Ericsson: Smart Home Privacy and How to Avoid ‘Data Paparazzi’

The paparazzi are known for often taking covert photographs of celebrities and selling them to tabloids or gossip magazines. In a similar vein, could the increasing number of smart, connected devices coming into our lives start acting like covert “data paparazzi”?

In this article, Ericsson, providers of Information and Communication Technology (ICT) to service providers, tells The Fintech Times how to keep your smart home safe and avoid the “data paparazzi” problem.

Today, our devices collect and forward information to all sorts of external parties: our home security alarm provider, our electricity supplier, our fitness watch vendor, our car manufacturer, and so on. Smart assistants listen to our voice commands and take that information to the internet to execute our orders.

But smart devices go beyond the obvious too – they can be anything from a connected toaster to a washing machine, sewing machine, or a toothbrush!

Data from one device may not be a problem, but combining data from several devices could create a pattern that may reveal unwanted information about a user or a business. And with more devices coming into homes, concerns around the way personal data is managed, controlled and used by devices and organisations are increasingly being raised.

Smart Devices and Privacy: The Big Picture

Many of us already interact with at least 3 to 5 devices daily – a smartphone or even two, a smartwatch, a tablet PC, a work laptop, and maybe a smart TV. One estimate is that by 2030, each of us will own 15 connected devices.

Above all, the network infrastructure and devices need to be secure. It’s important for us all that we can trust how our devices operate and handle data. It will also be important to ensure device security through the life cycle of the devices. With the fast growth and wide of range of smart and connected devices from different brands – that come with different user interfaces and functions – it might be cumbersome to keep all devices up to date in terms of firmware and security status, for example, from the day the device is purchased until its recycled. However, this is a key requirement for enabling a secure and trustworthy IoT environment.

GDPR and similar efforts have raised more attention to privacy from the general public. As people become more informed and want to know how their devices and information are used and managed, there will be an increased need for tools that enable identifying, verifying, and controlling the data the devices are collecting and sharing.

The Data Paparazzi Problem

While the saying goes that “all publicity is good publicity”, many celebrities wouldn’t agree. They want to be in control of the information shared about them, to build a relevant public image but avoid revealing private relations, unattractive personal habits, or similar.

The same thinking is behind IoT security; information that’s needed to complete the intended tasks of an IoT device should be made available, while the rest of the information should be kept private. However, for IoT there’s often a more fine-grained approach as the information made available should in many cases only be made available to a restricted group of observers on a need-to-know basis.

The Stalker Problem

Many celebrities might also have to deal with stalkers – individuals who are overly interested in them and may try to gain as much information about them as possible, even using illegal means.

In the IoT space, the same phenomenon could happen to the average Joe. A smart home that doesn’t restrict access to the information it generates, can easily become a lucrative target for an attacker; the information generated by the home can be used to gather different information about the inhabitants, which could later be leveraged to commit a cyber attack. Information about when various appliances are used, such as when doors are opened, lights are switched on/off, energy consumption fluctuates, can be a real treasure trove. This also means that potential attackers might not skip a house just because there’s some security applied, rather the security needs to be good enough that it deters attackers from trying.

Mitigation Strategies

Celebrities tend to take precautions to hinder paparazzi and stalkers from invading their privacy. The same things need to be considered in the IoT world. For example, in smart homes, access to the internal network and the data generated and stored there should be controlled and protected, monitoring should be applied to pick up on suspicious behaviour, and reactive security measures, such as blocking and logging, should be taken when a breach is detected.

What has been normal for celebrities should now also become the standard for anyone in an IoT environment. When it comes to privacy, active measures should be taken to maintain it. While this might sound scary – and without proper actions, it would be – it’s not something that’s difficult to achieve. Rather it’s about having the right mindset and recognising that security needs to be built in and considered more and more in the connected world, even for private citizens.

What to Protect?

IoT is very much about the data generated and consumed by IoT devices. At first, this data may be seen as producing no risk, but even simple data in a certain context may be sensitive. For example:

  • Power consumption data recorded by a smart meter can provide a lot of information about what’s happening in a home. For example, based on the power consumption profile of TVs, switching on the TV will be visible from the data.
  • Any competent smart lock manufacturer will make sure that the communication with the lock is encrypted and its integrity protected. However, this might not be enough; by observing the traffic generated by a smart lock, one could potentially deduce whether the lock has been opened from the inside or the outside and thereby predict if there’s anyone in the house at any given moment
  • It’s inevitable that an electric device will reach the end of its lifetime and will need to be disposed of. If the information stored on the device isn’t properly removed, a hacker who retrieves the device from a bin or second-hand store could dig out data or credentials, as well as information about the services the device has been connected to. This is information that could be used to spy on the owner in a more efficient way, or even control or modify other devices belonging to the owner.

The question shouldn’t be, “what do I need to protect?”, rather, “what don’t I need to protect?”, meaning “what do I actually need to share?”.

How to Avoid Unauthorised Use of Private Data

There’s no silver bullet solution to this problem and the complexity is proportional to the number of devices and services that we as individuals interact with. Applying the best security practices is the responsibility of many entities. Device manufacturers and service providers need to provide secure devices/services, with proper control and maintenance for future proof device security.

But there are some rules of thumb that each of us can follow to minimise security and privacy issues related to our devices. End-user responsibilities include selecting suitable and secure solutions, and installing and configuring them in a secure way. Well-designed products should make this a relatively easy task, but it can also be done with the help of professionals. Furthermore, there are initiatives such as the Finnish Cybersecurity Label providing security labels for IoT devices, which aim to help consumers select products for which security has been verified.

Konsentus Acquires Open Banking Europe from PRETA

Konsentus has announced that it has acquired Open Banking Europe S.A.S. from PRETA. Open Banking Europe S.A.S., a 100% owned subsidiary of Konsentus Limited, will remain a separate operating entity which will continue to be led by John Broxis. The software solutions of Open Banking Europe will be directly integrated into the Konsentus business.

Formed in June 2017, the Open Banking Europe (OBE) initiative has been successful in bringing together market participants to turn regulatory requirements into operational reality. The initiative provides its members with a collaborative environment to identify market issues and problems, championing awareness and creating solutions via guidance, standards and tools.

Konsentus was launched in 2018 to enable the safe and secure exchange of data and funds complying with PSD2 open banking access to accounts. The Directors, Mike Woods and Brendan Jones, recognised the need for a real-time, online solution to protect financial institutions against PSD2 Open Banking fraud. This also presented them with a global opportunity to be a leader in the provision of solutions and services for open banking, finance and data.

Like Konsentus, OBE identified the need for a single, standardised, trusted and machine-readable repository of regulatory data related to third-party providers (TPPs), which led to the set-up of the OBE ‘Regulatory Directory’. The Directory consolidates information from the National Competent Authority registers, making it available in a way that is easy to access and process. It is used by over 500 of the largest financial institutions across Europe to support PSD2 access to account compliance processes.

Through a close co-operation with Konsentus over the coming months, PRETA, a fully owned subsidiary of EBA CLEARING, will strive to ensure a smooth operational handover for all parties involved.

Mike Woods, CEO, Konsentus, stated “Working with PRETA’s Open Banking Europe was an obvious next step to accelerate our European expansion and cement our position as market leader. We are delighted to welcome the clients of PRETA OBE to Konsentus and are proud that over 500 financial institutions, including some of the biggest and most prestigious banks within Europe, will also become Konsentus clients. I am delighted that John Broxis, who was Managing Director of PRETA’s Open Banking Europe initiative, is joining the Konsentus team, which will ensure a smooth transition. In addition, his vast industry expertise will be invaluable in uniting the open banking ecosystem and global community.”

The Open Banking Europe Community will complement the work Konsentus is already doing to support the safe and secure exchange of financial and non-financial information between payment service providers and other market players for the benefit of the wider digital economy.

Giorgio Ferrero, PRETA said, “We identified the need for Open Banking Europe to grow beyond its incubation stage and move to the next level in an accelerated manner. With their global expansion plans, product pipeline and fast-growing partner and customer base, Konsentus is well-placed to pursue the initial ambition for OBE Europe to boost safe and secure Open Banking globally. We are pleased to bring our OBE clients to this thriving environment, where they will continue to be well served by Konsentus and John Broxis, and can benefit from new and innovative Open Banking services on a European and global scale.”

