Before we became Passbase, we were a crypto startup. People using our first crypto product meant that we quickly felt the pain point of meeting know your customer (KYC) requirements for compliance. That’s when we realized identity verification was an even bigger opportunity and we pivoted to become Passbase. The fact that we gained 100 new customers in our first year and raised $3.6M in funding just six months after our pre-seed round gives us the confidence that we are indeed moving in the right direction with our privacy-focused, user-centric vision for digital identity. In this blog post, I want to highlight how we got here: how our experiences in crypto shaped what Passbase is today, and why we think identity verification is essential for the future of the new digital economy.

Digital identity can solve interoperability for crypto

Our first product, Coinance, was a cryptocurrency management app that enabled users to manage their crypto portfolio in one central place by linking their exchange wallets. But when it came to allowing users to actually trade crypto on the platform, we encountered a roadblock: all of the liquidity pools we linked up with had to perform KYC checks on their customers as part of their anti-money laundering (AML) regulatory requirements. In addition to that, our company needed to have a KYC process in place for our own transactions. However, none of the existing identity verification solutions enabled users to transfer their digital identity between wallets, which meant that we could not move our product forward and because we could not give users the option to transfer assets between their wallets.

Digital identity, we discovered, is a key challenge for crypto and one of the bottlenecks for the industry as it gains more widespread adoption. When we compared KYC providers as a potential client, we discovered:

• Long sales cycles: you had to talk to sales and have multiple meetings before even testing the solution
• Lack of developer-first integrations: solutions were not meant for fast product iteration cycles, sometimes requiring their tech support
• Lack of flexibility: pricing plans came with fixed features or did not allow for must customisation

None of the solutions were a good fit for a fast-paced environment like crypto, where you have to constantly iterate quickly.

Making the pivot from crypto to digital identity

After talking to every KYC vendor in the market from a buyer’s perspective and also to our contacts in the crypto sphere, we identified a shared problem space: existing providers were built for traditional finance and not crypto or the new digital economy. However, our product — what would then later become Passbase — hadn’t taken a concrete shape yet.

This is where we took a somewhat unusual approach: instead of working out a polished business plan and present it to investors, we used the investor meetings we had already lined up to iterate on new ideas in real time. Sometimes we would come up with a business idea 48 hours in advance. We pitched our raw ideas and iterated on them using the feedback we got in our conversations. Even after we had made the decision to pivot to digital identity we kept true to our incremental approach by not shutting down Coinance immediately, but instead licensing the product to give us an additional cash runway. Ultimately, however, we arrived at the point where we needed to make the final step over to Passbase and raise funding so that we could build a team that would not fit in our tiny San Francisco apartment

Redesigning identity verification with privacy and security in mind

We wanted to create a digital identity layer of the internet that is based on user consent and would enable interoperability not only between crypto wallets, but between all kinds of online services. We knew we were entering an industry that is high friction and requires high assurance because others have tried to solve the problem of portable digital identity, including governments. Consumer skepticism remains high.

This means that driving adoption would have to come from businesses who wanted to verify their customers, not the customers themselves. Existing providers in 2018 were mostly focused on KYC for AML compliance during user onboarding for traditional finance. We have room to build better identity verification experiences for all the other use cases.

By focusing on building great identity verification to drive adoption, we can build the identity infrastructure that will facilitate the portability of digital identities for consumers. In essence, end users can maintain their digital identity and choose which parts they share with service providers in the future using Passbase.

What we’ve learned since launching Passbase and building alongside clients

Passbase officially launched just before COVID-19 hit the world. Our strategy to make sure we had a working product that clients paid for from day one paid off because we were able to power companies beyond crypto that included Teleclinic, which was directly involved in diagnosing Germany’s first infections, the neobank Binks in France, and gig economy platform Appjobs. We learned and grew with them as their businesses scaled.

Build integration options with developers in mind

When we were working on Coinance, we tried to build a service that connected different services from the crypto industry and found that none of the existing KYC solutions offered the technical flexibility we needed to do that. We wanted a solution that adapted to our tech stack, not the other way around. This is why we created Passbase to be a self-service developer platform. We wanted to grow Passbase through product-led sales, so we developed mobile, web, and server-side SDKs in addition to our API. We also quickly learned that our product was a bit too sophisticated to have an obvious value proposition to developers, who weren’t necessarily aware of compliance requirements. Our SDKs and libraries may not have given us a jump start, but it gave us a solid foundation that differentiated us for digital native companies.

Communication and education is key to adoption

I became the company’s first account executive (AE) in order to prospect clients. We quickly learned that articulating Passbase’s value proposition became about taking complex considerations for companies and breaking them down into digestible concepts. What regulatory requirements does Passbase help companies with? How should product teams incorporate identity verification when managing stakeholders like compliance, customer success, and security?

Helping companies educate their end users is also key. Many consumers are wary of face scanning, even if biometric authentication is more secure than text-based passwords. For companies in crypto, regulatory frameworks like the EU’s 6th Anti-Money Laundering Directive (6AMLD) now apply as well, making identity verification a necessity. Early on, we created our blog to help client companies understand how these features work.

A great verification flow is a conversion opportunity

Compared to traditional industries, like banking, whose digital transformation was oftentimes a cumbersome process, digital native companies can deliver far better user experiences from day one. For industries like crypto, where KYC is a requirement, this step in the user journey became a conversion optimization opportunity as well. We learned with clients like Hurr Collective, which is a rental marketplace that now has a Selfridges partnership, identity verification helped build trust and safety for companies without large engineering resources. We have built advanced customization features into the Passbase dashboard for our clients to insert the company log into the verification flow, manage copywriting and translations, and drag and drop required documents. This helps teams of any technical capacity to fully brand their verification flow and optimize it for customer conversions. Customers who enjoy a feature will use it more often, making use of feature such as biometric authentication. This is a win-win for businesses and end users because it secures digital identities, reduces fraud, and builds online trust.

