Tiger Brokers, an online broker, is looking for ways to make onboarding of new customers both easier and safer.
“We need to find a balance between customer acquisition and security,” said Felix Huang, Hong Kong-based group global partner.
The startup has partnered with another tech company, IPification, to upgrade its onboarding processes in Singapore.
The challenge is that the typical two-factor authentication process – which is an industry standard – involves a bit of hassle for customers, which hurts conversion rates. Users must download a private key sent by Tiger via SMS to access the app.
“It’s okay for existing customers, but it’s hard to convert first-time users when this is the first thing they experience,” Huang said.
Password peril
Moreover, two-factor authentication is not foolproof. The user is still vulnerable to phishing attacks or other scams to lure them into opening a hacker’s site instead of the genuine Tiger app.
“Hackers have rendered two-factor authentication obsolete,” said Stefan Kostic, Hong Kong-based CEO at IPification.
Huang added, “SMS messages can be intercepted and hackers send people a different verification code”, one that sneaks them inside someone’s mobile phone. “Anything that requires a prompt from a user is a threat.”
IPification enables one-factor authentication, by integrating APIs directly with the telecom companies whose networks carry the SMS messages.
Verification occurs by triangulating the user’s phone’s SIM card, its number, and their IP address. No passwords required.
(SIM stands for ‘subscriber identity module’ and is a chip that securely stores an international mobile subscriber identity and its related private key. An internet protocol, or IP address, is a numerical label assigned to a given device that is connected to the internet.)
Tethered to telcos
This is only possible by connecting straight to the telco provider by API. But doing so allows the company to verify someone without the user having to take any action.
Kostic says banks are experimenting with the company’s service, including Wing Bank in Cambodia. “Banks know their SMS systems can’t cope. This is next-generation mobile authentication.”
The challenge for a bank or a fintech is that such authentication is only possible if the vendor, such as IPification, is integrated with telcos. IPification has achieved access to Singtel, which enables it to serve Tiger Brokers in Singapore – but only if the users have mobiles from Singtel.
Singtel isn’t a monopoly. StarHub and M1 are other telcos in the Lion City. IPificaiton is pitching to them, but for now, customers of those mobile operators must still go through the two-factor authentication process if they want to use the Tiger Brokers app.
Have security, will travel
Huang says creating this passwordless but still-secure service is key to expanding Tiger Brokers with lower customer-acquisition costs. He says now that the single-factor authorization is possible, Tiger can enter new markets, including other countries in Southeast Asia or in Europe.
The service is also meant to attract bigger clients, by assuring wealthy people they can trust an online broker.
But expanding into new geographies depends on ensuring IPification secures at least one telco partner in a given place.
The fintech’s website says it is live or deploying in a number of countries across Asia Pacific and globally, in partnership with telcos such as Hong Kong’s 3, Malaysia’s Axiata and Vietnam’s Viettel.
Kostic says the Singtel deal is opening more doors, and that IPification is going to shift its headquarters to Singapore.