DataVisor Releases Digital Fraud Trends Report 2021

DataVisor, a fraud detection company with solutions powered by transformational AI technology, has released its ‘Digital Fraud Trends Report 2021’, highlighting the key trends seen in the landscape after analysing 128 billion events and more than 2 billion users.

The events of 2020 created no shortage of challenges for fraud teams. With quarantines and lockdowns looming for much of the year, millions of consumers turned to digital channels to purchase items and conduct business, opening up new opportunities for fraudsters. Online spending reached more than 18% of total retail sales in the first two quarters of 2020, up from 14% in 2019.

Many businesses shifted to a remote work model, leaving many businesses struggling to cobble together a remote work technology stack, leaving very little time for research, testing, and security best practices. IT departments were left to figure out how to safeguard internal resources via fragmented teams. Good communication became more mission-critical than ever, and call centres, live chats, social media, and email served as important albeit vulnerable vehicles. Bigger emphasis has also been placed on mobile technology for consumers, companies, and employees alike. Mobile is increasingly growing in the market, changing everything from how we bank to how we shop.

With such major changes in a short time span, it’s no surprise that fraudsters were eager to evolve
their attacks and exploit gaps in defences. Using data collected from the previous several months, DataVisor reveals the current fraud landscape and what might come next.

Key Takeaways from the Report Include: 

  • 79-90% of financial fraud attacks are account takeovers,
  • The fraud rate for mobile platforms is 0.5%, compared to the 7.4% rate for desktop.
  • 22 times more events occur via rooted or jailbroken devices, both of which appear to be much more active than non-jailbroken or non-rooted devices.
  • 100% of fraudulent accounts use automation at some point in their lifecycles, making it harder to distinguish between humans and bots.
  • Social platform fraud has shown the steadiest growth, traffic volume shows consistent growth across verticals.

To find out more or read the report in full, click here.

How Digital Wealth Management Firms Approach the MENA Market in Comparison to South East Asia

While the digital wealth management industry is full of competition, there are few local players in the MENA region that provide the services needed. This provides a large gap in the market to local platforms to rise up and provide investment opportunities, as well as educating people with the cash available to invest in these opportunities. 

 Ramzi Khleif is General Manager at StashAway MENA, a wealth management platform that recently launched in the MENA region. With over ten years of experience in industries spanning finance, technology and investment, among many others, Ramzi here offers his views on how digital wealth management firms approach the Middle East and North African Market compared to South East Asia. 

Ramzi Khleif, General Manager at StashAway MENA

Since the launch of digital wealth managers, their fundamental goal and mission has been to simplify wealth management services and to provide opportunities for the financial growth of their clients. Even with the fluctuating markets, the prospects are vast, especially when looking at a mature market such as South East Asia (SEA) and developing markets such as the Middle East and North Africa (MENA). The Assets Management market, of which digital wealth advisors are a part of, is projecting significant growth in the coming years. In SEA market expectations are to exceed the USD 3 trillion mark by 2025, and the MENA region is anticipating a total AuM growth to exceed USD 2 trillion by the same year.

If we look at the industry in both SEA and MENA there are many similarities in terms of the pain points customers typically face, as well as the solutions on offer. However, given that the sector in the MENA region is considered to be at an early stage in comparison to SEA, it is still developing a level of maturity in terms of the acceptance of using such services, as well as the limited number of competitors operating in the market.

The ever-growing landscape of digital wealth managers is opening up healthy competition, there are a few local players in MENA and SEA that provide similar services. However, looking closer at the MENA region and for a Robo-advisor such as StashAway (operating in both markets), traditional banks can be considered as the key competitors. The reason being that banks charge incredibly high fees for unsophisticated services and impersonal products, meaning they reduce the wealth accumulation potential significantly.

In the MENA region, around 45% of the total wealth is in cash, a very high percentage by any standard. This goes to show that there is a huge amount of money sitting idly and not generating any returns for investors. There was a huge gap in the market for local platforms to help facilitate investing cash easily and effectively, without having to look to international platforms, which can result in higher fees.

Not only that, the figure shows that there is a lack of accessible platforms that can help educate people on what the benefits are, and the best way to manage and invest funds. Many might have long term financial goals that they want to achieve such as retirement, purchasing a house or even have funds ready to send their child to higher education. In addition, it is clear that many in MENA are still saving traditionally, parking money into bank accounts as a way of saving, but people need to understand saving is only the first step, and investing is what will enable people to achieve their financial goals.

Robo-advisors tend to use sophisticated investment models that that would otherwise not be available to the average investor, such as the strategy adopted by StashAway – ERAA (Economic Regime-based Asset Allocation) which simply enhances the Modern Portfolio Theory (MPT, a Nobel Prize-winning theory) by addressing external economic forces, which ultimately drives asset class’ returns, volatility, and correlations. ERAA’s three pillars, Economic Regimes Determine Asset Allocation, Risk Shield, and Valuation Gaps, together with deliver a macroeconomic portfolio management strategy that minimises risk and maximises returns for personalised portfolios across any economic environment.

With the opportunity and appetite for the sector in the MENA region and the current size of cash deposits, there is huge growth anticipated. In the coming years, you can expect more players to enter the market who will play a pivotal role in pushing and supporting the Fintech industry as a whole. In addition, the regulations are developing and opening up, making it more accessible to have such models active in the region. Both the Central bank and Dubai Financial Services Authority (DFSA) are exploring new ways to enhance and facilitate such operations. Digital Wealth Management in the region is very much here to stay.

Supply@ME Launches Shariah-Compliant Inventory Monetisation Platform in MENA

[email protected], the fintech platform that provides a unique Inventory Monetisation service to European manufacturing and trading companies, has announced it is authorised to offer SYME’s Shariah-compliant Inventory Monetisation Platform to companies in the Middle East and North Africa (MENA) region.

Further to the announcement on 3 November 2020, in which [email protected] first announced plans to launch a product tailored for the Islamic finance sector, the company has now received approval from the Shariah Scholar Board. SYME is now able to market its dedicated, Shariah-compliant investment product with its fund specialist – which is yet to be announced.

The announcement from the Shariah Scholar Board reads: “An official pronouncement has been released by Sheikh Dr.Mohamed Elgari and Sheikh Yusuf Talal DeLorenzo in their capacity as members of the Shariah scholar board (the “Sharia Scholar Board”) in relation to the inventory monetisation service.

“The functional and the legal structure of the Inventory Monetisaton Investment (“Inventory Monetisation Structure”) has been presented to the Shariah Scholar Board. The Shariah Scholar Board, following a review in compliance with the AAOIFI Shariah standards, hereby approves the Inventory Monetisation Structure as acceptable within the principles of Shariah.”

In receipt of this authorisation, [email protected] has begun working with its local partner iMASS to manage the onboarding of an initial portfolio of MENA region client companies – first announced to the London Stock Exchange on 11 January 2021.

This news comes at a time where the potential for growth of the inventory monetisation asset class is significant, for beneficiaries and investors alike. [email protected] estimates the underserved inventory finance market in the UAE is worth some USD $50bn.

In a speech during UK Islamic Finance Week 2020, the Bank of England’s executive markets director, Andrew Hauser, described Islamic finance as “strikingly well suited to [respond] to some of the biggest challenges we will all face in rebuilding our economy once Covid has passed.”

Earlier this month, [email protected] closed a deal with Lenovo Financial Services META (Middle East, Turkey and Africa) to offer SYME’s inventory monetisation platform to Lenovo’s network of customers in the region.

Alessandro Zamboni, [email protected] Capital plc Chief Executive, said: “I’m thrilled to have the opportunity to deliver our unique inventory monetisation investment product into the growing Islamic finance sector. Indeed, the Bank of England has recently commented that certain key aspects of Islamic finance make it particularly well suited for financing the post-Covid recovery. This resonates strongly with [email protected]’s own mission to help and support business owners to create liquidity from their stock, thereby optimising inventory days, especially during this crucial phase of the economic cycle.

Silent Eight on Putting Best Practice to Work: A Bottom-up Approach to Fighting Global Financial Crime

Financial crime has risen during the pandemic, with criminal
opportunists taking advantage of the unprecedented situation and
disruption caused by COVID-19. With the attacks still coming as
everyone lives are turned upside down, many are wondering how best
to hold back the tide.

