Apple and Identity (Update #8)

Bringing trust to the internet. That is our motto, and our core values are trust and transparency. To me, trust is powerful for both the good and the bad. By this, I mean that it is core for desirable events, such as getting consumers to trust us or companies to use us for onboarding. But I also think building trust helps you mitigate the less wanted outcomes. When we tell customers we think KYC is commoditized, they believe us more when we walk through our security. It may seem counterintuitive, but owning the weak points of a narrative builds the trust to sell what is a differentiator. It’s why I included our long list of reasons we could fail when we raised the seed round, and go through them for each candidate we meet. That list has begun to change. This is wonderful—we did things this year I was not sure if we would be able to accomplish due to company game theory and the ephemerality that is good luck. And it also means new challenges are now presented.

The biggest question we get asked now is about the all-mighty Apple. I think it is the right “existential” risk to point out. We think they have always been the possible sleeping giant in the space given their mobile distribution + ecosystem, high user trust, and experience in holding consumer data. They have come to the surface even more due to recent announcements surrounding how they will hold state Drivers Licenses and preliminary patents for them in KYC.

So I thought now may be a good time to discuss how we think about Apple internally. First, let me acknowledge the obvious: if a $2.5T company with massive consumer distribution genuinely decided to compete with Footprint, they of course would be a massive problem. However, there are numerous reasons why we are not overly concerned about the recent patents or their foray into Identity, and think their entrance here could actually be good for us. The most salient points I’d contend are that 1) Apple is not a one-size fits all company and approach each space with nuance 2) this is not new—we’ve known Apple was interested here for some time and 3) Apple entering the identity space I think is good for Footprint (but bad for competitors).

On Apple’s Historical Philosophy

I’ve written before on Apple’s historical marketing ethos, but I think here it is worth examining how their internal thinking has stayed relatively similar over the years. And to understand Apple today, I like to study Steve Jobs’s second reign at the company. Walter Isaacson’s biography of Steve gives us a great glimpse into how Steve in the late 90s and early 2000s made Apple think. Steve changed Apple’s organizational thinking to cut products to focus on the best (at the time different hardware models), allow outsourcing (at the time not controlling every part produced), and focus the brand not on what is sold, but on what Apple empowered.

Apple still strove to create a unified ecosystem. But they also understood that the ecosystem did not have to be 100% Apple-produced. Take the computer. Steve wanted it to “link and sync all accounts” to manage your digital lifestyle. After a famous tug and war, Apple would eventually allow the Microsoft Suite on the computer because it helped keep people in that ecosystem they created. This also hits on all of the points above: while Apple still has Pages this allowed them to focus on other Mac elements, this was an example of “outsourcing”, and it strengthened the Apple brand of the computer for creative workers.

The iPad provides another great case study of how Apple actually builds interactive ecosystems with outsiders. Steve transformed the original iteration of it from a passive tool to a more active one by strengthening the Apple ecosystem by letting outsiders in. For, the iPad's success became defined by what people can do with it—apps made by outsiders with some Apple moderation (and an expensive gatekeeper tool we won’t get into here:)) more than anything unique to Apple itself. Further, Apple liked that the openly curated community walled garden re-enforced the Apple brand of letting people create—Steve realized Apple should innovate, but it should let others help build Apple as well. Perhaps the strongest Steve quote from this time, commenting on an ethos I love, is that he wanted to give people “freedom from apps that steal your data.”

I don’t want to cherry-pick. There are a plethora of examples of how Apple has interacted with competition and disruptive products. They deployed a completely different strategy with Itunes than they did with books. There were different circumstances in each: stances from music agencies furious about Napster vs book publishers warier of digitalization, legal measures (once again on the music piracy front), and competitive landscape (Amazon with books). Or take Firewire and Fido2. Firewire, built in collaboration with IBM and Sony, was supposed to be a unified platform to boast both high-speed communications and real-time data transfer. It was going to make the unified computer plug. Apple would eventually de-facto kill it despite being the principal designer. Compare that to the Fido2 alliance. Apple was the last to join Google and Microsoft, and has already rebranded it to Passkeys + a core part of the iOS 16 product suite. These passkeys are a key part of Footprint and how we help secure portable identities.

How Apple Makes Money

I also want to quickly touch on how Apple makes money, with two charts.

The above graphic shows that services are the fastest growing segment of Apple revenue for recent quarters. Apple knows that getting into more software is the best lever to growth that they can control (figuring out how to sell into the Chinese market is likely the best that they have less control over).

However, the below graphic reminds us that iPhone is still King, and services are still less than a quarter of Apple’s revenue. And if we go back to the thinking Steve left Apple with, it is that they win and die by the ecosystem they create. Apple is not an enterprise-facing company; they sell to consumers and want to strengthen the ecosystem so people keep having reason to spend $60B a quarter on those products.

