Fast-growing transaction authentication innovator Entersekt is an increasingly powerful catalyst for change in online security, both in South Africa and other parts of the world. Founded in 2008 by graduates of the University of Stellenbosch, the software provider is one of the country’s recent entrepreneurial success stories. Headquartered in the Cape Winelands, it employs over 60 people and has offices in the USA and Europe. Over 1.3 million people actively use its software products.
Last week, Entersekt’s CEO Schalk Nolte took time out to talk to Payments Afrika about the company, its successes and his take on where online security in the payments industry is going. We start out looking back five years. The rapid growth of online networks and services, and the consequent increase in the risk of unauthorised access and theft, led Entersekt’s founders to realise that users could no longer rely on the password for protection. Nolte points out that passwords cannot guarantee your identity: if your login credentials are stolen, they can be used by anyone. Even the one-time password, used by banks around the world, is no longer effective in the fight against fraudsters. Media stories of malware-infected computers, sophisticated phishing attacks, SIM swaps, and other kinds of fraud prove this every day.
The challenge was to build a secure new channel for communication and mutual authentication between enterprise and customer, one that avoided the vulnerable Internet browser. Entersekt was also adamant that the system had to be as user friendly as it was secure.
In 2010, Entersekt launched its patented Transakt product. This mobile app, available for hundreds of devices on all mobile platforms, is used to install industry-standard X.509 certificates on individual mobile devices, uniquely identifying them and their owners. The digital certificates are also used to sign transaction verification requests pushed to the user’s mobile device by a bank or other online service provider, and to encrypt all communication between the parties concerned. Moving beyond the compromised one-time password approach to user verification, this transaction verification system simply requires the online banking user or shopper to Accept or Reject, with one click, in real-time, any authorization request to access his or her accounts.
Entersekt has expressly designed solutions for banks, and the financial services industry is where it has enjoyed its greatest success. Entersekt’s clients include four out of the six top banking institutions in South Africa. Nolte credits the South African banking industry’s forward-looking approach to advanced technology for Entersekt’s success. “It allows us to stay ahead of the curve. There is nothing else on the market like what we have to offer, here or abroad.”
Nedbank’s Approve-It self-service banking security feature is based on the Transakt product from Entersekt. The bank recently announced that, since the introduction of Approve-It in early 2012, phishing losses have been reduced by over 99%, with more than $3 billion in online transactions processed. Nedbank continues using Entersekt’s technology as a platform on which to build new, highly secure self-service products. Transakt allows a wide range of applications to be secured – from mobile and Internet banking, online credit card transactions and POS card payments to text messaging, mobile browsing and corporate access.
Nolte believes that the future of online security lies in empowering the user. Bank customers want to be involved in protecting their accounts, and Entersekt’s technology helps them to do this. “Everything is moving to mobile phone and other personal devices,” Nolte points out. “Banking applications are supplanting other banking channels, so security is increasingly about giving the user control – enabling them to confirm their identity before transactions are performed.”
The bottom line is that consumers are demanding increased control and greater ease of use when it comes to online security. A company like Entersekt can assist the payments industry reconcile these two sometimes opposing principles, while guaranteeing protection from account takeover fraud.
