‘Despite Brexit, London will remain the fintech capital of the world’: Kaarel Kotkas

It all depends on what figures you go to, but most sources agree that cyber crime is one of the biggest global threats facing us today. To take one estimate, Cybersecurity Ventures predicts global cyber crime will be worth $6tn annually by next year. If anywhere near correct, we now have a criminal enterprise on our hands, bigger than the entire worldwide illegal drug trade and the largest collective financial transaction in the history of humanity. Whichever source you go to, as Kaarel Kotkas says, cyber crime is “pretty big and we’re seeing the problem of establishing identity on a scale previously unseen”. His company, Veriff, is aiming to play a role in combating online fraud, especially in the banking sector.

Veriff is an Estonian global online identity verification company with the mission “to protect businesses and their customers from online identity fraud by ensuring that a person is who they claim to be,” says Veriff’s 25-year-old CEO and founder. “With the help of artificial intelligence,we analyse thousands of technological and behavioural variables in seconds, verifying people from more than 190 countries. We can process over 7,000 different government-​issued IDs, which is far more than anyone else currently can.”

While it’s easy, perhaps, to think of Estonia as an emerging post-Soviet north European country that, in proportion to its small size and population, has modest technology ambitions, this is not the case. Its tech sector accounts for 10 per cent of the country’s GDP and there are more than 900 start-ups in the territory. It also brought us Skype and has a growing reputation for enticing investment. Veriff has attracted backing from investors associated with Google and Twitter as well as Skype and is currently expanding into territories outside the EU, including the UK.

“We are working with a lot of companies in London and so we’d like to be there, too. We are establishing customer-facing teams and account management there. Despite Brexit, London will remain the fintech capital of the world. Definitely," says Kotkas.

“Since Estonia got back its independence in 1991, we have had to think about how we can run the country. There wasn’t much of an economic legacy from Soviet times, so we had to decide how to use the technology we had to run the country. Yet as the government was already technology-savvy, it was relatively easy to achieve.” Which makes Estonia, according to Kotkas, a “great place for technology start-ups”.

One of the psychological benefits of being in a small country – Estonia is only twice the area of Wales and has a population of 1.3 million – is that “you have to think from day one how you can scale up globally. For us, in order to fulfil our ambition as a verification company, domestically we’d need to be verifying every single Estonian twice a day.” In this, he’s not entirely serious, but it does point to the problem of national scale when applied to an ambitious digital tech start-up. “So, you have to look further afield. There is a feeling of entrepreneurial possibility in Estonia. Since independence, we have understood there is no limit to what we can achieve. We adopted a European-style approach and basically, as a country, Estonia is built in the same way as a start-up.” Estonia acceded to the EU in 2004.

Such is the growing confidence in Veriff’s potential to embrace the global market with its identity verification product that it has been forecast to become the next Estonian ‘unicorn’ – or billion-dollar company – after TransferWise, Playtech, Skype and Bolt. This is possibly something of an optimistic prediction for a company that’s only been around since 2015 and employs 300 people. Kotkas takes this all in his stride – “I appreciate that there are these expectations for us” – but prefers to think of his company as “growing with the market for identity verification. The problem with online identity is a huge one and so there is growth. I don’t see it as an ambition to become a unicorn. My ambition is to solve this identity problem and there will be different stages that come along while building the company.”

Kotkas is aware that his age is an “interesting topic”, particularly for the media and, again, if he is distracted by this fixation he doesn’t show it, being more concerned to discuss why he became an entrepreneur in the first place, irrespective of what year he happened to be born in. “You need to realise that being a ‘young’ entrepreneur has never been the goal of what I am doing. My big dream in the early days was to go to study medicine. I enjoy medicine because you can see the results straight away, and so the idea of ‘progress’ is important to me. This is the most rewarding feeling. It’s the same with technology. In that field you can see the results on a global scale in a manner that no other sector can offer.”

‘If the door doesn’t open, that means you haven’t knocked enough on it.’

How the prospective medical student came to the role of entrepreneur in the tech sector is the result of an alignment of circumstances that propelled him in that direction almost by accident. “I grew up on a farm on an island where we’d have to collect hay for the winter. These hay bales were tied together with blue plastic string. That was my job at the age of 14. But I wanted to get rid of all this plastic waste and I decided to look at alternatives. I found this biodegradable product online, but the only payment option available to me was an online payments system and so I set up an account and sent them a copy of my ID.”

Within a few days, Kotkas received the response that he was not qualified to use the service because of his age. He’s not particularly proud of what happened next – “but I was 14 and not thinking of the consequences” – and he altered date-of-birth data on a digital version of his ID. He admits this was completely unethical, “but I was then able to place the order by effectively being someone else online”.

