The company is currently a wholly owned subsidiary of Wellington-based IT services company Fronde Systems Group, having been spun out from its mobile practice to devote itself to products. However, it expects to take VC funding in the coming months and the parent has not ruled out becoming a minority shareholder, according to executive VP Caroline Dewe.
M-banking with Bank Anywhere
It comes to the European and North American markets with two products. Bank Anywhere, as its name suggests, is a mobile banking product that uses a server on the bank’s premises, talking over a cellular connection to a client on the customer’s handset and, at the same time, interfacing with bank-end systems via Web services. We can handle requests on our server, but we prefer to pass back a query in the structure that the bank’s back end expects, said Dewe.
The client also defines the level and type of functionality that the handset can receive, both in terms of the particular service to be delivered (bank balances, transfers, bill payments etc) and the capabilities of the phone (2G, 2.5G, 3G, as well as screen size, browser type and so on).
The client automatically detects the device type, enabling adaptation of the service to be delivered back at the server, she went on, adding that in terms of the various bank functions, Fronde recommends that they all be downloaded up front to the handset, with the specific features for the individual customer being enabled. That way more can be enabled by the bank on an ad hoc basis as the relationship with the customer changes.
2FA with TwoSecure
The other product is TwoSecure. This is a two-factor authentication system using a one-time password generator downloaded as a Java app to mobile phones which, once installed, needs no network connection to operate as it has its own time-based algorithm, the one exception being when the customer is roaming abroad, in which case a connection is required to synchronize the clock.
Fronde meets two quite different sets of competitors with each of its products. Two-factor is a well-established market dominated by hardware from RSA and Vasco, so the New Zealanders’ delivery of an alternative in software is what they hope will catch potential customers’ attention.
M-banking, on the other hand, is still a relatively nascent market, particularly Stateside, with players such as Firethorn, mFoundry and ClairMail in the US, Moneylink in the UK, South African vendor Fundamo in Africa and, in various geographies, Meridea, a partnership of Nokia and Accenture.
Martha Bennett, research director for financial services at Datamonitor, while arguing that as an entrant from New Zealand, Fronde will have its work cut out, nonetheless applauded its technological approach. The availability of both SMS and Java capabilities provides banks with the choice of starting with more basic SMS-based services, and going on to a more function-rich offering without having to change platform. By contrast, Meridea, Moneylink, Firethorn and mFoundry have only Java offerings, whereas ClairMail has only SMS.
Other points she highlighted on the technology side: security is good audited by Deloitte, and no data is kept on the handset, which is reassuring for the customer.
Market interest in m-banking
As for the timing of Fronde’s launch, both Stateside and in Europe, she commented that interest in mobile banking solutions is comparatively high from the banks’ perspective at the moment: in Europe, it’s a case of ‘again’, while in the US it’s the first time round.
While that should bode well for the new entrant, however, she cautioned that, at least in terms of the Old Continent, banks have been bitten once before by mobile banking failures, and consumer interest in mobile banking (beyond getting SMS alerts, preferably for free) is very low in Western Europe; banks in the new EU countries may be more open, as there is a lower level of consumer Internet access.
As for the States, she continued, banks as well as mobile operators are getting quite excited about it all, and there are quite a few competitors in the marketplace, mostly with technically inferior solutions but it’s not certain whether the banks have enough technical expertise with mobile to realize that.
Opportunities for software-based 2FA
Regarding the TwoSecure product, on the other hand, her prediction was of a smoother passage. The introduction of random passwords for log-in and/or transaction authentication is long overdue in online banking in the UK, and many of the banks in other countries that already use 2FA are looking for lower-cost or more secure solutions (depending on what they’ve already got in place).
There are clear advantages of Fronde’s approach over hardware-based alternatives, she went on. Issuing and maintaining tokens to consumers can easily turn into an expensive nightmare; the proposed EMV-based solution in the UK (giving everybody a card reader to use with their credit or debit cards to generate an OTP) is not only fraught with continued difficulties, but also less attractive to the consumer than being able to use a device one already has, and most people have with them at all times.
Our View
On the m-banking side, what Fronde has going for it is the combination of SMS and Java, while the software-based 2FA product for mobile phones looks promising as an alternative to offerings that require consumers to carry additional hardware around with them for online banking. As Datamonitor’s Bennett points out, being a New Zealand company may make it an uphill battle in the conservative boardrooms of US and European banks, but then the company may well change ownership, its HQ location and even its name, depending on where the VC money comes from.