We’re Steve and Eric, the founders of Berbix (https://www.berbix.com). We make it easy to instantly verify photo IDs. Our goal is to empower platforms to accurately identify their users while being responsible stewards of sensitive information.
Today, we’re launching our self-service ID checks (https://www.berbix.com/pricing) to organizations of any size that need to answer the question: Are you who you say you are?
We’re taking a privacy-first approach to identity verification. Your government-issued photo ID is one of the most sensitive pieces of information you own, and sharing it with a company online can be scary. We’ve invested significant effort to try to do this the right way from a security perspective, ensuring all images that ever leave our system are aggressively watermarked, and enforcing short retention policies to automatically purge data. We aren’t—nor do we ever intend to be—in the business of selling personal data.
Unless you’re a credit card processor, everyone knows that you’d be crazy to collect credit card numbers directly without using a system like Stripe because of PCI compliance. But there’s no equivalent standard for identity documents. It’s still the wild west when it comes to best practices around this extremely sensitive data. Companies inevitably will need to collect this data, whether to comply with regulations to verify age, confirm the identity of a GDPR or CCPA request, or deter fraud on a marketplace. It may come across as self serving, but we’d rather have a privacy-oriented company collect that data on their behalf.
We were the product and engineering leaders of the Trust & Safety team at Airbnb for several years where we were tasked with stopping all bad things from happening on Airbnb—both online and offline. This was a challenging problem as it included your typical online fraud like chargebacks, account takeovers, and wire scams in addition to much more novel offline risks like property damage and personal safety issues.
We learned to distinguish between “premeditated” bad actors who come to a platform with the intent to cause harm and “opportunistic” bad actors who would swipe a $20 bill on a nightstand, as an example. Some techniques work well against one group, but not the other. One effective means to fight both is to check a government-issued photo ID. Premeditated bad actors will often leave to find another platform with fewer protections, and opportunistic bad actors will think twice before doing something malicious in the moment when they know their ID has been checked.
Historically, checking IDs online has been hard. It required a 5-figure contract with a legacy ID verification provider, would take minutes or more, and the quality of the data returned left a lot to be desired. We knew there had to be a better way, and so we started Berbix. Our product returns a result in 2 seconds or less and leverages the machine- and human-readable components of a photo ID to maximize accuracy.
We’ve designed Berbix in a way that we, as developers, would want to use it (https://docs.berbix.com), with backend API libraries that make an integration simple and intuitive. We offer client-side SDKs for a number of platforms including React, iOS, Android and more (https://github.com/berbix). We make integration simple enough to be completed in a matter of minutes, while also providing flexibility to offer custom configurations if desired. Using our API, you can request the information you need to verify your users, while isolating your servers from ever handling the sensitive user-submitted ID images directly.
We’d love feedback from the HN community. Looking forward to hearing your thoughts!