I have to agree with the other poster. My typing speed was in the 70+ WPM on qwerty prior to learning dvorak, and now I'm a glorified hunt-and-pecker on qwerty keyboards.
The only exception to this is typing on my mobile device, which is configured to qwerty.
Berbix | Full-stack software engineer | Full Time | Onsite | San Francisco, CA
Our stack: Go, React, Typescript, iOS, Android, Google Cloud
We're an Initialized Capital-backed, YC startup (S18) making it easy for companies to collect and instantly verify photo IDs online. We use ML and computer vision techniques to effectively extract and validate the IDs in our system without any human intervention. This is a game changer for companies that require age verification, fraud deterrence or KYC. We are growing quickly and have new customers coming on board weekly.
Our founding team led the Trust & Safety team at Airbnb for several years. We implemented the initial versions of the Airbnb's Verified ID product and saw many of the problems with the existing solutions.
We have a modern stack and a ton of interesting problems to solve. We're a SaaS, API-first company building a best-in-class solution for identity verification.
Absolutely understand where you’re coming from. It can be jarring to be asked to go through those steps by a set of companies with whom you have no direct relationship. That said, data access requests can contain some extremely sensitive information and it’s important companies responding to such requests don't share information with the wrong person.
Regarding your question on data deletion; we abide by the retention policies chosen by our customers, which are typically much shorter than 3 years. For Sift specifically, the retention policy is indeed 14 days, after which point we automatically delete all the personally identifiable information we've collected on Sift's behalf. We'll be taking in your feedback, however, as this could be made clearer in both our privacy policy and our product.
Completely understand and sympathize with that. We absolutely can (and will) do a better job of conveying the intent of the different checks here. The pose change requested is randomized, but I get that this can be frustrating.
I know you already get this, but for posterity, the idea here is to make sure the person submitting their ID is actually in front of the computer (and can react to a prompt). Attempting to use a still photo is a common way a bad actor may try to circumvent these protections. Obviously correctly identifying someone in the case you described is extremely important given the sensitivity of some of these data access requests.
Orwellian isn’t exactly the vibe we’re looking for, though, so we can do better here.
So you require someone's PICTURE to deliver the data you gathered on that person? To further augment your digital stash? Or train your models to recognize said person? (after which you delete the picture, logical - storage space costs money)
I hope I'm wrong somewhere.
If I'm not, I don't think I want to do business with you, or to ever have my ID checked by you if it means you'll get to keep my data- then ask me for an up-to-date picture to improve your collection when I object to that.
So the purpose of taking a picture of yourself is to make sure that the photo as depicted on the ID matches the person who is completing the flow. This is important as a stolen ID should not be usable for the purposes of online identity verification.
We’re not in the business of selling your data, but of providing a secure, privacy-oriented way for businesses that have to perform ID checks to do so. In the situation described above, we’re providing identity verification services for Sift in the context of the data subject access requests they’re receiving.
That's really nice to hear -- thanks for the reply! A "Why do we ask this?" link would probably be optimal.
I do get the aim, but it took me a while --- I'd wondered if it was simply data collection for more classifier training or something, which felt like a dodgy extra ask along with a verification service (even if it's the same strategy as recaptcha).
On the point of why images leave our system at all, we provide a way to show our work to our customers — they won’t trust our results if they can’t see that they’re accurate. When they access information on our dashboard, if we render the images, they’ve left our systems. To be clear, we’re not syndicating this information to any third parties, just showing this information directly to our customer (who is the owner and controller of this data).
As for what procedures we put in place, we enforce short retention periods for the data we store in our systems for precisely the reason you are worried about. At the expiration of that period, the data is permanently deleted. Furthermore, in the event of a change of control, the contracts we’ve put in place with our existing customers govern how the information can be used. This is super important to us as we personally take privacy extremely seriously.
The aggressive watermarking is important for several reasons. First, in the worst case scenario, we can trace how a breach happened and when. Second, it is watermarked in such a way that the images become much less functional than they would be otherwise — the intent is to ensure that the images cannot be used to verify an identity on any other service. We take security very seriously — we’ve already secured SOC 2 certification and continue to invest heavily in security using industry best practices.
Thank you! And yes, this space is definitely becoming increasingly important. Our focus has been to provide a lightweight, low-friction means by which to confidently check IDs. While we have been primarily serving North America-based customers, our product can work well for any US or Canadian IDs or ICAO compliant travel documents (which includes many European IDs).
Like Veriff, there are a lot of companies in this space. What is the differentiator other than low-friction? Most of the competitors offer ~$1 per use and are highly automated and frictionless.
Many of the existing KYC providers for fintech startups rely on credit reports to perform identity checks. Our perspective is that relying on credit reports alone is becoming increasingly problematic given the widespread data breaches which expose the underlying data. Bad actors have access to full name, date of birth, address history, and social security numbers for countless individuals.
We believe that going forward, fintech startups are going to have to have to have increasingly robust KYC programs, which will include an ID checks. Berbix is an effective tool to collect and check IDs instantly as part of a robust KYC program. To that end, we’re currently serving multiple customers in the fintech space with such programs.
Every European challenger bank or fintech I've signed up for an account with (Monzo, N26, bunq, TransferWise) has required an ID document check of some kind, sometimes including taking a video, and there have been multiple providers there.
Actually it has became standard practice in where I live to have government ID check as part of KYC process for these new fintech companies, usually accompanied with a live photo capture.
Thank you! Super excited to show what we’re working on. Yes, our product is fully automated - our customers can choose to review items that we’ve flagged as problematic, but they can also choose to reject them outright. As for the pricing, we’ve found that our price is competitive in this space, and we can provide significant volume discounts.
Drop me a line at (my first name) @berbix.com and I’ll shoot over a demo link so you can try it!
Our customers typically integrate with us using one of our client-side SDKs (https://docs.berbix.com/docs/client-sdks). Our web SDKs embed an iframe into your website (or spawn a modal) that will take the end user through the image collection flow. Our mobile SDKs get baked into mobile apps so that there’s no additional app to download to complete the end user flow. In either case, as soon as the end user finishes the flow, you can fetch the data about the transaction via our API (or using our backend SDKs).
The only exception to this is typing on my mobile device, which is configured to qwerty.