Chargebacks911: How to Come Out on Top of the Post-Peak Sales Chargeback Lag

Many businesses consider chargebacks to be a natural consequence of doing business, but these days this simply doesn’t have to be the case.

Monica Eaton-Cardone is the COO and Co-Founder of Chargebacks911, the first global company dedicated to mitigating chargeback risk and eliminating chargeback fraud. As industry-leading innovators, the company is credited with developing the most effective strategies for helping businesses maximise revenue and reduce loss in a variety of industries and sectors within the payments space.

Here, Monica gives merchants her top tips for managing chargebacks and retaining revenue following the peak sales season.

Monica Eaton-Cardone, COO and Co-Founder of Chargebacks911

Chargebacks have traditionally been an issue for merchants in the first quarter of the new year, reaching annual highs thanks to the well-known “chargeback lag”. After sales in November and December soar in accordance with the peak sales season, there is only one-way chargeback rates go for many businesses and that’s up.

This upward trajectory occurs for a number of reasons. From issues with orders that were made during the peak sales season, to consumers, no longer giddy with the Christmas spirit, taking stock of their spending over the last couple of months and instigating chargebacks.

As this process tends to occur 60-90 days after any peak sales period, it is not until spring each year that merchants can categorically say whether the festive boost to bottom lines was actually worth it.

The Seasonal Period Was Different This Year

All that said, merchants went into the 2020 seasonal period under rather unusual circumstances. Economic uncertainty, driven by job losses and furloughs, has led millions to hold back on their spending (with this only set to change by the second half of 2021) while providing greater potential for regret over previously purchased items.

And as those consumers that are spending now overwhelmingly doing so online, friendly fraud has become much easier to commit. With consumers shopping from the safety of their own home, it is not difficult for them to claim that packages didn’t arrive or were damaged upon receipt.

In fact, as a result of novel trends stemming from COVID-19, non-fraud chargeback issuances were up 23% globally in June 2020 when compared to the same time in 2019. When instances of friendly fraud are also considered, industries across the board suffered chargeback losses 10 times higher than before COVID-19.

Are Merchants Contributing to Their Own Problems?

Businesses may not want to admit that their internal processes are contributing to their chargeback rates, but in many instances, this is the case. In any normal year, online merchants tend to underestimate the immense traffic they receive during the November-December trading period. This can result in logistics not being up to scratch, leading to unhappy customers and increased chargeback or refund claims.

Likewise, if customers purchased goods that they feel weren’t as advertised on the company’s website, they are more likely to want to get their money back. What’s more, having a returns process that is convoluted or time-consuming can result in consumers bypassing the merchant altogether and turning to their banks for refunds via the chargeback model – costing the merchant extra in admin fees.

The effects of these errors are likely to be compounded in a year in which many merchants have moved into the online space in order to survive while lockdown measures have been in place. This is not only true for those new to the digital sphere, but the increased demand for e-commerce, as customers abide by social distancing measures, has presented more opportunity for them to occur.

As we don’t see this trend subsiding any time soon, it’s clear that businesses need to be prepared for their new omnichannel strategy. With that in mind, here are four tips for keeping on top of chargebacks moving forward:


Preventing chargebacks from happening is the best way of handling them. Happy customers are much less likely to instigate chargebacks, so keeping on top of customer service and responding to them quickly will help keep chargeback rates down.

In addition, proactive communication with your customers can stop them from getting confused. For example, customers may believe that purchases have been lost in the mail if they don’t arrive on time, so keeping them updated with tracking information can help.

Chargeback prevention doesn’t have to solely rest on the shoulders of merchants either. Alert programs are services whereby participating issuers alert a merchant every time a dispute is filed for a credit card fraud claim. That way the merchant can refund the customer before they’re hit with a chargeback.


If merchants refund instances of friendly fraud, they can end up looking like easy targets. On the other hand, challenging genuine claims can result in losing loyal customers. That’s why it’s so vital that merchants can identify the reason code for their chargebacks, which could be either merchant error, criminal fraud, or friendly fraud.

To do this, businesses should employ a multi-layered criminal fraud prevention strategy and use data to find internal errors that cause chargebacks. Once genuine claims are resolved in this way, instances of friendly fraud can be weaned out. However, if merchants are struggling to identify the source of their chargebacks, it’s always worth seeking help from an outside source, such as a third-party solution provider, which has access to industry experts.


Chargebacks and friendly fraud aren’t simply a cost of doing business, yet many merchants believe they are, letting them run wild in response. Every friendly fraud chargeback should be vigorously disputed for maximum revenue recovery and to stop the issue from growing further. We’ve found that 50% of cardholders who successfully commit friendly fraud will do it again within 60 days, meaning it can become a real issue.

Merchants can keep on top of friendly fraud by going through the representment process. At the same time, being ardent with this process will show processors and issuers that they are a tough nut to crack and they will be taken seriously.


With the ongoing digitisation of commerce, chargebacks aren’t going anywhere anytime soon, so merchants need to adapt to stay on top of them. However, one of the biggest problems merchants tend to have is the aggregation of data, from their acquirer or processor, CRM, OMS (Order Management System), fraud protection provider, and consortium chargeback data from similar merchants.

By properly managing and storing data from the payment process, merchants will be in a better position when proving whether or not friendly fraud has occurred. Information collected for this can include identifying data such as card numbers, CVVs, and the customer’s name. Merchants should also keep records of when transactions took place and, if possible, require goods to be signed for at the point of delivery.

If all this sounds like a lot to handle, the good news is by outsourcing your chargeback management to a specialist mitigation solution, such as Chargebacks911, you can let the experts do the hard work for you.

Get Ready

The chargeback spike is coming, so now is the time to do what you can get ahead of the curve. You won’t regret it.

Qatar Fintech Hub Hosts Second Hackathon to Support Innovative Fintechs

Qatar Fintech Hub (QFTH), co-founded by Qatar Development Bank (QDB) to support the growth of the fintech industry in Qatar, is inviting entrepreneurs and fintechs from Qatar and around the world to apply to its second Hackathon.

Under the theme “Disrupting the Global Fintech Ecosystem using Emerging Technologies”, the Hackathon aims to find solutions that cater to three main challenges; helping financial institutions increase revenue and efficiency, reduce cost and risk, as well as enhance the customer experience.

At the end of the Hackathon, three successful innovative ideas will get Fast track access to Wave 2 of QFTH’s flagship Incubator Programme, an exclusive platform providing a wide range of support to fintechs and entrepreneurs who are interested in Financial Technologies and to grow and tap into the opportunities within Qatar as well as global markets.

QFTH has already started receiving applications for the second round of this Hackathon as submissions will close on 31 January. The first week of February will witness the meetings and discussions among the teams and mentors, and participants will have the chance to deliver their final pitches on 7 February. Winners will be announced on 10 February. The fintechs will then receive support to turn their ideas to reality and accelerate their business as they play a key role in revolutionising the fintech industry in Qatar and beyond.

Catering to fintech entrepreneurs and startups worldwide who are looking for a launchpad and a hub in the Middle East to accelerate their growth, the QFTH Incubator and Accelerator Programmes have received tremendous traction during Wave 1 with over 750 applications from 72 countries.

Through the Incubator and Accelerator Programmes, participating fintechs will have access to financial and in-kind support of up to $250,000, receive support in commercial establishment by registration and license fee waiver, as well as assistance in setting up their business in Qatar while being referred to Qatar Central Bank’s Sandbox. Enrolled fintechs will also get access to global mentors from over 12 countries and a series of high-level masterclasses conducted by QFTH partners and renowned speakers from across the world, in addition to a range of Proof of Concept (PoC) and collaboration opportunities with over 10 local financial institutions, payment networks and technology partners.

QFTH aims to develop the fintech industry in Qatar, in accordance with the Qatar National Fintech Strategy created by Qatar Central Bank, and to contribute and reiterate Qatar’s position as a leading international fintech hub in the region, as outlined in Qatar’s National Vision 2030. Wave 2 of the Incubator and Accelerator Programmes will focus on emerging technologies for financial services.

Cardlay and Eurocard Launch VAT Reclaim Software in Nordics

Millions of unclaimed VAT Euros are in store for small businesses across Europe says card company Eurocard as it starts the roll-out of fintech firm Cardlay’s software solution for reclaiming VAT automatically.

In a report by the European Commission, it was found that 80 per cent of all European businesses do not reclaim VAT on purchases made in other EU member states.

Eurocard, operated by bank SEB Kort, is introducing Cardlay’s solution Vattax for reclaiming VAT automatically to small and medium-sized enterprises across the Nordic region to help with the ‘tricky and time-consuming process’.

