November 20, 2015
Earlier this year, the LTP team covered news on Early Warning, a leading player in fraud prevention and risk management, announcing an acquisition of Authentify Inc., a leading player in phone-based, multi-factor authentication solutions. This acquisition enables Early Warning to offer organizations digital multi-factor authentication and the ability to integrate, manage and prioritize multiple digital channel authentication methods via one platform, reducing fraud and risk while improving the consumer experience. Both Early Warning and Authentify, along with Payfone and BioCatch (other Early Warning strategic alliances) have been featured in our LTP9 Online Fraud & Authentication canvas report.
Early Warning and clearXchange came together to meet LTP co-founder Amit Goel at the Money20/20 conference to share their experience of collaborating together to lead the industry and speak about the trends in authentication and other hot topics like P2P payments and APIs.
Amit had the pleasure of speaking with Lou Anne Alexander, Chief Market Development Officer at Early Warning, Peter Tapling, now vice president of Authentication Solutions for Early Warning and former President and CEO of Authentify (acquired by Early Warning), and Mike Kennedy, CEO of clearXchange (announced acquisition by Early Warning).
The conversation started with Lou Anne sharing the reasoning behind the phone-based approach and the benefits that collaboration with Authentify and Payfone brought to the table.
Our mobile strategy is related to the fact that many of our customers have mobile-first strategies themselves. Some of the capabilities that you can offer on this type of device, you can't do any other place. Our alliance with Payfone provides us the exclusive ability to offer financial service organizations real-time connectivity to the Mobile Network Operators. With the acquisition of Authentify, we can now also offer a platform and flexibility as new authentication services become available. Whether those are biometric or other services...that we haven’t even thought about.
Peter joined the conversation adding an interesting example of the way the industry is shaped and moving, saying, As banks said they are moving to mobile, they needed more help doing that. If you talk to bankers they can do one or two, maybe three projects a year. And when they pick up the project it will be 18 (fastest) to 36 months before they can get something to the market. If you look at authentication, it's moving so quickly. Take fingerprint as an example. Even if you do fingerprints in a mobile app, you have to do iPhone 5S, Android, Samsung, LG, HTC, and seven more integrations before you can say you support a fingerprint. And now when an end user chooses to use one, the bank has a profiling issue on the back end.
Moving to the solution that Early Warning now provides as the Authentify Platform and the way the platform works, Peter shared his insights on the 2FA solution widely used in the industry. Peter also shared with Amit how he started in the industry 20 years ago to get to the leadership position now.
We built our mobile capability known as Authentify XFA [X-factor authentication]. I was an authentication guy who spent 20 years with a single bullet in my gun: I showed up at somebody`s doorstep and said ‘I’ve got one of these’. I had a ‘thing’ and was really hoping that my ‘thing’ could solve the problem banks had. With XFA we relieved clients from the requirement to integrate for every single capability. There is a platform (think of it as free), with which you are going to integrate. And on the back end of the platform there are 18 different authentication capabilities. Pick whichever one you need to close the risk gap for any given transaction. Authentication via mobile network operator intelligence is on the no-touch side of this. One of the great things about using this form of no touch mobile authentication is that just by opening the app, I can still do some level of authentication, - I can check whether it's a good phone, a good network, did it change status since the last time I saw it, and so on.
Peter further elaborated on the capabilities that the Authentify Platform offers, and they are quite impressive.
With the Authentify Platform all authentication capabilities are built-in. Our heritage is in secure messaging, so we can certainly send a secure message at a very low cost (charged per user per year). The end user can respond to a simple yes/no challenge, they can enter data. For commercial banking the bank can ask the end user to enter the last four digits of the destination for this transaction. Things like this help banks to better manage risk, better insure that the customers are sending money to the right place.
Part of the Authentify Platform is the ability to anonymously share information about activities related to a particular mobile device. So within the platform infrastructure we have something called a relationship. If you establish a relationship with Chase, eBay and Bank of America - these three don't know about each other and we are not sharing any information through the platform; we just know that they are all connected. So Bank of America says that this particular device is wobbling, I am going to shut down this relationship and make the guy restart the relationship. And then Chase says that it has a login from this device. I can't stop the login, but I can give a piece of risk information saying that someone else in the network just shut this device off for a suspected fraud, so you may want to think about it.
Going back to the days before the acquisition, Peter explained the challenges of selling this sort of collaboration.