Someone who knows a lot about this is Martin
the CEO and co-founder of Silent
a company that uses AI to combat money laundering
and terrorism financing. Here Martin shares his thoughts on how
financial institutions can best combat global financial crime.

Martin Markiewicz, CEO and
Founder, Silent Eight

By any measure, 2020 was a difficult year, with a rising tide of
financial crime adding to the disruption and pain caused by the
global pandemic. Criminals are capitalizing on the impact of
COVID-19, and with many of us forced to abandon our usual routines
in favour of working, learning, shopping and socializing online,
the attack surface continues to balloon in size.

In response, the Financial Action Task Force
has called for more resources to be diverted to
countering the acceleration of money laundering and terrorist
financing activity, highlighting the new threat vectors that have
emerged as a
direct result of the pandemic
. And, unsurprisingly, many
financial institutions are reviewing the tools they have at their
disposal to fight this growing problem.

Firms traditionally try to manage global risks with regional or
data-reliant solutions.  In practice, this means dealing with the
impact of incomplete data that is often from disparate systems. The
situation is further complicated by the fragmented nature of global
anti-financial crime regulation, with rules based on FATF standards
inconsistently applied between nations. This yields differing
approaches to financial crime prevention and sometimes wide
variations in the penalties applied for breaking the law.

Amidst this landscape, the challenge for FIs is how to account
for local nuance while driving global consistency in a
cost-efficient, risk-averse way — all while striving to satisfy
different regulatory requirements from the same compliance
process.  And the criminals we’re up against are savvy. When one
firm gets it right, they just move to the next one and so on as
they hop from institution to institution looking for

How Can We Combat This Scourge?

At Silent Eight we believe it’s through combining leading data
science and technology with the knowledge that already exists
within institutions.  Financial firms already know what they want
to do: they have governance procedures in place, and existing
policies they create and modify.  What can be absent though is an
efficient way of immediately executing them to address changes in
alerted parties.  And to do so efficiently.

In response, firms are increasingly turning to solutions like
our own, which actively learns what investigators are doing on the
ground, how they do it, and why. This empowers institutions to
decide what ideal financial crime compliance looks like for them
and drive best practices up the chain. A continuous learning
approach also helps firms to replicate winning strategies, while
natural language processing (NLP) enables the system to explain its
reasoning in plain English, audited for any future review.

This AI-powered “assisted intelligence” approach to fighting
financial crime puts the power back in the hands of institutions,
providing full auditability, making a virtue of the globalised
nature of financial crime compliance by allowing firms to harness
the best of their international practices, and delivering better,
more efficient tools to help institutions win their battle against
the criminals.

Bottom line, we see this as an “AND” rather than an
“OR”, freeing firms from the need to choose between AI and
human investigators, and between efficiency and de-risking. Only by
using the best of technology AND human capabilities, and by
de-risking AND driving greater efficiencies, can we take the
biggest bite out of financial crime.  And that’s precisely what
we have the privilege of waking up each day to achieve.

The post
Silent Eight on Putting Best Practice to Work: A Bottom-up Approach
to Fighting Global Financial Crime
appeared first on The Fintech Times.

OurPeople: How Cybersafe is Your Small Business?

With working remotely the norm for people all across the country due to the coronavirus pandemic, cybersecurity has become all the more crucial as the threat of an attack has increased dramatically.

Someone who knows about this is Pete Walker,  the  Chief Technology Officer at OurPeople, a mobile communication platform that aims to disrupt the Human Capital Management (HCM) industry. Here Pete shares his thoughts on the challenges of cybersecurity in SMEs.

Pete Walker, Chief Technology Officer at OurPeople

Last year, more than 34% of UK tech firms had to deal with at least one cyber incident. With most businesses back to remote working, employees are once again logging in remotely from their own personal devices – which presents even greater threats to data security.

Across all industries, including fintech, the nature of the threat is evolving. The targets, impact and techniques involved in cyber attacks have changed: attackers seek to access to internal control systems as well as communication; not just steal but alter data to create distrust; and target individual employees – often the chink in a business’ cybersecurity armour – through malicious insiders and phishing.

The Challenges Businesses Face

Ensuring employees have secure access to the right systems and information is a challenge even with everyone together in the office. But with workforces geographically spread and businesses operating without the physical security of their own premises, coordinating and maintaining remote policies is trickier than ever.

Employees are connecting to company networks from home, in many cases using personal laptops to do so. Without workplace cyber defences in place, the highly sensitive material and valuable personal business data employees handle are suddenly at risk. This is exacerbated by most communication shifting to email, which can be targeted through social engineering attacks.

On a human level, many employees will feel isolated after nearly a full year spent on-and-off working from home. Maintaining morale with limited face-to-face contact is not easy. Add in the additional factor of distributed devices with sensitive information on which once belonged to a former employee but current restrictions mean they can’t be returned to the business to be securely wiped. It’s an extremely challenging time for ensuring cybersecurity.

Policies to Protect Data

Developing and implementing a strong data protection policy is crucial when employees are all working with the same IT infrastructure. Without office cyber facilities and firewalls configured to admit static broadband IP to manage cloud services, however, it takes on even greater importance. Not only do these policies need to be in place, but it’s imperative they are understood and adhered to in order to protect against attacks and avoid potential fines for GDPR breaches.

Businesses must ensure different types of data have clear guidelines for where they can be securely stored and processed. Take personal identifiable information (PII) for example – this should never be shared on an internal chat system.

With cloud storage services increasingly popular, strict password policies should be in place to safeguard information and data. At my company OurPeople, we ensure all credentials and PII are stored in a password manager to ensure strong and encrypted protection. Alternatively, single sign-on solutions can also be an effective barrier.

We also require a secure VPN to access our cloud infrastructure – this is a policy all small and medium-sized enterprises (SMEs) can adopt. As a best practice, ensure that detailed logging for this service is turned on and active. Doing so means that – in the event of a cyber attack or suspected breach – businesses can quickly perform forensics to ascertain both the root cause of the incursion and the extent of any damage.

Sometimes, the lack of access to shared office equipment means employees have to use their personal devices for work. In these situations, it’s vital businesses have clear BYOD (bring-your-own-device) policies so there is no ambiguity regarding the types of data and communication devices should and should not be used for.

One essential condition for each business’ BYOD policy needs to be the installation of a centrally-managed anti-malware software on all devices used for work. If possible, mobile device management solutions should also be in place. Together, these policies ensure real-time protection of sensitive information – devices will be safeguarded against malicious software and viruses, can have corrupted data restored and be remotely wiped in the event of a data breach.

How to Support Workers to Keep Them Safe

From a mental health perspective, the most important thing is to retain some level of informal contact with all employees. At OurPeople, daily check-ins are a crucial part of our routine. There are many great benefits to keeping in touch regularly with staff – not least the likelihood that they will feel more motivated to follow security procedures. Ideally, these check-ins will be carried out through secure video-conferencing and chat solution platforms.

Furthermore, with sites and offices remaining closed up and down the UK, arranging for employees to receive on-premise, face-to-face training isn’t currently feasible. Instead, the key is to invest cloud-based training and assessment services – doing so will vastly improve staff security awareness, as well as their understanding of GDPR. However, it shouldn’t be entirely the responsibility of employees to ensure they’re up to speed with these issues – having a third party to audit policies and test a business’ internet-facing assets is a wise move.

Although the cyber threat is changing, the good news is there are policies businesses can quickly put in place to minimise the risks. Clear guidelines for data storage, strict password and BYOD policies are small policies that will protect a company should it fall victim to a cyber attack. One in three SMEs tech businesses were affected last year – failing to prepare is a risk you don’t need to take.

What is Alternative Data? Quandl’s Hamza Khan Explains

Hamza Khan is the head of European Data at Nazdaq’s Quandl, a marketplace for financial, economic and alternative data delivered in modern formats for today’s analysts. Based in Amsterdam, Khan joined Quandl in 2020 and is responsible for leading Quandl’s data strategy and expanding its presence in the European market. 

Here he speaks to The Fintech Times about alternative data, its benefits to investors and how regulation as affected its uptake in Europe

Hamza Khan, Head of European Data, Quandl,

What is Alternative Data?

