few roofs) allows those few companies to get storing and handling this toxic data really right, extract a reasonable amount of revenue, and everybody wins (Berbix wins because money, their customers win because they don't have to pay the opportunity cost or real cost of developing this in house, and end users win because of better/safer handling of ID information).

评论 #21603619 未加载

dmitrygr超过 5 年前

A few questions:1. "images that leave our system..."Why do they at all??--2. You're a startup. Meaning: 90%+ chance you die. What procedures have you put in place to make sure that ALL the data is destroyed in case your company changes hands, so that it cannot be used by somebody whose ideas and privacy are different than yours, simply by buying you (or your carcass after you are bankrupt)?--3. What use is watermarking in case of a giant data breach? The fact that we know that YOU lost our data doesn't help us any. What are your plans for data storage such that a breach in your systems does not allow easy exfiltration?

评论 #21599800 未加载

ben1040超过 5 年前

I submitted a data request to a third party processor recently (to Sift, after they were mentioned in an NYT article) and they sent me a link to your service to submit ID and two selfie photos.The consumer facing experience on this is not the best. Here I am filing a request to a third party processor for data that I never personally sent them. And in order to handle that, I have to send even more sensitive information to yet another third party processor. See the irony here?Sift’s email said the ID data would be retained for no more than 14 days, while Berbix’ privacy policy says the retention period is the shorter of “until no longer needed” or for 3 years from my last interaction with your customer.Who’s right here, and if your customer quotes end users a retention period that’s shorter than 3 years, how do you hold them to that?

评论 #21600507 未加载

grayhat超过 5 年前

Congratulations! Know your customer/online id verification sure looks like the business to be in lately. Given that there's <a href="https://veriff.com" rel="nofollow">https://veriff.com</a> which seems to be the most advanced one and they are also YC graduate, what's the advantage/edge you guys have? Selling on the price looks like a race to the bottom.Or are you focusing on USA customers only? GDPR and all that.

评论 #21599556 未加载

kornish超过 5 年前

Congrats on the launch!Do you verify consistency of components on a license through access to a DMV database (e.g. name matches address matches license number) or is this closer to a surface-level check of subtle visual indicators present on a license? Watermarks, holograms, etc.Curious if the core asset here is a well-trained CV model, or if there's a data/partnership moat as well.

评论 #21599553 未加载

评论 #21599299 未加载

ignoramous超过 5 年前

Nice! ID checks are so prevalent that I really wouldn't mind a stripe-esque provider mediating it.I stumbled on Indian government's effort to address this problem via <a href="https://digilocker.gov.in/" rel="nofollow">https://digilocker.gov.in/</a> I think they basically store photos of you, your govt IDs (driving license, social security etc), your records (educational, financial) and digitally verify it with the issuer of those records (in most cases, other govt agencies), plus, also link it with your mobile phone number and/or personal email (for MFA). Is it fair to say berbix is doing the same but addressing a global market? Or, is berbix a complementary product, that is, you'd simply build on top of a service like digilocker as requester and/or issuer of verifiable documents [0]?With that in mind, do you also plan to expand verifiability to other forms of documents, too, other than IDs?Congratulations on the launch.[0] <a href="https://partners.digitallocker.gov.in/" rel="nofollow">https://partners.digitallocker.gov.in/</a>

评论 #21601585 未加载

paraditedc超过 5 年前

How is your service different from the KYC service providers out there targeting fintech startups?

评论 #21599016 未加载

bvssatish超过 5 年前

Congrats on the launch.Couple questions- Is the verification completely automated?- Sound's really expensive at $1 per check, why?

评论 #21598450 未加载

mleonhard超过 5 年前

Berbix looks good.We need to compare the face on the user's ID card against other user-provided photos to see if they are the same person. Will the 'images.front.face_image' watermark interfere with face analysis?Twilio's Lookup API can return extra data from various databases. Have you considered doing something similar with Berbix Verify? We would be interested in sex-offender registration status, violent crime conviction status, and home geographic area. Various demographic info could also be useful: education level, employment status, income/asset level, etc.

cpach超过 5 年前

This looks really interesting. Took a quick glance at the site but didn’t see anything about use case examples. Do you have a hunch about what use cases will be most frequent? E.g. for landlords, selling cars, etc.

Jemm超过 5 年前

If this is going to further the trend of websites requiring me to upload my I’d, well then that is bad and you can definitely count me out.

PatrolX超过 5 年前

"Pay-as-you-go pricing for growing startups."$100 / month is NOT "Pay-as-you-go" pricing.

评论 #21602017 未加载

philip1209超过 5 年前

Love this! We put it on the roadmap as an integration for our company Moonlight in Q1.Do users typically redirect to Berbix, or is there a hidden API integration?

评论 #21598271 未加载

ceejayoz超过 5 年前

Who's liable in the case of an "oops", and a fulfilled GDPR data request winds up being a GDPR violation?

评论 #21598783 未加载

throwaway3318超过 5 年前

ID checking for age verification seems like a moat for the big few adult sites.Can this be used for age verification for adult sites?

callmeed超过 5 年前

Looks really cool and I have some ideas and side projects that could use this.Why is there no demo on your site?

评论 #21601463 未加载

johnlgardner超过 5 年前

Very cool. Someday we might need to verify personal training certs