Banks are expected to keep customers safe from fraud. SurePay helps them comply with newer, stricter regulations to do so. In the process, Okta helps out to provide transparency and security.
SurePay began as a start-up within the Netherlands-based Rabobank in 2016. The company’s solution focuses on fraud-proof payments. Anyone who has made a payment online in recent years is probably already indirectly familiar with it. An account number linked to the correct account holder gets a green checkmark in the bank’s UI, while a questionable or suspicious recipient is provided with a yellow or red warning. SurePay’s systems determine whether there’s a “match,” “close match” or “no match,” respectively, in order to dramatically reduce incidents of fraud.
In the Netherlands, this approach caught on immediately. Within a few years, SurePay was already providing 99.5 percent of banks in the Netherlands with API-driven payment verification. Great interest arose from the United Kingdom soon after. SurePay today owns 40 percent market share in the UK and has contributed to shaping regulations there as well as within Europe. The upcoming standard of the IBAN Name Check will be mandatory for banks handling transactions in euros starting in October 2025. Those still operating in another currency within the SEPA area have an extra year to prepare.
The results of SurePay’s approach are clear. In the Netherlands, there has been 81 percent fewer incidents of payment fraud since the introduction of SurePay, compared with 60 percent for British users. There are also 67 percent fewer payments that have gone to the wrong recipient due to the extra checks.
Tip: Octane 2024: agents, security and the fight against SaaS chaos
Auth0 as a foundation
However, banks have more requirements than secure payments. High compliance requirements force them to have visibility into every transaction. In addition to its solution for banks, SurePay also offers the IBAN Name Check to hundreds of companies and government agencies. These use the solution for KYC (Know Your Customer), vendor checks and to prevent payment fraud. This can be done through an API or through an online portal. SurePay facilitates this through Auth0 by Okta. It acts as a portal for login based on MFA & SSO, lets SurePay onboard organizations quickly and smoothly, and allows management by the customers themselves. In short: it’s a multifaceted solution with a critical function.
Friso Schutte, CTO at SurePay, is positive about the flexibility of Auth0 by Okta. Although banks and other financial players might use a competitor like Azure AD, the integration is smooth and fast. Auth0 was chosen before it was finally acquired by Okta in 2021. Now that it is within the broader Okta portfolio, there are plenty of options to further expand identity & access management from there. But for now, Auth0 is the way to give customers a front end and put them at the controls.
The freedom of choice for SurePay was great from the start. Schutte says the Rabobank spinoff was never tied to that bank’s previous IT choices. “I always tell that to job applicants, too,” says the SurePay CTO. “We did emerge from Rabobank, but in a completely separate way from the line organization.” So from the very beginning, SurePay was already cloud native on AWS and could choose its own Auth0.
Scalable and deployable
The requirement of the IBAN Name Check at the European level is much needed. SurePay has noticed that fraudsters continually seek out banks that do not sufficiently repel their illegal practices. In the words of Product Manager Martin Heere, “We call that the waterbed effect. Nowadays, fraudsters are getting caught more and more because of the checks.” Eventually, fraudsters will have to consult increasingly exotic countries to arrange illicit payments without an IBAN Name Check.
For consumers, this is one thing, but the complex requirements of SurePay customers are hard to capture. Heere gives an example: “Many corporates don’t make their payments inside a bank’s payment screen. Those may have an ERP system where a payment file comes out every month or every week or every day. Because of this, they are not yet protected by the IBAN Name Check.” In other words, without a payment app or identifier device, you need another solution.
Larger banks and other financial organizations have the technical know-how to integrate an API. But SurePay has seen an opportunity to provide smaller parties with a dashboard as well. Again, Auth0 by Okta comes in handy here, which can manage user management and permissions without all kinds of DIY. On top of that, it supports multiple languages, making the move to other European countries a lot easier.
Multiple purposes
Financial regulations force banks to perform the IBAN Name Check at the European level. Logically, these parties want to have their affairs in order even without regulations. After all, fraud leads to a loss of customer confidence in the bank in question. Nevertheless, SurePay’s specific solutions are shaped by regulations. Consider the fact that in the Netherlands, one must verify all payments based on the account holder, while in the United Kingdom this only applies to a recipient outside of the address book.
The Digital Operational Resiliency Act (DORA) is already in effect within the European Union. This places SurePay in the role of a critical supplier. In other words, it actually has to comply with rules that a large bank also has to comply with. And this with roughly 85 employees who have to assist more and more banks in more and more countries. This requires customization within a framework that is scalable and deployable everywhere.
With this in mind, SurePay could conceivably look beyond Auth0 within the Okta portfolio. It does already integrate within its own intrusion detection system and provides suspicious signals to other solutions within its own IT stack. Schutte admits, however, that a platformized approach is something SurePay will want to focus on.
Also read: Okta CEO: “We’ve been at cyber war for some time”
 
                         
                