The next topic was related to the customer base of Authentify and, in particular, non-banking customers. Patiently answering the questions, Peter said, Prior to becoming part of Early Warning, we were not strictly focused on selling to financial services. We have 40% of our customer base which are non-banks. Probably 30% is e-commerce (Amazon, eBay, DocuSign, Yelp). And then we have another segment that is called commercial authentication. Authentication is a horizontal thing, you have to authenticate to get into your corporate network. In that horizontal authentication space we sell to enterprises. Right now, we are doing a lot of token replacement projects. In the server certificate space, if you want to start your own flower shop and have an e-commerce presence and get an e-server certificate, you almost can't get it without going through Authentify. Symantec, Thawte, Comodo, GeoTrust, all of them go through the Authentify process as a part of the authentication process for issuing a certificate. It's our intent to continue marketing the authentication process horizontally.
Lou Anne added to the topic sharing her experience in the industry and how banks’ strategies for balancing financial loss tolerance with customer experience has changed, Part of our strategy is to gather information from financial services companies, telecommunications companies, and government entities, so that we can triangulate that information to better understand whether you are who you say you are. It is interesting that when I started in fraud back in the 1990s, most loss managers asked for tools that ‘Give me any reason to stop and investigate this transaction’. Today, our Banks are asking for tools that ‘Help me approve all transactions that I can, so I don't create a bad experience for my customer. Most would rather lose a little bit of money but still have a great customer experience’. We see a massive shift in the whole industry to doing the security very passively, in the back end. It is only in those instances where either the transaction risk is so high, that I can’t identify the device, I can’t positively identify the individual, then maybe I’ll ask the customer to take some additional action to authenticate themselves. Most banks are implementing this layered security and risk management throughout their banking systems,
Another interesting topic that was touched upon was the hot sector of P2P transactions, where the LTP team has an extensive experience. And at this point the conversation shifted to clearXchange with CEO Mike Kennedy taking the lead. Three leading companies coming together gave clearXchange an opportunity to add the banks’ network to the clients’ portfolios. However, there is a lot more than that, and here’s Mike explaining in his own words:
Having more banks as clients is a nice side benefit. We have looked at the industry leading digital payments platform, fraud, authentication, risk management platform, and thought of how much better we could get by combining them. In particular, as we looked to faster payments, real-time payments, that is something we have in market and are actively expanding. We have less time before we make funds available to a recipient, to make sure that you do have the authentication and risk management. Early Warning is a leader in that space, so it enhances our real time platform. We have personal payments among our services today, and we also have corporate and government disbursements. Early Warning has real-time check deposit capabilities, and next year we are also launching a real-time bill pay. So now we can expand the suite of products and all with real time funds availability, it really is a nice suite of products we can provide to the banks.
Continuing on the matter of real-time payments, which is a pain-point for American customers (some of the other countries like India and UK have already introduced the highly enjoyable service of a real-time interbank transaction), Mike said, As we announced a couple months ago, clearXchange has a real-time payment system. With banks, half of our payments are done in real-time already. Banks are launching real-time cross-bank payments in the first quarter [of 2016] utilizing clearXchange. Combining that with Early Warning enhances that system, and allows application to more use cases.
Going back to the benefit of expanding the customer base, Mike added, That does help the bank with customer base expansion. We have customers of over 7,500 banks utilizing the network, either through clearXchange.com or through direct connections. We can expand that number due to direct connections by utilizing Early Warning and their 1100 direct bank connections.
Another very interesting topic Amit started was related to the biometrics as a player for authentication. Being a hot topic lately in the FinTech space, it is interesting to understand how market leaders in authentication see the service. Peter took the question and shared his experience and insights in the matter. [SG1]
Authentify has been doing biometrics since 2002 and I have been involved with biometric technologies since the 1990s. In 2003-2005 there was a lot of interest from banks in biometrics, and they were looking for a singular authenticator and were rarely successful. All biometrics are statistical, which means there is a one in X chance that it's not going to work. It’s called the error rate. If you have 10 million customers, and your error rate is 1% that means one hundred thousand people won't have a good experience. One tenth of a percent means ten thousand wont have a good experience. It is still a really big number for a really tiny error rate. As a result, nobody back then thought of biometrics as a second factor authentication. We are looking at biometrics as part of a risk managed multi-factor authentication strategy.
