Year: 2018

China’s ride-sharing leader Didi Chuxing has continued its global march after it officially launched in Mexico, expanding its battle with Uber to a new front.

The company raised $4 billion in December to expand overseas and it hasn’t held back on doing so this year.

Hot on the heels of moves into Brazil, Taiwan and Japan, Didi has confirmed its entry into Mexico with the launch of its UberX -style Express service in the city of Toluca. The company said it plans to expand its services into “other major cities” in Mexico later this year. Uber entered the country in 2013, and it currently operates in over 40 cities there.

Didi initially began hiring drivers in Mexico back in April, as was widely reported by media at the time. It said its teams in Beijing and California — where it opened an AI office last year — were involved in developing its service for the Mexican market, which looks like a litmus test for future expansions.

Didi said it is targeting Latin America because it is the world’s third-largest ride-hailing market behind the U.S. and China, with Mexico itself a target market thanks to a large base of 70 million internet users.

“The market is way from saturated, and we are glad to see the local market is not only very welcome to more services but they also understand how beneficial competition in the region is for the final user,” a Didi spokesperson told TechCrunch.

Didi’s office in Toluca, Mexico

The interesting part of the news that goes beyond Toluca is that this is Didi’s first organic expansion, although it isn’t its first step outside of Greater China.

Didi took an acquisition route into Brazil — where it bought local operator 99 for around $1 billion — it used a franchise-based model to move into Taiwan in January, and it is still weighing up options in Japan having teamed up with SoftBank to commit to launching local services before the end of this year.

“We’re exploring every possibility of expanding our business in the international market,” the company said. “When doing so, we will work with leading local partners in some markets, and look for opportunities in others to build a robust local team with strong commitment to the region.”

Those international moves reignite Didi’s direct rivalry with Uber, which ended in 2016 when the Chinese firm acquired Uber’s China-based business.

While the main fight may be over, these new markets are shaping up to become key battlegrounds.

Brazil is a market where Uber has pledged to double down following its exit from the costly Southeast Asia market while the U.S. firm is also placing emphasis on Japan, which is one of the planet’s most lucrative taxi markets but dominated by traditional taxi operators. Uber CEO Dara Khosrowshahi visited Japan for the first in February, holding what he described as promising talks with taxi operators who Uber is seeking to work with directly — although taxi companies themselves run a successful rival to Uber.

Didi also rivals Uber indirectly through the network of companies it has invested in, which includes Careem in the Middle East, Taxify in Europe, Lyft in North America, and Ola in India. Its business in China claims 30 million daily rides and 21 million driver partners.

A Facebook face recognition notification slip-up hints at how risky the company’s approach to compliance with a tough new European data protection standard could turn out to be.

On Friday a Metro journalist in the UK reported receiving a notification about the company’s face recognition technology — which told him “the setting is on”.

The wording was curious as the technology has been switched off in Europe since 2012, after regulatory pressure, and — as part of changes related to its GDPR compliance strategy — Facebook has also said it will be asking European users to choose individually whether or not they want to switch it on. (And on Friday begun rolling out its new consent flow in the region, ahead of the regulation applying next month.)

The company has since confirmed to us that the message was sent to the user in error — saying the wording came from an earlier notification which it sent to users who already had its facial recognition tech enabled, starting in December. And that it had intended to send the person a similar notification — containing the opposite notification, i.e. that “the setting is off”.

“We’re asking everyone in the EU whether they want to enable face recognition, and only people who affirmatively give their consent will have these features enabled. We did not intend for anyone in the EU to see this type of message, and we can confirm that this error did not result in face recognition being enabled without the person’s consent,” a Facebook spokesperson told us.

Here are the two notifications in question — showing the setting on vs the setting off wordings:

This is interesting because Facebook has repeatedly refused to confirm it will be universally applying GDPR compliance measures across its entire global user-base.

Instead it has restricted its public commitments to saying the same “settings and controls” will be made available for users — which as we’ve previously pointed out avoids committing the company to a universal application of GDPR principles, such as privacy by design.

Given that Facebook’s facial recognition feature has been switched off in Europe since 2012 “the setting is on” message would presumably have only been sent to users in the US or Canada — where Facebook has been able to forge ahead with pushing people to accept the controversial, privacy-hostile technology, embedding it into features such as auto-tagging for photo uploads.