While still at school, he had what was essentially a work placement with TransferWise – an online money transfer service created by fellow Estonians Kristo Käärmann and Taavet Hinrikus – “and I found they had the same issues with identity, and it was a global problem”. This got him thinking that “in order to trust, you need to verify”. It was then a short linguistic journey linking the word ‘sheriff’ to ‘verify’, and the concept for Veriff started to hatch in the young entrepreneurial mind. After committing what was undeniably a low-level fraud and seeing its impact on business, the poacher turned gamekeeper and “I started to develop the idea that I could give people a verification system that would keep them safe online: one in which no-one else could have access to their identity and therefore access to the services. It would also help online businesses improve the way they worked if they could reduce fraud.”

Kotkas accepts that the proportion of good ideas that translate into successful companies is low. So how do you go from being an individual who has managed to ‘beat the system’ to becoming someone who is marketing a security system that can’t be beaten? “I understood it was difficult to tell who or what was real online – and bear in mind that there are so many more services going online today – which meant there was a need for a strong solution and a need for trust. I passionately believed I could work on making a change. This was the trigger that gave me the strength to make it happen. You can have a billion-dollar idea on a piece of paper, and you can have a pocket full of them – the idea itself is the smallest part – but to make it happen is all about teamwork and the people that can make it happen.”

Getting the idea to the point of reality in Veriff’s case relied on Kotkas’s ability to go confidently into the field and talk to potential customers. “I had to knock on doors.” Kotkas says he also started with the assumption that while these doors wouldn’t be thrown open straight away, there is no door truly closed to someone who wants to protect what’s behind it: “If the door doesn’t open, that means you haven’t knocked enough on it.” He came to realise that within the financial market “everyone had the same issues with verification, which was preventing a scenario in which, rather than customers going to the bank, the bank could go to them”.

After working hard to get people to listen, you need to be able to show them something that will make them feel less vulnerable to cyber crime, says Kotkas. This is especially applicable “for when banks onboard customers from a distance. The product is good for both parties – the customer and the bank itself. Veriff enables banks to be where their customers are in a process that is safer than face-to-face verification.” The system cross-refers device-captured images of the customer with government identity information held in databases. What this means is that “if I take your ID and go into a bank to set up an account in your name and they don’t believe I am who I am pretending to be, all I need to do is just run away and there’s not much more that they can do about that. But I wouldn’t be the fraudster to voluntarily show an ID to the camera of my personal computer, because we have the strongest data validation procedures possible and data that can lead to a conviction. Our job is to help the bank as a data processor in the verification of the identity of their customers.”

Kotkas is also determined to establish Veriff outside the banking sector that was his starting point. “Our first client outside fintech was Berlin’s public transportation company BGV. There’s also Blockchain, Mintos, Grow Mobility and others.” Recruitment is another key area: “If you want to hire a nanny to look after your children, the need for secure verification is even higher. There’s no price tag on that.”

Kotkas says that for all the software and technology, what Veriff stands for is trust. “In order to trust you have to verify. The strongest way of doing this now is based on government-issued ID: passport, driver’s licence and so on. Yet our product is very configurable, since different businesses have different risks attached to them. Risk profiles are part of what we do. When it comes to integrating the product, it’s quite sophisticated because when you are in a sector that is all about personal information and personal data, there is a lot of work required to make it happen.”

When it comes to the regulatory frameworks that legally protect personal and sensitive data, Kotkas accepts he is operating in a field where there’s plenty to think about in terms of product development. “Personally, I am glad this data is protected, but it creates a lot of security-minded development within every task because one mistake within the trust business might cost a whole company. We take the responsibility very seriously.”

Yet he makes clear that the door swings both ways: when a bank asks to take your photograph in order to verify it against the Veriff security protocols, it is also in the interest of the customer that they allow this to happen. “People understand that, and they appreciate that this is a step that needs to be taken in order to keep their data safe. Everyone benefits because this can bring banking more online and that will get away from the need for having physical branches around the country to serve a couple of people per month. So, you have a situation where you can achieve a higher level of trust online, as well as the opportunity to make banking services cheaper for the customer.”

The formula for the success of the Veriff identity fraud detection system, says Kotkas, is the same as any breakout product. “You need to focus strongly on what the problem is and then solve it 10 times better than it was previously addressed. Then you bring it to a global scale. To make a product that works, as an entrepreneur you must avoid being the kid in the candy store that wants everything. You need to pick one thing and make it better. It’s easy. Find the problem, solve the problem and concentrate on making that solution global.”