Friction isn’t a deal-breaker for mobile banking and payment apps. To be sure, too much friction can send users running back to the App Store with a one-star rating and $2.99 ready to be spent on the next platform, but a little friction isn’t a bad thing. The real deal-breaker is trust — or lack thereof.
At least, that’s how South African software development company Entersekt sees it. The company builds authentication, app security and payments enablement technology with the goal of narrowing the trust deficit between organizations and their customers.
According to Entersekt CEO Schalk Nolte and senior vice president of North America Sherif Samy, the idea is that customers who trust a company or platform will use it more often, and the easiest way to build that trust is to introduce a little bit of friction.
For instance, everybody knows that the static password does next to nothing when it comes to keeping criminals out. But, being asked to type one makes customers feel secure, and it builds a sense of trust in a way that a frictionless, almost-magical experience does not — even if the exact same security measures are churning away behind the scenes.
Entersekt’s answer? Nolte and Samy said it’s twofold.
First, the software initiates a virtual handshake between the customer’s unique device and the organization’s computer system. The handshake is invisible but secure, as it is difficult for fraudsters to spoof unless they are able to steal the customer’s exact device. That’s paired with a biometric authentication that not only adds a second layer of security, but also inspires a feeling of trust that one’s information is being taken seriously and protected.
“What we want to do is create that warm, fuzzy feeling that ‘I’m in control of my finances again,’” Nolte said in a recent interview with Karen Webster. “If we can solve security, that’s at the heart of trust.”
As the company renews its strategic focus on the North American market, Nolte and Samy believe this will be the key to an aggressive expansion phase.
Getting To Know Each Other
Customers may not want to be burdened with many-factor authentication processes, but they do like to see some visual indicator that they are in a secure environment and that they have given permission to complete a transaction, thus putting them in control.
“As commerce becomes more distributed and you can do these things on different devices — wearables, home speakers — for adoption to occur, security needs to be part of the experience and consumers need to know that,” Webster noted.
So, how does a software platform strike the perfect balance? Nolte said Entersekt starts behind the scenes with that unique device handshake. Thus, any transaction begins with two-factor authentication at the point of login.
Beyond that, Nolte said that Entersekt focuses on risky transactions. There’s no reason to spend company resources and customer time demanding further verification for run-of-the-mill transactions. A fraudster isn’t going to hack into an account just to send payments to the customer’s existing beneficiaries. Time and resources should only be expended if something seems amiss.
The hardest transactions to vet, he said, are those from new customers. There is no point of comparison for that first handshake, Nolte explained, and it can be scary for organizations to approve it without the depth of information they have on repeat customers.
However, even worse would be not approving any new handshakes at all. That would inhibit onboarding and stunt the company’s growth. Organizations must make the best decision possible with the data they have – and that doesn’t require them to sacrifice convenience or security, said Nolte. They can have the best of both worlds.
A Modern Machine Built On A Familiar Foundation
Nolte said that Entersekt opted to build its platform on the SSL standard — that is, Secure Sockets Layer, the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems.
He explained that building on the standard system was not about ease of implementation. Whether banks have incorporated the SSL foundation or not, Nolte said it is easy to deploy Entersekt’s technology.
Instead, building on a familiar foundation enables financial institutions and other Entersekt customers to do more, sooner, because they’re not mucking around trying to figure out the basics. In other words, it frees them up to innovate in response to customer needs.
As the Internet of Things (IoT) expands, for instance, it becomes ever more important to ensure that customers are who they claim to be, and that the transactions they are trying to complete are truly the actions they want to take.
If they are trying to conduct commercial activity from a wearable or by asking Alexa, the banks and merchants with which they do business must be able to link those devices to cusomers' identities in the same ways that the primary devices (the customers' smartphones) are inextricably tied to their identities and histories in the system.
Tried And True
Entersekt has just renewed its strategic focus on North America, but that doesn’t mean it’s new to the game — in the U.S. or elsewhere. It’s been deployed in 45 countries and, if anything, the U.S. is late to the game. That's why the company has shifted its focus to the region now.
That’s fairly typical, Nolte said. It was difficult starting from Africa because the home market was small, but on the flip side, it was also open. The U.S. is often at the forefront of innovation, explained Nolte, yet is one of the last places to implement the technology it conceives due to complex legacy systems and slow-moving regulatory processes.
Africa doesn’t have the smartphone penetration enjoyed by other markets, so it requires innovative security solutions — something Nolte said can be duplicated in the U.S. as the market arrives at these problems.
Nolte and Samy saw innovation in the space advancing in three waves.
First, there’s the basic endeavor of simply getting more bank customers to become digital bank customers. Growing the digital customer base relies heavily on the trust factor, Nolte said. Only when the base reaches critical mass can the second wave hit.
Wave two occurs when there are enough users on the platform for the provider to start introducing a wider range of services, such as different payment types on the web and other devices.
Wave three carries the space forward into the realm of pure innovation. Just like retailers, banks want to achieve true mobility in following the end consumer so their brand and services are available via any endpoint through which the customer may encounter them, Nolte explained.
When customers use their possessions — a.k.a. their phones — to conduct transactions, Samy said it removes the business case for fraudsters because criminals would have to steal the device itself in addition to any login credentials. They couldn’t simply spoof a login from a different device.
Once the consumer has been linked to a device, Samy said there’s no limit to where the organization can innovate with the consumer next over those secure channels. The door is open to the latest and greatest payments technologies, which are integrated into the Entersekt platform, he said.
“This is a mobility play,” Samy said. “Once the consumer is secured to work on mobile, there are so many possibilities to enable. What can I do once I know that I’m speaking to the correct user? There shouldn’t be anything I can’t do.”