But it hardly bodes well for Facebook’s compliance with the EU’s strict new data protection standard if its systems are getting confused about whether or not a user is an EU person.

Facebook claims no data was processed without consent as a result of the wrong notification being sent — but under GDPR it could face investigations by data protection authorities seeking to verify whether or not an individual’s rights were violated. (Reminder: GDPR fines can scale as high as 4% of a company’s global annual turnover so privacy enforcement is at last getting teeth.)

Facebook’s appetite for continuing to push privacy hostile features on its user-base is clear. This strategic direction also comes from the very top of the company.

Earlier this month CEO and founder Mark Zuckerberg urged US lawmakers not to impede US companies from be using people’s data for sensitive use-cases like facial recognition — attempting to gloss that tough sell by claiming pro-privacy rules would risk the US falling behind China.

Meanwhile, last week it also emerged that Zuckerberg’s company will switch the location where most international users’ data is processed from its international HQ, Facebook Ireland, to Facebook USA. From next month only EU users will have their data controller located in the EU — other international users, who would have at least technically fallen under GDPR’s reach otherwise, on account of their data being processed in the region, are being shifted out of the EU jurisdiction — via a unilateral T&Cs change.

This move seems intended to try to shrink some of Facebook’s legal liabilities by reducing the number of international users that would, at least technically, fall under the reach of the EU regulation — which both applies to anyone in the EU whose data is being processed and also extends EU fundamental rights extraterritorially, carrying the aforementioned major penalties for violations.

However Facebook’s decision to reduce how many of its users have their data processed in the EU also looks set to raise the stakes — if, as it appears, the company intends to exploit the lack of a comprehensive privacy framework in the US to apply different standards for North American users (and from next month also for non-EU international users, whose data will be processed there).

The problem is, if Facebook does not perform perfect segregation and management of these two separate pools of users it risks accidentally processing the personal data of Europeans in violation of the strict new EU standard, which applies from May 25.

Yet here it is, on the cusp of the new rules, sending the wrong notification and incorrectly telling an EU user that facial recognition is on.

Given how much risk it’s creating for itself by trying to run double standards for data protection you almost have to wonder whether Facebook is trying to engineer in some compliance wiggle room for itself — i.e. by positioning itself to be able to claim that such and such’s data was processed in error.

Another interesting question is whether the unilateral switching of ~1.5BN non-EU international users to Facebook USA as data controller could be interpreted as a data transfer to a third country — which would trigger other data protection requirements under EU law, and further layer on the legal complexity…

What is clear is that legal challenges to Facebook’s self-serving interpretation of EU law are coming.

I’ll be helping build a larger meetup focused on pre-ICO companies in New York on April 23 and I’d love to see you there. It will be held at Knotel on April 23 at 7pm and will feature a pitch-off with eight startups — I will write about the best ones — and two panels with some yet-unnamed stars in the space.

I’d love to see you there, so please sign up here. We’ll have some beers and pizza for the attendees.

The event will be held at 551 Fifth Avenue on the 9th Floor. See you tonight!

Gaming hardware maker Razer, which went public in a big IPO in Hong Kong last year, is doubling down on payments after it announced a deal to acquire MOL, a company that offers online and offline payments in Southeast Asia.

Razer made an initial $20 million investment in MOL last June to supercharge its zGold virtual credit program for gamers by allowing them to buy using MOL’s online service or its offline, over-the-counter network of retailers that include 7-Eleven. Now Razer aims to gobble up MOL in full by acquiring the remaining 65 percent, which will allow it to grow its alternative revenue streams by pushing fully into payment services by merging MOL’s virtual payment platform with zGold.

It’s worth noting that the deal is an intention to buy MOL. It’ll be subject to review from shareholders, but Razer said it has already secured support from major shareholders. The transaction gives MOL, which delisted from the Nasdaq in 2016 following a bumpy two-year spell, the same $100 million valuation it held for the initial Razer investment.

The acquisition will boost Razer’s recently announced online games store which rivals services like Steam, but first and foremost it is focused on growing the firm’s share of online sales in Southeast Asia’s growing e-commerce and payment space. To that end, Razer recently launched a store on Lazada, the Alibaba-owned e-commerce service in Southeast Asia, something that Apple did earlier this year.

“We are already the number one gaming brand in the U.S., Europe and China, but Southeast Asia is still nascent and a very small part of our business,”Razer CEO and co-founder Min-Liang Tan told TechCrunch in an interview “We see this [deal with MOL] as stuff we can do immediately.”