Vattax has been developed by the Danish fintech in partnership with PwC’s VAT department and launched in Denmark at the end of 2019. More than a quarter of the Danish businesses that use Eurocard’s corporate card and the Eurocard Pro app have adopted the tool. Rolling out the automated VAT reclaim solution to the whole of the Nordics is the next step in the partnership.

They say that small and medium-sized enterprises are missing out or give lower priority to claiming EU VAT refunds due to lack of knowledge and resources.

Cardlay’s founder and CEO Jørgen Chr. Juul, said: “It goes without saying that coronavirus and the significantly lower travel activity have been a massive obstacle to onboarding the number of users of the Vattax solution in the Eurocard Pro app we have the capacity to handle. Having said this, however, we’ve achieved a high market penetration among Danish businesses in spite of the lower travel activity. That’s why we are now launching throughout the Nordic region from the beginning of 2021. This means we’ll be fully prepared for the rebound of business travel in Denmark, Sweden, Norway and Finland.”

According to Cardlay, its VAT reclaim solution is the first ever AI-based solution to automatically help small and medium-sized enterprises reclaim foreign VAT, in connection with hotel accommodation, restaurant visits and car rentals within the EU. It claims it takes less than a minute to submit an expense receipt for approval, whether businesses are reclaiming €10 or €1000.

“The amount of money that is potentially at stake, waiting to be reclaimed from all over Europe, is colossal,” adds Jørgen Chr. Juul.

SumUp Joins Forces With Shutterstock To Help Merchants Revamp Stores

Payment service provider SumUp has teamed up with creative platform Shutterstock to give merchants access to high-quality visuals to boost their online storefronts and increase sales.

SumUp says the partnership is part of its wider mission to build support systems for small businesses that will help them keep trading during challenging times, such as the Covid-19 pandemic.

Integration offers access to Shutterstock’s vast library of more than 350 million images, plus Smart Image Recommendations, helping merchants create engaging online storefronts and boost sales.

Launched in May 2020, SumUp Online Store allows merchants to showcase their products to a global audience, accepting online payments from the biggest possible customer base. According to the company, it has more than 7,000 companies joining the platform every day.

Merchants using the store can now revamp their online storefronts and benefit from quick and easy access to Shutterstock’s library. Access to images is included within SumUp merchants’ existing subscription plans and includes the option to add up to ten photos to their online stores from an embedded image database, filtering images by type and category.

The Shutterstock integration is the latest innovation unveiled by SumUp to help businesses navigate the operating restrictions brought about by the Covid-19 pandemic, including the introduction of payment links and invoicing options, new online selling functionalities and gift card collaborations with Google, Facebook and Instagram.

Alex von Schirmeister, executive vice president for Europe at SumUp, said: “We’re happy to be able to offer our merchants this new feature of access to millions of images to revamp their online stores. It’s important now more than ever that small businesses have the means to trade in the e-commerce space in order to take on larger competition. This partnership with Shutterstock will do just that, giving them more visibility to grow their customer bases.”

While Alex Reynolds, vice president of platform solutions at Shutterstock, added: “After the events of 2020, countless small businesses were financially impacted and forced to pivot, and we’re thrilled to be able to help them get back on their feet through our collaboration with Sum Up. Integrating high-quality visual content and smart image recommendations into the workflow of SumUp’s merchants will allow small businesses to attract new customers through stunning online storefronts, simultaneously helping to drive online sales.”

Gibraltar Looks to Enhance Its Regulations For Digital Asset Exchanges

At a time when digital assets have been criticised by financial authorities in the UK and Europe, Gibraltar is outlining appropriate market standards for exchanges operating in the digital asset space.

Gibraltar is keen to raise its profile as a well-regulated commercial centre in the areas of financial services, digital technology innovation and online gaming. Its plans include updating its already regulated digital ledger technology (DLT) framework with the development of a ‘10th Core Principle’, specifically for digital asset exchanges.

Back in January 2018, Gibraltar became the first jurisdiction globally to introduce legislation around DLT with a working group of industry leaders in the blockchain and emerging tech space assembled to develop Gibraltar’s bespoke offering.

The group’s Gibraltar Market Integrity Study will not only be responsible for setting market standards for exchanges operating in the digital asset space but will also decide if the nature of the asset/item traded (i.e. security, utility or exchange tokens) affects market integrity standards. It will also take into account the recently defined standards by the UK, EU and other international bodies.

Additionally, the framework looks to help those who have the ability to create crucial foundational concepts for the work of other watchdog and/or regulatory bodies, such as the Financial Action Task Force (FATF), European Commission and the International Organisation of Securities Commissions (IOSCO).

In 2020, the IOSCO published standards for trading platforms and the European Union published proposed comprehensive regulations for the digital asset space in markets in crypto-asset regulations (MiCAR).

According to Gibraltar, its amended legislation will be the first set of legislated principles to ensure digital exchanges/operators protect customers/market integrity by looking to ensure guidance of efficiency, transparency and an orderly market.

Joey Garcia, partner at international law firm ISOLAS LLP, board member of Xapo and IOV Labs (RSK) groups and a key member of the working group, said: “The creation of the Market Integrity working group is an important step for the jurisdiction as we continue to develop our DLT framework in line with an ever-evolving regulatory landscape, and also for the Global Blockchain Convergence.

“Gibraltar has long been a leader when it comes to fostering innovation and in the development of virtual asset service providers’ regulatory standards and we are confident the 10th Core Principle will aid us even further in our mission to achieve this, particularly as the integrity of these markets is such a key focus internationally. We already have some of the largest groups in the world regulated in Gibraltar and this should continue to place those groups at the forefront of standard setting in the industry.”

Meanwhile, Pawel Kuskowski, CEO of Coinfirm and another group member, said: “Digital asset exchanges are a focal point in how public perception views cryptocurrency and blockchain systems, for better or worse. New entry retail customers, investors and traders need to be better protected and it is high time that exchanges take care of all stakeholders in the ecosystem. However, the 10th Core Principle regulation should not stifle innovation.”

LSB Publishes Review of CRM Code For Authorised Push Payments

The LSB has published its report of the review into the Contingent Reimbursement Model Code (CRM Code) for APP scams, following an industry-wide consultation.

The voluntary Code, launched in May 2019, sets out consumer protection standards to detect, prevent and respond to APP scams. Signatory firms make a commitment to reimburse customers who lose money where they were not to blame for the success of a scam.

The review carried out by the LSB, the primary self-regulatory body for the banking and lending industry, sought to better understand how effective the Code is in achieving its objectives to provide greater consumer protection, as well as to understand the impact it has had on the volume of scams taking place.

The report evidences support for the principles of the Code, stating that many respondents agreed that it works to address what was a clear gap in the payment landscape. The LSB reports that when applied correctly, the Code provides the framework to broaden protections for customers. To address inconsistencies in the application and awareness of the Code across firms, an issue that was raised in the consultation responses and evidenced in the LSB’s previous thematic reviews, a Governance and Oversight provision will be introduced to the Code by the LSB. This will set a clear framework for ensuring that the Code is embedded within the culture of firms, from senior management through to customer-facing staff.

Evidencing the success of the Code is another area highlighted for improvement. The majority of consultation responses cite reimbursement levels to evidence that the Code has been effective, but this is just one measure. In order to fully assess the effectiveness of the Code, the LSB will work with stakeholders to define a wider series of success measures which take account of detection and prevention data.

The LSB noted in the report that participation from firms in becoming signatories to the Code was slower than expected. The LSB remains committed to increasing participation and will work with firms to understand the challenges that the requirements of the Code can place on some business models.

Emma Lovell, Chief Executive of the LSB said: ‘The responses we received from this consultation evidence that the purpose of the Code is supported by the industry, and we know that when applied correctly, it is enhancing protections for customers, but there is more to do.

‘The Code’s objectives focus on prevention, detection and responding to scams. While reimbursement levels are a key metric to the success of the Code, we must not lose sight of the importance of prevention and detection measures. Preventing customer loss and harm from scams is critical, which is why we intend to introduce new metrics across the Code objectives. Part of this work will include bringing consistency across signatories for collation of data and their definitions.

‘As fair customer outcomes and consumer protection remain our [LSB’s] key principles, we will also amend the Code to recognise that firms can ‘self-fund’ no blame cases. This will ensure that, while work continues within the industry to design a longer-term sustainable funding mechanism for such cases, customers in no blame situations are reimbursed.

‘We will work with the industry to increase consumer awareness of the Code and the ever-evolving risk from scams, and with firms to implement any recommendations placed on them as a result of our thematic reviews to deliver consistency of application and greater protections for consumers.’

Report finds Surge in UK Tech M&A Activity Positive for Fintech in 2021

A new report by technology-focused investment bank ICON Corporate Finance has revealed that despite Covid causing a 50% year-on-year collapse in Tech M&A activity in the second quarter, a remarkable bounce-back led to a spate of M&A activity in businesses focussed on Digital Transformation, resulting in a near-record final quarter, boding well for 2021.

