Messente avatar logo

When building it doesn't make sense anymore

Yuriy Mikitchenko

28 Nov 2017 -

5 min read

Yuriy Mikitchenko

28 Nov 2017


2 min read

As regulations like the General Data Protection Rule and the new Payment Services Directive roll in, technology departments reassess the security tools they currently use and try to understand which new tools will be deemed necessary. Regarding new tools, it’s fair to ask, “do we build our own, or do we seek out a partner and buy the tool."

Analyzing needs and understanding the costs behind them is a daunting and time-consuming task, so for two-factor authentication, we’ve done the work for you.

You have two options: build and maintain a two-factor authentication system in house, or deploy an API and use a trusted partner’s toolkit. We surveyed our customers to find out how long it takes to deploy our tools, as well as how long it would take them to build tools like ours.

Option 1: Build your own.

Based on our survey, as well as our own experience, it takes 5-6 weeks of full-time developer hours to build an SMS-only 2FA solution for an online service. Step up to a time-based one-time password system, and it will be 8-10 weeks. Assuming that the average cost of an in-house developer is €1,750-2,000 per week, a fully-functioning in-house solution will cost €14,000 to €20,000. Add 50% if the work is outsourced.

And that’s only to build the system. The technology team would also be required to maintain SMS delivery quality and manage connections to network operators. Then add the cost of sending SMS messages to variable costs. At the end of the day, you’ll need to dedicate people on your tech team to maintain the 2FA solution, which adds to ongoing costs.  

Pro: More control over specific functionality.

Cons: Longer implementation time, larger investment, and handling all service and quality issues internally.

Option 2: Use an API from a trusted partner.

This same customer survey tells us that developers dedicate 8-24 hours to deploy every verification and authentication tool available from Messente. We have no deployment costs, so deploying our tools costs €350 to €1,200 of developer time.

Also, Messente does not charge for support and delivery quality (SMS.)

Variable costs will be similar, if not less, on the SMS side of things, as we maintain much higher volumes than a single business would; we have bargaining power with higher SMS volumes and have more options for SMS routing. One-time password costs are typically half of SMS costs per authentication. (Contact us if you’re interested in pricing.)

While building your own 2FA solution negates the one-time password variable costs, our data shows that 70% of authentications are still SMS PIN codes, so an SMS fallback option is crucial for successful 2FA adoption. Also, the tech team would need to maintain the one-time password system and mobile app.

Pros: Significantly lower implementation time and costs, optimized SMS delivery routes by the partner, and have the partner handle any delivery quality issues.

Con: Less control over specific functionality.

Overall, leaving it to the experts with two-factor authentication makes more sense. While making your own gives you more control over functionality, Messente is completely open to customer feedback, and we build our tools to suit customer needs. 

You can download Verigator and try our demo to see how it works for yourself.

Whitepaper: Impact of Two-Factor Authentication on data breaches

Yuriy Mikitchenko

Head of Marketing

A transplant from the United States, Yuriy brings his marketing know-how to Messente. His background is in B2B marketing and sales, working with tech corporations and startups in the Portland, Ore. and Seattle, Wash. area. Now he's giving Estonia a fresh perspective on overall marketing.

We're here to help you connect with your customers. Let's start talking.

Email again:

Further reading

Learn more about one of the strongest customer communication channels

13 Mar 2018

Brands and product managers adopt SMS messaging because it has become one of the most effective ways to...

Yuriy Mikitchenko

2 min read

Most notable takeaways in the industry from MWC 2018

06 Mar 2018

We're back from Mobile World Congress –the largest mobile technology event in the world –and it's time to...

Lauri Kinkar

2 min read

We made it to the Inc. 5000 Europe list amidst MWC 2018!

28 Feb 2018

We shipped part of our team to Barcelona this week to connect with the global mobile tech community,...

Yuriy Mikitchenko

2 min read

Emojis and SMS APIs. What gives? Here's how to do it.

27 Feb 2018

Remember the days when you sent “;)” in a text message when you were being facetious with a...

Yuriy Mikitchenko

2 min read