At its core, it’s a new name for something basic, which is market research. We want to understand which companies are performing well, which products are selling and what consumer trends are taking place. So, for example, is Tesco or Sainsbury’s more popular? Are people using Uber Eats or other delivery services? Are they watching Netflix or Disney? This kind of market research has been going on for decades, but what makes it alternative is that the data is being collected digitally. Market research is traditionally done through surveys asking people what they’re purchasing etc. But by going digital we keep that same level of anonymity but make faster and more accurate. So, for example with PSD2 and user consent, we can see where spending is taking place in real-time, instead of having to wait for surveys to be carried out and analysed.

There’s nothing radical about alternative data. It’s just a faster, more accurate way of collecting market research.

Is this kind of data valuable to investors? 

Absolutely, and that demand stretches across the board. There is a huge amount of demand for the data that’s out there when it comes to companies deciding what products to launch or what companies to invest in.

How does this affect Start-ups?

As I mentioned, what’s different about alternative data is that it’s collected digitally, and start-ups are really at the forefront of this. They’re the ones who are building services on the cloud and putting data first.

We see that a lot of the companies that were start-ups a few years ago, that have maybe now turned into scale-ups or unicorns, have really strong systems in place which enabled them to transform their data into a new source of revenue.

How easy is it to transform these data streams into sources of revenue?

Everyone already has this data, using it for their internal analysis or for their own market research. So, the data is sitting on a server somewhere, and it’s often just a turnkey solution, connecting it to a service like Quandl, to make it into a viable revenue stream.

This is what we call this is bottom-line revenue, where it doesn’t entail a lot of costs, work or any new infrastructure from our suppliers. We try to make it as turnkey and simple as possible.

What demand is there for alternative data?

There’s a lot of demand from investors and companies that want to know what’s happening in the world around them. I think that’s been the case for decades, market research has been happening since the 1920s and 30s. There’s a number of very large companies that are out there that are doing this already, so we took the start-up mentality of how can we do this better, faster and cheaper.

How up to date can these data sets be?

Because of the shift towards cloud technologies the speed of data collection processing has increased drastically. We’ve gone from data being released and collected quarterly to monthly to daily to now being collected multiple times a day. And of course, the faster people see data the more value it has.

How detailed can this data get, and does the detail depend on where it was obtained from?

Different sources have different formats, but it’s very important to state that no matter how detailed it gets there’s never any personal information that’s ingested, processed or shared. Frankly, that’s the furthest data point from what we touch – what we want in detail is actionable data related to companies. For example, if you’re able to say that X  amount of money was spent on airlines in July, that detail has some value. If you’re able to say that X amount was spent on airlines on July 1st, that adds more value. If you know that X amount was spent specifically on British Airways on July 1st, that’s even more valuable again. The more detail it has the more value it has.

Do strict European regulations, like GDPR and the FCAs banking regulations, play a part in how data is captured? Does it make it more difficult?

Alternative data and data monetisation originally took place in the US but is now becoming more and more global. I’ve been in the industry for several years and I’ve really seen a change in attitudes. When I spoke to companies in 2017, everyone was hesitant to share data because they weren’t sure about GDPR, it was a new regulation at the time so there was a lot of hesitancy on how to implement it.

When GDPR came in it was actually quite clear, and by 2019 when the regulations were understood people were slightly more accepting of the possibilities and legality of data monetisation – but no one thought it would fly in Europe. In the US people tend to think about data differently than they do in Europe, and so no one thought European companies would do it.

But of course, in 2019 and 2020 it started happening. European companies started monetising data and doing it safely and anonymously with respect to their customers and the regulations. Now there’s a number of European neobanks, start-ups and fintechs who have been monetising data for years now. I think that’s where there’s been a complete shift of the tenor of how people think about European Data. Companies may not be ready to do it, but they want to explore it and find out more. They see some of the biggest names in fintech using this new revenue stream and they want to know about it.

What do you think is the future for datasets, are companies going to get swamped by data?

Well, we think that we can never have too much data. There are so many interesting revenue opportunities available to create safe and manageable data sets. The way people think about data monetisation is always changing, and it’s always being used in new ways, but Data is a diverse way of increasing your revenue streams.

Sift on Data Breaches: The Starting Line for The Fraud Supply Chain

Data breaches have been a hot topic this year, as the Covid-19 pandemic has seen an increase in fraud and other cyber attacks across the board, for both consumers and businesses. 

Tonia Luykx is VP of EMEA Sales at Sift, providers of solutions to help combat payment fraud. Having previously helped roles at Amazon, Dropbox and Google, Tonia is currently focused on building sifts strategic partnerships across the EMEA region.

Here she shares her thoughts on data breaches and the fraud supply chain. 

Tonia Luykx, VP EMEA Sales, Sift

2020 broke sales records for e-commerce and unsurprisingly fraudsters went to work as well. According to Sift’s Q4 2020 Digital Trust & Safety Index, between March and August, physical e-commerce, those businesses that sell physical goods online, saw a 378% jump in account takeover (ATO) fraud. ATO attacks, where fraudsters acquire legitimate user data to take over online accounts, simply don’t happen overnight and can usually be traced to information stolen from a data breach. But how does a data breach fuel ATO? It’s all possible because of the fraud supply chain.

Fraud Supply Chain

First, it’s important to understand that data breaches are a means to an end. Information like usernames or passwords arm bad actors with enough details to execute more sophisticated attacks which combined together create a fraud supply chain. They are interconnected and self-supporting, powered by breaches and pave the way for more complex attacks such as phishing scams and ATO.

 While a data breach on its own might not be enough for cybercriminals to execute immediate attacks, simple credentials, such as an email address, can help fraudsters create phishing schemes. The additional pieces of information taken from small breaches allow fraudsters to personalise content that makes their scams more believable and ultimately convince the target audience to share even more details about themselves or their account.

Coordinating Account Takeovers With Compromised Credentials

Once fraudsters have enough information, they can leverage stolen credentials to break into one or multiple accounts. After all, despite warnings, most individual’s account credentials are not differentiated. A password for one account potentially grants access to many. This opens the door to a variety of opportunities, including exposure to payment information, the ability to open new accounts with similar credentials, and access to post fake or malicious content to victims’ personal networks.

Siphoning Money and Assets Through Payment Fraud

Payment information is the holy grail for fraudsters. Payment fraud typically begins with card testing through the purchase of typically low-value, low-effort items. If successful, criminals know the payment information is valid and usable to purchase goods to keep or resell, or to buy more data on the Dark Web. Sift recently discovered a, notably sophisticated, fraud ring in Russia that tested dozens of credit cards and digital wallets by posting fraudulent content listings on an e-commerce marketplace.

Breaking the Chain

The extent of the fraud supply chain is overwhelming, but not insurmountable. With a playbook of internal and external controls, fraud prevention teams can identify and stop many of these scams.

For security teams, email protection is critical and must lean on a layered approach. Standards like email authentication and domain-based message authentication, reporting and conformance (DMARC) are imperative to protect employees, stakeholders, and customers from unauthorised usage.

Secure email gateways (SEGs) and phishing awareness training also help avoid external threats. For example, fraudsters often play to consumer emotions and fears, a reason why we’ve seen phishing attacks accelerate amid the pandemic. Recent phishing schemes include cybercriminals impersonating health officials and agencies seeking consumer information to facilitate fake virus testing or contact-tracing initiatives.

 There is no solution for managing what users click on, believe and fall for outside of your platform. But when these bad actors show up, you can take control back. Two-factor authentication (2FA) adds friction when someone is trying to gain unauthorised access into an account and notifies users when suspicious account access has been detected.

Businesses dealing with payments can leverage a holding period before funds can be transferred, and review transactions that seem anomalous, like amounts outside of the user’s normal activity or transfers into a new account.

Finally, advanced velocity checks can detect changes in typical user behaviour, whether through purchase volume, changes in device or payment method. These checks account for natural changes in customer behaviour, providing that seamless shopping experience all while preventing fraud.

As data breaches multiply giving more ammunition to cybercriminals, organisations must adapt their security procedures accordingly. It is only then that companies will stand a chance of breaking the chain and thwarting the vicious cycle.

Security is the Cornerstone of Cryptocurrency Exchanges

Cryptocurrency exchanges are under pressure to improve
security practices to mitigate future cyberattacks and scams after
losses of more than $3billion in 2020.