Companies need flexible tools for different checks in new regulatory markets

Regulations are evolving rapidly, for crypto, financial transactions, and newer industries such as eSports. While choosing a country with low regulatory thresholds may have worked in the past, not investing in thoughtful, privacy-preserving user identification can slow down growth in the future. For now, companies that start with a high AML compliance standard, following FATF guidelines, upfront can ease a businesses expansion into new markets. However, we also know that markets will always their differences. The more sophisticated companies that we’ve worked with have set up specific policies, such as countries they may require additional documents from. Companies have leveraged Passbase’s flexible API to customize identity verification to their needs and we have introduced tools for non-technical teams to do the same, such as create multiple verification flow projects.

There is no “one-size fits all” solution to KYC

Everyone knows this. But it wasn’t until we were talking to prospective clients that appreciated the specific considerations for each company. Passbase’s current identity verification engine can serve a broad range of companies beyond FinTech and crypto, such as real estate and telecommunications. But even if we focused on crypto, companies will want to tailor identity verification for their needs. They also deserve to have these options. It’s a win for the company and for the end consumer. This is why building digital identity infrastructure that allows companies to build their own policy systems and orchestrate which verification flows happen based on specific event triggers is now our main focus. After gaining over 100 clients in our year of launch, we can confidently expand our privacy-focused and user-centric features so that other companies building for the new digital economy don’t have to from scratch.

Even though we started out in the crypto space, the interoperability problem for wallets is actually a universal problem. The truth is, we need a new identity infrastructure — one based on trust and privacy — for services in the new digital economy. In 2021, we have the technologies to ensure trust with privacy. One of the biggest lessons we’ve learned so far comes from the crypto industry: this is not a zero sum game. we as businesses in the digital economy ultimately need to work together to build a universally accessible identity infrastructure for a safer, more human internet.

Originally published at https://passbase.com/blog.

How we pivoted to solve the identity verification gap was originally published in Passbase on Medium, where people are continuing the conversation by highlighting and responding to this story.

Flip the script — being a human in interviews

Interviews are a marathon for both companies and candidates. If you are a new company, finding and convincing the talents who can help build your company is a mountain to climb. The work to find the right person amongst hundreds of applications for a position is no less challenging for a global company. Even though it’s a challenge for everyone to find the right fit, it doesn’t mean the process has to be painful. Every candidate you encounter as an in-house recruiter is an opportunity to build a new relationship. Having worked for companies such as Yelp and Disney prior to joining Passbase, I’m building on my thoughts on diversity and conducting better interviews to share how we have created a more human-centric interview process to build a long-term talent pipeline based on human relationships.

Through 2020 and the Covid-19 pandemic, Passbase has doubled is team and brought on experienced hires and industry veterans by creating a hiring process that asks if a candidate is:

Below, I will use Passbase’s interview process to illustrate how I approach recruitment.

Search for the right puzzle pieces

As an in-house recruiter for a young company, I need to be proactive in outreach to people with interesting CVs. Obviously, this is dependent on what role you’re hiring for but there are many ways to go about targeting your search. Sometimes you have to start broad and get more targeted as you go. Or, if you know exactly where you want to start (e.g., looking at candidates coming from specific companies) feel free to start super specific. Keep in mind many of the great candidates are likely not actively looking for new roles, this is why it’s so important to be as targeted as possible through this process.

For people looking for new positions, sprucing up your LinkedIn profile is one of the best ways to get noticed by in-house recruiters. Below are some of the ways I filter-search to discover people:

1. Start by filtering by job title and location
2. Add keyword filters for specific skills or backgrounds (e.g. specific techstacks, specific industry experience, or ‘B2B’ specialty for marketing)
3. Explore companies with products you admire
4. Play around with the graduation date filter if experience is a must (would encourage recruiters to not have a degree emphasis)
5. Evaluate profiles for puzzle pieces, not perfect credentials. Look for clues such as volunteering experience, promotions, tenure in the last two roles — longevity is important!

Of course it’s important for the candidate to have the necessary skills, but be sure to take a step back and look at the entire profile to consider transferable and intangible skills. Before you do any outreach you need to establish a baseline of the puzzle pieces that make sense to you. If I see enough puzzle pieces, even though it may not be my “ideal profile,” I will usually err on the side of reaching out.

Nail your outreach message

Since your outreach message is a first impression, spend time to refine it. Track the messages you send out to learn what style speaks to candidates. Modify them based on the roles you are hiring for, such as engineering or sales. I use a similar message for LinkedIn Mail and e-mail, providing enough information on the company and role so that an interested candidate can respond quickly. Below are two message templates I have used in the past:

I start with a clear title that makes the role and opportunity known to a candidate. A candidate’s online profile is not their whole story, so keeping the message personable and human is important. The first call is meant to be a relaxed way for both sides to get to know each other with no strings attached. In the best case scenario, people respond within a few days and you can schedule a call immediately and preferably as soon as possible to be respectful of their time.

Make your introductory call a coffee chat

In your first call, focus on getting to know the candidate as a person and learn more about the puzzle pieces that were not in their CV. To be respectful of a person’s time and fit a realistic set of discussion points within your allotted time, which is usually around thirty minutes. I also put some buffer after my calls if possible so that I do not have to cut a meaningful avenue of conversation short. A few extra minutes to comfortably wrap up a conversation can go a long way.

I typically start by thanking the person for taking the time and flipping the interview script. Instead of giving them what might be another company overview if they are conducting multiple interviews, I give them the floor to start with any questions or curiosities about the role or company. Of course, some people prefer the traditional format, so I also say that I am happy to take the questions in the end.

During the conversation, be transparent about factors that are important to them, whether it is the salary range or the interview timeline. Understanding a candidate’s priorities and addressing them in your follow-ups is a way to build trust and your company’s reputation. Even if you may not continue the conversation this time, the professional relationship you have established is valuable.

Turn skill assessment into an opportunity to inform

Skill assessment is often a stressful stage for a candidate because assessments can vary widely. This stage is for the department or team lead to find out if someone has the skills for the role, but is an informal assessment of intangible skills. How a candidate completes the task is often just as important as the contents of the task. Helping your hiring colleague be mindful of their interview preferences and biases can diversify the pool of qualified candidates who may have different working and communication styles.

At the time of writing, Passbase does not pay candidates for assignments, but we continue to refine our skill assessment stage. Before the Covid-19 pandemic, candidates who interviewed at the office would receive gift cards. Currently, we aim to design assignments to be completed within 4 hours (half a workday) to be respectful of a candidate’s time dedicated to unpaid work. It should go without saying that the material that a candidate provides should never be used by the company. At the same time, the assignment should give the candidate further context on the business, the market, and the product or service so that it is educational.