The report, which analyses some of the largest and most interesting fintech deals in 2020, and which looks at trends in the tech sector, saw M&A activity rally, up 6% in Q4 compared 2019, which had itself been a record year for Tech M&A activity.

In the fintech sector consolidation in financial information led to ever-larger deal sizes. This included the announcement that S&P Global was to acquire IHS Markit for £34bn or 9x revenues. This beat the £24bn acquisition of Refinitiv by London Stock Exchange in 2019.

Overseas Appetite to Grow

ICON believes that Digital Transformation across all industry sectors, including fintech, will continue to accelerate, driving further M&A activity in 2021, boosted in no small part by appetite from overseas investors – a major force in the 2020 bounce-back. Cross-border deals rose to a record high in 2020, accounting for 48% of all UK deals.

“Normally in economic downturns, overseas buyers tend to pull up the draw-bridge and re-focus. However, that was far from the case in 2020,” said Brian Parker, Co-Founder, Head of M&A at ICON Corporate Finance and author of the report.

Alongside the mainstay of buyers from the US, 2020 saw a significant widening of interest in UK tech companies from Australia, Scandinavia and Europe as buyers like Byggfakta (Scandinavia) ELMO (Australia) and MessageBird (Holland) boosted activity. It will be interesting to see if this is a trend that continues in 2021.

“There is simply a tsunami of cheap funding looking for a home,” said Parker. “Many used these funds to plug the hole created by COVID, while others used the funds for M&A. As a result, there were 4,700 global tech M&A deals in 2H20, up 4% YoY. That has also pushed up valuations to frothy levels with two of the largest US deals achieving more than 30x revenues.”

Private Equity Funded Acquisitions on The Rise

The report identifies that private equity acquisitions were one of the key factors behind buoyant tech M&A activity in 2020. This is likely to continue in the year ahead.

“Total VC/PE backed acquisitions accounted for 23% of all deals in 2020 – similar to 2018 and 2019,” said Parker. “However, with interest rates remaining low and significant funds raised yet to be spent, further M&A activity can be expected. We have seen a wave of PE-backed buy-and-build deals in the past few years and that is unlikely to change in 2021.”

Notably, all the most acquisitive UK buyers in 2020 were PE owned. The report looks at ClearCourse Partnership, Juniper Education, Advanced, Access Group, Iris and Civica, among others, who are all looking for new technology in their respective sectors.

Major Fintech Deals

Within the fintech sector, major deals included the Broadridge acquisition of FundsLibrary, a leader in fund document and data dissemination, from Hargreaves Lansdown. The cost of £53m equates to an impressive 7x revenues or nearly 30x profits.

In the payments space, the headlines were taken by mega-deals from Worldine and Nexi. In the UK, payment solutions firm Paypoint acquired card payments and terminal leasing businesses Handepay and Merchant Rentalsenabling it to reach into new SME sectors – including groceries, hospitality, food services and auto trade. At £70m the valuation was over 4x revenues.

Australian-listed Bravura acquired Delta Financial Systems, which provides technology to power complex pensions administration supporting the administration of SIPPs and SSASs, for up to £23m – 3.8x revenues for the business that is growing 20-30%. Delta. Bravura is on a roll, having acquired two companies in 2019 – FinoComp, extending microservices offering to a broader wealth management market, and Midwinter which has developed financial planning software ‘AdviceOS’.

Kenna Security: FinServ’s Newfound Appreciation for Cybersecurity Teams

The impact that the pandemic has had on the FinServ sector and the increased threat from cyber attacks have made security teams and their professionals particularly valuable to organisations. Research finds that 70% of banks have put cybersecurity as their top priority, which is likely to grow as the situation progresses.

Stephen Roostan, VP EMEA for Kenna Security, a risk-based vulnerability management platform. Here he shares his view on FinServ’s newfound appreciation for cybersecurity teams.

Stephen Roostan, VP EMEA, Kenna Security

Once referred to within a business as the department of “no” and viewed as a blocker to IT innovation and business transformation, the reputation of information security professionals has steadily improved. As digital transformation has resulted in an ever-changing IT infrastructure, the combination of a crippling skills shortage and the global pandemic has awarded cybersecurity teams a newly-found – but well-earned – respect.

Nowhere can this be seen more keenly than within the finance and banking sector. While this sector has long been a prime target for cybercriminals, the shift to remote working introduced new challenges. A report published by Investors’ Chronicle in November last year found that between January and June 2020, the finance, insurance and credit sector reported at least 122 cybersecurity incidents to the UK regulator under the General Data Protection Regulations, an increase of more than 54 per cent on the same period last year. The report also found that the finance sector suffered 63 fraudulent attacks known as “phishing” from January to June, compared to 37 during the same six months last year. Incidents of ransomware breaches also nearly doubled.

Little wonder then that even before the pandemic, over 70% of banks questioned in a survey by the Conference of State Bank Supervisors (CSBS) stated that cybersecurity was a top concern in 2020.

From Zero to Hero

No longer seen as naysayers standing in the way of progress, security professionals are now more likely to be viewed as knights in shining armour, keeping the business safe and secure from the cyber threats that lurk in the shadows. In fact, according to research from ISC, 71% of professionals outside of the security community now view cybersecurity experts as ‘smart, technically skilled individuals’ – and 9% go as far as to claim they think of cybersecurity professionals as ‘heroes’.

What’s caused this rapid rise in popularity? Let’s take a detailed look….

Rapid Transition Caused by the Pandemic

The ‘stay at home’ caused by the pandemic forced businesses to pivot at speed and at scale. There was a rapid surge in demand for digital capabilities and services, as organisations transitioned to remote workforce models and focused primarily on serving customers through digital channels.

However, this wholescale move to remote digital operations meant organisations now faced a myriad of new risks and vulnerabilities. Cybersecurity teams found themselves tasked with a new mission: supporting business continuity while protecting the enterprise. No easy task when threat actors were quick to exploit the opportunities brought about by the explosion in BYOD usage and the rapid expansion of the attack surface.

Enabling productivity while securing what matters most to the organisation became a mission-critical endeavour, as organisations reimagined architectures to enable remote digital working environments for the long term.

Tackling Cybercriminals is a Team Sport

There is one other important factor that has significantly contributed to the rise of security professionals in the popularity stakes. Today’s modern risk-based vulnerability management (RBVM) platforms measure, score and prioritise the actual risk an individual vulnerability represents across all of an organisation’s assets and applications in near real-time.

Not only does this significantly change the way that cybersecurity and IT teams work together; it also paves the way towards better communication and collaboration between the two organisations.

Over the years, IT teams have become accustomed to being handed a long list of ‘critical’ vulnerabilities by cybersecurity professionals. A practice that has generated much friction and a lot of frustration on both sides.

It wasn’t just the fact that the security teams were perceived as ‘pushing’ unwanted workloads onto IT teams, presenting them with spreadsheets containing large numbers of vulnerabilities they had to ‘fix’. All too often this led to disputes, especially when security thought one vulnerability should be prioritised, and IT believed another was more deserving of their attention and limited resources.

Fortunately,  modern risk-based vulnerability management (RBVM) solutions provide a single source of truth for everyone to work more closely together in harmony – and in a much more informed way.

Focus on the Right Things, at The Right Time

These highly automated RBVM platforms have enabled security professionals to focus on the 2% to 5% of vulnerabilities that actually pose the greatest risk to their specific enterprise, assigning a risk score to asset groups or departments, so that remediation teams can easily identify which high-risk vulnerabilities they need to address first. Armed with these ‘top fix lists’ that eliminate any need for guesswork, security and IT teams are at last able to align around a common goal; that of reducing risk in the most practical and efficient way possible.

As well as enabling everyone to understand what to fix, why they should fix it, and how to fix it, the most advanced VM solutions are allowing security teams to use predictive modelling solutions. By utilising machine learning algorithms, these technologies can analyse vulnerabilities as soon as they are published and immediately determine how likely they are to be exploited within the organisation’s environment. As a result, the companies leveraging these solutions are now taking a predictive approach to vulnerability management, evolving beyond proactive cyber risk management to better equip themselves to defend against today’s fast-moving threat landscape.

Cybersecurity teams are now held in high regard by both ordinary employees and senior business leaders. The role they play is a crucial one. The introduction of innovative risk-based vulnerability management systems has generated a significant productive benefit to this growth in popularity. IT teams can now seamlessly work in collaboration with their colleagues in cybersecurity to embrace the upheaval in working practices brought about by the pandemic and deliver on a joint mission to keep their organisation safe.