Tan said that, in particular, he said working with MOL saw revenue grow “dramatically” while MOL itself surpassed $1.1 billion in GMV across its payment network last year.

“This is the perfect opportunity for us to not just be a minority shareholder, but to combine the business and continue scaling from here,” he added, reiterating that he believes the deal gives Razer the world’s largest virtual credit system for gamers based on user registrations. “That’s a huge opportunity for us.”

Away from its core business, the push will also help Razer in Singapore where it has applied to develop a unified e-payment system that would be used across the country, which is the Razer CEO home nation.

Tan said he has kept an ongoing dialogue with regulators, adding that he believes this deal “makes it clear that we don’t just have the scale, we also have the right technology.”

Beyond the Singapore opportunity, where Razer is a new entrant and thus considered an outsider for the license, Tan said the focus is on enabling cash-less payments right across Southeast Asia.

The blockchain has been widely touted as a building block that can help develop financial inclusion platforms in emerging markets, but for now Razer isn’t talking about whether it will hop on that wagon.

“We are excited about blockchain and the technology it brings, but we don’t have anything to comment on at this juncture,” Tan said.

The Razer chief was more vocal on the company’s wider goal, which he said is to develop “an entire ecosystem for our games partners.” The goal is to offset Razer’s impressive hardware sales business by constructed services that span game payments, game distribution and analytics on gamers and their behavior.

That optimism isn’t shared right now by investors in Hong Kong, however, which lured Razer as part of a push to attract more tech listings. Despite a surge when it when public in November, the stock traded at an all-time low of HK$2.44 today, down from its initial list price of HK$3.88.

Tan said he is focused on growing the business and its services regardless, but he did admit that there’s a need for “the Hong Kong investment public to be more educated on tech companies.”

In an interesting twist, Facebook is being sued in the UK for defamation by consumer advice personality, Martin Lewis, who says his face and name have been repeatedly used on fake adverts distributed on the social media giant’s platform.

Lewis, who founded the popular MoneySavingExpert.com tips website, says Facebook has failed to stop the fake ads despite repeat complaints and action on his part, thereby — he contends — tarnishing his reputation and causing victims to be lured into costly scams.

“It is consistent, it is repeated. Other companies such as Outbrain who have run these adverts have taken them down. What is particularly pernicious about Facebook is that it says the onus is on me, so I have spent time and effort and stress repeatedly to have them taken down,” Lewis told The Guardian.

“It is facilitating scams on a constant basis in a morally repugnant way. If Mark Zuckerburg wants to be the champion of moral causes, then he needs to stop its company doing this.”

In a blog post Lewis also argues it should not be difficult for Facebook — “a leader in face and text recognition” — to prevent scammers from misappropriating his image.

“I don’t do adverts. I’ve told Facebook that. Any ad with my picture or name in is without my permission. I’ve asked it not to publish them, or at least to check their legitimacy with me before publishing. This shouldn’t be difficult,” he writes. “Yet it simply continues to repeatedly publish these adverts and then relies on me to report them, once the damage has been done.”

“Enough is enough. I’ve been fighting for over a year to stop Facebook letting scammers use my name and face to rip off vulnerable people – yet it continues. I feel sick each time I hear of another victim being conned because of trust they wrongly thought they were placing in me. One lady had over £100,000 taken from her,” he adds.

Some of the fake ads appear to be related to cryptocurrency scams — linking through to fake news articles promising “revolutionary Bitcoin home-based opportunity”.

So the scammers look to be using the same playbook as the Macedonian teens who, in 2016, concocted fake news stories about US politics to generate a mint in ad clicks — also relying on Facebook’s platform to distribute their fakes and scale the scam.

In January Facebook revised its ads policy to specifically ban cryptocurrency, binary options and initial coin offerings. But as Lewis’ samples show, the scammers are circumventing this prohibition with ease — using Lewis’ image to drive unwitting clicks to a secondary offsite layer of fake news articles that directly push people towards crypto scams.

It would appear that Facebook does nothing to verify the sites to which ads on its platform are directing its users, just as it does not appear to proactive police whether ad creative is legal — at least unless nudity is involved.

Here’s one sample fake ad that Lewis highlights:

And here’s the fake news article it links to — touting a “revolutionary” Bitcoin opportunity, in a news article style mocked up to look like the Daily Mirror newspaper…

The lawsuit is a personal action by Lewis who is seeking exemplary damages in the high court. He says he’s not looking to profit himself — saying he would donate any winnings to charities that aim to combat fraud. Rather he says he’s taking the action in the hopes the publicity will spotlight the problem and force Facebook to stamp out fake ads.

In a statement, Mark Lewis of the law firm Seddons, which Lewis has engaged for the action, said: “Facebook is not above the law – it cannot hide outside the UK and think that it is untouchable.  Exemplary damages are being sought. This means we will ask the court to ensure they are substantial enough that Facebook can’t simply see paying out damages as just the ‘cost of business’ and carry on regardless. It needs to be shown that the price of causing misery is very high.”

In a response statement to the suit, a Facebook spokesperson told us: “We do not allow adverts which are misleading or false on Facebook and have explained to Martin Lewis that he should report any adverts that infringe his rights and they will be removed. We are in direct contact with his team, offering to help and promptly investigating their requests, and only last week confirmed that several adverts and accounts that violated our Advertising Policies had been taken down.”

Facebook’s ad guidelines do indeed prohibit ads that contain “deceptive, false, or misleading content, including deceptive claims, offers, or business practices” — and, as noted above, they also specifically prohibit cryptocurrency-related ads.

But, as is increasingly evident where big tech platforms are concerned, meaningful enforcement of existing policies is what’s sorely lacking.

The social behemoth claims to have invested significant resources in its ad review program — which includes both automated and manual review of ads. Though it also relies on users reporting problem content, thereby shifting the burden of actively policing content its systems are algorithmically distributing and monetizing (at massive scale) onto individual users (who are, by the by, not being paid for all this content review labor… hmmm… ).

In Lewis’ case the burden is clearly also highly personal, given the fake ads are not just dodgy content but are directly misappropriating his image and name in an attempt to sell a scam.

“On a personal note, as well as the huge amount of time, stress and effort it takes to continually combat these scams, this whole episode has been extremely depressing – to see my reputation besmirched by such a big company, out of an unending greed to keep raking in its ad cash,” he also writes.

The sheer scale of Facebook’s platform — which now has more than 2BN active users globally — contrasts awkwardly with the far smaller number of people the company employs for content moderation tasks.

And unsurprisingly, given that huge discrepancy, Facebook has been facing increasing pressure over various types of problem content in recent years — from Kremlin propaganda to hate speech in Myanmar.

Last year it told US lawmakers it would be increasing the number of staff working on safety and security issues from 10,000 to 20,000 by the end of this year. Which is still a tiny drop in the ocean of content distributed daily on its platform. We’ve asked how many people work in Facebook’s ad review team specifically and will update this post with any response.

Given the sheer scale of content continuously generated by a 2BN+ user-base, combined with a platform structure that typically allows for instant uploads, a truly robust enforcement of Facebook’s own policies is going to require legislative intervention.

And, in the meanwhile, Facebook operating a policy that’s essentially unenforceable risks looking intentional — given how much profit the company continues to generate by being able to claim it’s just a platform, rather than be ruled like a publisher.

India’s technology industry is bracing itself for the next era of e-commerce warfare, which looks set to be waged and bankrolled by two gigantic corporations located halfway across the world: Amazon and Walmart.

Amazon is already deeply committed to the country, where it has pledged to deploy over $5 billion to grow its business, and now U.S. rival Walmart is said to be inching closer to a deal to buy Flipkart .

Bloomberg reports that Walmart is poised to acquire 60-80 percent of the company for $12 billion. The deal could potentially value Flipkart as high a $20 billion, which would be a major jump on the $12 billion valuation it secured last year when it landed a $1.4 billion investment from Microsoft, Tencent and eBay.

Amazon was said to have made a last-minute move to conduct talks with Flipkart, but it seems now that there is intent for Walmart to take the deal, with Flipkart’s founders said to be in favor. Bloomberg cautioned, however, that there are still unresolved issues — including which shareholders will sell, how much they will sell, and whether the Flipkart leadership remains — while there’s also no guarantee that the talks don’t break down.

That said, it is reported that Tiger Global plans to sell nearly all of its 20 percent share and SoftBank will offload “a substantial part” of its 20-percent-plus holding.

At stake is a growing online sales market as more of India’s 1.4 billion population comes online for the first time.

