As high-profile sites like Twitter, Google, and most recently Evernote and LinkedIn turn to two-factor authentication to help their users protect themselves from malicious hackers and security breaches, Encap, a startup based out of Norway, has created an alternative it says is better and safer, using an app on a person’s mobile device. The company today announced a round of funding — we understand it to be $2 million — from Norwegian early-stage VC ProVenture Seed, which it will use to further develop the solution and take it to new markets outside of Scandinavia, specifically the U.S., where it has recently opened an office in Palo Alto. This latest round takes the total invested in Encap since 2010 to $2,850,000, with the earlier round coming from Alliance Ventures.
Most two-factor authentication services use codes sent via SMS or (in the case of enterprise services or some online banking) a separate physical device that generates a code, which a user then has to physically enter on a site to continue a log-in process.
While that leaves more room for error and customer frustration, Encap takes this process into a mobile app, and then improves on it: instead of generating new codes for users every time, it asks the user to enter a PIN into the app. Like this:
Encap then generates a code behind the scenes and sends it to the site in question — which then authenticates the user and lets him proceed to purchase goods, transfer money, or enter a site. “It’s two-factor authentication that feels like one-factor authentication,” says Thomas Bostrøm Jørgensen, the CEO of Encap. You can see a more complete video of how it works here.
The opportunity, as ProVenture sees it, is that user authentication and security are still relatively nascent areas that will continue to evolve as new threats emerge.
“Encap is a company with the potential to disrupt a market that will be worth more than $5bn by 2017,” said Herbjørn Skjervold, Managing Partner, ProVenture Seed, in a statement. “Multi-factor authentication combined with risk profiling is now seen as the replacement for passwords, but the exact mechanism to deliver this level of security is still in flux. This presents an enormous opportunity. Encap has all of the advantages of the systems currently being adopted by the big players, but none of the downsides – it is well positioned to take advantage of dissatisfaction from both users and service providers.”
The other key with Encap is that the main delivery of its service is via a white-label solution, meaning that it can be integrated via an API into any business’s mobile app to work with their online websites, or for transactions in the mobile apps themselves.
In its early days, Encap is aiming its solution at transactional sites and services, specifically banks, financial services and e-commerce companies. Its first customers include Santander Consumer Bank of Norway and payment card specialist EnterCard.
“We are targeting financial services companies, in particular banks and payment players looking to provide mobile and online financial services to consumers,” Jørgensen says about the company’s strategy in the U.S. “We are also targeting cloud and enterprise companies that are looking to offer their users, many of which are now mobile, banking-grade security balanced with ease of use.” Given that a lot of enterprises still use separate devices to generate secure codes for workers to enter the company site, but those workers are all also using smartphones, this could also help cut down on how many devices need to be provisioned and managed. Encap also notes that the service can also be used to authenticate a user at a point of sale, creating a secure way of initiating a mobile payment.
Longer term, you can see how this could work not just with these verticals but also more consumer-focused sites that are looking for a quicker way to authenticate users to complete transactions or simply to get into a site.
“We are working on deals with our partners in the U.S. and Europe and expect to make significant customer announcements by the end of the year,” Jørgensen says.