Hacker News new | comments | show | ask | jobs | submit login
Introducing Airbnb Verified ID (airbnb.com)
54 points by ssclafani on Apr 30, 2013 | hide | past | web | favorite | 33 comments

Just did a bit of digging.

They use this company for the verification process of ID scanning.


I wonder if this has been brought on due to a friction of fraud that they are facing as they've grown. They've actually done a great job of keeping fraudulent activity under-hush, but I'm sure it's been a major problem...

Also, one of the main issues with a marketplace that fulfils the service/product at a future date is the uncertainty that the home owners actually exist. They've done a good job of limiting their exposure to risk on this by putting in lots of mechanisms in place.

(Reviews / Free profession photography / Payment holds to owners until arrival / Social connections / Phone verification / CC Linking )

All of these help create a strong recognition of trust/security (that isn't just an illusion like many other sites).

I'm just not quite sure what additional benefit this offers. (I'll assume it's to protect the home owners more, by requiring guests who place a booking to confirm their identity)

AirBnb don't store any of the verification documents either. They are all stored by Jumio, who also check them against goverment documents to confirm a match. [2]

[1] : http://www.jumio.com/netverify/try-it-now/

[2] : https://www.airbnb.co.uk/support/question/453

Identity is a basic problem for any online transaction. For instance, Paypal's biggest innovations were around fraud prevention.

Jumio is a great solution to bridge online transactions and offline verification (physical IDs, passports, credit cards).

If I had to speculate, I suspect Jumio gets disrupted by products that attack the root problem by no longer needing verification - more specifically, virtual currencies. But that feels like a distant prospect right now.

I don't believe virtual currencies solve the verification problem. On the contrary - anonymity plus lack of chargebacks is a huge incentive for fraud. You can either drop anonymity or establish a trusted third party escrow-like service. In either case you need some kind of verification.

It looks like despite the error the verification still goes through. I uploaded my ID, it said it was doing some processing, and when I clicked next I got an error. However, I was still able to complete the verification and it now shows me as verified.

Does this mean that anybody can sign up on Airbnb and browse verified Name-to-Address matches for people? Plus the photos from inside their homes?

Airbnb doesn't divulge the address until a reservation has been made. OTOH, your point about photos is correct.

This is awesome. If I had a room to rent on AirBnB I'd probably require this.

What I'd really like is a way to make an Airbnb listing "friends only" -- i.e. FB friends or FB friends of friends, alums from my school, YC people, fellow members of SAF, etc. Any number of filters. Or have price differentials for them.

Friend-only AirBnB sounds awesome.

Might also be fun with trades, too.

> matching it to offline ID documentation, such as confirming personal information or scanning a photo ID. The name provided by both channels must match for verification to succeed.

Sorry, but there is no way i'm going to scan my passport, id or driver license and send them. Why ? Because they are my life... In some countries, like my motherland Turkey , if someone , somehow has them they can get loans from bank in my name, get credit card or worse set up a firm. I have no reason to "trust" airbnb and their partners in this case.

What could be a better solution ? Well i could accept facebook validation + verification code via $1 credit card charge ( like paypal does ).

> if someone , somehow has them they can get loans from bank in my name, get credit card or worse set up a firm

On top of that they can establish a verified ID with AirBnB and any similar companies. This is recursively scary :)

The "they" we are talking about are AirBnb employeees, not some random people. It's no different than giving a copy of your passport to the bank teller - in theory they could also use your info for bad purposes, but it's much less likely than a random person.

The "they" could be AirBnB employees, but it was probably a reference to hackers breaking in and copying those files from AirBnB servers. The fewer servers that have a scanned copy of your passport, the better.

Do you refuse to hand over your passport to hotels that require it for foreign visitors? Do you follow the waiter back to the payment terminal after handing over your credit card to make sure they don't copy it?

Personally, I would trust Airbnb much more than some of the hotels/hostels I've stayed in. Anyone can make a photocopy, but passing it off as a legitimate document is pretty difficult.