ANGOKA: The Increasing Cybersecurity Threat on Smart Cities

With the increased use of smart devices in every aspect of consumer lives, with Home assistants and smart fridges to name a few examples, the world is becoming more interconnected than ever before. However, with this boom in Smart technology comes with it an increased cybersecurity risk that needs to be addressed. 

Yuri Andersson is CEO of ANGOKA, an IoT security company focused on protecting M2M communications for Smart Cities and Mobility. He has nearly 20 years’ experience of technology innovation in start-ups, research institutes and multi-nationals as a scientist, manager and director. Previously, he spent over a decade in financial technology innovation, both in startups and also at investment banks where he has overseen multi-year, multi-million global technology programmes, including six years at BNP Paribas.

Here he shares his thoughts on the threat of cybersecurity on Smart cities.

Yuri Andersson, CEO, ANGOKA

The past few years have seen an increase in IoT and Smart devices across sectors, leading to a boom in actionable data that will undoubtedly change the way we live forever. From heightened manufacturing outputs to reduced traffic and pollution to increased fitness knowledge, the world is becoming more connected than ever before. Soon, cities will be able to offer their citizens an upgraded quality of life, drawing on and using all of this data. It’s hard not to be excited about the prospect of a safer and more efficient world.

However, one aspect of Smart technology threatens the ambition of Smart Cities – cybersecurity.

It is predicted that there will be 1 trillion connected devices by 2025. Nearly all aspects of a city can be ‘Smart’ – think of all of the devices you may even personally own, such as a smartphone, Smart speaker or Smart doorbell. On a metropolitan level, these devices are responsible for larger swathes of city living. Examples include IoT devices that track traffic patterns, enable energy or water mains, or facilitate machinery operating at ports. The main selling point of all of these devices, regardless of their purpose or sector, is their connectivity. These devices can all be operated remotely, gathering data or carrying out their other functions.

Currently, most Smart and IoT devices are not built with security as a priority, as evidenced by the numerous news stories in the past few years of hacked cars, security cameras, and even baby monitors. As cities move to Smart systems for critical systems, such as energy, traffic lights and connected and autonomous vehicles, cyberattacks will soon not only be a case of security, but of safety.

IoT devices are commonly victims of spoof attacks, where hackers assume the identity of a device to gain access to the larger network. Identity authentication is key to protecting machine-to-machine communications. By ensuring the legitimacy of a device’s identity and thereby ensuring the trustworthiness of its ensuing message, IoT devices and their networks are less likely to fall victim to these attacks.

Therefore, connectivity – the key to the future of Smart Cities – is also its fatal flaw. Each device represents a new point of entry for attack by nefarious actors. Even 5G, which is starting to be rolled out across the world, has security flaws. As the future backbone of connectivity across cities, it is imperative that 5G is secured.

Of course, not all security flaws can be fully anticipated, and as technologies develop, so do new risks. But the cybersecurity landscape today is already outdated and highly siloed, making it difficult to even begin to protect an attack surface which is so incredibly connected. Additionally, networks often contain a mix of technologies, standards and operators, making them even more complex. Finally, at the moment, end-to-end communication between devices cannot be assured. It is not difficult to see how this isn’t scalable or workable for the Smart Cities of the future.

Ultimately, there needs to be a complete paradigm shift in the approach to IoT, Smart technologies and cybersecurity. Developers need to ensure that security concerns are a priority from inception, and seek interoperability and identity management measures as much as possible. The time to secure future innovations is now, as these technologies emerge – any later will be too late.

Fintech and Tech Talent: Migration and Remittances in The Middle East and Africa Region

The Middle East and Africa (MEA) region is home to some of the world’s richest countries in the world, as well much of the world’s poorest. Talent in highly skilled and knowledge-based industries, such as fintech, wider tech and digital, remains a challenge for MEA, which has experienced its fair share of brain drain, migration and remittances. 

The MEA region is generally young and educated. It has been both a source and recipient of talent looking for greener pastures (a combination of factors ranging from economic, unemployment or political). Many have immigrated to other parts of more established economies – in particular in the Gulf Cooperation Council (GCC) region countries of Saudi Arabia, Bahrain, United Arab Emirates (UAE), Kuwait, Qatar and Oman, as well as in Israel.

The economic development of the GCC in the previous century, much in part to its discovery of oil and gas, has attracted talent and all skillsets from across the world – both blue-collar work as well as highly-professionally skilled roles, such as in tech and fintech.

For instance, 80 per cent of the UAE population is comprised of expatriates. In other words, only 20 per cent are local Emirati. In addition, Israel has quickly become a leader in tech and other highly-skilled industries, earning its nickname as the Startup Nation.

The Middle East and Africa region is both a source and recipient of overseas workers from across the world

The Middle East and Africa region is both a source and recipient of overseas workers from across the world

The Middle East and Africa region is both a source and recipient of overseas workers from across the world  SOURCE: GETTY

Many migrant workers come from various parts of the world, such as South Asia, South East Asia, Latin America, parts of Eastern Europe, as well as much of MEA. In the GCC region, many migrant workers who live and work there come from South Asia, such as India, Pakistan and Bangladesh; South East Asia, in particular the Philippines and Indonesia; and many parts of Africa – both from lower-income African countries to even those in the middle-income bracket, such as Egypt.

Remittances are important for the countries that receive them, as they play a large part in the country’s gross domestic product (GDP). India, the world’s largest recipient of remittances and one of the largest communities living abroad at nearly 16 million, according to the United Nations (UN) Department of Economic and Social Affairs, received $80billion in 2018 from remittances. There were more than 30 million non-resident Indians (NRIs) and persons of Indian origin (PIOs) residing outside of India the same year.

Another top source of migrant workers is the Philippines, which in 2019 sent remittances back totalling more than $30billion – approximately 8.5 per cent of the country’s GDP. They are even referred to in the Philippines as ‘overseas Filipino workers’ – or the acronym OFW.

An example of a MEA country that relies heavily on remittances is Egypt and its 100 million population. Despite overall being relatively more affluent than much of Africa, many Egyptians do go overseas. In 2019, Egypt received more than $26billion in remittances – many Egyptian workers go the GCC, as well as Jordan – to name a few.

The money from workers from countries, such as India, the Philippines and Egypt (all three have significant populations in MEA, mainly in the GCC), has allowed many families back in their home countries to help pay for an array of necessities – from education tuition fees to food to even buying their own house or setting up their own business.

It is worth noting that even those wealthy countries in MEA that attract talent from across the world immigrate as well. For instance, the Leaving the Promised Land — A look at Israel’s Emigration Challenge, report, released by the Shoresh Institution for Socioeconomic Research, revealed that for every Israeli with an academic degree who returned to the country in 2014, 2.6 Israeli academics emigrated (in 2017 that figure went up to 4.5). The Startup Nation has often seen much of that talent and innovation go to the United States, in particular.

A challenge with many blue-collar migrant workers with respect to financial services is that many of them are unbanked (both in their current country of residence and their country of origin) and often have to send money back home regularly to support their families. Going abroad in the first place to support their families is almost always the main reason for lower-skilled migrants workers.

As millions of migrants workers are often reliant on traditional money exchanges houses, especially in a pre-Covid world, digital disruption of the remittances industry showcases a strong example of where fintech can help. Even for those who are expatriates and not in the blue-collar worker category, transferring one’s hard-earned money via banks has been historically expensive.

In terms of remittances and fintech, it is clear that it is growing in the MEA region. For instance, it is important to note that 85 per cent of the fintech firms in Middle East and North Africa (MENA) region operate in the payments, transfer and remittances sectors. In the UAE, expatriates form the majority of the population – coupled with being home to Dubai and Abu Dhabi hubs, known for their growing fintech and wider tech ecosystems.

Another example is Kenya – both as a source of immigrants but also attracting talent due to its growing fintech and tech ecosystem. Notably Nairobi, the capital and largest city of Kenya, is also the hub for East Africa. Nairobi, as well as Johannesburg and Cape Town of South Africa and Lagos in Nigeria, in addition to Cairo in Egypt, Kampala in Rwanda and Accra in Ghana, are often referenced and known as key fintech hubs in Africa. With Kenya, their fintech strengths lie in payments, remittances, bank and lending technologies. Nevertheless, mobile money and lending platforms dominate Kenya’s fintech industry both in terms of subscription numbers and financial performance.

Nevertheless, this heavy migration – both leaving and also receiving – showcases the uniqueness of MEA in respect to mainly remittances. Fintech technology has been aided to help both the working class and more affluent professionals can be felt across MEA – particularly with the former.