India is tipped to reach 500 million internet users by June 2018, according to a report from the Internet and Mobile Association of India (IAMAI) and Kantar IMRB. That’s up from 481 million six months prior, but internet penetration in rural areas is at just 20 percent compared with 65 percent in urban India. That rush online has led some analysts to predict big gains for online retail, with Morgan Stanley forecasting that 30 percent annual growth in GMV will take India’s e-commerce market to $200 billion by 2026.

Walmart’s increased focus on India comes after the retailer exited the Chinese market in 2016, selling its Yihaodian service — which it first backed in 2011 — to Alibaba rival JD.com. That deal also saw Walmart work closely with JD.com, essentially using the company as a storefront to reaching Chinese consumers.

China exit complete, it was then linked with an investment in Flipkart last year. Fast forward to today and it is poised to take a very major role in India via Flipkart, which most reports indicate remains India’s top e-commerce firm despite Amazon pushing it hard.

Amazon itself is keen to diversify. The company recently announced it has more than 100 million Prime members worldwide, having added “more members in India in its first year than any previous geography in Amazon’s history” thanks to an array of promotional offers run with local companies, including telecom operators.

Now the firm is aiming outside of its core e-commerce focus, with Amit Agarwal — the head of Amazon India — telling Reuters that he expects groceries and household products to account for half of its revenue in the country within the next five years.

Outside of Flipkart and Amazon, Alibaba has invested considerably in Paytm, which specializes in mobile payments but also includes e-commerce, digital banking and has plans for gaming. Long-time Alibaba ally SoftBank is also backing the company’s Paytm Mall effort — having led a recent $450 million investment — but the main battle looks like being Amazon and Walmart-Flipkart if things go as they are reported to be headed.

Walmart declined to comment. Flipkart did not respond to a request for comment for this story.

Slack exposed the demand for a dead-simple internal communications tool, which has inspired a wave of startups trying to pick apart the rest of a company’s daily activities — including Slite, which hopes to take on internal notes with a fresh round of new capital.

Slite is more or less an attempt at a replacement for a Google Doc or something in Dropbox Paper that is sprawling and getting a little out of control. An employee might create a Slite note like an onboarding manual or an internal contact list, and the hope is to replace the outdated internal wiki and offer employees a hub where they can either go and start stringing together important information, or find it right away. The company today said it has raised $4.4 million in a new seed funding round led by Index Ventures after coming out of Y Combinator’s 2018 winter class. Ari Helgason is joining Slite’s board of directors as part of the deal.

“We now have to develop this product enough to show we can actually replace large amounts of things,” co-founder Christophe Pasquier said. “Today we have more than 300 active teams, and we have to show that we can make it scale. In the short term is just we’re replacing Google Docs because these tools ahven’t evolved and we’re bringing something super fresh. The longer-term vision of really bringing all the information that has value from a team and becoming this single source of truth for teams.”

Slite tracks permissions and changes to the notes in order to allow companies to do a better job of maintaining them, rather than sharing around links and having different people jump in and make changes. The part about sharing links is one in particular that stung for Pasquier, as even larger companies can have issues with employees asking in Slack what policies are — or even for links to parts of the internal wiki where that important information is buried.

Getting there certainly won’t be easy. Companies like Dropbox continuing to invest in these kinds of collaborative note-taking tools — that could easily evolve into internal hubs of information. And as Pasquier tries to liken the development arc to Slack, which showed employees wanted some more seamless tool for communication, that company is also working on making its search tools smarter, like helping employees find the right person to ask a question. It doesn’t look like an asynchronous notes tool just yet, but if all the information is somewhere in Slack already, a smart search tool may be the only thing necessary to find all that information.

We’re delighted to announce that Vitalik Buterin, the creator of Ethereum and a true blockchain visionary, is confirmed to speak at our upcoming TC Sessions: Blockchain event.

Blockchain is the most disruptive new technology in technology today, and we’re excited to bring one of its most influential voices to our first show dedicated entirely to the technology and its future. The event takes place in the Swiss city of Zug — which is widely-known as “Crypto Valley” — on July 6 and it will bring together top figures from the blockchain space, developer community and business and startup worlds.

You can get your hands on tickets now — they’re priced at 495 Swiss Francs, or around $510 — from the event website here.

Vitalik Buterin needs little introduction.

