The Connector.
The Connector.
The Connector Podcast - nextAuth
Join the conversation with Roel Peeters from nextAuth. He talks about user authentication and the latest innovation that combines UX and the highest security level: Mobile passwordless multi-factor authentication and e-signature solutions.
Thank you for tuning into our podcast about global trends in the FinTech industry.
Check out our podcast channel.
Learn more about The Connector.
Follow us on LinkedIn.
Cheers
Koen Vanderhoydonk
koen.vanderhoydonk@jointheconnector.com
#FinTech #RegTech #Scaleup #WealthTech
Speaker 1 0:01
Welcome to the connector podcast, an ongoing conversation connecting fintechs banks and regulators worldwide. Join CEO and founder, Koen Vanderhoydonk, as you learn more about the latest available trends and solutions in the markets.
Koen Vanderhoydonk 0:20
Welcome to another connector episodes. And today I've got with me, Lou Hooven. Next odd. What is it? What is your company all about?
Roel Peeters 0:29
Hello Koen. So nextAuth is about user authentication. And we started this company while we were still at the university, and we were looking into what banks were doing at that time.
Koen Vanderhoydonk 0:42
Oh, interesting. That's really a topic for for the podcast today.
Roel Peeters 0:47
Yes. So we thought we could do better. And that is why we started the company.
Koen Vanderhoydonk 0:52
And in words, which perspective Could you do better for a bank.
Roel Peeters 0:57
So we think we can do better in terms of security, but also in terms of user friendliness, making sure that there is no friction for a user. So it's very easy for a user to log in that you also have like the highest level of security you can possibly get with a mobile device.
Koen Vanderhoydonk 1:13
So we literally in the domain of logging in. So authentication while logging and
Unknown Speaker 1:18
logging in
Koen Vanderhoydonk 1:20
is signatures, all that the whole shebang. And interesting, as you said, you're a spinoff from a university. That's not the typical route for a Fintech startup. So what did that mean for you guys.
Roel Peeters 1:33
So that means coming from academia, instead of industry that we are actually 10 years ahead of what is happening in industry. So actually many cool technologies that we can incorporate directly into our product. But also, it gives us still a lifeline to what is actually happening in research. And if we see cool things, we pick it up and we integrated.
Koen Vanderhoydonk 1:57
That's, it also is a very bold statement, and many of us probably know what it means to be, or to have the benefit of being the first mover. Does that also apply to you?
Roel Peeters 2:09
I wouldn't say we are the first mover per se, but we are one of the first movers. So I think there is about five to 10 companies in the world that work on our level. It's very interesting, and also sometimes is a bit of a disadvantage. Because to really tell the difference between you and other companies, you have to go very deep, very technical. And yeah, sometimes that works. Sometimes that's a bit challenge.
Koen Vanderhoydonk 2:40
And you say there's about five other companies worldwide. Are you like in contact with them? Are you like in competition with them? How does that work?
Roel Peeters 2:50
Yeah, so there is some other companies that work on similar things. But they are not located in Europe. So that's an advantage for us. And I would say the market is big enough for everyone. So I don't really see an issue that
Koen Vanderhoydonk 3:06
makes sense. So you guys are into the mobile passwordless multi factor authentication. That's a mouthful. And that can enhance the user experience. But how does that enhance compared to the more traditional authentication methods?
Roel Peeters 3:22
So for starters, you don't have to put in a username and a password anymore. So while
Koen Vanderhoydonk 3:27
that's already a start, so what does that mean? So no username, no password?
Roel Peeters 3:31
Nope, simply scanning a QR code or receiving a push message. On your phone, you open the phone, you approve the transaction, or the login using your PIN or your biometric. And that's it.
Koen Vanderhoydonk 3:45
Wow. So no more SMS passwords. It almost sounds there is no multi factor authentication, but probably I am wrong.
Roel Peeters 3:53
Yeah, that's the secret sauce. So we also do a lot of public key cryptography. Inside the app. We also make use of like all the system features available. And we actually make sure that everything is mingled well together such that you cannot break one mechanism and replace one another.
Koen Vanderhoydonk 4:15
Because I'm just a very simple guy when it comes to multiple multi factor authentication. So my understanding is always there is more than one factor to authenticate yourself. Does the public key cryptography mean that this is an additional step or, or does it replace or not step.
Roel Peeters 4:33
So basically, all the public key cryptography is running on your phone inside the app. So actually, the first factor is the something you have the phone, your phone with your app installed on it. That's the first factor. The second factor is then a pin, or a biometric. Where we also verify the second factor in a very specific way together with the help of the server, such that you can brute force the pin locally but also not on the server.
Koen Vanderhoydonk 5:04
And when I heard you talk before this call, when you say not on the server, I think that's one of the weakest points, maybe if all the others are currently in the market, right?
Roel Peeters 5:14
I wouldn't say it's a weak point per se, because like lots of financial institutions use very expensive secure hardware modules on their servers to actually take care of verifying a PIN code securely. With our solution, you wouldn't need those. So that's actually, the big advantage is that the server cannot actually learn the pin in any way.
Koen Vanderhoydonk 5:40
So do I hear between the lines that your application is, is more secured? It has a better user experience, and at the end is also cheaper for an organization?
Roel Peeters 5:53
It would definitely do a cost benefit. But yeah, it's hard to say how much exactly.
Koen Vanderhoydonk 5:59
Now I understand what are the potential challenges organizations may face when transitioning from traditional identification into the authentification that you provide.
Roel Peeters 6:11
So traditional authentication is typically username, password. And one of the biggest challenges that companies have when going from a password, way of authentication to a password less way of authentication is that there is not one system duplicate. There is like 100, systems running. And every little system has its own way of dealing with username, password. And before actually go into password less system, it's usually recommended to put some kind of single sign on in between. So get all all your applications actually talk to one place where you do the authentication, instead of replicating it everywhere, as is happening a lot with with legacy systems,
Koen Vanderhoydonk 7:01
would you come back to the first mover advantage? Would that then be something that this is a negative element of the bat, the first mover advantage, because ideally, this already should be in place with everyone? Which would make your life more easy? Because you sit in front of the single sign on? and off you go?
Unknown Speaker 7:19
Yes, indeed.
Koen Vanderhoydonk 7:22
Can you provide some examples of industries or sectors that would particularly benefit from the way you work?
Roel Peeters 7:30
So there is no specific industry or sector that would benefit from it?
Koen Vanderhoydonk 7:34
That's a two easy answer rule. Do easy, but could continue.
Roel Peeters 7:41
So basically, everywhere where you have like, a lot of users 10,000 100,000 A million users that need strong authentication. So typically, if you having access to more sensitive data, or if you can prove financial transactions, that kind of stuff. And you actually want to make sure that you also have like very strong non repudiation, so that you actually have proof that the user authorized something afterwards. That's something we can provide.
Koen Vanderhoydonk 8:15
And if we talk about a million users, then you very easily come to banks, or financial institutions, is there a specific use case for them?
Roel Peeters 8:26
You can provide like the highest level of security, give strong non repudiation guarantees, so that if a customer afterwards says, for instance, I didn't approve that transaction, you can actually show that they approved that transaction using their phone, using their PIN or their biometric. And you can even include other things in the proof, like location data, or even like an screenshots of what what was actually being displayed to the user at a point in time where you approve the transaction.
Koen Vanderhoydonk 8:57
So this sounds like something a compliance person would really like because it's traceability. Yes, now. Well, a couple of months ago already. Well, both of us we participated to a trip to Singapore, to figure out how the market is going in Singapore, what what have you found? Was it the same as in Europe in terms of the banking, industry and authentication,
Roel Peeters 9:22
the big difference between Europe and Asia is that a lot of SMS authentication is still being used in Asia. Nowadays, they also start realizing in Asia that this is not the best way
Koen Vanderhoydonk 9:33
to SMS fraud, as they call it.
Roel Peeters 9:37
Actually, in from a user perspective, this is also not the nicest thing because you're logging into your bank account. But at some point, you need to go out of that, like check your SMS. Enter that back in your application. So if you can nicely integrate like the entire authentication into your mobile app, your users also gain in user experience.
Koen Vanderhoydonk 9:59
It's all about The user experience in this case, when we were on the trip, I know that you were out and saw a couple of prospects. So how was the trip for you
Roel Peeters 10:08
was very interesting. Also, to see how business models are completely different in Asia. So the gave us a lot to think about. Yeah, we'll see what we will do there now.
Koen Vanderhoydonk 10:23
That's that's what the research people are for. Right? Yes. Rule. I thank you very much for participating to this podcast. It was a real joy to have you. But before we close off, if people want to get in contact with you, how do they reach you?
Roel Peeters 10:37
I guess it's best to check our website, which is www dot next art.
Koen Vanderhoydonk 10:44
That makes a lot of sense. So thank you again for participating. Thank you also to the audience, and stay tuned for more FinTech news. Thank you so much.
Thanks for listening to another episode of the connected podcast. To connect and keep up to date with all the latest, head over to www dot join. They're connected.com Or hit subscribe via your podcast streaming platform.
Transcribed by https://otter.ai