Beyond HumanBig PictureCatalystsConnected WorldExchangeMarketing MixNew MoneyNew SchoolPeople SciencePulse

Encap: how to turn your smartphone into an authentication tool

two factors authentication two factors authentication
Photo credit:

Edwin Sarmiento

So much speedier and safer than key fobs and card readers.

Online banking depends on users identifying themselves correctly. Which is why most banks start with a password and PIN, but then also demand that users enter some kind of extra info into a key fob or card reader.

That’s fine. To a point.

But now that millions of customers have moved to digital banking, many of them via mobile, the numbers don’t add up.

According to a recent study by Encap, it can cost $202,000 to make one time password hardware. But this can be reduced to $9,000 by switching to a software-based solution.

In fact Encap spotted this trend early. In 2006, two DnB Norway bank employees decided to found Encap as an alternative to SIM-based ID solutions. Instead they would build a system that used the mobile phone to identify users.

Today the company has 10 partners in Europe and is expanding across the US.

Hot Topics met its CEO Thomas Bostrøm Jørgensen

So, what is wrong with text messages, PIN codes and tokens? Why do we need a new tool to secure our payments online?

The problem is that these authentication solutions were designed for the enterprise. An enterprise grade technology is made to support up to to 15,000 users, but now it needs to be scaled to hundreds of millions.

A key fob is great if you are sitting in front of a computer. You can take it out, type your PIN-code and you will have your one-time password on your computer. But the emergence of mobile has broken this paradigm.

What is different about your solution?

It’s based on three things: something you have, something you know and someone you are.

Encap captures a device’s identity and allows customers to use this as the ‘something you have’.  It runs on any device, whether it is Android or Apple, and is independent from operators SIM-cards.

We then layer on top a password or a PIN and that is the ‘something you know’. We can also use any biometric that is natively available on the device, like Touch ID, for example. That’s the ‘something you are’.

Instead of providing an app, we provide an API that our customers can build in an app. This means that customers can do everything they need within the app, and they never have to leave it to do any security operations.

It’s so much easier to use. After switching from fobs to Encap, our clients practically eradicate their customer support service: the number of phone calls about authentication goes down to about five for every 10,000 users.

But Encap is not only about authentication, is it?

It’s also about security. A component called app-defender acts as a security layer that protects the app against malware. We assume the application is running in a hostile environment and if the malware tries to intrude or inject itself then we shut it down, like a bodyguard.

Encap is also a digital signature. To turn your device into a legal writing pen to sign documents, you have to go to other places and buy expensive SIM-based solutions. We can replace it with a software component that allows users to generate cryptography keys directly on their smartphones and tablets.

How do you plan to scale for millions of users?

As an organization, you want all your customers to be able to use your app. If you start fragmenting the audience, and say that only iOS users can run it for example, you limit your reach.

Encap can scale to all consumers looking to use financial services. That’s unique. Basically, we don’t see anyone else on the market taking that approach.

What do you think about Apple Pay?

If there is one thing I know, it is that mobile payments is the hardest game in town. Tens of billions have been invested in it, yet how many companies have emerged from all that investment?

Google tried it – they failed massively. I would say that Apple’s move is one more step towards mobile payments becoming mainstream. However, it will take a long time.

What are your plans for future growth?

The US market is interesting, because it’s massively under-served. American banks typically use passwords and a very limited functionality on mobile and tablets.

We’re doing something about that. We have been heavily investing in the US market for the last 12 months, we opened our subsidiary there and now we’re about to start closing major deals.