Interview with Didier Perrot, inWebo on authentication and identity management

Could you please share with our readers some statistics, results and facts about inWebo? What are your target markets in terms of industry segments and geographies?

inWebo is a 10 years old cybersecurity vendor specialized in MFA (Multi-Factor Authentication). The company is headquartered in Paris, with offices in Frankfurt and San Francisco. It employs 25 people and has both reselling partners (usually system integrators) and technology partners (software vendors in the Identity Access Management space such as ForgeRock, Parallels, Ping Identity, etc.).

We currently serve around 250 global organizations in every sector of the industry – not just financial services - and are growing at a nice rate. Our churn is less than 1%. Our main product is a SaaS authentication platform that organizations use to strengthen the sign-in process to their applications by adding a user device verification layer or step. The 3 main markets are Enterprise (employees connecting to IT), consumer-facing portals (banking, healthcare in particular), and IoT/smart services (car rental, driverless cars, smart buildings, etc.).

How does the Multifactor Authentication (MFA) market look like in France? How about the authentication methods used among French consumers, what methods do they prefer?

Smartphone penetration is very high in France so we see the smartphone becoming the preferred MFA method. Despite the fact we don’t have detailed statistics supporting this, we clearly see this trend in the RFPs and projects discussed with banks and other types of customers: 100% are requesting mobile-based MFA, yet most still want an alternative as they know that part of their users (employees or consumers) won’t have the latest smartphone or the willingness to use it.

However, consumers cannot choose how they authenticate, their service providers (e.g. banks) decide for them. Also, service providers are not constantly upgrading their MFA technology, they would typically keep a technology for 3 to 5 years, or more. This explains why we still see a lot of SMS (for payments) but also legacy systems (for Corporate applications or financial services to the professional and Enterprise market). Globally, as anywhere else, the market is slowly shifting to mobile-based MFA and on-device biometry.

Did you find anything surprising/challenging while working with payment providers or banks, which would be specific to the French online and mobile banking market?

Banks and financial institutions have always been interested in MFA but they’re not early adopters. They’re only adopting new technologies when 1/ pushed by competition, therefore in some countries (e.g. Belgium or Germany), MFA has been deployed very early, while in some others (e.g. France), it has hardly been deployed at all. There are a few exceptions, e.g. digital banks that have understood that slick security is a must. Orange Bank that launched in France late 2017 has put this very early on its agenda and has worked with inWebo to deliver the best user experience in terms of security, 2/ pushed by regulation. PSD2 is the first Europe-wide regulation (law) mandating MFA for payments. So far, banks had mostly deployed SMS for 3D-Secure payments. PSD2 should therefore help develop the MFA market in Europe.

Despite the fact that everyone knows the final date of PSD2 implementation, Tim Richards from Consult Hyperion warns us that unless work starts soon on creating a proper payment system on the back of the new APIs, it’s a date that’s likely to be unlucky for the EU. How do you comment on this, also referring to the RTS and SCA as part of PSD2?

Indeed, so far, banks and fintechs have been busy with GDPR. It seems now that PSD2 is the next topic on their agenda. Banks are expected to open their API for test purposes in March 2019. This is very short term. At inWebo, we’ve built a task force with partners (e.g. a provider of Fraud solutions) to help banks and fintechs (payment initiators) comply with the RTS requirements by bringing a one-stop solution for MFA and fraud.

And, finally, could you portray the future of Authentication and Identity Access Management (IAM) by providing the main trends that might reshape the industry in the next 5 years?

Authentication will likely still be segmented, with still a market for hardware-based tokens, and the rest converging to mobile-based MFA. The use of biometry (including behavioral) will be generalized. Small medium businesses will get MFA through their Identity and Access Management vendors – most of them have already either bought an MFA vendor, or developed capabilities. IAM will continue to grow (since it’s key both for agility and security) and will probably be more segmented. Large organizations will use complex IAM suites while SMBs will probably use mostly IDaaS / cloud access management solutions.

About Didier Perrot

Didier is the founder and CEO of inWebo Technologies. Prior to founding inWebo in 2008, Didier was a director at a mobile carrier and in a telecoms consulting firm. Didier holds BS degrees from Ecole Polytechnique and from Telecom ParisTech, and a Master from Paris Orsay University. Didier works in Paris and San Francisco.