Finally, with 2020, it is projected that hundreds of thousands of expatriates in GCC countries have left due to Covid-19 – some estimate that up to 10 per cent of expats have left. Countries, such as the United States, which from 20 March to 20 April 2020 at the start of the Covid-19 lockdowns, saw its unemployment skyrocket from 4.4 per cent to 14.7 per cent. Therefore, most countries – whether rich or poor – have not been immune to the effects of the coronavirus.

A recent World Bank’s Migration and Development Brief has revealed that, due to the Covid-19 pandemic cascading down across the global economy, the amount of money migrant workers plan to send home is projected to decline 14 per cent this year compared to the pre-coronavirus levels in 2019. All regions globally will be affected, but with respect to MEA, those declines in 2020 and 2021 will be MENA (eight per cent and eight per cent) and Sub-Saharan Africa (nine per cent and six per cent).

Nevertheless, as prior to Covid-19, fintech solutions in remittances will play a large role. This will help current and potential customers find an effective and cost-saving way of getting their hard-earned money back to their families in their home countries. This has been evident with a growing number of companies from MEA that offer these solutions, such as the UAE’s RISE and Qatar’s C Wallet and Kenya’s M-Pesa.

Despite 2020’s surging global unemployment, salary cuts and uncertainly as a whole due to Covid-19, MEA – home to some of the world’s largest percentage per population of expats and also a source of immigrant workers – plays a unique front with remittances and will help continue to do so. In parallel, finding innovative and digital solutions will also carry on.

Auriga: Will 2021 See a Rise in Hackers Making ATMs Spew Out Cash?

Jackpotting, a technique whereby cybercriminals can trick an ATM into dispensing cash, has been on the rise over the last ten years and may be growing as an attack on banking and financial services. 

Elida Policastro,  Regional Vice President for the Cybersecurity Division at Auriga, is a self-service banking cybersecurity expert and has worked with several banks on their cybersecurity strategies. She expects the problem to continue unless banks do more to apply holistic security strategies across their networks and infrastructure including ATMs. 

Here she discusses the issue of jackpotting, and what the trend could mean for banks and financial services.

It has been over 10 years since Barnaby Jack famously hacked an ATM at a trade show and tricked the cash dispenser into spitting out dollar bills. Years later and this technique, now known as jackpotting, persists as a threat and in fact, may be growing as an attack on banking services. Indeed, in late 2020, several US agencies warned about a hacking group called BeagleBoyz in North Korea who are allegedly stealing money from international banks by using remote hacking techniques like jackpotting.

What is Jackpotting?

Jackpotting is a technique whereby cybercriminals use malware to trick an ATM machine into dispensing cash. Because this technique is very easy to commit, it has been on the rise over the past few years, and this trend is sure to continue this year unless banks take action.

During this unprecedented time where access to cash has never been more important, banks have increasingly relied on ATMs for their customers to have access to money. However, ATMs have become a very attractive object for cybercriminals to exploit as they carry sensitive data such as credit card or PIN numbers. With cyber criminals putting in lots of effort to develop innovative ways of attacking the IP in these ATM machines, there is no doubt that jackpotting will continue to rise this year, especially as the return on investment is huge.

The Vulnerabilities in ATMs

Jackpotting relies on how ATMs are both physically accessible and often in remote locations without proper surveillance; and have software vulnerabilities that can be too easily exploited.

ATMs are vulnerable to attacks because most of them run on obsolete, unpatched operating systems. This issue is difficult for banks to resolve, as it takes huge amounts of time and money to update these systems. Because of this flaw, cybercriminals have the opportunity to infiltrate the software layers in ATMs and exploit the hardware to trigger the cash dispenser.

What Can Banks do to Fight Back?

With the sector’s complex technical architecture, financial organisations need to make sure that they control the transactions that take place, which includes managing the security of communication between different actors. When banks review their ATM infrastructure, they also need to do more to safeguard the most vulnerable capabilities of their cybersecurity. This includes encrypting the channels on the message authentication so that communications are not tampered with.

As ATMs networks and systems need to be available 24/7, greater protection and a holistic approach is required. Banks can implement a solution that is designed to be a centralised security solution that protects, monitors and controls ATM networks. Financial institutions can use such solutions to manage their entire ATM network from one place, preventing malware attempts or fraudulent activities on compromised ATMs.

Banks should also update their ATM hardware and software to reduce the risk of attacks and stay secure. They will also need to closely monitor and regularly inspect their ATM machines to make sure that they are not at risk.

What’s in Store for the Banking Industry

 Jackpotting very much persists as a threat, as confirmed by the US warnings. There is some evidence that hackers may be changing their tactics. For example, it was reported last year that some hackers stole details of proprietary operating systems for ATMs, and this may be used to create new jackpotting tools.

The rise of jackpotting highlights the need for financial institutions to actively work to ensure that their customers’ personal information and critical systems are protected this year. Updating their ATM hardware and software is critical in reducing the risk of attacks and staying secure. Banks will also need to closely monitor and regularly inspect their ATM machines to make sure they are not at risk. With criminals coming up with innovative ways to attack ATMs, the trends mentioned will only continue to rise. Although jackpotting requires little effort from cybercriminals, if banks can implement a layered defence to their security, it could prevent them from falling victim to this attack in the near future.

NETSCOUT Discovers DDoS Extortion Campaign Is Re-Targeting the Finance Industry

NETSCOUT, a provider of application and network performance management products, recently revealed that DDoS attacks hit over 10 Million in 2020. With the Covid-19 pandemic seeing cybercriminals take advantage of the unprecedented disruption to everyday life, the finance industry needs to take note and be prepared for potential attacks. 

Philippe Alcoy currently serves as APAC security technologist for NETSCOUT, where he works across the research, strategy, and presales of DDoS threat detection, investigation, and mitigation solutions for service providers and enterprises in the Asia Pacific region.

Philippe has more than 20 years of experience in the IT security risk and compliance industry, and here discusses the DDoS Extortion campaign that is re-targetting the finance industry.

Phillippe Alcoy, Security Technologies for NETSCOUT

In a progressively digital world, the Covid-19 pandemic has driven societies to be even more reliant on online services, and this has provided the opportunity for cybercriminals to strike. Whilst the total number of DDoS attacks dramatically increased worldwide last year, the methodology of attackers transformed too. Threat actors preyed on their targets with DDoS extortion attacks and, for the first time, NETSCOUT has identified a re-targeting campaign against the financial sector.

Simply put, DDoS attacks are coordinated attempts to disrupt the normal availability and performance of a website or online service by deliberately flooding it with traffic. In 2020, the frequency of DDoS attacks against the financial sector increased significantly: between June and August 2020, the industry observed more attacks in those three months alone than it saw in total from April 2016 to May 2020.

In August 2020, there was clear evidence of a global DDoS extortion campaign taking place against the financial sector. These targets included organisations such as regional banks, stock and currency exchanges and, in some cases, their upstream internet transit providers. DDoS extortion attacks can be distinguished from other types of DDoS attacks as the threat actor will run a demonstration DDoS attack against parts of the organisation’s online infrastructure, before or after sending an email to the organisation demanding for payment in Bitcoin cryptocurrency.

Most of the time, if the extortion demands of the cybercriminals aren’t met, the DDoS attack that is threatened doesn’t take place and the attacker moves on to the next target. However, NETSCOUT has recently observed a major development with regards to these DDoS extortion attacks: it is now seeing the attackers return to earlier targets, particularly in the financial sector. It appears that these organisations are having their critical infrastructure retargeted due to having access to large amounts of data and money.

This retargeting approach is characterised by the cybercriminals sending a new extortion demand, which mentions the details of the previous demand. They then typically launch the latest DDoS attack simultaneously to the new extortion demand being sent. The subjects of these new attacks, which take place weeks or months after the original incident, are the companies that were initially able to avoid giving into the demands of the attacks and successfully prevent the first waves of DDoS attacks from taking down their online services.

Who are the suspected threat actors?

The group behind this ongoing campaign has claimed to be connected to well-known attack groups that are regularly spoken about in industry media and has been linked to groups such as ‘Armada Collective’, ‘Fancy Bear’, and ‘Lazarus Group’. The reason for this is to try and make themselves seem like a credible threat to those companies being targeted by the extortion attacks. Given the fact that the attacker is impersonating these threat groups, NETSCOUT has given the attackers the moniker ‘Lazarus Bear Armada’ (LBA).

One noteworthy element of the extortion campaign being run by this group is that they have clearly conducted thorough research prior to launching the attacks. In previous DDoS extortion campaigns, the attacker has chosen a generic or incorrect email address, meaning that the extortion demands are never seen by the intended targets. However, with the LBA campaign, the attackers appear to have conducted a significant amount of due diligence, identifying inboxes that are likely to be regularly checked by the right individuals within the targeted companies.

How can organisations protect themselves from attacks?

