iProov snaps up $70M for its facial verification technology, already in use by Homeland Security, the NHS and others

Biometrics, and specifically facial recognition, have seen a surge of usage in the last several years, first as a tool to help organizations verify identities digitally against rising waves of fraud and cybercrime; and second as a way to help enable that process even further in our socially-distanced, pandemic-punctuated times. Today, a startup called iProov, which provides face authentication and verification technology to a number of governments and other big organizations — attracting some controversy in the process — is announcing $70 million in funding to keep up its growth momentum.

The funding is coming from a single investor, Sumeru Equity Partners out of the Bay Area, which originally started life as a part of Silver Lake before spinning off as an independent operation in 2014. Valuation is not being disclosed, nor is the total raised by the company to date.

London-based iProov has seen a lot of business traction so far in its home market of the U.K., and now it plans to use capital specifically to continue building out its present in the U.S. and other international markets where it’s already started to get a foothold. iProov works at the large enterprise level and its customer base currently includes U.S. Department of Homeland Security, the U.K.’s Home Office and National Health Services (NHS), the Australian Taxation Office, GovTech Singapore and banks Rabobank and ING. iProov said 2021 was a bumper year for the company: it tripled its revenues over the year before (although it’s not disclosing how much that works out to in actual terms).

As a measure of how much, and how, iProov is getting used, the NHS says that as of September 2021, usage of its NHS app — — which uses iProov to power the facial verification that is used to register for the app, which then lets you check and show your vaccination status; book doctor appointments; re-order prescriptions; view your medical records; get advice; and more — ballooned to 16 million users, from just 4 million in May 2021 (now it’s January and there are likely more).

To be clear, this isn’t facial recognition — which founder and CEO Andrew Bud describes as a mere “commodity” these days — but technology, sold as Genuine Presence Assurance and Liveness Assurance by iProov — that lets an organization capture an image of an individual, verify that it’s real against another piece of ID and not a deepfake or other counterfeit image, and proceed with whatever transaction is going on, all by way of cloud-based remote, virtual mobile technology.

Its peak usage last year last year typically would see iProov getting pinged for more than 1 million facial verifications per day.

But that growth has not come without scrutiny and other controversial attention.

Critics have slammed iProov and the UK government for a lack of transparency over how user data is handled in process of capturing and authenticating images for biometric verification, particularly given that iProov is a private company working for a public organization; related to that there have been other ethical questions raised between the links between some of the startup’s earliest backers and the Tory Party (which is currently in power in the UK).

And as of this week (timed to coincide with the funding news?) iProov has also been the subject of a patent lawsuit from a U.S. rival called FaceTec, which claims that iProov has copied parts of its technology and is demanding an injunction (something that could be tricky as iProov increases its focus on the U.S.).

Meanwhile, iProov has also been involved in early work to see how and if its facial authentication technology might be applied in other use cases, such these trials to speed up Covid vaccination certification, another potential avenue for scrutiny.

In an interview, Bud was quick to counter the controversial currents that have swirled around his company and the technology that it’s built.

On the issue of privacy and security, Bud is a longtime veteran of the telecoms and mobile worlds, initially as an engineer and then an executive, who said that his interest in biometrics was sparked after being burned at his previous company, mBlox, where malicious hackers exploited the company’s SMS infrastructure and stole millions of dollars from customers.

The experience made him realize how critical security needed to be both at the end of the provider, but as something that was easy for consumers to engage with too. “It needed to be ultra-inclusive and simple,” Bud said. “How can we ensure something like that would never happen again? I had to solve that problem.” That, he said, was what spurred him to start looking at biometrics, which he believes is the best answer to that question. And from that he built his next company, which became iProov.

“These are fair questions,” he said in response to me raising the issue of privacy and data protection at iProov and its work with public and private institutions. “Privacy is extremely important to iProov and our systems are built to protect users.” Everything is compliant with GDPR or other government-mandated data protection rules, related to data and how it may or may not be used, he added, and the methods that iProov uses to process user data are built to keep customers and their identities safe from being compromised. He also confirmed that none of the data that passes through its system is used for commercial purposes. iProov runs a policy of not knowing the identities or other personal information realted to any photos, but it does store imagery, specifically to help track and block malicious actors and to track anomalies.

On the subject of the patent infringement lawsuit from FaceTec, Bud dismissed it as “completely unfounded,” with a spokesperson sending me a more complete statement after my interview (as well as asking we keep this part out of the story altogether…):

“All of our products have been developed in-house and are covered by granted patents. Accusations that we have used [FaceTec] technology in our products are completely unfounded, and iProov will take all appropriate actions to defend itself and its customers.”

And as for future applications, although the UK government hasn’t yet shown a willingness to mandate so-called “Covid passports” widely — where people have to provide quick verification of their vaccination status to gain entry to events, public venues, workplaces and more — the basics of that technology are already there and being used by a number of other customers, Bud said. These include a recent launch from Eurostar (which runs the train under the English Channel between London and cities on the European continent) for passengers to authenticate their various credentials at home, to reduce the amount of dwell time at check in, where they then can walk through simply by showing their faces to a screen.

Facial-related biometrics, Bud said, are likely to remain the mainstay of what iProov and others will develop going forward for these and similar use cases, although the company also offers a palm-based identification method, too. Primarily, however, iProov and others will have to follow the lead of the organizations they work for: their tech will only be as useful as whatn ever biometric information the original organization collects. (And these days, government-issued IDs, with photos, remain the main source of that data.)

As we move ever more processes to digital and cloud-based platforms, finding ever more watertight methods of verifying identities of users, while evading the increasingly sophisticated approaches of fraudsters and malicious hackers, will continue to be a huge priority. Investors seem willing to place bets on iProov being one of the strong players in keeping those services working as they should.

“We see iProov as becoming the industry standard to establish the genuine presence of anything (a person, a document etc),” said Kyle Ryland, a managing partner at Sumeru, in a statement to TechCrunch. “We hope that iProov will be used not only to accelerate digital onboarding and verification for both online and physical experiences, but also to replace the use of insecure passwords for frictionless authentication and much more. We have a platform that is constantly learning and allows us to remain at the forefront of emerging technologies and new security threats.”