Malicious attacks have become increasingly more frequent and
sophisticated, causing significant financial loss and serious PR
issues for the entire crypto asset market.

According to Ben Zhou, co-founder and CEO of
crypto trading platform Bybit, exchanges need to
better address areas of vulnerability and apply multiple layers of
security for penetration testing in order to combat potential
hacking threats.

Here Zhou discusses why cryptocurrency exchanges are being
targeted and how the right investment can prevent potential data
breaches internally and externally.

Ben Zhou, CEO, BybitBen Zhou, CEO, Bybit

Security incidents of cryptocurrency exchanges are occurring
more regularly, and thieves have begun to wise up to some of the
more ‘basic security protocols’ that some exchanges have

One of the more widely reported cases was that of Japanese
Bitcoin exchange Mt. Gox, which collapsed in 2014
after losing $460million to hackers. The ramifications of the case
still continue to this day. As the popularity of crypto and the
volume of trades increase, so does the appetite of hackers looking
for an opportunity to score a payday.

Bitcoin, one of the more widely known and traded
cryptocurrencies, has been the preferred digital asset of choice
for scammers in recent years. In 2016, hackers stole $72million
worth of Bitcoin from exchange Bitfinex and in
2018, hackers stole $500million in digital tokens from exchange
Coincheck. At the tail end of last year,
approximately $40million worth of Bitcoin was stolen from
Binance, through a single transaction.

The crypto world was also thrust into mainstream news last year
following a high
profile Twitter hack
that saw hackers taking control of
accounts from a list of ‘who’s who’ of wealthy or well-known
individuals and companies, including Barack Obama, Bill
Gates, Elon Musk, Joe Biden, Warren Buffett, Jeff Bezos

and Kanye West.

Hackers invited their followers to deposit Bitcoin into a
particular account with the promise of receiving double their money
in return. Even Apple and Uber were drawn into the fray. Although
this specific scenario appears to have been a quick and dirty money
heist, the scam netted more than $120,000.

Meanwhile, in September 2020, cryptocurrency exchange
KuCoin reported a major security breach affecting
Bitcoin, Ether and ERC20 hot wallets to the tune of

Security concerns and the subsequent negative media coverage
often become the centre of attention, with a reported $1.7billion
in cryptocurrency stolen over the years, most of which have come
from exchanges either based in, or centred around Asia.

Why are cryptocurrency exchanges being targeted?

The reason is quite simple: because they can. Cryptocurrency
exchanges have been plagued by malicious attacks since the first
exchange launched over a decade ago. Over time, these malicious
attacks have become increasingly more frequent and sophisticated,
causing significant financial loss and serious public relations
issues for the entire crypto asset market.

The main issue, however, is that most exchanges act as a
centralised single point of failure, which in most cases are
vulnerable by design. As a centralised web application programmed
to execute specific transactions, exchanges are susceptible to the
same security issues and concerns as all other websites.

In addition, the vast majority of cryptocurrency exchange
servers and storage networks preserve live pools of digital
currency in hot wallets. However, if the hot wallets are not
properly protected or if the application functions, such as mobile
app access, terminals, data repositories and application
programming interfaces (APIs) on the backend lack the sufficient
security controls, the cryptocurrency held within hot wallets could
be vulnerable to theft, making them inviting targets for

With regards to security, there is no doubt that a cold wallet
system is vastly superior to hot wallets. Even though both wallets
store security keys and codes, the fact that hot wallets are
connected online make them more vulnerable to potential hacking
threats or scamming attempts. Cold wallets on the other hand, are
not connected online, making them a significantly safer and more
stable option. The only downside is not being able to make large
withdrawals from an exchange immediately. But which would you
rather have, immediacy with a considerably higher risk factor or a
slight delay with assurances that your cryptocurrency is safe?

How can cryptocurrency exchanges better mitigate security

Investing in security should be one of the highest priorities on
an exchange platform’s agenda, especially if it operates online.
The extent of security investment reflects the overall security
commitment and capabilities of a company. On average, most of the
leading cryptocurrency exchanges spend around 15 per cent, with
some increasing investment in security to 20 per cent or more.
Though spend shouldn’t be the only factor for consideration;
it’s just as important to adopt and adhere to best practices in
cybersecurity and risk management.

In order to combat potential hacking threats, exchanges need to
better address areas of vulnerability and apply multiple layers of
security for penetration testing, in order to better assess the
effectiveness and preparedness of the security system’s defences.
Any security system employed should also cover privacy and
information protection across all points of interaction with the
exchange. Put simply, this means protecting a user’s data and
information throughout from account registration, login, trading,
to any information exchange with the platform.

This can be accomplished by applying best practices for
application lifecycle management, hiring knowledgeable and
reputable security consultants for penetration testing and running
bounty programs within the white hat community to identify any
potential vulnerabilities. It’s also recommended that
cryptocurrency exchanges work with reputable security audit
institutions to carry out security audits, apply strict management
processes, and invest in zero-trust architecture, whereby all
access to a service requires verification in order to prevent any
potential data breaches internally and externally. This drastically
reduces risk as a result of human error.

There are a number of bespoke security solutions that can be
externally sourced and applied from reliable vendors. However, if
the exchange has the right talent, experience, expertise and
capabilities, solutions can also be developed in-house, which could
provide better oversight over potential security concerns.

At Bybit, we put our customers above all else and have invested
considerable resources in developing and enhancing our own security
protocols and solutions. We have implemented an industry-leading,
multi-signature HD cold wallet system to guarantee the safety of
our traders’ funds. We would rather sacrifice some user
experience to ensure asset security.

When it comes to combating potential hacking threats and
internal control management, we organise and conduct multiple red
alert scenarios and bounty programmes with the white hat community
to ensure there are no system vulnerabilities. Even when it comes
to withdrawals, we subject any requests to at least three layers of
risk-control verifications. Crypto asset consolidation among cold
wallets follows the strictest policy, including physical
environment security, system security, encryption techniques,
operation authentication, monitoring and audit.

Looking ahead

As the industry gradually matures, we expect many more
cryptocurrency exchanges to continue to innovate for the benefit of
traders. Investing in, and ensuring the implementation of the right
processes, protocols and relevant security measures will be a
necessity in order to insulate traders from potential hacks and
security breaches. Those that don’t keep pace with the latest
cybersecurity trends and solutions leave themselves more vulnerable
and open to attack in the future.

The post
Security is the Cornerstone of Cryptocurrency Exchanges

appeared first on The
Fintech Times

PayByCar Announces E-ZPass Touchless Payment Solution at Alltown Gas Stations

PayByCar, Inc., a provider of transactional vehicle payment solutions, has announced the implementation of their services at all 30 Alltown gas stations in Massachusetts, where customers will be able to pay for gas and other goods directly from their mobile device, without ever having to take out cash, a credit card, or mobile app.

Those with E-ZPass toll transponders who register for PayByCar on the PayByCar website will be able to easily pay for their fuel, without having to touch the gas station keypad, by using their transponders. Vehicles without a toll transponder can use PayByCar’s own non-toll sticker to enrol.

“Following the success of PayByCar’s first in the nation breakthrough test pilot program at Alltown of Westborough last year, we are proud to expand our pay-by-text service throughout Massachusetts,” said Kevin Condon, CEO and founder of PayByCar.

In addition to eliminating multiple points of touching a public surface, the process also cuts transaction and refuelling time by 73% for patrons during the winter months.

“We’re living at a time when contactless payments are increasingly important,” said Mark Cosenza, Senior Vice President at Global Partners LP, owner of Alltown convenience stores. “We’re excited to offer drivers not only the convenience of simple and quick transactions but also the added safety and peace of mind during the age of COVID-19.”

Massachusetts-based Global Partners has nearly 300 company-owned convenience stores, including Alltown and Alltown Fresh. PayByCar became available at four Alltown locations in Marlborough, Framingham, Wellesley, and Westborough MA, with the 26 more Massachusetts locations rolling out in 2021.

