In this age of rampant data breaches and identity theft, booking travel online can take a leap of faith, especially in the sharing economy. After all, to rent that fabulous vacation home or motorhome, a travel website may require you to provide a lot more information than expected.
But do companies really need to have access to all this information?
No, says Persona co-founder Rick Song. His startup aims to become a trusted intermediary in securing transactions that use personally identifiable information (PII), the same way PayPal has become a trusted intermediary between merchants and buyers in payment processing. Persona just announced its Series A funding round with $17.5 million raised from investment firms such as Coatue and First Round Capital.
Simply put, an identity verification service helps businesses confirm that customers are who they say they are by verifying some of their personal information. “But very often websites are created by engineers who have no security background,” says Song, who was previously an engineer at payment solution Square. “Data security and privacy may not be a priority for many engineers. Often, I think benign actions can create opportunities for leaks and violations. »
Song hopes his start-up can do for identity verification what PayPal did for online payments. “PayPal has made it so you don’t have to give every company your credit card information,” Song says. “It acts as a third party that facilitates transactions and is a trusted information broker.” PayPal uses encryption and tokenization to allow a consumer to make an online purchase without exposing credit card information to a seller, while allowing the business to receive payment without being exposed to liability for holding credit card information.
Similarly, Persona provides a website with a win-win premise: an encrypted identity verification layer that Song says should allay the fears of privacy-conscious consumers. A customer’s identity is verified by sharing only the bare minimum of information and removing unnecessary PII. “For example,” Song explains, “we can only expose your birthday to the company, not your address, driver’s license, or selfie photo.”
At the same time, the travel agency can rest assured that the customer has been properly validated without having to take responsibility for holding personal information, Song says. “We only give companies the PII data they need to conduct their business, reducing the risk of a data breach.”
This will likely look very attractive to shared marketplaces whose business models rely on two-way trust. Song cites the example of a customer, who must provide a security guarantee to both the person renting the RV and also to the RV owner who shares their vehicle with a stranger. “Both parties want to be sure that they are not just dealing with a travel agency, but also with a company that really focuses on identity security.”