Many have reservations about meeting someone through Craigslist or any other sell-by-owner site. While you might really want that vintage record player, we’ve all heard stories of the meeting turning awry quickly if the seller isn’t legit. Atlanta Tech Village resident Trust Stamp is changing the game by providing an identity verification token (a FICO-like score) on the person you’re about to do a deal with. Sounds futuristic, right? Hold on — the whole process takes place by using your digital identity, too.
The cybersecurity startup has been making waves by securing $1M in funding in less than a year with no VC terms, plus going through stints at multiple accelerators across the country. Projections for their second year of operation are a minimum of $1.6 million on the NEBIT basis and reach as high as $4.6 million.
Despite such quick growth, which would cause some to scale too fast, they are taking it one step a time for their B2C and P2P audiences. Partnerships with the National Association of Realtors, Facebook Marketplace and an S&P500 bank will add millions to their platforms.
Hypepotamus stopped by their office to speak with co-founders Andrew Gowasack and Gareth Genner. There, we checked out their duck unicorn mascot (a metaphor for their fast growth), learned how they validated their idea (it’s surprising!), and talked about how biometric data is the future.
How did Trust Stamp come about?
Trust Stamp officially started on January 1, 2016. We started working together on customer discovery in fall of 2015, although some of the IP went back to 2014 formally. They were ideas that had kicked around for a long time. The basic premise was that the accelerating paradigm of people meeting each other online and entering either interpersonal commercial relationships entirely based on online contact was going to require a new view of trust. How do you know who you’re dealing with? Are they who they say they are, and even if they are who they say they are, should you trust them?
We started out looking at the concept for Trust Stamp focused on the P2P and sharing economy. First of all, we started with customer discovery based on Craigslist. Estimated 30 million transactions a month, well over 100 murder convictions, daily crimes.
You validated your idea using Google Consumer Surveys, which is very unusual. How did it work?
We did our first surveys using Google Consumer Surveys and we said, “Would you pay a fee before meeting someone or transferring them money or assets?” Google does consumer surveys. They’re one of the underused market research opportunities. In fact, market research companies we’ve subsequently worked with were in total shock because they didn’t realize you can do it.
You can pay them ($150), and it’s based on the number of replies you want. It can get a bit expensive, but you can also be clever. You can commission a survey where they will guarantee you 1,200 completed responses. To do that, they survey between 20-25,000 people because obviously not everybody completes it. In theory, it’s a one-question survey, but you’re allowed half a dozen answers.
Then we tried dating agencies, and 40% of users at dating agencies said they’d use it. We then tried ride share companies, and 50% of their passengers said, “I don’t trust the company. If another company offered me this option, I’ll defect to the other company.”
Tell me about the uniduck — it means your company was going to be a unicorn or a duck?
The first accelerator that we talked to, which was a banking accelerator, there’s five stages of interview and I think at stage three the managing director of it said, “This thing is either worth absolutely nothing, you’ll never pull it off, or it’s a unicorn.” He said, “We’re backed by banks and the banks don’t back unicorns, but they might just do this one.” We adopted the uniduck because it was either going to be a duck or a unicorn. It’s our corporate mascot.
As you guys were going through all of these accelerators, how did you find your target audience, and what is it?
What we did when we went into banking accelerator was to explain the concept, explain some of the tools we were going to use and ask the banks what their pain was. The banks brought us their pain. Very quickly the banks said, “Here are the problems we have. Can you fix them?” As soon as they got the feeling we could, we had to sign NDAs and we had to really narrow it down because we were looking for a partner bank. The immediate need we narrowed down is synthetic identities. Synthetic identities are a completely invented person for whom you create an internet and apparent financial presence in order to run up credit in the name of the non-existent person. To give you a size, in the banking industry in the United States, it’s going to lose an estimated $20 billion this year from it.
For them, we are working on the elimination of synthetic identities so that over time all of their customers will apply by selfie. When you do a digital application, you will take a selfie. We use our proof of liveness, which is proprietary. When we say a selfie, it means one of two things. In the United States, it means a microburst of photos. In some other countries it means a video because they have legislation relating to that. We then use proprietary AI to know whether you’re alive or not.
You’re working in other partnerships as well, correct?
In parallel, we’re just starting in Facebook Marketplace. Facebook Marketplace aims to be the successor to Craigslist, but it does not provide any means of knowing who you’re dealing with or whether they’re trustworthy. We’re going to provide that as a third party Facebook application.
We’re just doing the test marketing on that. We launched Trust Stamp Europe in December. We were in the Fintech Pavilion at TechCrunch. We have something like 20 to 30 European financial institutions that wish to partner with us already. We have a group, and I can’t say who they are, but I can say that they represent 1,000 banks in Europe who are interested in partnering.
Why did you guys decide to forgo VC funding aside from an initial seed round?
We entered it with funding which meant we were funded till the end of the year before we began. Within six months, we are effectively funded ad infinitum at this point. Based on current contracts, so you don’t have that pressure. We’ve never accepted VC terms. We’ve only taken $1.2 million in investment.
We had confidence in our product. We wouldn’t have grown in the same way. We’re approached by VCs more often than you can possibly believe. “By the way, we don’t do VC terms. What that means is you’re welcome to join as an ordinary investor with one vote per share.”
How does it work for a regular P2P transaction?
If you were dealing with me, you’d say, “Send me your Trust Stamp.” We don’t do searches on people, so you can’t do a background search on me. You would say to me, “I’d like you to get a Trust Stamp.” You could do two things. One is you could just send me a link and I pay to send you a Trust Stamp, or you could prepay it and say, “Send me a Trust Stamp. I’ll pay for it.” Then when I got the link, click on the link, would be an SMS or an email, it’ll ask me, “Take a selfie,” photograph of my driver’s license, and then sign up with a social media account. If you met me on Facebook Marketplace, you’d click on the Facebook button. Then we do our proof of liveness, check out your photo ID, and then go into that Facebook account.
You’d receive my Trust Stamp. You’d be able to confirm it came directly from our secure server. It would have my photograph, it would have my certified legal name, and it would have the score and obviously color that gives you those indicators. I can choose to share other things. I can choose to let you go look at my social media accounts. If you’re going on a date with me, you might insist on that as opposed to buying something off of me. You might say, “Hey, let’s swap before we meet up.”
Your company’s obviously working towards a safer internet of things, but what are your thoughts on current cybersecurity issues?
All of the discussions about use of irises and blood veins in the eye, the fact is that it’s going to be many years before we have gadgets that are able to do that reliably in everybody’s hands. You have to use something ubiquitous. Not only that, there’s going to be a huge rebellion if government tries to have a register of eyes and irises, isn’t there? We all accept faces, don’t we? We think that the face, short of DNA, your face for the foreseeable future is the key to cyber security.
Cyber security is virtually always social engineering, which means that somebody has spoofed you into giving them your credentials. You can’t give away your face. We talk about things being hacked. They’re not hacked. That’s usually nonsense. A DDoS attack is one thing, but that’s external. It doesn’t get access. Very few systems are legitimately hacked by people finding a backdoor. They’ve socially engineered the credentials to access it.