Those targeted organisations that have adequately prepared to defend their online infrastructure have experienced very few issues relating to this ongoing DDoS extortion campaign. Even though the attackers have shown that they’ve undertaken diligent pre-attack reconnaissance, the DDoS attack vectors and targeting methods that they’ve used thus far are well known and can be easily mitigated, through the use of standard DDoS protection.

One DDoS countermeasure that organisations should deploy is to have cloud-based upstream DDoS mitigation capabilities combined with on-premise intelligent DDoS mitigation services – effectively hybrid DDoS protection. This will provide flexibility and enable the DDoS protection vendor to respond quickly in case an organisation is attacked.

Additionally, it is vital that DDoS defences for an organisation’s online infrastructure are deployed in a situationally appropriate method, as not all circumstances and organisations are the same. Testing should also take place semi-regularly to ensure that any changes to an organisation’s infrastructure are included in its DDoS defence strategy and that all online infrastructural components are protected against DDoS attacks. For example, if an organisation has its web servers adequately protected, only for its application servers to be neglected, this still leaves the company vulnerable to attacks.

It is also imperative for organisations to learn about the details of previous high-profile DDoS extortion campaigns. This includes familiarising themselves with the extortion campaign led by the group DD4BC (‘DDos for Bitcoin’), which initially began in 2014 and targeted over 140 companies in industries such as online gaming and financial services over a two-year period.

Though most organisations in the financial sector have the resources in place to successfully protect themselves against DDoS extortion attacks, it is still necessary to take the threat posed by the ongoing DDoS extortion campaign seriously, particularly if an adequate DDoS defence system is not in place. As such, it is wise for those companies in the heavily targeted finance industry to invest in effective DDoS protection.

Managing Cash Flow in 2021 – How Fintech Innovation Can Help Startups Balance the Books During COVID

With HMRC’s self-assessment tax return deadline looming, it’s time for entrepreneurs to think of the year ahead and how fintech can help balance the books.

To help with this, Sara Green Brodersen, co-founder and CEO of Canaree, a financial modelling solution that simplifies budgeting and forecasting startup finances, shares how fintech innovation can help start-ups balance the books. 

Sara Green Brodersen, co-founder and CEO of Canaree.

It’s never easy running your own business, but when it comes to challenging times, Covid-19 has delivered an incredible blow to many entrepreneurs. There’s been unprecedented disruption to companies across industries with lockdown closures and social distancing measures.

And then there’s the matter of taxes. We all still need to pay up, don’t we? Our self-assessment deadline looms!

Government support has been vital – with the Treasury stepping up to offer furlough schemes, deferred tax payments and loan support.

Unfortunately, these are temporary measures that will soon come to a halt. When that happens, how many early-stage businesses will be strong enough to actually outlive the pandemic?

The odds of any startup surviving its first year is very slim – in fact only 1 in 10 actually make it through those critical 12 months. With such difficult times ahead, many entrepreneurs are now probably wondering how they can overcome the added economic challenges brought on by the pandemic – and what kind of support is available.

Fintech Helping Businesses

Aside from government aid, there are some great fintech offerings that are helping businesses to run more cost-effectively and to manage their monthly cash runway.

As a fintech startup ourselves, we have tried and tested some of the tech out there which helped us survive last year’s crisis- knowledge that’s worth sharing with other entrepreneurs. Like them, we have lived through the pandemic and now have to navigate the challenges that still lie ahead.

Automated Financial Planning

Among the biggest causes of business failure is poor financial planning and a lack of understanding around what’s needed to generate enough revenue or raise external capital.

Only 40% of startups make a profit – and about 30% break even. In Europe alone, about 82% of first-time European entrepreneurs fail completely before they truly take off, while half of all startups collapse within three years. These numbers are shocking, but it highlights the importance of developing a sound business model for growth and planning for it. This is critical to success – but also very difficult to get right. I know this from experience.

Having built companies before, one of the things I always struggled with was the operational side of the business – you don’t set up a business to spend your time in Excel spreadsheets, crunching numbers and trying to figure out if you can afford to buy more computers or paper! Especially when you’ve got a pandemic to deal with and a remote team to motivate.

Fortunately, there are lots of helpful financial planning software products out there to help manage that side of the business – all of which are available now and easy to download.

Invoice Financing and Alternative Funding

Funding alternatives such as equity crowdfunding site Seedrs and peer-to-peer (P2P) lending providers like Zopa can provide businesses with quick and flexible short term financing that banks can’t offer – and at reasonable rates.

Invoice financing technology, like the one produced by Accelerated Payments can also help companies maintain a steady cash flow. They do this by enabling companies to borrow the money they need to cover unpaid invoices that a client owes a business through an online process that is quick, affordable and reliable.

When the invoice is paid by the client, the business pays a tiny percentage of the invoice amount back to the invoice financing company as settlement for borrowing the money. This gives businesses enough cash runway to maintain their cash flow effectively.

Banks, Payments and Book Keep – Tailor-Made SME Tech

Other fintechs that help operations smoothly and on a budget include technology such as Stripe. This is a very cost-effective and easy to use processing platform for Internet-based companies which enables you to transfer money from a customer’s bank account into your business’s account through credit or debit card transactions.

Revolut is a great challenger bank of choice for all business payments, revenue and salary. It keeps track of ingoings and out, has lower fees than traditional banks and is also easy to access.

Xero is a fantastic tool for accounting. This cloud-based system is perfect for small businesses and like google docs, allows you to give people access to the latest financial numbers, so that everyone from the accountant to the bookkeeper knows what’s happening with the business. It’s fast and simple to use and helps you to keep on top of all of your financials so you can make the very best business decisions in real-time.

For freelance startup owners and self-employed consultants, there’s also great account software to help manage expenses, invoicing and taxes – all through one mobile app. Coconut is one of the leading lights in this niche market.

There are currently over five million self-employed people across the UK – and on average they lose about £5,000 of income each year as a result of spending as much as 10% of their time on manual bookkeeping and sorting out their tax bill instead of focusing on scaling up their business. New accounting software like Coconut is ideal to help many overcome their tax management hurdles and save money too. This is particularly needed during the pandemic.

2020 was a difficult year for many businesses but there are many lessons to be learned – such as learning and seeking out the best alternative finance providers to help you run your company more effectively.

Banks and government support are always welcome, but long term financial planning requires good advice and expertise. For businesses that are cash strapped, fintech innovations can really make a difference in automating the requirements to keep cash flow positive and help to ensure you can pay your tax bill on time – even during a crisis.

The Revolution Will Be Data-Driven – Alt Data Driving Digital Transformation

Gone are the days of consumer and business banking being led by a network of branches offering physical services and meetings. This has created a competitive landscape in which traditional, legacy banks are competing against up-and-coming start-ups born in a digital era, making it much easier for the latter to adapt to the pace of transformation.

One fan of Alt data is Or Lenchner, a tech-savvy entrepreneur and a web and technology enthusiast, serving as the CEO of Luminati Networks. who firmly believes that data is like water, should be transparent and available to all, always.

For many years now, the finance sector has been on a continuous journey of digital transformation, with more services becoming accessible to customers along the way. From the early stages of online banking to Atom becoming the first ‘digital only’ bank in 2016, the industry has progressed at great speed in the past couple of decades. So, what can we expect in the rest of the current decade? It goes without saying that transformation and tech-advancement will continue, but they will be greatly shaped by data insights.

Gone are the days of consumer and business banking being led by a network of branches offering physical services and meetings. This has created a competitive landscape in which traditional, legacy banks are competing against up-and-coming start-ups born in a digital era, making it much easier for the latter to adapt to the pace of transformation. In the UK, we have seen the rise of digital challenger banks such as Monzo, which has established itself in the market and has provided stiff competition for the brands we typically associated with having a strong presence on High Street. Starting from a low base and surpassing four million users in just five years is no mean feat and shows the appetite for convenient digital services amongst consumers.

This also has a direct impact on business banking, and there can be no doubt that the financial sector remains competitive, which is constantly driving the improvement of processes. That being said, digital transformation can never be truly achieved, as there are always new challenges to adapt to – and to meet such challenges, you need to rely on relevant external data sources. As much as technology lies at the heart of transformation, without the collection and use of alternative data (alt data) as part of your core business strategy, there can be no real insight-base for advancement. Therefore, the next phase of transformation will place data at the heart of a company’s overall business strategy and decision-making for business customers. Such data will also allow banks to offer competitive services whilst managing the risk of investments.

With more data being collected and shared publicly than ever before, financial institutions, such as banks, have already learned that data programs must be part of their daily conduct. They also understand the need to prioritize the search for improved data quality and the use of advance technology, such as Artificial Intelligence, to do so. The types of quality-driven alt data that can be collected and analysed include external factors, such as market demand for a certain product or the past performance of a company. While this information is publicly available, it is not always easily accessible without data collection tools and processes.