On Apple in Fintech

I think there is often a lack of nuance in headline descriptions whenever Apple "enters" a space. For example, when Apple entered BNPL, a space that is simpler than KYC from a definition standpoint, a lot of writing grouped all BNPL companies together from a ramifications standpoint. I thought this was a great article by Simon Taylor that dove in on how Apple Pay Later is for consumers, whereas BNPL is often more for merchants and an ad tech as much as fintech.

"The key sentence is "no integration for merchants" - the lack of integration for merchants that already support Apple Pay could mean that Apple does intend to build the data and ad-tech flywheel the other BNPL providers offer. But so much of the "integration" that BNPL providers do goes deeper into the merchant's ad-targeting, CRM, and checkout funnel and stack."

In a surprise to some, Apple got its own debt facility and did not use Goldman Sachs for its BNPL. However, Apple is not ditching them altogether. They still proudly partner with them to issue their cards. As Itai Damti at Unit writes "Goldman does the underwriting and card issuing so that Apple can focus on other priorities.” Apple also offers its cash card through a partnership with Green Dot. This sentence is well said: Apple views areas in fintech as ways to enhance their own ecosystem, not a vertical to completely own.

The focus of Itai’s piece is answering the question of if Apple will build its own bank. He describes the myriad of reasons why Apple would become a bank: in-network payments, synergies with their cards, and in general the amazing Apple UI on a bank account. Itai reaches the following (admittedly self-serving) conclusion: “Rather than build technology like ledgers, KYC, AML, transaction monitoring, interest calculations, bank statements, and payment integrations—outside their core competencies—Apple would choose to partner with an existing banking-as-a-service platform.” I (also admittedly self-servingly) slightly disagree here. I think Apple wants the larger prize of controlling the rails—they want a unified ecosystem—and using a BaaS player won’t allow them that control. I do, however, think they will outsource parts of the technology, such as KYC.

Apple and KYC

KYC and identity have both in a way become somewhat bereft of meaning due to how many companies speak about the terms interchangeably. Apple has long been in the identity space, and the Mobile Drivers Licenses have been known for some time. If you look at the patents, Apple's KYC is pretty much what I'd expect from any player today, with the difference that they have phones and MDLs. It is not a federated approach; it doesn't mention security. This does not mean Apple won't pursue either of those things--if they want to they have the resources--but as we saw in BNPL, it may not be worth it to Apple to do as much.

Further, fintech is different than security. It's one thing to put KYC credentials in a wallet. It is another to build vaulting, permissioning, auth, IAM, audit trails, and an enterprise sales division for a comprehensive security product. Unlike Google, Apple doesn't have examples in cloud security or shown an interest in the past in making a tool like iCloud a feature for companies. This is why I don't think Apple wants to become a reseller of identity or security to companies. I think they, like with BNPL, want to add more reasons for consumers to use Apple products, and make it easier to sign up for Apple fintech accounts in the future.

Why this is bad for our competitors, but plays to our thesis

We have long thought KYC would become commoditized. It seemed that eventually, driver's licenses would become available on mobile devices, and margins would go away here if you just did standard KYC. It is why we built this as a security company, and plan on making money on KYC only if it is one-click through our federated approach. This is bad for competitors whose business models rely on having to re-do elements of KYC such as drivers license scans, for which they may charge upwards of a dollar. Footprint’s business model is based on security and removing friction, two things not hurt, but helped by Apple’s moves here.

I am also excited by conversations I’ve had with some folks across Apple last month. Through these discussions, I’m encouraged that Apple views their work around identity much the same way we do: a way to bolster their own ecosystem by being an onramp to their own products, and not as the start of Apple as an enterprise security company. I’m further optimistic about how we can partner, as it seems the plan is to allow for open APIs to the MDLs for companies such as Footprint.

To Wrap

This is of course all conjecture. But my goal here was to push past the headline of “Apple files a Patent for KYC”. Patents are great, but they also can be just marketing. The Apple patent is mostly concerned with information passing with the MDLs to pass information to people in a verifiable way. This is similar to how Apple Pay works today (where every transaction still goes through Visa and MasterCard). Once again, this is why we think this can be good for us given we are building the security rails here.

And if we look at Steve’s philosophy, there is reason to think Apple won’t be seriously touching KYC for some time. If Apple is to just focus on a few products, it makes sense they will focus on payments (through Apple Pay, BNPL, and cards) and possibly banking, given that is the ecosystem they can control for their users within their gardens. Alex Johnson wrote a great piece on the ways Apple could go as they expand products, and also finds identity lower down on the list as it is more a tool to empower the ecosystem.

If Apple is willing to outsource, it makes sense for them to let outsiders in to do things such as KYC to help create the bigger ecosystem they wish to enable and serve as an easier on-ramp. And for a company that views brand as what they empower, letting open APIs take people’s identity to places Apple currently can’t by tapping into a service like Footprint seems a way to accomplish both goals. Footprint wants to put people in control of their data. Apple, from their own marketing, does not always want to hold it. Footprint is an enterprise security company. Apple is almost everything but that.

