The South African company goes beyond SMS and one-time password options
Tom Jackson
October 7, 2016: Patience has proven a virtue for Entersekt and its founders, because as the world moves away from SMS and one-time password options, its innovative mobile authentication solutions have taken it into 45 countries worldwide, with offices in Atlanta in the US, Amsterdam in The Netherlands and Johannesburg in South Africa.
The South Africa-based company offers authentication systems for both online and mobile banking services. Transakt – its flagship product – enables a one-touch user experience, with users spared one-time passwords or challenge questions and able to confirm their identity with a single touch in response to a pop-up verification request.
Simple but effective, and available as an SDK or a stand-alone app in all major app stores, Transakt is now being used globally to secure online and mobile banking services. It secures more than 50 million authentications each month at home in South Africa, but has deployments across Africa as well as in the US, UK, Germany and Switzerland. Middle East growth is next on the agenda.
For founder Schalk Nolte, who has a background working for mobile companies such as Vodacom, VMobile, Celtel and Zain, the move towards mobile authentication has been coming for some time and will only continue to speed.
“Nearly everyone has a mobile phone and keeps it close at all times. Each new handset represents a more powerful tool for accomplishing everyday tasks with greater personalisation and convenience,” he says.
“You should be able to do everything through your mobile device. In time, we are confident that you will. But to make the most of this channel, we have to dramatically boost protection of the device and communications to and from it.”
Entersekt’s success was that it realised this earlier than most authentication providers, many of whom still interact and transact as if people still use green-screen feature phones impervious to mobile malware and phishing attacks.
By re-engineering digital authentication solutions to avoid use of one-time passwords or SIM cards, for example, Entersekt has stolen a march on competitors and positioned itself for global growth while many rival firms are still adapting to the new smartphone era.
‘App-based approach’
“We took an app-based approach that uses advanced digital certificate technology and other proprietary validation techniques to nail down the user’s identity. With our technology, banks and other businesses can uniquely identify any enrolled mobile device as one owned and operated by a particular customer or employee,” Nolte says.
This kind of security is vital in the modern era of online and mobile banking, with the mobile channel having a growing number of vulnerabilities as a result of the ecosystem’s complexity and rapid evolution.
The ecosystem is all a huge chain, involving handset manufacturers, operating system developers, network operators, app developers, and many more. Nolte says it only takes one weak link in that chain to expose a user to fraud.
“Many of the security techniques developed to protect the PC are also much less effective on the mobile phone or tablet. The channel has its own special requirements when it comes to security,” he says.
“Using our product, Transakt, banks can be certain they are communicating with a legitimate mobile device; their customers can be confident of the origin of bank communications; and no third party can access or alter their communications. It stops phishing attacks dead, as any of our customers using it will tell you.”
First customer
It took Entersekt three years to gain its first customer, South African bank Nedbank, and though is now seeing strong growth back home and across the world, Nolte says there are always challenges with serving financial services and banking institutions, and persuading them to adopt new solutions. But as more institutions in more countries begin using Transakt, gradually it is getting easier.
“It’s a conservative industry, so it really helps if we can point to an institution in the region that has vetted our technology and given us the big thumbs-up,” he says.
“Our customers value what we provide, and we are very fortunate that they are active promoters of our solutions across the globe. We have also been able to follow our South African bank customers into foreign markets where they are active, Investec being one example. We are also expanding our reseller and OEM networks rapidly, especially in Africa, the Middle East, and Europe.”
‘Location is not a handicap’
Not bad for a company from the small town of Stellenbosch near Cape Town, best known for its ancient university and expansive winelands rather than its technological innovation. Nolte says these days being based in Africa is no longer the hindrance to international success it once was.
“I don’t believe Africa is a handicap per se. The continent’s technology story is reaching a global audience now, especially when it comes to innovation in mobile payments and other services. Opinion makers across the information technology industry are paying close attention to what’s happening in Nairobi, Cape Town, and Lagos,” he says.
“My sense is that large foreign banks hesitate, less because our products were developed in Africa, and more because there are hundreds of vendors they can speak to in established technology centres that are much closer to home: Silicon Valley, New York, London, Dublin, Singapore.”
All of this drives Nolte and Entersekt to ensure they remain ahead of the game in mobile authentication and take advantage of the opportunities their first-mover status has given them.
“There’s a lot of money out there, a lot of excited media coverage. We have to work harder to be heard above that noise. A strong customer reference in the relevant territory does wonders from a sales and marketing perspective – it immediately makes us less of an unknown – but we have to secure that deal first!”