> Do you refuse to hand over your passport to hotels that require it for foreign visitors?

In my experience : hotel staff checked my identity, in front of me and that's all. I wouldn't let them go away with my passport, photocopy or keep my passport...

> Do you follow the waiter back to the payment terminal after handing over your credit card to make sure they don't copy it?

I'm not perfectly sure about U.S. but in Germany and Turkey because your card is pin protected they have to swipe your card in front of you, so i don't follow him, i don't have to. Chip & Pin system isn't perfect but if i don't allowed to pay my dinner using my pin and card combo ( like in U.S.) , i pay cash.

In hotels, you can shield your pass against rf-id, you can watch the person who's holding your pass and what's he doing ( you pay attention to your environment and hotel clerk by check-in, right ? ). But in internet you don't have this physical protection layer, once you uploaded your id it's gone, you don't know if airbnb , or in this case their partner, keeping copy of your id or not.

Nearly every hotel I've ever experienced make a copy of my passport when they asked me to show it. I don't really care much either way.

I think there are some psychological problems to over come. In countries like Brazil, Germany, France, even using credit cards online can leave users concerned. I think if anything though, this concept of more valid authentication of the people behind a transaction should make large online transactions easier in the future.

I just completed their alternate system, which lets you identify yourself by taking a quiz of things 'only you would know.' I had to identify the last 4 of my social, the state it was issued in, how long I've lived at my permanent address, and which of a number of roads was closest to it.

That's not very strong assurance. You can easily look up on a site like Facebook where someone was born, which gives you SSN location. All sorts of companies have access to the last 4 of your social (ironically, the only unique part of it - the rest can be inferred based on where and when you were born). You can also look up how long someone has lived in a particular place. I literally used Google Maps to answer the roads question, as I'd never heard of any of them before.

I don't know why anyone would go through the trouble of opening an Airbnb account in someone else's name, but it's certainly possible (and easy to 'verify' using the tool I just described).

> You can easily look up on a site like Facebook where someone was born, which gives you SSN location. All sorts of companies have access to the last 4 of your social (ironically, the only unique part of it - the rest can be inferred based on where and when you were born).

Back in the day, infants didn't usually get SSNs, since the IRS did not require them for taxes, you didn't need them for insurance plans, etc. If you're in your 40s or older, you probably didn't get a SSN until you got a job. (I'm over 50 and I got mine when I got my first job -- using my SSN to determine where I was born won't get you within a thousand miles.)


So, the IRS issues everyone a unique identifier at an unknown point in time. Separately, a federation of businesses decides it needs to share records to estimate a customer's likelihood of conducting business in good faith. This federation needs a globally unique identifier that can be used to collate these records into a single profile. It decides to use the IRS's unique ID, which means a whole host of companies require you to provide this identifier in order to do business with them. The credit profile also establishes a system whereby someone else's identity can be more useful than your own when it comes to procuring services.

Most of the companies that require a credit check treat their business with a particular individual as confidential. Over time, they establish customer support call centers and require that the customer authenticate with a shared secret before providing support. Most key their records off this globally-unique ID (your social security number), and it becomes the industry norm for the second half of this ID to be the shared secret you use to verify your identity.

So, you've got a shared secret that we expect to be fairly well-protected, as someone can use it to falsely identify themselves as you and rack up bills in your name. The second half of this secret is freely shared over the phone, as its presumably useless without the other half.

Meanwhile, the authority that issues this ID is completely separate of the consumer credit system and uses it for a completely different (and less consequential) purpose. It changes the policy by which it grants this identifier, whereby the first half can now be fairly well predicted with a known piece of information (where an individual was born).

As a result, the infrastructures of many critical institutions presume that a secret they don't control is fairly well-guarded, and the inertia of their old decisions leads them to freely pass around the only part of the secret that is still hard to guess.