The technology will soon be available for other kinds of transactions such as paying at convenience stores, car washes, drive-thru’s, and restaurants in 2021. Since PayByCar’s launch, the company has made waves in the business technology world, leading to an unprecedented non-toll services pilot agreement with the E-ZPass Group in 2018 that allows the PayByCar product to leverage the transponder devices E-ZPass drivers already use to pay for highway tolls across 18 states — a service the agency group calls “Driven by E-ZPass”.

dLocal Partners With Dinie to Bring Buy Now Pay Later to Brazilian SMEs

dLocal, a cross-border payment platform connecting
global merchants to emerging markets, have announced a new
partnership deal with Dinie to allow global
merchants to offer instalment payments to their customers in Brazil
as a form of small business lending. The partnership between dLocal
and Dinie will give SME customers a wider choice of payment options
and more purchasing power at the checkout, which in turn, increases
the conversion rate and basket sizes for merchants.

The Dinie Paylater solution (Dinie Pay) enables merchants to get
paid up-front and in full, while their customers benefit from
paying in three-to-nine month instalments. The merchant has no
credit risk exposure, and SME customers are not required to have a
credit card or use Boleto to pay but can use their Dinie credit
account while benefiting from the instalment plan.

According to dLocal data, 54% of e-commerce spend in 2020 in
Brazil was made accessing an instalment plan offered by merchants.
With the addition of this 
“Buy Now, Pay Later” solution (BNPL)
,  online sellers can
expect increased conversion rates, as research shows Brazilians
often prefer instalment payments when it comes to e-commerce.

Through the new partnership, Dinie Pay will be integrated within
the dLocal payments platform, which streamlines the merchant
onboarding process. Essentially, this means dLocal will enable
merchants to use Dinie Pay hassle-free, and with no further
integration needed. Once a purchase is confirmed at the
merchant’s checkout, the Dinie Pay option is presented and the
SME customers can choose to split the payment into up to nine
monthly instalments.

Commenting on the partnership, Rodrigo Sanchez
, VP Product at dLocal, said: “At dLocal, we are
innovators at heart and our goal is to bridge the payments
innovation gap between developed countries and emerging economies
and Dinie shares that ambition with us.

Dinie is complementing dLocal’s hyper-local Brazilian payments
solutions with capital accessibility to SMEs to pay for
higher-value business purchases and invest in their growth via
improved technology and digital marketing. We enable global
merchants to unlock new revenues and get paid upfront, frictionless
and risk-free.”

Suzy Ferreira, CEO and Founder of Dinie, said:
“Through one single integration to dLocal, Dinie will be able to
connect to the world’s largest digital merchants and access
millions of SME customers. Dinie will enable these customers to
easily purchase online, make investments in technology and digital
marketing, whilst ensuring their cash flow isn’t so heavily
impacted since they have an opportunity to match their investment
with the revenue they generate later.

“Teaming up with a company of dLocal’s calibre, a high
growth Latam unicorn servicing the world’s largest digital
merchants, is a huge opportunity for Dinie to accelerate growth and
reinforce our commitment to irrigate the Brazilian SME market with
capital to support their germination and growth.”

The post
dLocal Partners With Dinie to Bring Buy Now Pay Later to Brazilian
appeared first on The Fintech Times.

AC Milan Joins Sports Crypto Movement to Launch Fan Token

Italian football giants AC Milan, in partnership with fintech blockchain company Chiliz, have announced plans to launch an $ACM Fan Token on the fan engagement and rewards platform in the coming weeks.

AC Milan are among the most successful clubs of all time, with 18 FIFA and UEFA trophies to their name in addition to 18 Serie A titles and a massive global fanbase estimated at 450 million, including a significant following throughout Asia.

$ACM Fan Token owners will be able to access a wide range of benefits including the right to vote in multiple club decisions each season, VIP rewards & experiences, exclusive club and sponsor promotions, games, competitions and ‘super-fan’ recognition.

The club joins a list of 19 major sporting organisations who have partnered with to launch Fan Tokens, including FC Barcelona, Juventus, Paris Saint-Germain, AS Roma, Atlético de Madrid, Galatasaray and Trabzonspor. Leading esports organisations Team Heretics, NAVI, OG and Alliance have all launched Fan Tokens on the platform, while UFC have signed a global fan engagement agreement and fellow MMA organisation the Professional Fighters League will launch a Fan Token in the coming months. More major clubs are set to launch Fan Tokens in the near future.

Notable examples of fan engagement through include fans of Apollon FC choosing the first team for a friendly match and the club’s home and away kit for the 2021/22 season. Juventus fans chose the club’s new goal celebration song, decided on a limited-edition redesign of the iconic ‘J’ logo and the first team bus for the 2020/21 season. Supporters of FC Barcelona placed a unique fan designed artwork at the heart of the Camp Nou dressing room, Roma fans delivered questions directly to head coach Paolo Fonseca in a live press conference and PSG fans chose a unique message for the captain’s armband as well as voting on their end of season awards through the app.

Powered by the utility token Chiliz $CHZ, is one of the most active non-financial, consumer-facing mainstream blockchain products in the world. In just over a year it has been downloaded by more than 450,000 people, over 14M Fan Tokens have been sold, and over 700,000 votes registered on the blockchain. In total, Fan Tokens have generated over $30M USD for clubs and partners in a little over 12 months. In late December and early January, several Fan Tokens were listed on major global exchanges driving significant activity, with $PSG and $JUV trading volumes hitting a 24 hour high of $300M in late December.

 Casper Stylsvig, Chief Revenue Officer of AC Milan said: “We are happy to join hands with and welcome them to our family as a global partner. This partnership allows us to give our 450 million fans across the world another exciting way to interact with AC Milan, which is particularly important under the current circumstances created by the Covid-19 pandemic.

“As an innovative Club, one of our focus areas is modernisation and this partnership helps us complete another important step in that direction.”

Fans who purchased ‘Milan Devils’ Tokens using pre-sale feature Locker Room will have their tokens transformed into $ACM Fan Tokens upon launch. Locker Tokens for Manchester Blue and The Galácticos have sold out.

Alexandre Dreyfus, CEO and Founder of Chiliz and said:  “I’m delighted to welcome AC Milan and their 450 million fans from across the world to Fans of the I Rossoneri will be able to enjoy unprecedented engagement with their favourite team, influencing the club in polls, accessing VIP rewards, exclusive promotions, chat forums and much more.

“The AC Milan partnership is a great start to a year in which we will work harder than ever on our mission to fully establish Fan Tokens as the ultimate fan engagement tool and as a powerful new revenue generator for the sports industry.”

Liquidity Capital and Vault Investments Launch $100m Debt Investment Fund

Tel Aviv-based global fund manager Liquidity Capital and Dubai-based Vault Investments have announced an agreement to form a joint $100M Venture Debt Investment fund based in Dubai.

The new fund will deploy debt financing funding aimed at fueling technology financing in the Middle East, North Africa and Europe, and will leverage technology already in use by Liquidity in that company’s Asia-Pacific and US investments. As part of the partnership, Liquidity Capital and Vault investment will open offices in Dubai, to more effectively locate potential investments in the region.

“The United Arab Emirates, the Gulf Cooperation Council countries and the Middle East as a whole are overflowing with technology,” said Sultan Ali Lootah of Vault Investments. “The partnership between Vault Investments and Liquidity Capital will create new growth in the region, and the facilities and services we provide will be a positive anchor for entrepreneurs. We believe that our partnership will provide success in the future through our combined leadership in Dubai.”

The joint venture marks a step forward in the rapidly solidifying relationships that have emerged between Israel and the United Arab Emirates and following the recent peace agreements between those countries. Together, Liquidity Capital and Vault Investments will better leverage the region’s deep technological know-how and capital to unlock business opportunities for Middle Eastern startups and growth companies – enabling them to become true global players.

Ron Daniel, CEO and Founder of Liquidity Capital noted “Beyond the personal excitement by this first of its kind fund, and the wonderful relationship with Sultan Lootah of Vault Investments and his team, I strongly believe the new fund is a game-changer in both the availability of non-dilutive growth capital in the region and for the fast distribution of tech products from the Middle East and globally. The new climate in the region brings a lot of potential to capture. Non-dilutive debt is an asset class now transforming successful companies into unicorns and Liquidity Capital is at the forefront of this by marrying technology and credit know-how.”

Avner Stepak, Controlling Shareholder at Meitav Dash and Chairman at Liquidity Capital said “We are thrilled to cooperate with one of the most significant business groups of Dubai and incorporate an innovative fund that will help technology companies, mainly from our region, finance rapid growth, based on Liquidity’s great online underwriting technology. Sultan Lootah and his team will become great partners of ours and I strongly believe that this is just the beginning of several future joint businesses.”