Although you could argue that banks are already well informed, the truth is that processes such as credit scores are quickly becoming outdated, as they only provide a limited view of what is typically a much wider picture. Making key decisions about products, such as business loans and insurance, with limited information is an extremely high risk today for banks and can even result in the business user receiving a much worse deal to cover the risk. So, how can alt data overcome this issue and return maximum value for all shareholders involved? How can external data sources be better integrated into the entire banking strategy and operation?

The insights gained from collective intelligence and alt data cover a vast range of information, from the latest investment market trends to buyer signals and quarterly estimates. It’s vital to collect as much relevant data as possible and then analyse it to better understand the risk/reward ratio. It’s important that this technology is utilised efficiently so as to find coherent and useful patterns within the mountains of data available. Doing so will lead to intelligent business decisions.

What history has taught us is that when it comes to technological innovation, those who wait to learn from others’ advancements stay behind and become outdated. Meanwhile, those who are first to adapt and adopt new technologies are ready for every market shift. This has certainly been proven recently and is set to be the case when it comes to the collection and use of alt data. Alt data is the next phase of digital transformation within the sector. Now is the time for both legacy and new digital providers to fully embrace the data revolution that has already started to define this decade and to put alt data at the heart of their business and portfolio planning.

DDoS Attacks Reach Over 10 Million in 2020

For the first time in history, the annual number of DDoS attacks crossed the 10 million threshold, as NETSCOUT’s ATLAS Security Engineering and Response Team (ASERT) observed 10,089,687 attacks over the course of the year. That’s nearly 1.6 million more attacks than 2019’s count of 8.5 million.

From March until the end of the year, DDoS attackers operated amidst the COVID-19 pandemic. While most of the world saw an unprecedented global health crisis, malicious actors saw new vulnerabilities and opportunity. It is seldom that annual activity is so deeply affected by one event, but such is the case with 2020 DDoS attack activity and trends.

The start of the pandemic lockdown ushered in a ‘new normal’ in the way we live and work, causing a seismic shift in internet usage as people increasingly moved their lives online. As the global workforce shifted to remote work, devices that previously sat behind enterprise firewalls and secure environments were used at home, behind typical consumer-grade routers and network devices. Attacks quickly exploited this by more than doubling the number of IoT-specific malware samples circulating in the wild, further contributing to the increase in DDoS attacks for 2020.

Richard Hummel, threat intelligence lead at NETSCOUT, said, “It is no coincidence that this milestone number of global attacks comes at a time when businesses have relied so heavily on online services to survive. Threat actors have focused their efforts on targeting crucial online platforms and services such as healthcare, education, financial services and e-commerce that we all rely on in our daily lives. As the COVID-19 pandemic continues to present challenges to businesses and societies around the world, it is imperative that defenders and security professionals remain vigilant to protect the critical infrastructure that connects and enables the modern world.”

DDoS attack count, bandwidth, and throughput all saw significant increases since the start of the global COVID-19 pandemic. For instance, attack frequency rose 20% year over year, but that includes the pre-pandemic months of January, February, and most of March. For the second half of 2020, which was entirely pandemic-ridden, attacks rose 22% year over year.

As cybercriminals quickly exploited pandemic-driven opportunities, we saw another kind of ‘new normal.’ Monthly DDoS attacks regularly exceeded 800,000 starting in March, as the pandemic lockdown took effect. As noted in the NETSCOUT Threat Intelligence Report 1H 2020, cybercriminals launched 929,000 DDoS attacks in May, which constitutes the single largest number of monthly attacks we’ve ever seen. And while wired and wireless broadband providers saw the brunt of the attacks, pandemic lifeline industries such as e-commerce, online learning, and healthcare all experienced increased attention from malicious actors. For example, ASERT conducted a six-month review of worldwide education networks for DDoS activity and found a 25% increase year over year for that time period.

DDoS Cyber Extortion Campaign

The other notable DDoS activity of 2020 started in mid-August, as a relatively prolific threat actor initiated the Lazarus Bear Armada global campaign of DDoS extortion attacks, a campaign that remains active as adversaries have begun re-targeting original victims. The adversary cites the victim’s failure to pay the original extortion demand as the cause for renewed attacks.

Here, too, the exigencies of the pandemic likely influenced the attackers’ targets. While the LBA campaign originally focused on financial services targets, the actors behind the campaign soon expanded their target area to include larger enterprises within the healthcare space, including insurers, medical testing companies, and global pharmaceutical companies. Some of these businesses were involved in COVID-19 testing and the development of vaccines. While it is doubtful that the attackers aimed specifically to disrupt the work, the fact that these companies had both deep pockets and urgent deadlines made them prime targets.

Communications service providers, ISPs, large technology companies, and manufacturing also came under increased attack.

Moreover, the attackers targeted infrastructure in addition to more conventional attacks focused on internet-facing services. Here too, pandemic accommodations such as remote work played a role, as the cybercriminals focused on disrupting ongoing operations within a company, such as the inbound/outbound use of VPNs and cloud-based tools by employees working from home.

The Allure of Asia: Irish Fintechs Share Their Insight And Growth Stories

Asia is increasingly on the radar of Irish fintechs looking to take advantage of opportunities in fast-growing markets overseas. Here, business leaders from Irish-based organisations share their personal insights from successfully establishing a presence in the region.

More than 600 Irish companies do business in Asia with exports more than doubling over the last four years, according to Enterprise Ireland – the Irish Government’s trade and innovation agency responsible for the development and growth of Irish enterprises in world markets.

Ireland is home to more than 250 of the world’s leading financial services firms and services over 40 per cent of all global hedge fund assets. It is also the fourth-largest exporter of financial services in the EU.

The number of Irish fintech companies in Asia is going from strength to strength, excelling in areas such as regtech and risk, payments, AI, insurtech, banking, CX and cyber – with exports in the Southeast Asia region increasing by more than 25 per cent in 2020.

Enterprise Ireland, which currently supports more than 200 Irish fintech companies, has led a delegation of Irish companies to Hong Kong Fintech week and Singapore Fintech week for the last three years.

Irish Fintech in Asia - Stories from the Road" webinar.

Irish Fintech in Asia - Stories from the Road" webinar.

This week, in partnership with the Irish Chamber of Commerce Singapore – the network of business leaders committed to creating opportunities in Singapore and the region – Enterprise Ireland hosted the ‘Irish Fintech in Asia – Stories from the Road’ webinar.

The panel discussion – hosted by Tiarnan McCaughan, fintech market advisor at Enterprise Ireland, delved into the developmental trends and future direction of the fintech industry in the Asian region, through the lens of leading Irish fintech companies across the spectrum.

Panelists sharing their personal insights of leading Irish-based businesses in Asia included Ruth Fletcher, COO and CFO at online peer-to-peer currency exchange marketplace CurrencyFair, Kelly-Ann McHugh, director of APAC, for compliance technology provider MyComplianceOffice, as well as Joanne Horgan, chief innovation officer at Vizor – the regulatory and supervisory technology specialist.

Why Asia?

Ruth Fletcher

Ruth Fletcher

Ruth Fletcher, COO/CFO at

Headquartered in Ireland, CurrencyFair marked its first step into the Asian market in 2018 when it acquired Hong Kong’s Convoy Payments as part of a wider €20million investment plan. It now has offices in Singapore and Hong Kong.

Ruth Fletcher joined CurrencyFair in 2016 following 15 years of scaling two other Irish fintech companies – Fenergo and Norkom Technologies – to global successes.

Fletcher said: “Global payments in Asia are in excess of $1.2trillion, making it a natural fit for the CurrencyFair solution, which solves the complex problem of making international payments faster and cheaper than alternatives, with supporting capabilities on shipment, taxation, etc.

“CurrencyFair makes international commerce seamless for businesses and consumers and Asia is the fastest growing market for cross border e-commerce.”

Founded in 2005, Dublin-based MyComplianceOffice (MCO) provides compliance management software that enables companies to reduce their risk of misconduct. The company expanded its footprint in the APAC region with the opening of a new Singapore office in 2019.

Kelly-Ann McHugh APAC Director.

Kelly-Ann McHugh APAC Director.

Kelly-Ann McHugh, APAC Director, MCO

Kelly-Ann McHugh joined MCO in order to launch the APAC office for its conflicts of interest software. She was previously head of regulatory intelligence and compliance learning for Thomson Reuters’ APAC business based in Hong Kong.

“Asia-Pacific’s wealth growth is significant, PwC has been quoted that by 2025, APAC assets under management is to outpace any other region globally and almost double from 2017, with regional regulatory regimes that are trying to play catch up,” said McHugh.

