Techsign secures funding to deliver biometric authentication, KYC services beyond Turkey
Techsign has secured funding from venture capital partnership Techmine which the company says makes it the highest-valuated digital ID company in the EMEA region, at $8.5 million.
The investment is the first for Turkey-based Techsign, which provides end-to-end identity authentication and digital know your customer (KYC) services, with a suite of solutions based on signature biometrics and the FIDO protocol, as well as ID document and selfie biometric checks. The company says it performs more than 1 million user verifications per month, for high-profile customers including ING Bank, Coca Cola and BNP Paribas.
Techsign suggests that the investment demonstrates the increasing importance of online authentication, KYC and anti-money laundering (AML) controls. A record first half of 2021 for revenue indicates the company’s strength in these areas.
“The need for identity verification in the digital environment has increased beyond expectations, enabling us to achieve proud achievements while giving us further ambition and strength to keep innovating,” comments Techsign Co-founder and CEO Abdullah Kip. “Our aim is to ensure secure digital access for everyone working, studying, learning, socializing and having fun online with our one-click verification. We have successfully become the dominant service provider in Turkey. Now it’s time to repeat this achievement in Europe.”
Techsign launched its Prove ID KYC Platform in April, and its team has doubled in size over the past year.
Turkish DPA issues biometrics guidance
The country’s Personal Data Protection Authority, meanwhile, has published a Guideline on Processing Biometric Data to help businesses meet the legal requirements for deployments of biometrics, Lexology reports.
The Guideline defines biometrics based on judicial precedence in the country, and Europe’s GDPR, dividing the technology into physical and behavioral traits. Biometrics are considered sensitive personal data, and must therefore be processed in line with existing requirements.
Those requirements include not violating fundamental rights and freedoms, suitability for the specified purpose, necessity and proportionality, and limited retention. Entities processing biometrics take on obligations to inform subjects, though within a specified scope consent is not required. Outside of that scope, consent must be obtained.
The Guideline also sets out technical requirements, such as the use of encrypted templates and cryptographic protections for data stored in the cloud. Employees working with biometrics must receive training, and alternative authentication methods must be provided to users.