The 24-year-old whizzkid created Ethereum, which has taken the tech world by storm to become the second most valuable cryptocurrency behind Bitcoin. More than a maker of crypto wealth, Buterin envisaged his creation as a platform that developers and companies use to develop decentralized systems and applications that take us into a new era of the internet. Proposed benefits include resistance to censorship, new types of monetization/sustainability, more secure management of data, and more

Speaking at TechCrunch Disrupt in San Francisco last September, Buterin explained how he sees Ethereum’s future with a prediction that it could reach the kind of scale that Visa enjoys today in “a couple of years.”

Topics up for discussion with Buterin at TC Sessions: Blockchain include how he and others are working to scale Ethereum, the growth of the Ethereum community, its potential for the wider business world, and much, much more.

Other prominent speakers already confirmed for the event include:

• Roham Gharegozlou, the founder of smash-hit blockchain game Cryptokitties
• Brian Behlendorf, Executive Director of the Hyperledger Project
• Leanne Kemp, founder and CEO of Everledger
• Jun Hasegawa, CEO and founder of Omise and OmiseGo
• Mona El Isa, CEO and Co-Founder of Melonport
• Colin Hanna, Associate at Balderton Capital
• Galia Benartzi, co-founder and head of Business Development at Bancor
• Gert Sylvest, co-founder of Tradeshift and GM of Tradeshift Frontiers,

Why Zug?

The city is known as “Crypto Valley” because of the numerous blockchain companies that have moved there to capitalize on Zug’s openness to blockchain experiments and its forward-thinking approach to regulation. Put simply: there’s no better place to host TechCrunch’s first dedicated blockchain event.

---

We’ll be announcing even more speakers soon, so head over to the event website to get your hands on a ticket for TC Sessions: Blockchain.

If you’re interested in sponsoring the event, please contact us via this link.

Note: The author a small amount of cryptocurrency. Enough to gain an understanding, not enough to change a life.

Pivotal has kind of a strange role for a company. On one hand its part of the EMC federation companies that Dell acquired in 2016 for a cool $67 billion, but it’s also an independently operated entity within that broader Dell family of companies — and that has to be a fine line to walk.

Whatever the challenges, the company went public yesterday and joined VMware as a  separately traded company within Dell. CEO Rob Mee says the company took the step of IPOing because it wanted additional capital.

“I think we can definitely use the capital to invest in marketing and R&D. The wider technology ecosystem is moving quickly. It does take additional investment to keep up,” Mee told TechCrunch just a few hours after his company rang the bell at the New York Stock Exchange.

As for that relationship of being a Dell company, he said that Michael Dell let him know early on after the EMC acquisition that he understood the company’s position. “From the time Dell acquired EMC, Michael was clear with me: You run the company. I’m just here to help. Dell is our largest shareholder, but we run independently. There have been opportunities to test that [since the acquisition] and it has held true,” Mee said.

Mee says that independence is essential because Pivotal has to remain technology-agnostic and it can’t favor Dell products and services over that mission. “It’s necessary because our core product is a cloud-agnostic platform. Our core value proposition is independence from any provider — and Dell and VMware are infrastructure providers,” he said.

That said, Mee also can play both sides because he can build products and services that do align with Dell and VMware offerings. “Certainly the companies inside the Dell family are customers of ours. Michael Dell has encouraged the IT group to adopt our methods and they are doing so,” he said. They have also started working more closely with VMware, announcing a container partnership last year.

Overall though he sees his company’s mission in much broader terms, doing nothing less than helping the world’s largest companies transform their organizations. “Our mission is to transform how the world builds software. We are focused on the largest organizations in the world. What is a tailwind for us is that the reality is these large companies are at a tipping point of adopting how they digitize and develop software for strategic advantage,” Mee said.

The stock closed up 5 percent last night, but Mee says this isn’t about a single day. “We do very much focus on the long term. We have been executing to a quarterly cadence and have behaved like a public company inside Pivotal [even before the IPO]. We know how to do that while keeping an eye on the long term,” he said.

While most people probably would not think of New York as a hotbed for enterprise startups of any kind, it is actually quite active. When you stop to consider that the world’s biggest banks and financial services companies are located there, it would certainly make sense for security startups to concentrate on such a huge potential market — and it turns out, that’s the case.