Have colleagues assess for culture add

Instead of checking for culture fit, Passbase arranges for conversations that assess for culture add. The first is an interview with one of our team members who is not from the team the candidate would be joining and the second is currently with one of our co-founders.

Founders who are intentional about the companies they build make time for interviews in their weekly schedules. Airbnb CEO Brian Chesky interviewed the first 200 employees and Silicon Valley founders like Jeff Bezos and Larry Page remained personally involved in early hires to raise the bar for a company’s talent with each hire. A founder needs to assess whether an individual takes the team to the next level with their role-specific skills, intangible skills, and values. Does the person fit the needs of the company as a whole? You can also find out how one of our co-founders, Mathias, approaches hiring and what he asks candidates here.

At the same time, to make sure that we are growing more diverse with every new team member, we want to have someone who thinks about how a candidate could add perspectives to the company. For example, can someone entering a leadership role bring more balanced perspectives to a white or male-led company? What is their understanding of privileges and how are they expressing views about social values? This second conversation is more freeflow, although you should provide some questions and guidance on what your colleague should look out for. Through the informal chat, your colleague should be able to sense check for shared baseline company values to create a safe work environment for everyone. If your colleague has moments of discomfort, they also need to be equipped to consider the source, be it cultural differences, inappropriate conduct, or their own privileges.

Bring the data points together in a workshop

Before pandemic times, many companies bring in a candidate for a final-round workshop interview. This round is meant to bring together all the data points that our team members have gathered and see if they are consistent with how a candidate behaves in person. Ideally, this stage is a litmus test to answer the question: “Can we all work together?”

Like most companies, Passbase has adapted to remote-only final round interviews during the Covid-19 pandemic and the last round has become an applied skills assessment. Depending on the role, this can last for one to two hours. Where possible, we offer some format flexibility (take-home versus fully in-person) and I make it clear to the candidate that we acknowledge not everyone operates the same way, that we care about them as an individual. For example, an on-the-spot coding assessment can be overwhelming for some people, so teams can explore designing a take-home component. A sales position can have a 30–45 minute presentation call and follow-up discussion that is typically over two hours.

Consider that video exhaustion during Covid-19 is a real issue, so do not shy away from checkin-in with your candidate on what their schedule is like. Offering flexibility as well as making myself available for any prep or debriefing calls creates a positive candidate experience.

Designing a workshop to assess a person’s technical and collaboration skills, as well as chemistry with our team, will always be a challenge. Time pressure and workshop format can impact a person’s performance and can never be 100% fair. Acknowledging that is essential for the ongoing process of refining the interview process

I think of every of recruitment stage as both an opportunity for us to interviewing a candidate, and them to interview us. In addition to answering questions about Passbase, I use every in-person call and e-mail exchange to demonstrate how the company operates and values people.

Ultimately, both your colleagues and the candidate are trying to find out whether working together is mutually beneficial. Provide a candidate with context to make an informed decision, even if it might ultimately lead to a “no”. How a company treats people reflects on a company’s values. At Passbase, we’ve talked to many candidates who are talented people, but might not be the right fit for a variety of reasons: experience or seniority, specific skillset, values, work arrangement requirements, and of course compensation. As an in-house recruiter, make sure that every conversation is a good one, even if the person may not be the right one — for now.

We are hiring in our New York and Berlin offices! Check out our latest open positions here.

Originally published at https://passbase.com.

Flip the script — being a human in interviews was originally published in Passbase on Medium, where people are continuing the conversation by highlighting and responding to this story.

As Passbase’s Head of Talent, how I recruit and the culture I set up will have deep implications as our company continues to scale. Since I joined the company in 2020, I have screened over 250 applications and had over 60 interviews. Last year, we doubled the team size in the midst of a pandemic through sales-driven growth. This year is a critical stage for the company to establish its cultural DNA and I am sharing our initiatives to document the process of our iterations transparently. In this post, I will cover our leadership training, acknowledgement of cultural and religious holidays, and company committees.

Before I share what I am doing at Passbase, I want to give some background context because my career path to this role was not straightforward. I was working in venture capital as an internal recruiter building startups from the ground up. Before that, I was at Yelp as an Account Manager and later in Consumer Insights at Disney. The primary reason I joined Passbase was because it was going to be an opportunity to build a company and culture in the ways that I wanted.

I am a bisexual, Muslim, Lebanese-American woman, and knew that I was coming into a company led by straight, white men. Joining a tech company where there was no presence of a woman in a senior leadership or managerial role is a moment for someone like me to pause. It has proven not to be an issue, but these considerations are a reality.

Start by addressing unconscious bias in leadership

They say that the first thirty team members set the culture of the company, so the founders — Mathias, Felix, and Dave — are conscientious that we need to find the right people that will challenge us. Our founders know the distribution in our metrics are not where they should be, but we are going in the right direction.

I constantly push our founders on hiring for diversity, but hiring for diversity means that the leadership must get used to being uncomfortable, even in their interviews. This means addressing unconscious bias, which affects team members and potential candidates.

Currently all team leaders at Passbase are going through a workshop series through a platform, Hone, called ‘ Create a Culture of Belonging.’ This isn’t meant to be just a training slapped on people’s calendars, but rather actually having open discussions. For example, one of the conversation topics for our breakout rooms was, how have you found yourself conforming in your workplace, in your personal life? This encourages people to listen to the other person’s experience, with the ultimate goal to invoke empathy. The only way we as a company will address unconscious bias and inclusivity is to talk about it, no matter how uncomfortable it is.

Passbase was founded in 2018 and when we rolled out this program, we had only raised a seed round (the rest of our growth has been fuelled by sales in 2020). However, our founders, Mathias, Felix, and Dave recognized the need to acknowledge unconscious bias as a crucial first step to building a diverse team.

If you are looking to join a company, ask their recruiter what investments they have made into training leaders about unconscious bias, not just one-off workshops on diversity. If you are in the People team in your company, challenge leadership to invest in educating themselves and their employees.

