Nobody seems to like passwords, yet passwords never seem to go away. A pair of technology entrepreneurs hopes the flexibility provided by mobile technology and open development tools can finally kill off the stale authentication method.

Mickey Boodaei and Rakesh K. Loonkar, founders of bank security provider Trusteer, which IBM acquired in 2013, just completed a $40 million self-funded investment round in Transmit Security, a Boston and Tel Aviv-based security startup founded in 2014. Loonkar is president of Transmit and Boodaei is CEO.

Technology companies have tried to replace passwords for years by pairing the user's computing device with an activity such as accessing a website or mobile app. The FIDO Alliance, a cross-industry association, has certified more than 100 alternatives. And the credit card companies are making it easier to use password alternatives, such as Mastercard's so-called Selfie Pay, so there would seem to be a willing market.

Rakesh K. Loonkar, president of Transmit Security and co-founder of Trusteer
"All of the systems and investments that consumers have made, all of the technology that they have is really not doing the job," said Rakesh K. Loonkar, president of Transmit Security and a co-founder of Trusteer. IMAGE: Transmit Security

The problem is the current approaches still require each authentication technology to be integrated with each application through individual IT projects, according to Loonkar. That leads to complex coding projects that have created a bottleneck for innovation that reduces reliance on passwords.

"All of the systems and investments that consumers have made, all of the technology that they have is really not doing the job," Loonkar said.

Transmit's plan is to combine existing authentication standards and methods with biometrics and other anti fraud technology. This is delivered through an open technology platform that's designed to make security deployments faster and more flexible. Transmit uses a single interface to offload all authentication and provisioning tasks.

The company's Transmit Security Platform uses mobile devices to deliver primary or secondary identity verification using an application programming interface, the same type of development technique that makes it easier for e-commerce merchants to build payment pages. Transmit's technology manages facial recognition, iris scans, Touch ID, fingerprint biometrics, voice recognition, SMS and others.

Once deployed, a company can change authentication and manage risk without changing the code of the underlying application that executes payments and other financial services.

"We saw companies using technology that they implemented 20 years ago to manage identity, and layered point solutions to handle new authentication methods over the old systems," Loonkar said. "This has to fundamentally change to solve the problem."

Transmit's technology provides of built-in authentication methods that enable organizations to mix-and-match combinations of digital identity techniques.

Once an application is connected to Transmit SP, any of the authenticators and any authentication process can be changed, added or removed without any software development. Transmit SP also supports third-party authentication or anti-fraud products in use, and can orchestrate changes based on the company's policies.

"I suspect that you will see multiple attempts to offer comprehensive digital identities, many of which will be closely tied to consumers' mobile devices," said Al Pascual, senior vice president and research director of Javelin Strategy & Research, adding there are lots of vendors offering the ability to leverage intelligence on identities and associated behaviors from their networks of clients.

"The next logical step is to create persistent, holistic identities from this intelligence and sell these into the market," Pascual said.

Transmit's early users mostly include Fortune 500 companies and large financial institutions, such as TD Bank and First Bank of Israel.

The mobile device is increasingly ubiquitous, more than 70% of consumers have a smartphone and most carry it all of the time, said Julie Conroy, research director at Aite Group.

"Equipped with the proper security and authenticators, the mobile device can not only be a highly secure channel itself, but can enable both better security along with a better user experience in other channels," Conroy said.

Subscribe Now

Authoritative analysis and perspective for every segment of the payments industry

14-Day Free Trial

Authoritative analysis and perspective for every segment of the industry