Endowus enhances security and builds client trust with Twilio Verify

Challenge  

Protecting sensitive data is essential for Endowus to maintain customer trust. In particular, it needed an advanced verification solution to help it manage the increasing risks associated with bot sign-ups and fraudulent activities.

Solution 

Endowus used Twilio Verify to safeguard its digital ecosystem – using SMS one-time passwords (OTPs) to authenticate users at login and during transactions, and WhatsApp for clients using its platform while overseas. 

Endowus is a Singapore-based digital wealth management platform that aims to help individuals take control of their financial future by providing greater access to institutional-grade products and advice at a fraction of the cost. It is known for using technology to streamline and enhance investment processes, focusing on transparency, cost efficiency and accessibility.

Protecting sensitive data is essential for Endowus to maintain customer trust. In particular, the company needed to manage the increasing risks associated with bot sign-ups and fraudulent activities. Endowus recognised the need for an advanced verification solution to enhance security and build customer confidence.

Endowus also needed to ensure compliance with Singapore’s robust regulatory requirements, such as the Infocomm Media Development Authority’s SMS Sender ID framework. This framework requires businesses to register their SMS sender IDs, ensuring that messages come from verified sources. This helps protect consumers from phishing scams and improves the overall trustworthiness of communications.

Safeguarding users’ digital with OTP protection

Endowus worked with Twilio to implement various security measures to safeguard its digital ecosystem and ensure regulatory compliance. These measures include using Twilio Verify to authenticate users at login with SMS one-time passwords (OTPs) and during transactions and sensitive actions, such as password updates.

“With as many as 8,000 users logging in and transacting on the Endowus platform daily, we maintain strong input sanitisation and rate-limiting at our authentication endpoints to prevent unauthorised access,” said Lim. “Using Twilio Verify also allows us to add layers of protection by enforcing OTP verification during critical user actions — such as logging in or making a withdrawal — which ensures that only legitimate users interact with our platform.” 

To address the issue of clients being unable to receive SMS OTPs while traveling internationally, Endowus used Twilio Verify to add WhatsApp OTPs as an alternative channel for some clients. This enables clients to securely and reliably access their accounts and make transactions from anywhere in the world. It also reduces the need for Endowus to troubleshoot international SMS delivery issues, which can be quite complex due to the numerous potential points of failure across multiple telecommunications providers.

“Introducing WhatsApp OTPs has been a game-changer, with a verify conversion rate of 98% over the past months, since reliable internet access tends to be more widely available than SMS,” said Lim. 

The high conversion rate indicates that Endowus’ verification flow works efficiently and that users can complete the process without significant friction. As a result, the company is considering offering WhatsApp OTPs to all its clients.

Proactively preventing fraudulent attacks

Endowus uses various key performance indicators to measure the effectiveness of its security protocols. With its authentication channels, it looks for delivery reliability, conversion (or verification) rate and guardrails designed to enforce secure practices. 

For instance, the company tracks how many OTPs delivered are successfully verified by clients. A drop in verification rates could indicate issues like compromised credentials, enabling the company to take immediate action. This level of insight also allows the company to monitor the quality of triggered events and improve the design of its user interface and overall user experience.

Since implementing Twilio Verify, the company has consistently achieved a 96% verify conversion rate overall. 

“Twilio Verify Fraud Guard is a standout tool for us,” said Lim. "It identifies patterns that match known fraudulent SMS schemes and behavioural anomalies and blocks them proactively. This not only cuts costs but also elevates our security posture. I like the fact that it comes with configurable protection levels. Since implementing it, we've seen less than 1% false positives, which is remarkable.”

The company’s security team also values Twilio’s high-quality, timely alerts that are contextualised and actionable.

Continuing to strengthen its security strategy with future-focused alternatives

With some Singaporean banks moving away from SMS OTPs due to concerns they can be used in phishing attacks, Endowus is exploring app-based alternatives like Twilio Verify Push. This solution sends a push authentication to a user’s smartphone or tablet, enabling them to securely confirm their identity with a simple tap. By integrating Twilio Verify Push into its mobile app, Endowus can enhance authentication security, reduce reliance on SMS, and provide a seamless user experience.

“The adoption of Twilio Verify Push could significantly enhance our security strategy,” said Lim. “Firstly, it encourages users to engage more with our mobile app, which aligns well with our business goals. More importantly, it addresses the inherent security risks associated with SMS OTP delivery.” 

Through initiatives like this — and its partnership with Twilio — Endowus aims to continue its strategy of continuously enhancing how it protects and communicates with its customers.