Acknowledging religious and cultural holidays

It’s 2021. With remote or global teams, companies should be doing more than just following the bare minimum public/bank holidays. Outside of the major Christian holidays (e.g. Christmas, Easter, etc.) employees who observe other holidays such as Eid, Lunar New Year, and Hanukkah, are encouraged to take time off to celebrate at Passbase. As a Muslim myself, up to this point, I would always have to use up paid leave days (when I didn’t have unlimited) to observe my holidays. That situation always made me feel uncomfortable and the option to take paid time off to observe cultural or religious holidays is something that I tell new hires during onboarding so they don’t feel uncomfortable making the request in the future. People bringing their full selves to work also requires that they can be comfortable in communicating what is significant — essential — to their identity.

When rolling out these benefits, we also needed to consider regulatory requirements. Passbase has offices in New York and Berlin, which means that it needs to comply with labour regulations in the U.S. and Germany. Passbase officially offers paid leave days, mental health days, sick days, as well as unlimited personal time-off days that can be requested with a manager. If you are managing a remote team, look into the labour laws for the country your team members are in or paying taxes to. For example, in Germany, even though we have offered unlimited personal time off (PTO), the country requires that the company register these days.

Establishing feedback commitees

If you are in my position as a talent lead and building a rapidly scaling team, you will need to crowdsource feedback from your colleagues and set up communication channels. To start 2021, we have begun setting up committees and safe spaces for people in the company to discuss experiences and suggestions for strengthening our company culture. To start, we have Women at Passbase and a Culture Committee. These are committees to allow for all voices to be heard. My job as the Head of People is to provide the spaces for people to use their voices. It is also my job to hire people who will push Passbase and challenge our ideas. In future posts, I will share more about initiatives that have come out of these spaces.

Being completely honest with ourselves, at this moment in time, Passbase’s managers are all men. Our founders know this and have voiced that our newest openings are an opportunity for the company to work towards fixing this imbalance. Talent acquisition is a direct way to address the level of diversity in a company and we are making a conscientious effort to change the status quo.

I would especially love to get referrals from you for talented people from underrepresented communities — women, trans and genderqueer, people of colour, black, indigenous, and neurodiverse people to name some examples! You can check out our latest job openings here.

Originally published at https://passbase.com.

It’s 2021. Diversity cannot stay reactive was originally published in Passbase on Medium, where people are continuing the conversation by highlighting and responding to this story.

Before I became Head of People at Passbase to double the team in 2020, I’ve been an interviewee countless times for the past few years. To this day, some stand out, both for how inspired I felt as well as uncomfortable I was sometimes made to feel. When Passbase began to grow at a speed that needed a full-time recruiter like me, I had a list of positive experiences I wanted to replicate as well as negative ones I would never want to to put anyone through.

If you are recruiting for your company, here are ways you can make the interview process more pleasant for interviewees, as well as yourself! If you’re looking for a job, you can also take this list to better understand what are green lights and red flags when you are assessing whether to join a company. The more empathetic interviews are, the more likely you will find better candidates who are a fit for your needs.

Have a conversation, not a Q&A session

When we are crafting a JD for a role, usually all the involved parties draw up their own wishlist. This usually starts with skills and work experience, but also usually includes factors like “character fit” or “values”. Ideally, this is a conversation between whomever is doing the recruiting, whether you are the founder or the Head of HR, and the people who would be working with this person. By the end of it, you probably have a list of questions, ideal answers to them, and maybe even a scoring system (depending on your approach to hiring).

At this point, you are in danger of being too prepared. As a recruiter, you head into your interview with a list of questions you need to zoom through to get as many data points about your candidate as possible so that you can report back to the team.

Take a deep breath. Make yourself a coffee. Get your notebook or open a new file in your note taking app. Put your questions to the side as you think about the big picture things you want to hit. Remind yourself: you are meeting someone for the first time. How would you greet them and introduce yourself? If they were someone you met at a social, how would you learn about their background, their story, and the things they’re passionate about? An interview is a slightly more structured first conversation. You’ve got this.

Be transparent

After you’ve done your initial introductions, you should have learned some of key pieces of information from an interesting candidate. Now, it’s your turn to also share.

When sharing, you might want to think of yourself as an ambassador for your company. While you will probably be selling the company’s culture and perks, as well as the opportunities in the role, it is just as important to be as transparent as possible to help your counterpart also decide if the company is a good fit. For example, if the candidate has made it clear they are eager to join a fast-growing company with upcoming leadership opportunities, you need to address that need. Perhaps your company wants to grow the team more slowly or prefers keeping a flat structure.

Transparency is an attitude and commitment to sharing as much information as possible that can help someone make a more informed decision. Sometimes in the interview process, it is easy to forget to share information that is crucial to a candidate. As a start, be transparent about the interview process. How many stages is it? What is the timeline? What is the salary range or compensation arrangement? If your company does not have certain policies that a candidate has asked about, acknowledge that and consider addressing it. Also do not shy away from acknowledging that you do not know the answer and following up with an e-mail response.

Show interest in the whole person, not just their skills

Recruitment is time consuming. There is always the tick of the clock against all the things you need to learn about someone. But that’s the thing: you are learning about *a person*. A person needs to be able to bring their whole self to the company, so it is important to find out about who they are in addition to their coding or sales skills.

In addition to their work history, you might have learned they are a single parent or care about certain causes they volunteer for. Personal or family factors are important because it may affect work scheduling arrangements. You may also learn their opinions about about gender, immigration and race, or same-sex marriage and you need to assess whether these match with your company’s bottom-line values. Every person you bring into the company is not only contributing their skills, but to a safe and respectful workplace for *everyone*, so your interest in them as a person will help you assess this.

Ask personal questions — the right ones. Some questions are asked with good intentions, but may actually be invasive or discriminatory. Some that I use for our remote interviews given Covid-19 restrictions are:

• Where in the world am I finding you today?
• Do you have a favorite Netflix show you’re binging right now?
• What have you been doing to keep yourself sane during the pandemic?
• Have you had a chance to adventure anywhere during the pandemic?

Also trust your gut. If you do not find yourself excited by this person, ask yourself why. It *could* be that they do not have the “right cultural fit”. However, in order to avoid hiring too similarly, *why* you may not be clicking is also a starting point to reflect. Does it have to do with language abilities or different styles of communication? Though it may be difficult to adjust immediately in the conversation, being aware can help you become more empathetic for a candidate and hire a more diverse team in the long-run.

