On the heels of a successful technology deployment at a large South African bank, Entersekt has opened up shop in America, looking for large U.S. financial institutions to count as customers for its digital transaction security technology.
The company sells software designed to combat phishing attacks that continue to proliferate in the American market.
"Online banking is a channel that presents a lot of challenges to security," says Shirley Inscoe, senior analyst at Aite Group. "There's no one solution out there that's a silver bullet."
Entersekt, like other security vendors, wants to add in such a security layer. In late March, the company formally hung out a shingle in the U.S. for Transakt, a mobile application used to both authenticate online banking customers and approve or deny customer transactions outside of the browser. To that end, the company uses Public Key Infrastructure (PKI) standards to create an out-of-band communication channel. Electronic certificates are deployed through Transakt to uniquely identify the hardware. In other words, the vendor combines out-of-band communication with two-factor authentication to fight against online banking fraud. Communication is encrypted between the bank and customer.
Entersekt's American home base is Atlanta, with Francois van Schoor, president of business development, at the helm.
The company's approach, according to van Schoor, is more secure than using a one-time password delivered on a key fob, for example. "No matter the token, you won't achieve anything if you enter the data into a compromised channel," he says.
A bank can customize Transakt, but the experience generally works like this: a person begins to sign into his online banking account by entering a user name and password. To complete the sign-on process, he must click accept — or reject as the case may be — on a pop-up screen displayed on his mobile device; thus providing his digital signature. The method can also be used to reject or approve individual customer transactions.
It's early sales days for the American market, but the young company has had a wild success story with one of its South African partners, Nedbank, one of the top four banks in South Africa.
About two years ago, Nedbank was looking to find a way to secure its mobile offerings and thwart off phishing attacks.
When Entersekt, then a team of fewer than 10, came to the bank, "it became very apparent their knowledge of security for the phone was what we were looking for," says Giles Needham-Clark, group strategy consultant in the mobile bank division of Nedbank.
Indeed, the timing was right. "It was fortuitous," Needham-Clark says. "We were in the mood to build a mobile security solution."
In 2012, the bank launched an Entersekt-powered transaction authentication system, called Approve-It, which replaced its one-time password-based system. Subsequently, it's introduced the Nedbank app suite, which is also powered by Entersekt. The app, which comes loaded with various widgets, is designed for all customers. "We customize what our clients see based on who they are," he says.
Shy of the security software existing in the market for a year, the bank said it is very pleased with the technology's results in curbing phishing attacks.
For the bank's clients, little education was needed. Needham-Clark largely credits that to how South Africans were used to receiving one-time passwords to authenticate purchases. "The switchover from SMS to pop-up is a small leap," he says. "Training was minimal."
Unlike South Africa, American consumers are less familiar with out-of-band authentication steps and may feel reticent to take on extra work, say analysts.
To date, most American banks offering such technology have seen only a low percentage of customers eager to take on the extra precaution, Aite's Inscoe says. What American banks most want, according to Inscoe, are added layers of security, such as device detection and behavioral analytics, that go unnoticed by consumers, with some exception for riskier transactions and small-business clients.
Entersekt is coming to a country with existing vendor options such as Authentify and Entrust.
Whatever a bank chooses to buy, its security job is far from ever finished, says Inscoe. In an upcoming report, her research reflects how call center fraud is rising as a result of stronger online banking, for example. "Every time a bank finds a way to protect itself, a fraudster is hard at work to escape detection," Inscoe says. "A bank makes an improvement, and a fraudster develops a different attack."