Peter gave us reasons biometrics are more successful now, saying, Biometrics are much more successful now for two reasons. One is if you are going to accept the connection from anyone anywhere on the planet, you will not know where that is. But they will try to test the biometric. Once you get a mobile device that I know I can trust, now I am capturing the biometric from one place. But it is still statistical and you need to layer it with other things. The good thing about authentication, and this is why you do layered authentication, is that your risk of failure goes down with each authenticator you add. However, there is another problem with biometrics. It's one thing for a company to tell their employees to give a driver's license, give a hand print and do an eye scan, etc, but it’s another thing for payments. It's too hard; we as consumers are not going to jump through too many hoops to make a payment. In addition, customers have preferences. Turns out women don't like face biometrics! They don't like seeing that picture of themselves on Saturday morning to authenticate to the bank. So you can't pick one authenticator and force it on everybody. Consumers will naturally gravitate to the things that are most convenient. You see a ton of fingerprint because it is really convenient. But it was not made cool by the banking institutions; it was made cool by Samsung and Apple. There was a consumer study where people were asked if they would use a biometric for payments. And the positive responses rate was very low - 1-3% for 4-5 years in a row. iPhone comes out with a fingerprint reader, that number immediately goes up to 15% in the next year. It was made cool by others. Our job is to make a platform that will make it very easy for the banks to consume it.
One of the last discussions was related to the competition in the market and other companies being in the space. Being a market leader requires being a step ahead of everyone and a having unique offering, which this alliance certainly has. Amit brought up examples of other P2P payments solutions by Popmoney, Venmo, Google Wallet and all other existing FinTech players in the market that banks are used to relying on. We recently covered an interesting topic on the way banking is regaining control over authentication and payments overall. Mike shared his thoughts on the topic, saying, The research shows that the customer really cares only about the customer experience and security. And I think because of the size and the scale of our network and because of our focus on customer experience and security, we can offer a fantastic customer experience and security. And now we layer this acquisition on top of it. I don't think anyone can compete with what we have to offer. And because of that, banks will want to continue to utilize clearXchange as a solution. We have always had a lot of inquiries but now we get even more because we have a very clear leader combination of customer experience and security.
Logically, such a strong alliance is not very concerned about the social media giant Facebook tapping into the space. Mike explained why they are not worried about it, We are not worried because of the amount of cash and checks out there and the trillion dollars of p2p payments along with $3 trillion of disbursements. The main reason people aren't doing p2p payments is awareness. We are going after cash and check, so we are less worried about other digital competitors. We want to make people more aware that you can do this type of payments electronically instead of writing a check. People have shared that when they want to make a financial transaction, they think of their bank, they are using mobile banking and the p2p offering capability. They don't think of third-party social media to do payments; they think of banks. As long as we can spread awareness that there are more options to do p2p payments and that you can do digital payments instead of writing a check, it will naturally increase the amount of awareness.
And the last but not the least important topic is APIs. Being a controversial subject, the question of open APIs couldn't been left aside. Amit asked Mike whether the company is thinking of exposing the APIs to the startups to let them build on top of the company has.
We expose our API system to the banks when they join our network. At this point we are focused on delivering the service to the banks so that we can have the most robust and secure network available. In the future we may look at opening our APIs more broadly, but at this point we are exposing them to the banks who are the part of the network, said Mike.
About Early Warning
Early Warning provides risk management solutions to a diverse network of 2,300 financial institutions, government entities and payment companies, enabling businesses and consumers to transact securely and conveniently. Owned and governed by Bank of America, BB&T, Capital One, JPMorgan Chase and Wells Fargo, Early Warning’s unique business model facilitates a data exchange system based on collaborative, shared intelligence. For 25 years, the company has worked with organizations of all sizes to advance collaborative risk management and fraud prevention. For more information please visit .
Founded in 2011 and based in San Francisco, clearXchange is the largest bank-offered digital payments network in the U.S. clearXchange enables financial institutions to offer easy, safe and convenient person-to-person, business-to-consumer, and government-to-consumer payments. With only the recipient’s mobile number or email address, customers can send funds directly from their bank account to the recipient’s bank account without requiring sensitive account information. Used by customers of over 7,500 banks and with direct connections to five of the six largest banks in the U.S. and multiple regional financial institutions. Membership is open to banks and credit unions of all sizes. Consumers with a bank account at any financial institution in the U.S. can access the network through clearXchange’s website. For more information, visit.