Look for culture add not culture fit

Passbase has been moving away from the “culture fit” terminology to focus on whether someone will add to the company’s existing culture. Culture fit implies that people need to mold into a fixed framework, whereas a company is more a puzzle that needs new pieces to be expanded.

At Passbase, we try to tap someone outside the hiring department to join the interview process as soon as possible to have a more informal conversation. This conversation is meant to have someone who is not invested in the candidate’s technical skill consider whether the candidate can, and seems willing, to bring something to the culture of the company. The Passbase team member can take the conversation in any direction they’d like, but I have provided some guiding questions for the conversation. Example questions include:

• What do you like to do outside of work?
• Who or what inspires you in your life/career?
• How would you describe your working style?
• What makes an inclusive workplace?
• What excites you about coming to work?
• What motivates you to do your best work?

No matter how talented a candidate is, they ultimately have to be able to work with their team, and contribute to a safe and respectful environment. This part of the interview is meant to consider whether an individual can add depth to a company. While every person taking part in the interview process will be considering whether someone “could fit in” at the back of their mind, reframing this question as “How can they add to our culture?” pushes our own company to be more cognizant of the areas we need to grow as well.

Leave them excited to continue conversations

Finally, you’re nearing the end of your conversation (or your allotted call time). Now is not the time to just wrap up because you have gotten the information you want. Use these last few minutes to keep the conversation open. Just as we began, you want to leave a good conversation by looking forward to the next one.

Getting a candidate, who might be interviewing with several companies or happy in their existing job, to be excited can sometimes require some selling skills. At this point, your non-Q&A call should be leaving them just wanting to continue the conversation. I always finish by giving the candidate a time estimate that they should be hearing from me by — ideally no longer than a week. Even if you don’t have a status update, a check-in email is nice! Nobody likes to feel ghosted. I always make sure to emphasize that they can always reach out with questions or concerns, and that I am always available to hop on a call if necessary.

Your interviews are not where you need to find out everything about a candidate. You need to develop the confidence that they will add value to your company and bring them onboard. Bringing the right people on board will elevate the company in directions that you may not even have anticipated.

We are hiring in our New York and Berlin offices! Check out our latest open positions here.

Originally published at https://passbase.com.

Best practices for interviews was originally published in Passbase on Medium, where people are continuing the conversation by highlighting and responding to this story.

We are excited to announce that Passbase now allows end users to reuse documents to accelerate the identity verification process. Companies using Passbase can now offer end users the option to share previously submitted identity documents for their verification process.

Inconvenience lowers customer conversion, satisfaction, and retention. In contrast, by allowing your end users to securely verify their identity again within seconds by taking a video selfie and sharing previously submitted documents builds customer trust. Documents submitted by end users are known as identity resources in the Passbase dashboard. Passbase customers on a Growth Plan or above can make full use of this feature when managing multiple projects.

Leverage Passbase’s underlying identity network for smoother customer experiences

As of April 19, 2021, new Passbase end users, your customers, will have the option to share with you their previously submitted identity documents (known as identity resources in the Passbase dashboard). An end user who has performed a successful identity verification with Passbase before will have a root identity created and documents they submitted will be attached to this identity. Allowing end users to re-use their previously submitted documents will drastically shorten their future verification processes and save up to 75% of the usual verification time, creating a faster and smoother customer experience.

Companies operating in FinTech and the Gig Economy stand to benefit most from this feature, where customer segments and user groups have significant overlap. Imagine that your end user is signing up for a different service on your platform where they will need to perform identity verification again and submit ID documents for security purposes, such as a driving license. In addition to saving your end users hassle, you are building trust with them by requesting their explicit permission to share documents with you.

Perform KYC checks secured by Passbase’s biometric authentication

To increase your confidence in the documents that are being reused for KYC checks, Passbase’s system for re-using identity resources is secured through biometric authentication. Each root identity in the Passbase ecosystem has a person’s biometrics attached to it. Passbase uses face matching from a user’s video selfie to recognize previous identity holders and allow them to share their identity resources like passports, driver’s licenses, or national IDs. An end user will be able to select only the latest documents submitted that their current verification flow requires. If an end user has no applicable documents, the option will be automatically be skipped and they will be able to submit the necessary documents. If the user’s selected documents fulfil all your verification requirements, they can complete the verification. By having end users perform a video face scan first, your business reduces the risk of fraud as there is a simultaneous identity and liveness check before documents are submitted.

Allow identity resources to be re-used at the project level

You can allow end users to reuse documents (identity resources) on a project level. Passbase clients with a Growth plan and above can set up multiple projects on the Passbase dashboard. This means that you can set up multiple verification flows depending on your cases, such as for different services that may require additional documents. In order to maximize convenience for you and your end users, Passbase unifies an end user’s digital identity, so that a user who has performed an identity verification before can re-use their identity and identity resources for future verifications.

This feature is available for web SDK version 3.1.17 and above.

Passbase is working to build human ways of sharing digital identity that empowers teams to offer better user experiences while protecting their businesses and end users.

We value input from the Passbase community and partners to prioritize identity verification features that have an impact on businesses and organizations. You can always make a feature request here.

If you have any questions, get in touch!

You can also:

• Use a 30-day free trial if you are new to Passbase
• Book a demo to see specific features
• Try our no-code solution setup with a Zapier integration
• Get setup with our integration guide or our Youtube tutorials
• Check our example projects for your tech stack on Github

Originally published at https://passbase.com.

Introducing reusable documents to accelerate identity verification was originally published in Passbase on Medium, where people are continuing the conversation by highlighting and responding to this story.

We need to be informed before we can take action. Teams should be given visibility into identity verification activity happening in their services or platforms to protect against fraud. We are happy to announce a new feature, an identity timeline, which displays events associated with a unique identity in the Passbase dashboard. Teams can now have one place to check events such as identity creation, authentication attempts, and meta data associated with each event to understand the context of user behaviour and assess situations.

All Passbase clients can see the identity timeline in their Passbase dashboard.

Provide teams with a clean overview user activity

Teams with access to Passbase’s dashboard have an intuitive way to see a user’s history and understand key events. Tracking identity verifications and authentications as Events in one consolidated place is useful for ongoing monitoring as well as customer support.

Each identity comes with a timeline, meaning that users who perform their first identity verification with Passbase will create a root identity and record future events associated with this identity. A Passbase client can now use the dashboard to see the following information:

• when a root identity was created
• when and by whom was the identity verification accepted or rejected
• when an identity is pending or needs review
• successful authentication events
• when an authentication attempts fails due to face matching or liveness detection

This information provides non-technical team members with the context to handle various scenarios, such as when an authentication has failed multiple times and may need customer support. It also provides key information for team members following up on cases in the future.

Give teams context to handle cases and prevent fraud

Passbase’s identity timeline also provides key meta details for teams to understand context and assign cases. Event details such as geolocation or failed liveness detection will help companies decide whether it is case for fraud prevention or customer service teams.

Each event recorded has meta data to help teams detect potential fraud. Teams can click into an event to see details on Completion Time, Checks, SDK, Device, Location, IP Address, Geo Location, Browser to note suspicious behaviour.

Get started

Identity timelines are visible on all Passbase client dashboards. It is most powerful when used in conjunction with our Biometric Authentication feature, which allows users who have performed identity verification with Passbase before to take a selfie to login or perform transactions.

We will be introducing more user-friendly and human ways of understanding digital identity to empower teams to protect their companies and end users. Strengthening security and online trust requires equipping everyone — from developers to compliance teams — with the best tools possible to verify individuals and secure online identities.

As we work to build identity verification to serve online businesses and organizations, input from the Passbase community helps us prioritize features with impact. You can always make a feature request.

If you have any questions, get in touch!

Originally published at https://passbase.com.

Introducing Identity Timeline was originally published in Passbase on Medium, where people are continuing the conversation by highlighting and responding to this story.

Consumers are becoming more accustomed to face and fingerprint scans to unlock their smartphones and authorize transactions. While many online businesses now require facial scans for identity verification during user onboarding, they have yet to unlock the potential of Biometric Authentication. If a customer has proven their identity once with a selfie and document verification, then why can they not use a selfie again to do authentication?

With Passbase Authentication, companies can create a convenient and secure way for customers to access their accounts, without the risk of using text-based passwords and inconvenience of added security measures such as OTPs. Product teams can also use Passbase Authentication to seamlessly build Customer Due Diligence (CDD) into their user flow for AML regulatory compliance and reporting requirements. Passbase Authentication not only helps businesses with identity verification, but to secure their transactions and build trust with their users.

Reduce fraud by letting your end users authenticate in your product again

If you enable Passbase Authentication, your end users will have a secure way to login and authorize transactions, such as transfers or checkouts, without passwords and OTPs.

A user who enters an email address that has already been verified and approved will automatically enter the Passbase Authentication flow, which only asks users for the required information. This means that returning users will be able to skip the start screen, Terms & Conditions, and instructions to immediately take a selfie video. When the face in the video matches the face in the records, and they do not need additional identity verification documents, they will be authenticated and able to access their account or perform their transactions.

When the user’s face matches the face data behind the e-mail, the system checks the user’s previously submitted documents to see if there are any missing identity verification steps. These documents can include official photo IDs, such as a passport, driver’s license, national ID card, insurance card scan, as well as a proof of address. If additional documents need to be submitted, such as scanning an insurance card, the user can submit them to complete the authentication process. If the documents are already stored, then the user can skip the ID card scanning process and be authenticated.

For security reasons, a user can attempt a video selfie 3 times before they see a failure notification and authentication module is automatically closed.

Serve end users on any device across the world

Passbase Authentication is supported by the latest web and mobile SDKs (see supported versions below), allowing your end users to smoothly authenticate cross-platform from web to mobile or reversed, by re-using the biometrical datapoints of their face.

In addition, Passbase Authentication is available in 15 languages including Chinese (Simplified), Danish, Dutch, English, French, German, Italian, Japanese, Korean, Lithuanian, Latvian, Polish, Portuguese, Russian, Spanish. We are also working on adding more languages soon!

Get visibility into verifications and authentications

Teams using Passbase Authentication can see successful authentications on Passbase dashboard along with other key events. This information helps teams refine their fraud prevention because they can note the frequency, details of an authentication attempt, and also adjust acceptance thresholds.

Authentications are recorded in the Passbase dashboard Events, History, and Timeline sections. This gives both developers and teams managing identity verifications more context to provide better customer service and or to flag suspicious behavior for fraud.

Non-technical team members also have contextual information to handle various scenarios, such as when an authentication has failed multiple times and may need support. It also provides key information for team members following up on cases. In each identity timeline, an event also includes details on Completion Time, Checks, SDK, Device, Location, IP Address, Geo Location, Browser so that teams can note any abnormal behavior.

Integrate authentications into your workflow with webhooks

Development teams can also make use of webhooks to receive Passbase Authentication notifications directly in their own workflows and dashboards.

Companies using Passbase can receive a webhook called identity authenticated once a user has been authenticated. This webhook can be added in Integration and Settings. This webhook is also available in the webhook logs. When the identity authenticated webhook is fired, it is displayed in Webhooks.

Development teams can test this webhook by adding it to a new or existing webhook within the developer dashboard. This webhook only displays in the developer dashboard if the project has Passbase Authentication enabled.

Below is an example of the display format:

Passbase has guides for handling webhooks with Firebase Cloud Functions, in Node.js, and calling the Passbase API with server-side libraries in Javascript, Python, Java, Go, Ruby, and PHP.

Get started

Passbase Authentication is currently available to clients who request this feature to be enabled and do not need to make any changes to their client-side SDKs to integrate the feature. You can contact our contact our sales team or Passbase Support if you are an existing client. We have a lineup of resources for you to get started with Passbase Authentication.

This feature is available for SDK versions:

• Mobile (iOS / Android): 2.1.8
• Web SDK: 3.1.14
• React Native: 2.1.8
• Flutter: 2.1.8

We are thrilled to have powered the growth of diverse companies powered by Passbase’s identity verification engine, including ones in FinTech, cryptocurrency, real estate, ecommerce, and healthtech amongst others.