According to Crunchbase, there are dozens of security startups based in the city with everything from biometrics and messaging security to identity, security scoring and graph-based analysis tools. Some established companies like Symphony, which was originally launched in the city (although it is now on the west coast), has raised almost $300 million. It was actually formed by a consortium of the world’s biggest financial services companies back in 2014 to create a secure unified messaging platform.

There is a reason such a broad-based ecosystem is based in a single place. The companies who want to discuss these kinds of solutions aren’t based in Silicon Valley. This isn’t typically a case of startups selling to other startups. It’s startups who have been established in New York because that’s where their primary customers are most likely to be.

In this article, we are looking at a few promising early-stage security startups based in Manhattan

Hypr: Decentralizing identity

Hypr is looking at decentralizing identity with the goal of making it much more difficult to steal credentials. As company co-founder and CEO George Avetisov puts it, the idea is to get rid of that credentials honeypot sitting on the servers at most large organizations, and moving the identity processing to the device.

“The goal of these companies in moving to decentralized authentication is to isolate account breaches to one person,” Avetisov explained. When you get rid of that centralized store, and move identity to the devices, you no longer have to worry about an Equifax scenario because the only thing hackers can get is the credentials on a single device — and that’s not typically worth the time and effort.

At its core, Hypr is an SDK. Developers can tap into the technology in their mobile app or website to force the authorization to the device. This could be using the fingerprint sensor on a phone or a security key like a Yubikey. Secondary authentication could include taking a picture. Over time, customers can delete the centralized storage as they shift to the Hypr method.

The company has raised $15 million and has 35 employees based in New York City.

Uplevel Security: Making connections with graph data

Uplevel’s founder Liz Maida began her career at Akamai where she learned about the value of large data sets and correlating that data to events to help customers understand what was going on behind the scenes. She took those lessons with her when she launched Uplevel Security in 2014. She had a vision of using a graph database to help analysts with differing skill sets understand the underlying connections between events.

“Let’s build a system that allows for correlation between machine intelligence and human intelligence,” she said. If the analyst agrees or disagrees, that information gets fed back into the graph, and the system learns over time the security events that most concern a given organization.

“What is exciting about [our approach] is you get a new alert and build a mini graph, then merge that into the historical data, and based on the network topology, you can start to decide if it’s malicious or not,” she said.

The company hopes that by providing a graphical view of the security data, it can help all levels of security analysts figure out the nature of the problem, select a proper course of action, and further build the understanding and connections for future similar events.

Maida said they took their time creating all aspects of the product, making the front end attractive, the underlying graph database and machine learning algorithms as useful as possible and allowing companies to get up and running quickly. Making it “self serve” was a priority, partly because they wanted customers digging in quickly and partly with only 10 people, they didn’t have the staff to do a lot of hand holding.

Security Scorecard: Offering a way to measure security

The founders of Security Scorecard met while working at the NYC ecommerce site, Gilt. For a time ecommerce and adtech ruled the startup scene in New York, but in recent times enterprise startups have really started to come on. Part of the reason for that is many people started at these foundational startups and when they started their own companies, they were looking to solve the kinds of enterprise problems they had encountered along the way. In the case of Security Scorecard, it was how could a CISO reasonably measure how secure a company they were buying services from was.

“Companies were doing business with third-party partners. If one of those companies gets hacked, you lose. How do you vett the security of companies you do business with” company co-founder and CEO Aleksandr Yampolskiy asked when they were forming the company.

They created a scoring system based on publicly available information, which wouldn’t require the companies being evaluated to participate. Armed with this data, they could apply a letter grade from A-F. As a former CISO at Gilt, it was certainly a paint point he felt personally. They knew some companies did undertake serious vetting, but it was usually via a questionnaire.

Security Scorecard was offering a way to capture security signals in an automated way and see at a glance just how well their vendors were doing. It doesn’t stop with the simple letter grade though, allowing you to dig into the company’s strengths and weaknesses and see how they compare to other companies in their peer groups and how they have performed over time.

It also gives customers the ability to see how they compare to peers in their own industry and use the number to brag about their security position or conversely, they could use it to ask for more budget to improve it.

The company launched in 2013 and has raised over $62 million, according to Crunchbase. Today, they have 130 employees and 400 enterprise customers.

If you’re an enterprise security startup, you need to be where the biggest companies in the world do business. That’s in New York City, and that’s precisely why these three companies, and dozens of others have chosen to call it home.