Transmit Security
Last verified 2026-05-27 · Reviewed by guptadeepak
Editorial verdict
Transmit Security is the right CIAM choice for fintech, banking, and high-fraud-pressure B2C deployments where unified CIAM plus fraud detection plus orchestration removes the typical three-vendor stack. The Mosaic platform's combination of risk decisioning, behavioral biometrics, and passkey orchestration is among the most capable in the enterprise tier. Enterprise-only pricing and opaque commercial structure exclude mid-market evaluation; for teams below that threshold, look at Auth0 plus Authsignal or Descope.
Last verified by @guptadeepak on 2026-05-27.
At a glance
- Best for
- Fintech, banking, and insurance with high fraud pressure and need for risk decisioning at the auth layer
- Pricing
- enterprise-quote
- Free tier
- None
- Deployment
- cloud-saas
- SOC 2 Type II
- Yes
- Passkeys
- Native
- Self-host
- No
- Open source
- No
Funding & business
- Funding model
- Venture-backed
- Total raised
- $543M
- Latest round
- Series A · $543M · 2021
- Years in business
- 12 yrs
- Round led by
- Insight Partners
- Profitable
- Not disclosed
The largest Series A in cybersecurity history ($543M, 2021) at a $2.2B valuation; bootstrapped for its first seven years.
Funding data from primary source. See also the CIAM investor landscape.
Strengths
- Mosaic platform unifies CIAM, fraud detection, and identity orchestration in one product, uncommon in the index.
- Strong fintech and banking focus, built for high-fraud-pressure B2C scenarios with adaptive risk + behavioral biometrics.
- Best-in-class passkey orchestration paired with risk decisioning at the same layer.
- PCI DSS Level 1 with HIPAA, appropriate for fintech and healthcare workloads.
Limitations
- Enterprise-only commercial structure with opaque pricing and high entry threshold.
- DX trails developer-first tier; the platform is positioned for buying-committee evaluation, not engineering self-service.
- Smaller customer base than large enterprise incumbents (Auth0, Ping, ForgeRock).
- FedRAMP not yet attested as of 2026.
Capability matrix
Every vendor scored on the same axes. See the methodology for criteria.
| Password authentication | Yes |
|---|---|
| Social login | Yes |
| Magic links | Yes |
| SMS OTP | Yes |
| Email OTP | Yes |
| TOTP (authenticator app) | Yes |
| Push MFA | Yes |
| WebAuthn / passkeys | Yes |
| Biometric | Yes |
| Hardware security keys | Yes |
| SAML SSO | Yes |
| OIDC SSO | Yes |
| OAuth 2.0 SSO | Yes |
| Enterprise federation | Yes |
| Passwordless-only flows | Yes |
| Adaptive MFA | Yes |
| Step-up auth | Yes |
| RBAC | Yes |
|---|---|
| ABAC | Yes |
| ReBAC | No |
| FGA engine | No |
| API authorization | Yes |
| Fine-grained permissions | Yes |
| Self-service registration | Yes |
|---|---|
| Progressive profiling | Yes |
| Self-service account | Yes |
| Bulk user import | Yes |
| Admin user search | Yes |
| Custom user metadata | Yes |
| Organizations / tenants | Yes |
| Multi-tenancy | Yes |
| REST API | Yes |
|---|---|
| GraphQL API | No |
| SDKs | js, node, react, ios, swift, android, kotlin, python, go, java, dotnet |
| CLI | Yes |
| Terraform provider | No |
| Local emulator | No |
| Extension model | Mosaic platform, composable journey orchestration |
| Bot detection | Yes |
|---|---|
| Breached password detection | Yes |
| Brute-force protection | Yes |
| Anomaly detection | Yes |
| Log streams | Yes |
| Audit logs | Yes |
| GDPR data export | Yes |
| PII minimization | Yes |
| Post-quantum roadmap | Partial |
| MCP support | No |
|---|---|
| OAuth 2.1 | Yes |
| Dynamic client registration | Yes |
| Agent vs human token separation | No |
| Web Bot Auth | No |
| SOC 2 Type II | Yes |
|---|---|
| ISO 27001 | Yes |
| ISO 27018 | Yes |
| HIPAA | Yes |
| PCI DSS | Level 1 |
| GDPR | Yes |
| CCPA | Yes |
| FedRAMP | No |
| EU data residency | Yes |
| Consent management | Yes |
|---|---|
| Preference center | Yes |
| Purpose-specific consent | Yes |
| Integrates with CMPs | OneTrust |
Pricing
| 10,000 MAU | Quote required |
|---|---|
| 100,000 MAU | $6,500/mo |
| 500,000 MAU | $20,000/mo |
| 1,000,000 MAU | $35,000/mo |
- Mosaic platform combines CIAM, fraud, and orchestration in one commercial bundle
- Per-MAU + per-fraud-decision pricing typical
- Strong fit for fintech and high-fraud-pressure consumer use cases
Estimates use the standard assumptions in our methodology. Always confirm with the vendor.