Identity verification has always been important, but securing digital identities has become paramount. As services continue to digitalize, more marketplaces and platforms remain to be built. We look forward to building the most robust, scalable, and adaptable identity verification solutions, from no-code to customizable APIs, along the way.

We thank our clients for their continuous feedback on useful features and early adopter clients. If you have any questions, get in touch!

Originally published at https://passbase.com.

Introducing Biometric Authentication: Unifying identity verification and secure user logins was originally published in Passbase on Medium, where people are continuing the conversation by highlighting and responding to this story.

We have a confession to make.

10:43 am — August 20th, 2019 — New York, NY

Let us start by making one thing abundantly clear. Passbase did not win Hacker Noon’s “Most Exciting Startup” award fairly. We employed powerful forces outside the bounds of fair competition to manipulate the results of this “election” and it worked. We did not do this to win, but instead to make a point. This is the story of how, and why, we hacked the 2019 Hacker Noon “Most Exciting Startup” Award, what it means for the democratic process online, and what we can do about it.

Oh shit. It actually worked.

8:46 am — August 20th, 2019 — New York, NY

I woke up on the couch of the San Francisco apartment where our company originally started. Still half asleep, I read through my emails as I do every morning and, at the top of my inbox, I saw a much-anticipated email. Hacker Noon had just announced the winners of their first-ever award competition, the Noonies. As designed, my company Passbase was featured at #1 in the polls. This came as no surprise. After all, that was the plan. We just didn’t think the plan would actually work.

Realizing what had just happened, I woke up my co-founders and gathered them around the coffee table. We came to the unanimous decision that we would come clean and tell the world our story. We concluded that our ability to compromise the integrity of this democratically selected award was representative of a far greater set of issues facing the digital world. Our hack had demonstrated the power that fake identities can have online when left unchecked. We hope that by shining a light on our actions, we can help institutions of all sizes avoid these types of manipulation. So we finished our coffee and got to work writing our confession…

It started with an honest lead

6:30 pm — August 11th, 2019 — New York, NY

“Yeehoo! We’re in the lead.” — Felix, CPO of Passbase

We had worked hard over the past year to build a network of supporters for our young company. Taking philosophical positions on timely issues relating to privacy and data ownership online, pushing strategically targeted campaigns, and just old-fashioned grassroots marketing. Following the Facebook-Cambridge Analytica hack and Experian data breach, our commitment to addressing issues of privacy and data ownership seemed to have reached an enthusiastic audience.

Thanks to our loyal following and some targeted social campaigns, we were able to collect enough votes to reach the leading position in the Hacker Noon polls. After securing what we believed to be a sizable lead, we took our foot off the gas and turned our marketing efforts back towards content creation and lead generation.

Then it turned into an arms race

5:30 pm — August 14th, 2019 — New York, NY

“Those F*****rs!” — Mathias, CEO of Passbase

We had dropped two places in the rankings just 24 hours before the competition was scheduled to close. After some research into our competition, we concluded that the volume of votes required to overtake us in that small amount of time was near impossible without some “assistance”. The velocity at which new votes were entering the system, just hours before competition close, could mean only one thing. Bots.

Sitting at #3 in the polls with a few hours left in the competition and some fairly obvious voter manipulation occurring, we had an idea. Could we beat the hackers at their own game? Not to win, but to make a point? What happened over the next 24 hours was a frenzy of programmatic voter fraud.

How we hacked it

1:30 pm — August 15th, 2019 — New York, NY

Like many other polls online, Hacker Noon’s award was based on browser sessions. They did not require an individual to signup or complete any form of verification which made our “hack” quite easy to execute at scale.

Our team quickly developed a python script to execute votes programmatically from a theoretically unlimited number of virtual machines — cast a vote, clear the browser cache, change the IP address, repeat. All of this was done within a few seconds for each new vote. As we scaled up this operation, we spun up several AWS instances and began executing the script. Boom. We received thousands of upvotes and climbed to first in the polls within the last few hours of competition with other “competitors” right on our heel, receiving an equally implausible number of votes over the course of a few hours.

By our conservative estimate, over 25,000 new votes were posted and allocated to top few contenders within the last 24 hours. The total vote count went from 25k to 50k within a day. By the end, there were approximately 3,000 votes per hour entering the poll.

As the polls ended with Passbase in the leading position, we closed our laptops and breathed a sigh of relief. As expected, a few days later we received the email informing us that Passbase had won.

The big picture

What does this mean? How can we trust any poll or election that has been conducted online? More specifically, how can we trust any “individual” we interact with online? These are all questions that as a society and as a company we need to ask ourselves.

Our thesis is that the world is in desperate need of a more seamless and secure system of digital identification. The methods we used to manipulate this poll are completely avoidable if the appropriate steps are taken to verify the identities of people participating. But these methods can be invasive, and cumbersome. As we look to the future, it seems obvious that more and more sensitive processes and services are being moved online. Whether those services are polling, ridesharing, or digital banking they all share one thing in common: identity matters. It’s important to consider the important role that identity plays online and just how large of an impact it can have if not secured properly.

In the wake of Cambridge Analytica, Experian, and other hacks, we now are beginning to see the cracks in our system. Fake or stolen digital identities are at the heart of Russian election meddling, global credit card fraud, and our very own Hacker Noon hack. At Passbase, we aim to build a more secure future in which we can trust the identity of others online and unlock the next generation of trust-based products — from secure polling to on-demand babysitting.

A final word

Obviously, we cannot, and will not, in good faith accept this award and apologize to all those who competed fairly. In the spirit of redemption, we have offered our verification services to Hacker Noon for the 2020 Noonies, free of charge, to ensure their polling process is free from manipulation. By shining a light on this vulnerability, it is our hope that the necessary precautions are taken to ensure the sovereignty of future elections — large and small.

How we hacked Hacker Noon’s “Most Exciting Startup” award and won was originally published in Passbase on Medium, where people are continuing the conversation by highlighting and responding to this story.

Meet our team behind Passbase — www.passbase.com/team

We are excited to announce that Passbase has closed a pre-seed funding round of $600K led by a group of amazing early-stage technology investors and business angels from Alphabet, Stanford, Kleiner Perkins, EY, Upheaval, and Seedcamp.

