Why Final is Transitioning to TOTP for 2FA

The security of our customers is a big focus here at Final and that focus drives everything from our password policy to how we manage customer data and how we harden our servers. In addition to picking a good password, one of the best things customers can do to protect accounts from unauthorized access is enable Two Factor Authentication (2FA). While we have always offered SMS-based 2FA as an option, we recently added Time-based One Time Pad (TOTP) 2FA and recommend our customers transition to it, if possible. In this article I will explain what 2FA is and why it’s important, how SMS-based and TOTP-based 2FA work, and why we are recommending everyone transition to TOTP.

A few months ago we wrote at a macro level about the number of decisions needed to launch a credit card program and the steps required to release a single feature.

Starting a business is easier than ever. Template incorporation and investment docs, business planning advice, website builders, cloud storage, and other resources have become more widely available and cheaper in recent years (e.g.: Stripe Atlas).

I sat down recently with a renowned journalist who wanted to learn more about credit card transaction processing. We discussed the steps involved in every card payment, the parties who facilitate transactions and a 30,000-foot view of the economics involved.

Every day, consumers are bombarded with ads touting the importance of knowing their FICO score. Many of these include links to websites where they can view their “official” FICO score.

The card payments ecosystem is massive and shows no signs of slowing down as local and global markets become ever more connected.

Every company, no matter the size, has a unique process for feature design and development - they could follow a traditional waterfall or scrum methodology, or they could create their own process to suit their needs. Social apps and other consumer startups are often able to push new code to production at the end of a 2-week sprint cycle or even daily, but as a company in a heavily-regulated financial space, we’ve had to add some steps to our process that make sure we’re compliant and scalable.

For more than 50 years, the credit card industry in the United States has consistently done what consumers expect it to - and in many cases, this has been disappointing. When we started Final, we realized we wanted to do things differently. Not everything, but lots of things - motivated by our desire to do better by consumers.

We’ve been hard at work laying out our 2017 roadmap here at Final, and I wanted to take some time to give all of you a sneak preview of some of the things we have planned!

In case you were wondering, building a credit card company is a difficult endeavor - it’s probably the most complicated mass market product in one of the most heavily regulated industries - but it has been a rewarding journey. We wouldn’t have it any other way.