“This is a perfect opportunity for MyComplianceOffice to invest in the region, where the growth of these firms requires comprehensive solutions that reduce the risk of misconduct.”

Meanwhile, Vizor – the Irish software company that creates regulatory software for central banks, tax authorities, pension and insurance regulators – says it has seen growing support for fintech innovation. In 2019, the Monetary Authority of Singapore (MAS) became one of Vizor’s clients.

Joanne Horgan is the Chief Innovation Officer at Vizor

Joanne Horgan is the Chief Innovation Officer at Vizor

Joanne Horgan is the chief innovation officer at Vizor

Joanne Horgan joined Vizor in 2003 and has delivered regulatory solutions for some of the world’s top financial regulators, working with more than 20 central banks and financial regulators worldwide.

She said: “Vizor works with over 30 regulators around the world and we noticed in Asia an increased level of activity from regulators supporting fintech, regtech and suptech innovation, such as through the licensing of digital banks or through increased ‘proof of concept’ projects.

“For example, the Digital Acceleration Grant from the MAS in Singapore scheme supports Singapore-based smaller financial institutions and fintech firms adopt digital solutions. We see many other regulators. such as the HKMA, BSP in the Philippines, also taking on more innovative projects and perhaps having an opportunity to ‘leapfrog’ other regulators by taking advantage of technology solutions that have already been proven elsewhere.”

Asia business Singapore

Asia business Singapore

Importance of networking and culture

According to Enterprise Ireland, Irish fintech companies are establishing a significant footprint in the region through local partnerships and an expanded presence in the region.

Ireland’s fintech advantage is particularly closely aligned with Singapore, it says, because both are anchored in friendly business environments that support innovation as well as advanced talent pools that enable those innovations to be realised and taken to market.

Vizor’s Horgan commented: “It is so important to connect with local companies and network – that has helped us in Asia. We were at the Singapore Fintech Festival and identified great opportunities. It’s also important to have a curiosity to question things and understand how you can do things better to solve the problems people have. Listen even if you don’t like the answer as innovation is not invention but finding solutions.”

While, Fletcher said: “At first an Irish person in Asia will discover a very different culture and you need to take the time to learn and get to know cultural differences – even the weather, too. You can’t just fly in and out, you need feet on the ground. In Asia, it is important when entering and working in a market that you can meet face to face several times with your partners to develop long term relationships.”

For McHugh, it was crucial for MCO to recognise new challenges.

“When we decided to invest and start locally in APAC, we identified challenges that could affect how we grow our core business, such as time zone challenges and different sales perspectives,” she said. “It is important to find the right contacts and meet people. However, that has not proved easy when face to face events all got cancelled due to Covid and many were not virtualised.”

“Growth in APAC across multiple geographical markets and stretched time zones requires local sales and customer support to ensure success. With that in mind, MCO was the first in our industry to move to 24×5 customer support and implementation resources in region after we opened our office in 2019, we believe this will be instrumental in our continued success in 2021.”

Challenges for 2021

The coronavirus is expected to continue to have an impact on how fintechs will network in the coming months.

Fletcher commented: “Covid will continue to challenge Irish fintechs seeking to expand in APAC due to the travel limitations currently in force. Unless already well established with a significant local presence, not having the freedom to travel will slow down the traction which Irish fintech companies will likely to be able to achieve.”

Horgan agrees and has identified three main challenges for Irish fintechs in APAC this year, including increasing competition:

“Firstly, the lack of travel and face time is continuing to hamper relationship building in the region, which makes the establishment of local partnerships and leveraging the Irish and local networks even more important,” she said. “Secondly, the growth of fintech/regtech in the APAC region means competition is heating up so Irish firms need to think about how they’ll stand out. Finally, while many Asian regulators are increasingly supportive of regtech/fintech innovation, they are always balancing that with risk. The last 12 months has seen a significant increase in cybersecurity and conduct risk incidents so Irish fintechs should expect to have to demonstrate compliance with more requirements in these areas.”

Ireland’s priorities for 2021 is to maximise the number of start-up companies, increase the number of high growth clients achieving scale and expand the number of exporting companies.

For many, that is ‘next stop, Asia’.

Neobanks in South America; Swedish Payments Firm Trustly Eyes $11 Billion IPO

Earlier this week we reported on the $400 million Series G closed by Brazilian neobank – and Finovate alum – Nubank. The firm, founded in 2013 and based in Sao Paulo, serves more than 34 million customers in Brazil, Mexico, and Colombia, and offers a digital savings account, a no-fee credit card, as well as personal loans. This week’s investment boosts the company’s total capital to $1.2 billion and gives the Brazilian digital bank a valuation of $25 billion.

We also suggested that Nubank’s news was a good opportunity for fintech fans to “brush up” on fintech in general when it comes to Latin America – and the region’s challenger banking industry in specific. To this end, for this week’s Finovate Global Reports, we are sharing this look at neobanks in South America, courtesy of Fintechnews Switzerland.

“South America has seen an exceptionally dynamic evolution of its neobanking landscape,” the authors wrote, “with now more than 30 live neobanks and digital banks that serve over 50 million customers out of the region’s 430 million+ population (+11%), data from Dutch fintech consultancy firm Fincog shows.”

An Overview of South America’s Booming Neobanking Sector is a great way to get to know how and why challenger banks are finding fertile ground in countries ranging from Brazil and Colombia to Peru and Argentina.

Swedish payments company Trustly, which made its Finovate debut back in 2013 at FinovateEurope in London, is betting that even after a year that featured a record number of initial public offerings, the investing public is hungry for more.

Reuters reported earlier this week that Trustly is planning an initial public offering in Q2 of this year that could earn the company a valuation of $11 billion (EUR 9 billion). Nordic Capital, which acquired Trustly in 2018, is said to be working with Goldman Sachs, JP Morgan, and Carnegie, with additional banks to be brought onboard as well. According to Reuters, the company is targeting “late April or early May” for an IPO. Both Trustly and Nordic Capital have not commented on the IPO rumor.

Headquartered in Stockholm and founded in 2008, Trustly specializes in enabling payments directly from customer online bank accounts. Trustly processes more than four million payments a month and reported revenues of EUR 130 million in 2019. The company estimates 2020 revenues of EUR 200 million. Trustly has more than 7,600 bank partners and 600 million consumers in Europe and North America who rely on its account-to-account network to bypass the card networks simply and securely.

In 2019, Trustly merged with PayWithMyBank, a U.S.-based company, to provide what Trustly CEO Oscar Berglund called “the first and only online banking payments network with transatlantic coverage.” Berglund added that the union of the two firms was “transformative” and said it would “accelerate” Trustly’s goal of reaching global coverage.

“Together we’re thrilled to be able to offer merchants and billers a unique alternative to card payments, allowing them to accept payments from 600 million consumers across Europe and the U.S.,” he said.

Earlier this month, Trustly announced the appointment of new Group Chief Financial Officer Mats Backman. Backman comes to Trustly after a tenure as CFO at publicly-traded automotive technology company Veoneer. Last fall, the Swedish payments innovator added a number of executives to its ranks, including Karim Ahmad as its new Global Chief Technology and Product Officer. Ahmad was formerly the Chief Product and Transformation Officer at Paysafe Group.

Here is our look at fintech innovation around the world.

Latin America and the Caribbean


  • EyeVerify, which twice won Finovate Best of Show awards for its biometric authentication technology, may be on the market after being acquired by Ant Financial in 2016 for $100 million.
  • Malaysian-based supply chain finance and P2P financing platform CapBay raises $20 million in Series A.
  • Robowealth, a fintech based in Thailand, secures Series A funding from Beacon Venture Capital, Kasikornbank’s corporate VC arm.

Sub-Saharan Africa

  • Mobile banking startup Spot Money launches in South Africa, billing itself as the country’s first open banking platform.
  • Kenya-based Safaraicom goes live with its M-Pesa bill management service.
  • Synthesis launches Halo, the first of its kind tap-on-phone contactless payment solution for the African market.

Central and Eastern Europe

Middle East and Northern Africa

Central and Southern Asia

Photo by Jonathan Petersson from Pexels

Inside Look: Midsize can be a fit for all at First National

Innovation in the financial industry is now an expectation. However, for small and mid-size financial institutions, this can be a fine line to negotiate. A bank that focuses too heavily on digital innovation can see its budgets run thin, and its customers become overwhelmed. Refusing to digitize interface features could lead clients to flock to […]

Wells Fargo builds out RPA team, Plaid debuts new automation tech [VIDEO]

This week, Bank Automation News explored Wells Fargo’s goal to stand up at least 300 automations in the next few years as it looks to expand its robotic processing automation (RPA) team. After making headlines for losing a $5.3 billion deal for acquisition by Visa, data aggregator Plaid unveiled a new beta product this week […]