What happens when you’ve thought of an industry-disrupting business idea, but have no way to make it a reality? For some, you reach out to DVELP, a 15-person “remote-first” software consultancy that has, in under two years, made a name for itself in the UK and Europe.
“Clients often have an idea but don't have a tech team,” admits Tom Mullen, DVELP’s founder, and CEO. “We can help them achieve their goals by understanding the market and the strategic side of things, putting a plan into place, and then building the product that they envision.”
“We've developed a key skill of delivering projects remotely,” said Mullen, describing how being virtual gives the consultancy access to a global talent pool and the flexibility to work with clients across geographies in six time zones. “We leverage all the communications available to us to make it feel like we're sitting next to you when we’re actually not.”
Others in the space include Pivotal, Thoughtworks, and Thoughtbot. But DVELP is different, having shifted focus almost exclusively to the financial services and security sectors. Fintech is most commonly associated with the payments market, particularly around digital wallets and peer-to-peer payments. However, newer entrants are challenging older business models. DVELP’s client Dopay is even offering a banking alternative, making prepaid cards for the developing world where workers rarely have bank accounts, and employers wish to remove cash from the payroll.
International fintech solutions are complex. In the UK alone you must be aware of changing regulation in key governing bodies like the FSA and the ICO. And the continuous evolution of PCI (Payment Card Industry) compliance is something that fintech consultants must regularly keep up to speed with.
“The financial services and payments industries are very heavily regulated in the UK and the rest of Europe,” explained Mullen. “So keeping abreast of their changing nature and making sure that our work is in line with that is absolutely critical.”
Such a stringent regulatory environment requires security to be at the forefront of every product DVELP makes, so, in the past, Mullen’s team of “DVELPers” implemented home-grown two-factor authentication using one-time passcodes and SMS.
“Those solutions were built from scratch,” explained Mullen. “It’s not that difficult to build, but the challenge with online security is that threats are always evolving. We got to the stage where we didn’t think it was wise for us to try to maintain that pace.”
Rather than continue a DIY approach, Mullen sought to work on solutions with partners whose primary focus is dealing with security. Then, by leveraging a partner’s know-how, skill-sets, and products, DVELP can provide solutions that are more secure and more efficient.
“We looked at many authentication products, but they were all eclipsed by what we consider to be a great 2FA solution in Twilio” said Mullen. “And the fact that Twilio 2FA is SOC2 compliant for security gives peace of mind to us, it gives peace of mind to our clients, and most importantly it gives peace of mind to the consumer,” he assured.
With the number of malicious hacks and corporate data breaches escalating worldwide, peace of mind is extremely important. Today’s consumers are more aware than ever that their money or identity might be at risk.
Mullen added, “The consumer is increasingly demanding from a security perspective. And we’re starting to see that security is now considered a real added-value and not just a de facto offering.”
As with the threats of cyber attacks, our cyber defenses, too, are continually evolving. When it comes to consumer authentication, you can see that what was once considered to be best practices has changed.
“This is evident as people start to ‘unpick’ what was previously very secure, but no longer is,” says Mullen. “One of the main reasons that we like Twilio 2FA is that it has grown with these challenges and has a number of offerings to suit different scenarios depending on the level of security required.”
“A good example is that not long ago it was very common to use SMS messaging for two-factor authentication, but now it’s considered to be less secure. Products like Twilio 2FA continually evolve, solving for these challenges, and giving us the same ease-of-use when it comes to integration.”
A key hurdle that security solutions often face is that they become prohibitive to the consumer, so there can often be a trade-off between consumer experience and security. And that’s where Twilio 2FA was such a great fit for DVELP.
“We typically use Twilio 2FA for KYC, or ‘Know Your Customer’, the process of a business identifying and verifying the identity of a client,” explains Mullen. “So when a customer is signing into their account, we want to verify that this person is really who they say they are. Twilio 2FA allows us to do this while maintaining a very high level of customer experience, making the sign-on flow seamless while also providing a very high level of security. It’s very easy for the consumer to use and very easy for us to implement.”
You’d expect there would be a developer learning curve. And there is, but not much. The Twilio 2FA API is built for scale & speed, so there is no need to write code for each step. “Even in the first instance, it was simple,” Mullen recalls. “And now that we’re very well-versed, implementation happens in just hours. You could implement it in less than an hour in a perfect world.”
The general consumer acceptance is proof that Twilio 2FA works for DVELP and their clients. Combined they’ve recently passed 500,000 secure mobile transactions. “It shows that signing into our applications is not strained in any way,” said Mullen.
Similarly to other Twilio 2FA clients, for DVELP a primary driver in choosing to build with Twilio 2FA is the number of different implementation methods supported. DVELP also cited being able to choose the level of security that fits the needs of a specific project, including push notification delivery with OneTouch. “Having the flexibility to choose is fantastic,” added Mullen.
Another driver is that Twilio 2FA allows developers to develop without having to know every nuance of a changing security landscape. “Twilio 2FA is continually evolving, which means that they focus on the latest trends, understanding how threat environments are changing, and implementing new defenses into the same tools,” Mullen observed. “You can easily upscale to those security changes without having to rebuild your entire solution.”
Twilio 2FA allows us to maintain a very high level of customer experience, making the sign-on flow seamless, while also providing a very high level of security.
“For clients positioning a new product to a new market, you want to make sure the signup process is as frictionless as possible,” said Mullen. “We feel that 2FA in this manner is easier than the traditional signup using an email and password combination, which is now proven to be extremely insecure.”
“It’s a bit of a double win for the consumer,” he added. “They know that the platform they are providing their data to is secure and is taking a sensible and mature approach to security. And also they’re just not having the friction that was previously associated with security products.”
After attending Twilio’s Signal conference in London last year, DVELP was inspired to run their own hackathon. “We got together a team to master Twilio’s Radical Skills and hit the decks for a few days, developing a custom solution for the DVELP Support Desk using Twilio APIs.” DVELP is now looking into extending their support line to respond to a variety of inbound methods such as voice, SMS or even social media.
And while initially using Twilio to verify identity at sign-in, DVELP is now considering using Twilio to authenticate payments. “Even if you were authenticated within an app or a platform, if you want to make a financial transaction, using a one-time password to two-factor a payment is another great use of security that we’re now looking into.”
“We are extremely excited about Twilio, not just 2FA,” Mullen continued, “Twilio lies at the very core of what we do from the security and data protection side of things, but also here’s so much innovation going on within Twilio, and we’re just super grateful to be fluent in the services now and to be continually working with new customers with whom we can engage with the platform and introduce to Twilio services.”
“Keep it up,” Mullen concluded. “You’re doing a great job.”