South African fintech startup Entersekt was born with a simple goal, to make the digital world a safer place in which to bank and shop.
Founded in Stellenbosch, Entersekt offers authentication systems for online and mobile banking services, with its flagship product Transakt enabling a one-touch user experience.
Avoiding one-time passwords or challenge questions, the authentication process involves a single touch in response to a pop-up verification request.
With little or no user education required, Transakt is simple but deadly effective. Available as an SDK or a stand-alone security app, downloadable from all major app stores, it is being used by financial services companies across the world to secure online and mobile banking, mobile money transfer, e-commerce, and call centre and in-branch interactions.
Thus, a startup from Stellenbosch is now a global enterprise, with offices in Atlanta, Amsterdam and Johannesburg. All from spotting a simple need.
Back in 2008, we realised that remote banking security was in desperate need of an overhaul,” Entersekt chief executive officer (CEO) Schalk Nolte told Disrupt Africa.
“Traditional approaches to securing the online and mobile channels were being compromised. The scale of breaches was not yet unmanageable for banks, but it was only a matter of time before cybercrime spiked and did serious damage to the relationships banks have with their customers.”
Though part of the problem was complacency, a feeling that established techniques like one-time passwords or device fingerprinting only needed minor adjustments to keep fraudsters at bay, the industry was also suffering from a lack of new ideas.
Entersekt came up with one such idea, using the ubiquitous mobile phone.
“It’s in your pocket; it’s in billions of pockets. And its capabilities grow with each new handset. The potential is huge,” Nolte said.
“We believe that if you can resolve trust issues through security on the device, through solid digital certificate technology and other techniques, the channel will become as transformative as any we have known. You should be able to do everything through your mobile device, and Entersekt is adamant that you will.”
The company has seen these ideas validated in the years that have passed since, with consumer identity management moving wholesale to the mobile device. Regulators globally warn of the risks of using SMS to authenticate users, while one-time passwords are deemed ineffective. Gartner predicts that push-based authentication will be the dominant approach to user verification, claiming 60 per cent of the market, in the next few years.
Entersekt, then, is ahead of the game.
“In Africa, I think we are very well poised to take advantage of the massive opportunities in this market. We have the patents and world-first launches to prove we are the global leader in next-generation authentication. Our customers know that they will be kept ahead of the fraud curve by partnering with us,” Nolte said.
Becoming the de facto standard in South Africa, with most of the large banks using Entersekt products, was made easier by the fact many vendors seem hesitant to enter Africa in the first place, or do not see the massive opportunities in Africa’s mobile revolution. Nolte said Entersekt does see these opportunities.
“We also understand the unique challenges African banks and payments providers face and have engineered solutions specifically to address these, whether it be push-USSD-based authentication for green-screen phones, SIM-swap detection, protocols that ensure our software works on poor networks, or support for authenticated collections,” he said.
Outside of South Africa, however, the competition is stronger, with the company coming up against some “behemoths, heavyweights with long-established brands” as it expands. But Nolte said Entersekt’s technology is still a couple of years ahead of even these larger competitors.
“More importantly, it’s ahead of the fraudsters, so our customers have been, and continue to be, protected,” he said. “Many vendors still peddle the same old techniques dressed up in new jargon. And with our focus on R&D, I have no reason to think we won’t maintain our lead in mobile-based authentication and app security. We have gone up against some of these companies before and won. We’ll do it again and again.”
The startup has some tough beginnings, with the founders fresh graduates of Stellenbosch University with little business knowledge and no collateral. However, help was at hand from Ramzi Mansour of Carita Investments, who Nolte had known for some years, who helped Entersekt launch as a going concern. He now chairs the company’s board.
The first Entersekt customer was Nedbank, which went live in 2011 in what Nolte calls a “world-first application of interactive out-of-band transaction authentication”. Entersekt obtained its first international customer, Swisscard, in 2014, and in the same year reached a million active end-users and was granted our first patents by the United States Patent and Trademark Office.
Today, the company secures over 50 million authentications every month in South Africa alone, but it is no longer simply a regional player.
“After going live with our current deployments, we will be present in 45 countries. Most of these are in Africa, which is a priority market for us, but we have multiple installations in the United Kingdom, Switzerland, Germany and the United States. The pipeline is very strong, with a lot also happening in the Middle East and Gulf states,” Nolte said.
Aside from territorial expansion, Entersekt is also entering new verticals, such as insurance and healthcare.
“Our core focus, however, remains financial services and payments. Exciting new products are in development, so we are confident that our solution set will remain a compelling answer to a number of questions enterprises have about the potential of mobile technology to draw their customers closer,” Nolte said.
The company’s revenue derives from annual per user subscriptions built around a Software as a Service (SaaS) model, with Entersekt’s profits meaning it does not require funding to sustain itself. It is seeing growth of 100 per cent year-on-year in dollar terms.
“That said, we want to make the most of a storm of opportunities in the global market,” Nolte said.
“In order to accelerate beyond our very healthy organic growth, we are talking to venture capital and private equity firms about capital to expand into new markets. Many financial institutions will be making buying decisions over the next three years as they look to expand their mobile banking services.”
Though the company’s products are now very mature, with good references, looking back Nolte said Entersekt’s biggest challenge was convincing banks to go with an entirely new approach to authentication, as well as the untested startup that was promoting it.
“Our focus has been on large financial institutions, and they are by nature conservative. Risk, quite appropriately, is anathema,” he said.
“Our technology is built on open standards and architected for easy integration into banks’ often complex backend systems, so information security technicians often become our champions. Still, decisions involve a number of divisions and very careful assessments of the impact on staff and customers. The sales cycle can become quite drawn out as a result.”
Entersekt found this in South Africa, until Nedbank took a leap of faith, and the pattern is repeating in every new market it enters.
“Prospects in North America and Europe may find what you’re selling exciting, but they want a strong customer reference in their own territories before committing – a competitor of theirs that goes there first. When a bank does sign, a lot then falls into place,” Nolte said.