When it comes to data breaches, the headlines this year have become a blur, with the vulnerabilities of one corporate giant after another – American Express, eBay, Home Depot, JPMorgan Chase, Target – put on full display for the world. The pace of breaches has been accelerating, too, with roughly 600 data breaches in 2013 and what experts expect will be 800 breaches by the end of this year.
The trend is lousy for consumers, but it’s exceedingly positive for TeleSign, a 10-year-old, L.A.-based company that handles new account verification and two-factor authentication services for hundreds of huge properties, including nine of the 10 biggest U.S.-based web companies.Yesterday, StrictlyVC caught up with TeleSign CEO Steve Jillings to learn more about his business – and whether TeleSign, which closed on roughly $50 million in funding in July, might ever raise another round from private investors. Our chat has been lightly edited for length.
You handle crucial authentication services for some of the biggest, savviest tech companies in the world. Why is this something they’re outsourcing?
We’re in a business that’s easy to do badly and incredibly hard to do well. A lot of the big tech companies have users in every corner of the world. We’re localized in 87 different languages and deliver authentication events into more than 200 countries and territories – places I’ve never heard of. And our 250 employees — roughly half of whom are in engineering – are focused on authentication 24/7. It’s like asking, “Why aren’t you generating your own power?” Because you can flip a switch and it just works.
Who are your most direct competitors?
Our biggest competitive set are companies that do try doing it themselves. A lot of messaging companies that offer up cheap messaging feeds tell their clients that it’s easy to make work and here’s how you do it. We get lots of customers who eventually give up and outsource the entire thing to us. With 20 or 30 people, you just can’t get on top of it. Making this stuff work globally, using messaging as a delivery platform, the complexities are difficult.
You’re talking about delivering PIN codes as part of the two-factor authentication process. I sign in to Twitter, it asks me for my password, then shoots a code to my phone to ensure that I’m who I say I am.
Exactly. We deliver access PIN codes, and we deliver the bulk of them through SMS or in a voicemail, and now we’re starting to deliver them through mobile authentication apps.
People think when you send an SMS, it simply, magically arrives at the other end, but there are many things that can go wrong using the telco layer. And if a customer is waiting on a PIN code that doesn’t arrive, you have a pretty unhappy customer.
Apple and others are starting to do more with biometrics to authenticate users. Could biometrics put you out of business?
Face recognition and voice stuff is cool, but that’s about as far as it goes. Biometrics has been around for years, but you probably can’t name one biometric company that’s been successful or gotten to any degree of scale. Voice has too much latency. Facial [biometrics] is getting better, but it’s nowhere near prime time. We think behavioral biometrics is interesting, but that’s also super early. We’re integrating some aspects of biometrics in our stack as incremental data points, but to say it can replace what we do would be a stretch.
How do you make two-factor authentication easier, so that more people take advantage of it?
Well, a lot of our clients are now looking at it and saying they’re going to make it mandatory, meaning it will become an opt-out feature rather than opt-in. But we’re also very focused on reducing user friction. It won’t be long before the user experience will be simpler, so that when someone who has registered an account comes back [to use it], we’ll be able to authenticate them based on information that they know, what we know about their device, and their behavior.
You’ve said in other interviews that your revenue is doubling every year, that it was $24 million in 2012, $50 million last year, and that it’s on track to double again this year. So what’s next? Are you thinking about an IPO? Might you raise more private capital?
We’ve raised $78 million, including $50 million this summer, and most of that’s still in the bank. The only scenario where we’d raise more now is if we had the opportunity to acquire a company that we couldn’t absorb [with our current resources]. There are a lot of interesting technology companies out there that will struggle to get to scale but that have technology that could be additive to the things we’re doing, and we can get technology in front of the biggest companies in the world in no time at all.
In the meantime, our goal is to be IPO ready by the end of 2015. We’ll financially be at the scale that we could go public. We think five quarters away is good timing for us. But right now, it’s more of a discipline thing than a hard-and-fast thing.
Sign up for our morning missive, StrictlyVC, featuring all the venture-related news you need to start you day.