Best for
- Fintech, banking, and insurance with high fraud pressure and need for risk decisioning at the auth layer
- Enterprise B2C deployments requiring unified CIAM + fraud + orchestration
- Regulated industries comfortable with enterprise-quote pricing
Not for
- Mid-market SaaS or startups
- Workloads requiring FedRAMP authorization
- Teams prioritizing developer self-service over enterprise sales engagement
FAQ
- What is the Mosaic platform?
- Transmit Security's unified product offering, CIAM (auth, MFA, passkeys), fraud detection (account opening, account takeover, transaction fraud), and orchestration (composable journey design). The thesis is that fragmenting these across separate vendors costs more in integration and creates blind spots between CIAM signals and fraud signals.
- Is Transmit Security only for fintech?
- Strongest fit for fintech and banking, but used across high-fraud-pressure verticals including insurance, healthcare, and high-stakes consumer commerce. For workloads without significant fraud pressure, the platform's broader capability is hard to justify against simpler CIAM.
- What does Transmit Security cost?
- Enterprise quote-based with per-MAU plus per-fraud-decision pricing. Six-figure annual minimums are typical. For mid-market evaluation, the entry threshold is disqualifying.
Sources
- Transmit Security Mosaic platformaccessed 2026-04-22
- Transmit Security Developer documentationaccessed 2026-04-22
What Transmit Security is
Transmit Security launched in 2014 in Tel Aviv with a fintech-and-banking-first thesis: high-fraud-pressure consumer scenarios need CIAM, fraud detection, and orchestration designed together rather than stitched across three separate vendors. The Mosaic platform unifies these into one product surface, with adaptive risk decisioning, behavioral biometrics, and passkey orchestration at the same layer.
Where Transmit Security wins
Unified CIAM plus fraud plus orchestration is uncommon in the index. The depth in fraud detection, account opening fraud, account takeover, transaction fraud, exceeds what stock CIAM ships and removes the integration cost of running a separate fraud vendor. Passkey orchestration paired with risk decisioning at the same layer is differentiating for high-stakes scenarios.
Where Transmit Security hurts
Enterprise-only commercial structure with opaque pricing and six-figure annual minimums. DX is positioned for buying-committee evaluation rather than engineering self-service. FedRAMP is not yet attested. Smaller customer base than the largest enterprise CIAM incumbents.
How Transmit Security compares
The closest comparisons are Auth0 vs Transmit Security for the enterprise-CIAM-with-fraud call and Ping Identity vs Transmit Security. For mid-market alternatives that compose CIAM plus fraud separately, Auth0 plus Authsignal or Descope cover similar ground at lower cost.
Editorial changelog (1 entry)
Capability matrix and pricing bands re-verified against the vendor's latest documentation and changelog.