There is one other element at play here: antitrust. Apple likes having “competitors” in areas they don’t want to go into anyway. The MDM space here is a fascinating case study. Apple bought a company (Fleetsmith), yet have seen Kandji gain a much larger market share in the nascent space. While this may seem peculiar (why not block the outsider?) and is a gross oversimplification (Kandji was nimble, executed tremendously, and built great tech), my hunch is Apple never wanted to win. Rather, they want the bigger prize for them of selling billions of dollars of Macs to the enterprise. This goal becomes easier when tools like Kandji make it easier for enterprises to use Macs, and Fleetsmith lets them show they do not automatically win every part of new ecosystems when they enter them(here enterprise IT). Enterprise Mac purchases will dwarf MDM in pure dollars, Kandji expedites that trend, and Fleetsmith lets Apple seem to not be anti-competitive.

I don’t want to draw correlations with Apple. You could slice the data however you want and make a case study either way: that’s what happens when great companies are along for such an endurable period. But as we think about their foray into Fintech, we should remember from how they handled everything from cable ports, to books to music that Apple approaches each challenge differently. There are many people far smarter than me on Apple (quite a few of whom I’m guessing get this update!)—I do not expect these predictions to be close to 100% true when we look back. But I hope for now, this update shows that we’re being thoughtful on the topic, having the necessary conversations with Apple, and are actually encouraged about what we would be able to do together with them.

Goals From Last Month

Be on track to commercially launch end of October

• We’ve re-architected our core Footprint flow to be extensible, we now can quickly add new verifiable credentials like business-ownership (KYB) and income verification/employment (VOIE)
• Released our sandbox mode so customers can test Footprint in their products, including our new docs site
• Significant progress our IAM feature suite (fine-grained control over who has access to what data)
• Significant progress on decisioning, data vendor integrations, and our verification audit trails (more on this next month)

Integrate with Design partners

• It has been very exciting to launch our sandbox mode and see outside companies use it for first time

Hire 1 eng

• We're thrileld to share that Dave Argoff has joined as our Risk Engineering Lead. This is a domain Dave has incredibly deep expertise in. He spent seven years in Stripe tackling it from all angles--working on engineering problems using ML for fraud intelligence, APIs for Stripe Identity, and then consumer risk. Most recently, Dave was an Engineering Manager at Sardine. Dave also ran the marathon just a few weeks back, proving he will run to all ends of the earth to prevent bad actors from getting into any platform. We could not be more excited to welcome Dave to the team!

Other Updates from last month

• Footprint will be in full force at Money20/20. On Monday, Eli will be presenting at between 3:20-3:45 on behalf of Footprint as one of the “ten most promising startups in the fintech ecosystem” as selected by the conference. Eli will also be emceeing a bit of the conference (genuinely not too sure how this happened, and guessing they will quickly realize what a mistake this was, but here we are :)). Alex will be giving a talk on “Building frictionless IDV with strong cryptography and PassKeys.”
• Footprint was the only startup mentioned in a post by Professor Scott Galloway on the future of identity.
• “If Big Tech can’t earn our collective trust such that we’re willing to give them the keys to our online identities, an alternative model is emerging. Pure-play identity companies that are financially incentivized to maintain security — not sell more ads or upgrade your phone. There are some startups working on this. Footprint, for example, is a security company that stores important user data and then verifies the information before the user is onboarded to other platforms. I.e., KYC.”
• We had a great team offsite in Charleston! Mysteriously, the previous occupant of our Airbnb seems to have taken seven of the hates we had shipped in advance. If you see any of the hats in the wild (see below—it is our logo on the front and a penguin in the back) and return it, I don’t know what I’ll do but will be very impressed.

Goals For this Month

• Continue to bolster the team with 2-3 hires
• Be ready to go live for M20/20
• Continue work on data vendor integration
• Incorporate feedback from design partners in sandbox to support ability to go live in November

Where We Could Use Help

• Recruiting frontend engineers—with our risk/fraud eng taken care of, we’re all in on front-end
• I truly mean it: if you find us a frontend engineer this month, we will adopt a penguin in your honor at the SF Zoo!
• Getting in a room/on a zoom with Itai Damti or someone from Unit
• I am begging for 15 minutes with Itai. You’ll win the investor scoreboard for the quarter. I’ll get him a drink, bring him a stuffed animal penguin—whatever it takes! I come in peace, and a slight desire to replace the KYC under the hood of their BaaS product, but mostly as a friend!). We have companies in our pipeline that would like to use Footprint but are beholden to Unit’s KYC (they use a competitor of ours under the hood, who share the same name as an awesome eCommerce automation company whose website I’ll tie to instead for SEO). We totally understand why Unit wants to control the KYC, but why not give more options?