African Development Bank and European Investment Bank Sign Joint Action Plan for African Development

The African Development Bank (AfDB) and the European Investment Bank (EIB) have signed a joint partnership action plan highlighting their strengthened cooperation and mutual development priorities and a strong shared emphasis on boosting public and private sector investment in Africa.

The Joint Action Plan enables both institutions to grow a shared pipeline of bankable projects around key complementary themes to which each institution would bring their comparative advantage.

These themes are climate action and environmental sustainability; transformative large-scale quality infrastructure investment; Information and Communication Technology (ICT) infrastructure and services; financial inclusion with a gender lens aimed at the empowerment of girls and women; education and training; and the health sector.

The signing comes amid the ongoing COVID-19 pandemic which is increasing poverty across the African continent and threatening markets and livelihoods, heightening the urgency for action.

“It is crucial that more multinational development banks and other development finance institutions commit to closer and stronger collaboration, such as seen through this Joint Action Plan between the AfDB and the EIB, in order to more efficiently and effectively support our regional member countries during these troubling times,” said Bajabulile Swazi Tshabalala, Acting Senior Vice President, African Development Bank, “Sustainable economic growth and security in regions facing particular challenges, such as the Sahel and Horn of Africa, are our top priority.”

The agreement was signed by Tshabalala, and Thomas Östros, European Investment Bank Vice President, during a virtual ceremony attended by more than 100 stakeholders from across Africa and Europe. The session was preceded by a short roundtable between the two senior management members and representatives from both institutions.

“Partnerships are crucial for the EIB’s business and impact, and this partnership with Africa’s Bank is crucial for Africa. The Action Plan signed with the African Development Bank today demonstrates the firm commitment of the European Investment Bank, the EU Bank, to delivering investment that makes a real difference to Africa. Enhancing our work with the African Development Bank, Africa’s multilateral development bank, is a strategic priority for the EIB and Europe. Together the EIB and AfDB will enhance cooperation and engagement with African partners to ensure that Africa emerges from the health, social and economic challenges of COVID-19 to an even brighter 21st Century,” said Thomas Östros, European Investment Vice President.

Shared Priorities for Supporting Transformation

The plan reflects the Bank’s High 5 development priority areas as well as EIB’s priority areas for Africa. In the wake of COVID-19 both institutions have devoted financing for rapid response to meet budgetary and health needs of countries in the region.

Over the past 5 years, the shared portfolio of the two institutions has grown to EUR 3.4 billion, leveraging investment totalling EUR 10.2 billion for 26 projects across the continent.

The EIB and African Development Bank recognise the unique role of publicly owned development banks in supporting high-impact and pioneering investment and mobilising private sector financing.

Recent cooperation to increase venture capital financing for innovation and technology companies through the Boost Africa initiative and commitment to the Desert to Power programme highlights how public banks accelerate financing in priority policy areas.

The unique financial and technical contribution of public banks was further demonstrated earlier this month when the EIB and AfDB Presidents confirmed enhanced support for biodiversity and investment across the Sahel under the Great Green Wall initiative confirmed at the One Planet Summit hosted by the French President Macron and Prince Charles.

The African Development Bank Group and the European Investment Bank have a long history of cooperation, framed by their relationship as Multilateral Development Banks and a Memorandum of Understanding on an Enhanced Strategic Partnership, signed in 2005, between the EIB, the AfDB and the European Commission. They have also signed a Procedural Framework for co-financed public sector projects.

RNIB and Uswitch Partner to Help People With Sight Loss Review and Switch Suppliers

The Royal National Institute of Blind People (RNIB) is launching a campaign to help blind and partially sighted people be ‘smart with their money’ and potentially change their energy and broadband providers to less expensive alternatives.

The campaign comes off the back of Ofgem research, which shows that blind and partially sighted people are less likely to have switched energy suppliers in the last 12 months than their sighted peers. Just a third (36%) of blind and partially sighted people investigated switching suppliers in the last year compared to nearly half (49%) of the population.

It is also working with the comparison and switching service, Uswitch, to offer accessible tools for blind and partially sighted customers to review their current deals.

Janette Scott, 61, from Stirling has retinitis pigmentosa (RP) and glaucoma. She’s been with the same energy provider for 20 years, and despite not being happy with her current provider, has been unable to switch. She said: “Being blind, it can feel safer to stick with the deal you have even if it’s not great. When I’ve spoken to others about this, they’ve said exactly the same. Although they feel frustrated and annoyed, they haven’t got the capacity to move to another company.

“I feel frustrated with not being able to access or collect information.”

The charity is launching ‘Smart with your money week’ (between Monday 18 and Sunday 24 January). During this time, the charity will be offering information on consumer rights, grants and discounts that individuals may be eligible for, and advice on how people can save money on their bills and using comparison services.

Marc Powell, Strategic Accessibility Lead at RNIB, said: “The findings from Ofgem show that more needs to be done in empowering blind and partially sighted people to make informed decisions when it comes to their energy bills. This is especially important during a cold winter with all of us spending more time at home, coupled with the higher cost of living with a disability.

“Through working with Uswitch, we aim to create better understanding of the information and resources available to help people make informed decisions on how they spend their money.”

RegTech Women Launches New Membership Service to Further Support Women in the Industry

In February 2019, over 70 women got together for the launch of a new network aimed at connecting women who work in the regulatory technology (regtech) industry in financial services. Two years later and with more than 500 supporters, RegTech Women have firmly established themselves as a leading network that supports and enhances the vital role that women play in driving success in the industry.

RegTech Women have now launched a new membership model to support the next stage of their growing network. Their annual subscription launched in January 2021 includes several benefits ranging from exclusive member-only events to career-enhancing workshops and specialist advisory groups.

Throughout 2019 RegTech Women held several events including ‘Leap of Faith’, a panel discussion on how women can take more risks in their career and ‘Mind the Gap’, a panel discussion on how to improve collaboration between key stakeholders in the regtech ecosystem. Hosted and supported by the firms like the UK Financial Conduct Authority (FCA) and Deloitte, the events were well attended, and delegates thoroughly enjoyed the networking opportunities.

RegTech Women continued to support the network through the difficult months of 2020. Despite the inability to meet face-to-face, the association ran various virtual events including online panel discussions on financial crime and regulatory change, webinars to highlight female founders, workshops to explore imposter syndrome and LinkedIn social selling, and even an evening of virtual cheese tasting.

The new annual membership allows members to benefit from an exciting line-up of events and initiatives planned for 2021. Lucy Heavens, Co-founder of RegTech Women said, “We are thrilled to invite members to be part of our exciting future with RegTech Women and to help us make real change in the industry. The membership supports us on our mission to inspire and champion women in our community and provide a safe space for unsafe conversations.”

Sian Lewin, Co-founder of RegTech Women added, “We launched RegTech Women in 2019 and since then the network has gone from strength to strength. This next stage in our journey is an important one, and we need the backing from members to support and enable us to run initiatives that support and empower the female contribution to RegTech, provide a platform for women to network and collaborate, – celebrate emerging female talent, and improve gender diversity in the RegTech sector.”

Cyphere on Supply Chain Attacks: Be Wary of Third-Party Suppliers

From outsourced software developers to warehouse management systems, information moves around the globe via multiple devices  But if data is the oil of this century, then data leakage is the equivalent of an oil spillage.

Harman Singh, director at cybersecurity services company Cyphere, is passionate about helping businesses protect their most prized assets. Having helped top tier brands across UK, he is responsible for providing advisory services to CIOs & CISOs across the financial services, fintech and e-commerce sectors.

Here he shares his thoughts on supply chain attacks and the need to be wary of third-party suppliers.

Harman Singh, Director, Cyphere

The supply chain model is an age-old model adding efficiency to customer services as well as operational and financial positions. It has grown to be more complex in the digital world with the added ingredients of outsourcing and multiple digital endpoints combining trusted and untrusted entities together. This inter-linking of supply chain entities leads to new challenges, and one of the prime concerns is cyber-attacks on supply chains.

