By Carolyn Badaracco

Atlanta-based authentication company Entersekt focuses on stopping financial scams. “We protect financial services’ customers. So, for banks and credit unions, when their customers do Zelle transfers or log onto any of their digital banking services,” said CEO Schalk Nolte.

Nolte started Entersekt 16 years ago in South Africa, and today, from Atlanta headquarters, the company’s software serves more than 1,100 banks and financial service providers around the globe.

“It’s a scary world, and it’s getting even more so,” Nolte said about 50 scams he’s seeing at present. “As things become more complex, it’s harder and harder for financial services providers to protect their customers — in fact, it’s probably even impossible.”

Enter Entersekt.

Georgia Insider sat down with Nolte to learn more about the company’s pioneering of push authentication and its vital position within the fintech industry today.

GI: Tell us how Entersekt came about, and how your background played into where you sit today as CEO.

Nolte: I started in electrical engineering, and afterwards, I received a bursary (a non-repayable sum of money awarded to a student to help cover educational expenses) from Telco Electronics. So I was doing expert work at some interesting places around the planet.

The concept for Entersekt started when my brother and some of his classmates were at university, and I got involved. One of the guy’s family members fell victim to phishing, where you click on the wrong link, and we were wondering at that stage [why] the banks were forcing you to download malware protection. In South Africa, they were sending SMS OTPs [one-time passcodes] per transaction for close to 20 years.

So, if you are doing exactly what the bank says you should do to protect yourself and still you can fall victim, clearly the system is not working, or the technology is not working. And we looked at this and thought maybe the answer was very simple: reach out to the customer and ask them in real-time, “Is this really what you want to do?”

We came up with what’s now called push authentication [a two-factor authentication method that sends a real-time notification to a user’s registered device to approve or deny a log-in request]. We got global patents and did the world’s first launch.

Since I had work experience, I wrote a business plan, found funding, and we started the company. And so I started in this position from scratch.

GI: There’s constant positive development with AI today that’s helping businesses on all fronts, including in the fintech sector. But is AI also helping criminals on the flip side?

Nolte: The answer is definitely yes.

In August and September of last year, OpenAI CEO Sam Altman said that AI had already defeated all authentication mechanisms except for passwords. This was many months ago and things are moving very quickly now.

But I think it’s not entirely accurate. I think what he was referring to is biometrics.

The thing with AI is that there are probably 50 types of attacks now. So, [scams] that used to be fringe, that used to be hard to actually do, are becoming mainstream now.

AI has democratized [financial] types of attacks. And the problem is, these people are trying to get into a bank. And you typically see a graph of attack types and then all of a sudden you see something new. So very quickly, you may see 5% [of these scams] one month and the next month it’s like a hammer.

Criminals try and find a weakness, and then go after an FI [financial institution].

In addition, today, anything that can be copied and captured and recorded can be replayed. There’s a stat that says it only takes three seconds of your voice for AI to be able to mimic you. And this doesn’t happen purely in financial services.

One scam in our sector goes like this: your child calls you and says, “Hey, Mom, I’ve been arrested for DUI. I’m fine, but I’m in jail. Please speak to my lawyer.”

Only, it’s not your child. The criminals just found three seconds of their voice somewhere and replicated it.

Another we see is where a fraudster calls a customer and has a conversation and uses the conversation to record the voice. Then, they use that to call the bank, get past the IVR [Interactive Voice Response] and clean them out.

So again, it’s a scary world, but so far we’ve seen that the fundamentals have not changed. The problem is that humans are the weak link. And now, it’s just easier to get past that.

We see the strangest things that criminals play on today, such as people’s willingness to help. I heard recently that a customer was called by “the bank,” and it was actually a fraudster and they said, “Listen, we’re testing our new system. We’re going to send you a message. Don’t worry what it says, just accept the message and we’ll see if it works.”

And so the message said, “Do you want to transfer $200,000?” and the person who said “Sure, I’ll help,” pressed “Accept,” and the money’s gone.

It’s a scary world.

But at the heart of it are fundamentals. So what Entersekt has done is built a system that can protect the customer from themselves. Because certainly sometimes, you shouldn’t allow them to say “yes.”

GI: Is there something most businesses don’t realize about safety in digital banking today?

Nolte: Yes, and it’s probably the industry’s fault because this is a noisy space. You’ve probably heard of behavioral biometrics and behavioral analytics, and then there’s FIDO or pass keys. There’s push authentication, SMS OTPs and all these other things.

Well, every single firm that [offers one of these services] says it solves the problem. But with the world we live in now, nothing does. There is no silver bullet.

It’s like saying that broad-spectrum antibiotics work for everything when they’re actually only good for bacteria, but not if you have a virus. And I think we are now in equivalent terms with the scams out there. So you need a system that actually knows what to do and when.

It’s becoming equally complex in terms of protecting your customer base. So, in a noisy space where a lot of people back one player, technology-wise, that’s no longer good enough. Because simply one single type of solution might be good at one thing and not good at another.

Let’s [consider] push authentication, which is where we started at Entersekt. It’s very strong against account takeover, and not so much against social engineering.

So, for example, if the customer is on a call with a scamster who says, “Just say yes to this text message,” they want to do it. Or, if you think your daughter is being held ransom, you’re going to make that payment.

In these cases, you need behavioral analytics to determine if this customer is actually on the call. Are they being manipulated? And where is this money going to?

So you need a much more complex system that considers all these types of things. But the industry is not yet informed, which leads to a lot of losses that can be avoided.

GI: What plans do you have for the future of Entersekt and the services you offer to help prevent digital financial fraud?

Nolte: It’s a really interesting time in terms of the entire industry. AI is changing the way people do business, and it’s changing the way companies [operate].

So, we’ve been working for the past four years on tying the worlds of banking authentication and payments authentication together — [where] e-commerce and banking are actually handled by the same person. But many banks have completely separate systems.

We’re super excited about the system we’ve built, which has been gathering two sides of the coin in terms of data … to paint a picture of what is usual behavior for [an individual]. And our ultimate goal is to leverage what we can see on the authentication side to make commerce easy and leverage what we can see on the commerce side to make banking safer.

In other words, if you’ve done a transaction on a device, the e-commerce side, we should know that and use that to make you safer when you bank next, and the other way around.

The modes that the industry used to use in the past are disappearing. Yet, data and data modes and the things we see are phenomenal. And actually, what that means is that AI will allow us to prototype and leverage a lot of these things faster and wider. 

GI: What have you found in Georgia in terms of the talent pool?

Nolte: There are so many influential people and movers and shakers in the industry here, but it’s strange because you often meet them at a conference on the West Coast and find out that somebody is your neighbor.

The talent in Atlanta, specifically. It is very, very strong. And when we moved here, we had staff in 23 countries.

So, finding people who have actually dealt with such global organizations is not that common, and you do find them here. It is a very strong market where you can find both capital and the experienced level of talent that has done this before and scaled before.

GI: What would you say to the new person who’s looking to get into this space today?

Nolte: I think the answer is that this is a really exciting space and [where] you can make a real difference. But it’s not easy selling to large organizations. It is not easy to be in a market and an environment where trust is what you trade in.

In a place where your name is unknown, to be able to have the currency — trust — is quite a steep hurdle to get over. So, you have to get with the right partners and get the right experience and capital and board members behind you that can assist you in raising that level of trust or perceived trust.

Technology is one part, but this industry is a conservative industry where banks need to know that a company is going to be around in the years to come, because I’m going to change the way my customers are interfacing with me.

You have to compete against the age-old saying, “Nobody ever gets fired for buying IBM.”

That’s the reality. Conservativeness is applauded in this industry.

It is tough to get across that barrier. You have to [assure financial institutions that you have ]the right credentials, especially if you don’t have the age or references yet.

GI: In closing, why is Atlanta a solid home base for you and Entersekt?

Nolte: I think it’s a hidden gem for financial services. Eighty percent of all card transactions in the U.S. are processed in Atlanta. For us, the added benefit was access to talent and new business.

So, starting in South Africa and then in Europe, that meant that the East Coast has a strong travel time-zone overlap. And obviously, with Delta, you can get to most places in the world from the airport here.

It’s also not as expensive, and it’s a good lifestyle.