As an increasing number of daily and essential services move to digital platforms -- a trend that's had a massive fillip in the last few months -- having efficient but effective ways to verify that people are who they say they are online is becoming ever more important. Now, a startup called Payfone, which has built a B2B2C platform to identify and verify people using data (but no personal data) gleaned from your mobile phone, has raised $100 million to expand its business. Specifically, Rodger Desai, the co-founder and CEO, said in an interview that plan will be to build in more machine learning into its algorithms, expand to 35 more geographies and make strategic acquisitions to expand its technology stack.
The funding is being led by Apax Digital, with participation from an interesting list of new and existing backers. They include Sandbox Insurtech Ventures, a division of Sandbox Industries, which connects corporate investment funds with strategic startups in their space); Ralph de la Vega, the former vice chairman of AT&T; MassMutual Ventures; Synchrony; Blue Venture Fund (another Sandbox outfit); Wellington Management LLP; and the former CEO of LexisNexis, Andrew Prozes.
Several of these investors have a close link to the startup's business: Payfone counts carriers, healthcare and insurance companies, and banks among its customers, which use Payfone technology in their backends to help verify users making transactions and logging in to their systems.
Payfone tells me it has now raised $175 million to date, and while it's not disclosing its valuation with this round, according to PitchBook, in April 2019 when it raised previously, it was valued at $270 million. Desai added that Payfone is already profitable and business has been strong lately.
"In 2019 we processed 20 billion authentications, mostly for banks but also healthcare companies and others, and more generally, we've been growing 70% year-over-year," he said. The aim is to boost that up to 100 billion authentications in the coming years, he said.
Payfone was founded in 2008 amongst a throng of mobile payment startups (hence its name) that emerged to help connect consumers, mobile content businesses and mobile carriers with simpler ways to pay using a phone, with a particular emphasis on using carrier billing infrastructure as a way of letting users pay without inputting or using cards (especially interesting in regions where credit and debit card penetration and usage are lower).
That has been an interesting if slowly growing business, so around 2015 Payfone starting to move toward using its tech and infrastructure to delve into the adjacent and related space of applying its algorithms, which use authentication data from mobile phones and networks to help carriers, banks and many other kinds of businesses verify users on their networks.
(Indeed, the connection between the technology used for mobile payments that bypasses credit/debit cards and the technology that might be used for ID verification is one that others are pursuing, too: Carrier billing startup Boku -- which yesterday acquired one of its competitors, Fortumo, in a $41 million deal as part of a wider consolidation play -- also acquired one of Payfone's competitors, Danal, 18 months ago to add user authentication into its own range of services.)
The market for authentication and verification services was estimated to be worth some $6 billion in 2019 and is projected to grow to $12.8 billion by 2024, according to research published by MarketsandMarkets. But within that there seems to be an almost infinite amount of variations, approaches and companies offering services to carry out the work. That includes authentication apps, password managers, special hardware that generates codes, new innovations in biometrics using fingerprints and eye scans, and more.
While some of these require active participation from consumers (say by punching in passwords or authentication codes or using fingerprints), there's also a push to develop more seamless and user-friendly, and essentially invisible, approaches, and that's where Payfone sits.
As Desai describes it, Payfone's behind-the-scenes solution is used either as a complement to other authentication techniques or on its own, depending on the implementation. In short, it's based around creating "signal scores" and tokens, and is built on the concept of "data privacy and zero data knowledge architecture." That is to say, the company's techniques do not store any personal data and do not need personal data to provide verification information.
As he describes it, while many people might only be in their 20s when getting their first bank account (one of the common use cases for Payfone is in helping authenticate users who are signing up for accounts via mobile), they will have likely already owned a phone, likely with the same phone number, for a decade before that.
"A phone is with you and in your use for daily activities, so from that we can opine information," he said, which the company in turn uses to create a "trust score" to identify that you are who you say you are. This involves using, for example, a bank's data and what Desai calls "telecoms signals" against that to create anonymous tokens to determine that the person who is trying to access, say, a bank account is the same person identified with the phone being used. This, he said, has been built to be "spoof proof" so that even if someone hijacks a SIM it can't be used to work around the technology.
While this is all proprietary to Payfone today, Desai said the company has been in conversation with other companies in the ecosystem with the aim of establishing a consortium that could compete with the likes of credit bureaus in providing data on users in a secure way.
"The trust score is based on our own proprietary signals but we envision making it more like a clearing house," he said.
The fact that Payfone essentially works in the background has been just as much of a help as a hindrance for some observers. For example, there have been questions raised previously about how data is sourced and used by Payfone and others like it for identification purposes. Specifically, it seems that those looking closer at the data that these companies amass have taken issue not necessarily with Payfone and others like it, but with the businesses using the verification platforms, and whether they have been transparent enough about what is going on.
Payfone does provide an explanation of how it works with secure APIs to carry out its services (and that its customers are not consumers but the companies engaging Payfone's services to work with consumer customers), and offers a route to opt out of of its services for those that seek to go that extra mile to do so, but my guess is that this might not be the end of that story if people continue to learn more about personal data, and how and where it gets used online.
In the meantime, or perhaps alongside however that plays out, there will continue to be interesting opportunities for approaches to verify users on digital platforms that respect their personal data and general right to control how any identifying detail -- personal or not -- gets used. Payfone's traction so far in that area has helped it stand out to investors.
"Identity is the key enabling technology for the next generation of digital businesses," said Daniel O’Keefe, managing partner of Apax Digital, in a statement. "Payfone’s Trust Score is core to the real-time decisioning that enterprises need in order to drive revenue while thwarting fraud and protecting privacy." O'Keefe and his colleague, Zach Fuchs, a principal at Apax Digital, are both joining the board.
"Payfone’s technology enables frictionless customer experience, while curbing the mounting operating expense caused by manual review," said Fuchs.