Supply chains will likely dominate 2021 news for negative reasons –cyber-attacks. Two latest examples include what is considered as the worst supply chain cyberattack in history. A US company, SolarWinds, was at the centre of supply chain attack where nation-state actors compromised the source code and poisoned it to make inroads into hundreds of organisations including US government agencies and corporates.

Similarly, this week a Mimecast-issued certificate used to authenticate to Microsoft services was compromised by a threat actor. A digital certificate is used to verify the validity of the source and ensure trust. This situation has been abused by attackers to take over the connections, stealing information from Microsoft linked accounts (appearing to be used by Mimecast).

The issue lies at the heart of unrestricted access enjoyed by attackers once the supply chain is compromised. This leads to legal, financial and reputational implications, as well as job losses, low-security team morale and mental health impacts.

The gist of the matter is that for the most significant risks, they sometimes do not come through the front door. These trusted relationships between partners, suppliers and service providers can be compromised with less effort compared to through the host organisation. Therefore, beefing up one’s own security may not assure the entire organisation is safe from cyber-attacks. Your crown jewels can still be accessed by abusing your trusted channels, i.e., your supply chain. This, in some cases, could also be a chain issue where a breach occurs much further down the line e.g. a supplier’s supplier. An instance that would be includes compromised MSSP’s that provide secure services to their enterprise customers, often big outsourcers of software development or IT services.

From a cybersecurity perspective, supplier assurance provides a way to maintain confidence in the security process. Supplier assurance shouldn’t follow a tick in the box approach, as this often leads to security by obscurity. This is one of the mistakes we have noticed several times where a one-page questionnaire is submitted without any evidence or communication happening with the right contacts. A pragmatic approach is needed that takes into account the understanding of security measures in place by suppliers – this allows analysts to evaluate potential risk exposures. These depend on several factors such as your logical/digital connectivity with suppliers’ IT assets, the criticality of the services supplied, data processing and the sensitivity levels. These risk exposures may change over time due to changes in new developments on the technology front or change in threat profile of the supplier business. It is, therefore, necessary to frequently review supply chain cybersecurity posture.

To counter this threat, it is essential to understand the value of information held, who has access and what needs to be secured. Then communicate with suppliers and gain insights into their security maturity. By assessing the security risk of a supply chain would help to come to terms with reality than a false sense of security with questionnaires. This would then help set the security requirements for suppliers, communicated in an understanding way and working with suppliers to achieve that level.

One proactive way of changing our practices is how at Cyphere we are communicating and showing our customers that tick in the box questionnaires are not working. It is essential to introduce cybersecurity considerations at the procurement stage. New supplier requirement policies should include cybersecurity risk profiling processes that feedback into the decision-making process rather than taking on higher risk suppliers.

At a ground level, this would mean asking for assurance exercises such as penetration testing or ethical hacking exercises to assess the risks to digital assets and assessing their proactive security approach towards risk management.

Last but not least, keep raising awareness of security in your supply chain just like you do within your organisation. By supporting your supply chain, you are helping everyone succeed together while securing your cybersphere. As cyberattack chains develop, this is a continuous fight against cybercrime, and continuous security improvements are needed to stay ahead of attackers.

Barclays Report Finds High Optimism in Global Financial Services Industry

Key players in the financial services industry are optimistic about the year ahead, according to a new ‘State of the Industry’ report from Barclays Corporate Banking, Alive to Opportunity. The research from the bank also highlights regional differences in approaches to regulation, expectations for payment innovation and confidence in cybersecurity.

As the official insights partner of last year’s Money 20/20 global conference series, Barclays conducted a survey of over 200 financial services leaders from across EMEA, the Americas and Asia-Pacific. From these senior executives, Barclays Corporate Banking found that optimism in the sector is high as it enters into 2021.

Whilst recovery from Covid-19 might be seen as a likely top priority for the coming year, it came in second place when respondents were asked what they would be focussing most on during 2021 – with 42% of leaders selecting it. Top spot instead went to ensuring business growth, with nearly three in five (57%) respondents picking it as their main area of concentration.

Phil Bowkley, Global Head of Financial Institutions Group, Barclays Corporate Banking, said: “Given that 2020 was such a tumultuous year, it is encouraging to hear fintech businesses are confident and focused on future growth. Many firms have grasped the upheaval of the global pandemic as an opportunity. Covid-19 has driven a huge surge in e-commerce and cross-border business. This has significantly increased flows across FinTech payment providers, which have worked hard to enable cross-border trade, payments and e-commerce. At the same time, the industry has been collaborating with banks to ensure much-needed financial support from government flows to the real economy.”

Regions Back Themselves on Innovation

In a continuation of a trend seen in 2019, respondents often rated their own region as the most likely source of future innovation. This ‘home’ bias was particularly strong in Asia-Pacific, where China, India, Japan and Southeast Asia together claimed over 83% of regional votes when considering the key sources of innovation over the next five years.

However, China’s reign as the most likely site of financial services innovation did not continue from 2019, with Barclays’ most recent survey showing that nearly one in four (24%) key industry leaders now view the United States as the most probable location for the rise of payment innovation over the next five years.

A Shift Eastwards for Open Banking?

Barclays’ research also suggests that Asia-Pacific may be the new focal point for expectations around Open Banking, with interest from Europe dropping year-on-year.

In 2019’s report, the impact of this key regulation was anticipated to be strongest in Europe – however, this time around just 38% of EMEA leaders now expect Open Banking to have a big impact on their business. By contrast, the majority (59%) of senior respondents from Asia-Pacific feel that the regulation will be key for their companies as we move into the remainder of 2021.

Security and Resilience in a Post-Covid world

Firms’ confidence in their own cybersecurity dropped by 5% versus 2019, with less than half of respondents (42%) feeling satisfied with their business’ approach to the issue. Businesses in EMEA feel least confident about their security provisions, with one in three (33%) indicating that their own cybersecurity needs further investment.

The importance of resilience to customers was also a theme that many felt would rise in significance in 2020, given the recent growth in remote working as a response to Covid-19 – however just 5% of respondents viewed this issue as important when considering customer loyalty.

Steve Lappin, Managing Director, Barclaycard Business, said: “From remote working to e-commerce, coronavirus has meant that digital channels play a much greater role in working life. While this has undoubtedly presented new opportunities, it has also put additional pressure on infrastructure and heightened potential vulnerability to attacks. Therefore, it’s not surprising that confidence in cybersecurity has dropped, with many firms feeling that their rapid adoption of these new channels has left governance and control lagging behind. It’s critical that businesses remain vigilant – security may not be a key driver of customer loyalty, but cybersecurity issues are definitely a driver of disloyalty.”

New Research Shows Mortgage Lenders Want New Technology to Improve Customer Retention

Mortgage lenders and brokers want new technology to help them retain existing customers according to a recent study, DPR Group Mortgage Insights 20/21, conducted by DPR’s parent company. Latest research has identified that 63% of participants intend to implement retention tools in the next 6-12 months. These tools allow customers to make a product switch with their current lender without the involvement of back-office staff.

The cross-segment study was conducted by DPR Group in partnership with Smart Money People to provide the market with a complete view of the mortgage industry. Almost 2,000 participants responded including lenders, brokers and consumers.

The survey also showed that 91% of businesses who use retention technology found this effective at managing retention. However, among those surveyed, only 31% are currently using retention tools within their business.

Leading technology supplier DPR, part of DPR Group, provides a retention portal as part of its mortgage origination solution. This can be accessed by customers and brokers, to allow customers to switch to a new product on an execution-only basis, without significant effort from back-office staff or extra operational costs.

Nick Lawler, Sales Director at DPR, said, “Our research shows an increasing confidence in the sector aided by cutting-edge technology and a universal understanding of the fundamental role technology plays in business operations today and in the years to come.

“DPR will continue to develop solutions that meet the needs of lenders and consumers alike and our research has revealed exactly what those needs are.”

Product maturity is a critical time for lenders; 63% said over 40% of their existing customers switch products when their deal ends. However, some respondents without retention tools identified the switching process as a key challenge in retaining customers.

1,195,200 homeowners switched products with their existing provider during 2019, representing £167.4 billion of mortgage borrowing, according to data from UK Finance.

Previous work from the Intermediary Mortgage Lenders Association (IMLA) also underlines DPR Group’s findings on retention technology. This acknowledged the convenience of lender execution-only product transfers for customers.