> "Starting today, Airbnb will require a random 25% of users in the USA to go through the Verified ID process."

Is this for hosts, guests, or both? And does this only apply to new users? I suppose they're measuring the impact of the change by forcing it onto only a random 25% of people in one market.

I had to go through all of this back in January when I used Airbnb to get a house in the Valley for a few days. I was just then creating an account - and I had to connect my Linkedin profile + upload an ID. It didn't like my Italian ID card but it liked my (also Italian) driving license (which was a surprise - it's in horrible condition). I was surprised at the depth of the verification (not in a negative way) - but I thought this was for everybody. Was I somehow selected as a tester, or maybe they found my usage profile suspicious (Italian citizen, resident in Germany, creates an account and immediately tries to book a place in California)?

"There is no place for anonymity in a trusted community."


I strongly disagree with that post, and I find the closing words very grating (and even a bit condescending).

> Trust and verification. They just go together.

Trust and authentication are not the same thing, even if they are related concepts.

And there absolutely is a place for anonymity even in a so-called "trusted" community - in fact, those communities are the place where anonymity can be the most powerful (and also the most effective, or most needed).

Even if this doesn't apply to AirBnb's situation, I find it incredibly irritating that they try and frame this behind some 'Anonymity is bad, and without verification there's no such thing as no trust' philosophy, instead of owning up to the fact that AirBnb apparently has some issues with fraud/abuse, and this happens to be their solution to fixing it.

Transparency may not be necessary for trust, but it goes a very, very long way towards establishing it. Anonymity is the opposite of transparency.

People trust anonymous systems, voting being one of them.

How would you measure if requiring a verified Id is a good/impactful change? Has there been a problem with pseudoanonymous people causing problems that this is trying to solve?

I'm not opposed to it, but it does take away some of the splendor of AirBnB'ing, maybe it's just me but when I stay at AirBnB pads I like to feel like I've left my day to day work life behind and can now be who I want to be.

Personally, I think this is great. I'd love to see other marketplaces offer this service (Etsy, eBay, Craigslist) or better yet I'd like to see new startups take this angle as a way to disrupt.

I understand there's a place for anonymous transactions. I just think there's an even bigger place for trusted transactions.

Elance has verified contractors, they even call you (they did for me, and I'm in Uruguay).

After using Airbnb for quite a long time, I’ve gone back to hotels precisely because of this. Holding up my passport next to my face for 10 seconds at a hotel is sufficient to get me checked in, while my Airbnb hosts never bothered to check my ID. Now a photo of my ID is going to live on some third party server with questionable security for ever. Choosing “Confirm Details” yields an empty list, so I’m SOL.

If somebody swiped your credit card, you can get a new one with a new number, and call fraud protection right away. Almost nobody laughs at you because your card is ugly. Not so with any form of government identity.

What that will really work for me is an obscenely high security deposit set by the host.

I don't have a problem with scanning ID. I'm not sure if I'm understanding the online-verification part, though. It says that you can verify the online part of your identity by linking your account to Facebook, linking your account to LinkedIn, or receiving AirBnB reviews. I already have AirBnB reviews so this part is checked green for me already.

But does that mean new AirBnB users will have to have either a Facebook or LinkedIn account? If it becomes mandatory to be verified before you can use AirBnB, they wouldn't be able to use the review route to verification, would they?

It seems to be the AirBnB's effort to build more and more community into the platform puts the business at odds with its ultimate growth driver (replacing/substituting hotels). This just feels like another step to move the company further away from a hotel-replacement and more towards an online community, which feels more niche.

I'm not sure what the solution is to making hosts feel more comfortable with strangers, but stuff like this just makes me want to use the platform less.

Introducing this sort of thing goes towards addressing the chief regulatory complaints about AirBnB, which is that it's actually about sharing and community, not just a way to arbitrage on exemption from (legitimate) hotel and zoning regulations.

I guess more people are verifying then they had counted on, because the system appears to be down.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact