Building your own authentication solution is a bad idea

It’s possible to develop in-house authentication solutions. The open
source technology exists to create and integrate a basic two factor
authentication system. Why pay for something when you can do it
yourself?

We believe there are several compelling reasons to leave
authentication to the experts. These apply not only to regulated
businesses, but to all companies who want to protect customers
and their data in a mobile-first business environment.

Jigsaw
Security

SMS-OTP or device biometrics is not a good solution

Building your own authentication often means using SMS for onetime passwords or relying on device biometrics. These are both vulnerable to attack and create a poor user experience.

Not approved by regulators — SMS-OTP does not meet the security requirements for PSD2 SCA and regulators recommend replacing it with more secure solutions. Device biometrics does not secure the communication between the user and the company systems.

Poor user experience — with SMS-OTP customers have to switch away from the app to find and input their SMS code, creating friction and confusion.

Vulnerable to attacks — SMS-OTP or device biometrics are better than a simple password, but not by much. Phone takeover and man-in-the-middle attacks are just two ways to subvert this technique. Device biometrics is just a proxy for username – password.

Expensive — In frequent customer engagement the SMS costs start piling up. That’s not to mention the cost of abandoned transactions due to poor user experience.

Continuous development

No security solution is ever complete. Developers must constantly contend with new techniques and creative attacks that risk opening new vulnerabilities.

Biometrics — There are simple ways to integrate new device biometrics, but these are simply password proxies and vulnerable to attack through social engineering. Integrating biometrics in a secure way is much more complex.

New threats — The arms race between cybercriminals and security professionals is constant, and new attack techniques need to be protected against.

Security layers — It’s not enough to build an authentication solution, it must be protected by multiple security layers that defend, detect, and react against attacks.

Person clicking on a smartphone screen

Encap SCA is developed and maintained by a team of experts focused on secure authentication and communication. It is updated constantly to ensure it protects against the latest threats and can make use of the latest biometric and other techniques that mobile platform provide.

Encap SCA can be integrated into your app an advanced developer friendly SDK. This removes unpleasant context switching, making authentication frictionless across all use-cases.

Authentication is much more than a simple log-in. With Encap SCA you get high-security authentication, secure communication and adaptability – increasing customer engagement, security and mobile business.

There are many advantages to choosing Encap SCA over building your own authentication solution – great user experience, high-security and savings in time and cost are just a few. Your solution is always maintained and updated regularly. Please get in touch with us to discuss in more detail your business needs.

Find out more

Speak to us or one of our partners about how Encap Security can meet the demands of Strong Customer Authentication without compromising on user experience.

Contact us