We plan to use this funding to develop our core infrastructure, launch our B2B product and first privacy-focused consumer application. We are investing heavily in machine learning, making our product simple to integrate, and GDPR-compliant by design.

Today we are proud to offer businesses with a simple-to-integrate set of developer tools, combining facial recognition, liveness detection, ID authenticity checks, and ID information extraction into a GDPR-compliant product. Our verification process gives people control over the identity information they have shared through our privacy-focused consumer product. This allows people to ultimately control who has access to their identity information, streamline future verifications, and give people the tools to they need to manage their digital footprint.

Businesses canm new register for our early access program with a full release scheduled for May.

This is just the beginning. With our developer-focused products and consumer privacy tools, we are reimaging how user identification, data ownership, and digital identity should work. At Passbase, we are aiming to build a system that empowers people with a universally trusted digital identity that is portable between services. Our plan is to give people back the power by letting them keep control of their most sensitive data. This, in turn, helps businesses to streamline onboarding, protect their platforms from bad actors, and worry less about complying with modern-privacy regulations.

Like always, let us know your thoughts and your feedback or reach out directly to us via dave@passbase.com

Links:

WEBSITE | LINKEDIN | TWITTER | CONTACT

Announcing $600K Pre-Seed Funding Round was originally published in Passbase on Medium, where people are continuing the conversation by highlighting and responding to this story.

Identity verification. This is a more important issue for businesses today than ever before. In addition to the growing number of new companies joining the digital landscape, businesses that once used traditional means of verification are now undergoing massive digital transformation and bringing their services online. Not only do all of these businesses need to develop methods that allow users to access their services securely, but they also need to monitor their exposure to risk as their user base continues to grow.

The market for digital identity verification is growing day by day. In a recent analysis carried out by McKinsey, the market was estimated to be worth approximately $10 billion in 2017 and expected to reach between $16 and $20 billion by 2022.

This trend for an increasing need for strong identity verification has led to a proliferation in the collection of sensitive identifying data, including passports, drivers licenses, social security numbers, etc. From FinTech and P2P markets to Cannabis and E-Cigarettes, the industries driving this trend are facing intense pressure to ensure that this information is stored securely and in line with their compliance obligations.

The Identity Trade-Off

Our all-digital world brings convenience and agility, but it also brings a raft of threats including identify impersonation, money laundering, and service misuse. In a bid to avoid these risks without compromising the quality of service, businesses have had to find ways to keep fraudulent users at bay while also offering quick and convenient access to legitimate users. It’s a trade-off that a huge number of businesses are struggling with.

Users are worried too. They are worried that the identity information they share in exchange for accessing services is poorly stored, easily compromised, and in some cases abused. They have a reason to be concerned — the current state of play is often flawed and fragmented.

Something has to give. More online platforms mean more user data to manage. Poor management and lapses in protection are the reason why we hear about mass-scale data breaches every other day. According to Juniper Research, the global cost of data breaches will rise to $2.1 trillion by 2019.

The True Cost of Identification Verification

Security isn’t the only concern for organizations that gather and store sensitive user data. Thanks to the introduction of compliance legislation such as the EU’s GDPR and California’s REAL ID Act, data breaches and non-compliance hold an even higher economic expense, as shown by the recent $57M GDPR fine brought against Google.

Firms must take responsibility for the identity data they gather and how they use it. That is a given. However, they face a huge problem. On one hand, the growing number of online services means companies need to collect more information to verify identities and keep their platforms and users secure. On the other hand, regulators and society are turning up the pressure on the same companies to collect less sensitive consumer data. It’s a real Catch 22.

Identifying the Risks

Many of the most recent data breaches have been caused by vulnerabilities in integrated third-party systems used to store and transmit passwords and validated processes. These vulnerabilities highlight the need to review the ways in which users are authenticated and reduce the risks involved in the process. Such risks include:

• The growing number of web applications and how users engage with organizations online
• Issues with security web applications, such as password sniffing, cross-site scripting and exposing consumer financial and personal data to theft and loss.
• Insecure wireless networks that expose user data to interleaving, password sniffing replay, reflection, “man in the middle” attacks and forced delay.
• Insecure 3G networks that are susceptible to attacks.
• Vulnerabilities caused by the transmission of password hashes — this allows hackers to masquerade as genuine users.

Maximum Security, Zero-Knowledge

So, how do organizations allow a user to gain access to the services they need without exposing hypersensitive information or breaching compliance obligations? How can they do this while still being sure of the identity of the user accessing their platform?

These two opposing pressures are what Passbase is built to solve. Passbase’s enterprise product eliminates the need for businesses to collect the most sensitive identity data while still allowing them to be sure about the identity of the user on their platform. Identity verification is where digital payments were 20 years ago. Passbase is doing for identity information what PayPal did for credit card numbers, helping users to access the services they use every day securely without exposing their most personal details.

Knowledge, as the saying goes, is power and when that knowledge is user credentials, that power can have devastating effects when in the wrong hands. In many applications using traditional authentication processes, passwords are sent as clear text. This provides hackers with plenty of opportunities to intercept valuable and sensitive data. Zero-knowledge authentication, on the other hand, allows users to prove that they know the password without ever revealing the password to the authenticating server.

While this concept of zero-knowledge authentication isn’t applicable for industries regulated under AML today, Passbase has the ambitious goal of building a privacy-focused identity solution that one day even banks can leverage.

We at Passbase (Passbase.com) work tirelessly to improve privacy and security online by creating a better way to do identity verification. We’re building the future of identity using a unique combination of public-key cryptography, biometric authentication, and machine intelligence.

Like always, let us know your thoughts and your feedback or reach out directly to us via dave@passbase.com

Links:

WEBSITE | LINKEDIN | TWITTER | CONTACT

Other Articles:

1. Why Google Was Hit With a 57M GDPR Fine and What It Means For the Future of Data Privacy! LINK

Why Google Was Hit With a 57M GDPR Fine and What It Means For the Future of Data Privacy

2. Why Google, Amazon, and Facebook Won’t Win the War for Digital Identity.
LINK

Why Google, Amazon, and Facebook Won’t Win the War for Digital Identity

Two Trends That Prove the World Needs a Better Identity Solution was originally published in Passbase on Medium, where people are continuing the conversation by highlighting and responding to this story.