SDigitalOcean – cloud hosting, built for startups and developers; Helping startups take their ideas to the next level!

Entersekt Delivers Banking-Grade App Security And Authentication That Wins On Usability

Entersekt, founded in 2010, is an authentication company that provides world-leading solutions. With customers on three continents, the company currently protects over 12 million banking end users and millions of daily transactions. Entersekt provides a security solution that enables financial institutions to unlock the full potential of the online and mobile channels.

Below is our interview with Schalk Nolte, CEO of Entersekt:

Schalk Nolte

Q: Who are the primary users of Entersekt solutions and what are some of the key challenges you are helping them solve?

A: Entersekt’s system is used by financial service providers to secure their online and mobile platforms, but it can also be used for online shopping, employee logins within a company’s network, and even app logins. We were the first in the world to employ a user’s mobile device to uniquely identify that user for authentication purposes. Our technology creates a secure channel for communication between the user’s device and our client’s service – a channel that is impervious to man-in-the-middle attacks, SIM swap attacks, replay attacks, brute force, and various other attack vectors. By contrast, as is becoming increasingly evident, traditional security measures such as one-time passwords (OTPs) and virtual keyboards do not protect against these fraud tactics.

Entersekt FeaturedRecommended: ReadyCloud Brings CRM to Your Ecommerce World

Q: Could you explain the most prominent advantages of Entersekt’s security technology?

A: Entersekt’s technology uses digital certificates to identify both the service provider and the user’s mobile device, and these certificates are not tied to the user’s SIM card or phone number, so the user is not vulnerable through this attack conduit. All communication between the service provider and the user is also encrypted end to end. Our solution enables a quick and frictionless user experience with no inconvenient hardware tokens or sending of OTPs. Our proven track record is also one of our biggest competitive advantages.

Entersekt MobileRecommended: Quadric Software Delivers Enterprise Backup And DR Solutions For XenServer, Hyper-V, And Windows Servers

Q: What are your plans for the next six months?

A: We will be expanding our global presence significantly, including increasing our footprint in Europe and the US. In terms of technology, we will be working closely with our payments network partners and banking clients to enable a seamless mobile payment experience built on our best-of-breed security framework.

Entersekt Secure PaymentRecommended: IIBA Announces New Opportunities And Connecting With Organizations To Help Businesses Achieve Better Outcomes

Q: More generally, how do you see the app security landscape developing, and where do you place yourself in the industry?

A: In terms of security technology, we are a world leader. We own more than 20 patent families in countries all over the world, including US 8,707,029 “Mobile Handset Identification and Communication Authentication” and US 8,862,097 “Secure Transaction Authentication”. Other vendors with superficially similar solutions have two security zones: messages are decrypted and re-encrypted in their cloud infrastructure, significantly lowering the trust of the validated connection. Our architecture, on the other hand, is designed in such a manner that all connections from mobile apps to the server at the service provider’s premises are fully encrypted over mutually validated links. Therefore, even though messages traverse the cloud, the end-to-end encryption principle holds true, and the end user is the only one who can read and respond to requests from the service provider.

Mobile is becoming a favourite of fraudsters, and global regulations on security are evolving accordingly. For example, the New York State Department of Financial Services (DFS) is in the process of developing cybersecurity requirements for all financial service providers. According to the latest draft, one of the requirements will be that banks and similar institutions must have procedures in place for testing the security of externally developed applications. Regulatory authorities are starting to take security seriously, and soon half-baked strategies will not pass their tests. Our best advice to a bank is to partner with an experienced security supplier.

Activate Social Media: