Cyber Risk is Real. How to Stay Ahead of the Curve

This is an interview with Mark Weir, Regional Director – UK & Ireland at Fortinet. Fortinet is a global cybersecurity firm based in California.

How real is the threat of cyber-attacks to the financial services industry?

Weir: Financial services are about as big a target as the cybercriminal community has, if the pure amount of attacks in 2016 is anything to go by. Due to the sensitive nature of its data and the value it holds for the cybercriminal community, it will likely remain in the crosshairs moving into 2017 and beyond. As the attacks grow in both number and complexity, financial institutions will have to prepare to better detect and mitigate threats in order to protect their organisation.

What is the level of understanding of cyber risk in financial institutions?

Weir: Whilst financial institutions are generally quick to adopt new technologies, every large retail bank is still hamstrung by legacy infrastructure and applications. To address that, they need to start examining their technology from a base level. This means understanding which platforms are under threat and ensuring they are fully up to date with security patches. But that is just a first step. What banks need to ensure is that they build upon that initial perimeter defense and start putting a ring around key applications. It is web applications that have long been favourite targets of hackers because they have access to valuable information and they are relatively easy to exploit.

Is enough being done across the industry to protect against cyber-attacks?

Weir: Industry players, their partners, big players in other verticals and vendors; all of them have little pieces of the jigsaw making up the bigger picture of protection against cyber-attacks. Only by them all being more co-ordinated and collaborative will defense be on par with the levels of attacks. Cybercriminals are certainly very well-organised, well-funded and well-regimented. They also benefit from having more time to prepare their attacks than those defending, so a more co-operative partnership between sectors, where organisations share intelligence is key to counteracting the threats.

As cyber threats are continuously evolving, what can financial institutions do to stay ahead of the curve?

Weir: Cyber threats evolve continuously, much like a fashion collection. Last year, Distributed Denial of Service (DDOS) attacks were in vogue and financial institutions are scrambling to ensure applications are protected from a DDOS point of view and ensure that the perimeter is fully patched and up to date. This way they can mitigate financial loss resulting from customers being unable to access their accounts and make online transactions.

And yet this can’t be done at the expense of more granular layers of application level security. Even if a hacker gets through those perimeter layers, there must be protection at the application level, for services such as checking your balance on a banking application. Cybercriminals can be hiding malware at this level, behind what would appear to most people to be legitimate requests.

It’s important to ensure a fully comprehensive response, as cybercriminals will already be working on the next big thing to attack your organisation.

What should the role of regulation be in ensuring that the FS industry is cyber resilient?

Weir: Banking is heavily regulated, and rightly so, but sometimes banks can wrongly go down the path of simply trying to meet compliance. That can all too easily become a minimum standard for security. It becomes a tick-box exercise. But the issue is, it may or may not be what is actually required for a particular application. Banks need to go on a security journey that is not only cost-effective and helps them towards compliance goals, but this journey first and foremost needs to be pragmatic. Cyber threats change on an hourly basis and cybercriminals are a moving target. Meeting the minimum standards of compliance can only go so far in helping financial institutions combat them. 

In the past few years, we have seen increasing levels of collaboration between large financial institutions and fintechs. What security considerations should banks and insurers have in mind when looking to work with fintech start-ups?

Weir: Large financial institutions are always looking at new ways of fixing problems and fintech start-ups can provide innovative solutions to these issues. However, security forms part of a bigger business consideration which needs to be made when collaborating with a start-up. The future for that particular organisation needs to be considered heavily. A financial institution may build a strategy based on a particular start-up’s technology but you need to make sure they’ll still be in business for years to come. Is there a likelihood of them going bust?

Another consideration is their global footprint. There may be some areas of the globe you may not want to work and do business. Do they have a footprint in the right geographic locations, and do they have security operation centres in the geographies you operate in? We should embrace new ideas and new technologies from new companies, but also consider the security implications.

What are the most exciting trends in cyber security sector?

Weir: Due to the sensitive nature and value of the data associated with it, the financial sector will undoubtedly remain a top target for cyber criminals in 2017. Whilst typically the finance industry has lagged behind other industries when it comes to moving data to the cloud, we expect to see more and more financial services institutions making the move. We have already seen some large banks and organisations making the move to public cloud providers such as Amazon Web Services (AWS) and Microsoft Azure. But they shouldn’t forget basic principles around the security of public clouds, and whether or not they have the ability to audit these services.

In 2017, we should also expect malware to get smarter. At the moment, malware can hide in a device or a network, but it is only programmed with a specific objective. A hacker simply points it at a target, and hopes that it will accomplish its goal. But now, threats are getting smarter and adapting to operate autonomously. We should expect malware designed with adaptive, success-based learning to improve the success and efficacy of attacks. The new generation of malware will be situation-aware, meaning that it will understand its environment and make calculated decisions based on this. Such as evading detection, choosing methods of attack and identifying targets.

How do you think the tech landscape will have changed in 5 years’ time: will the FS sector be more cyber resilient?

Weir: The FS sector is gradually starting to move towards the cloud to deliver the best customer service they can. Some organisations are moving entire systems and platforms to the cloud whilst others are opting for a hybrid approach. In five years’ time, I expect that a large majority of organisations will be operating in the cloud. With this increased migration, security is imperative, and with it comes many more factors to be considered when selecting a cloud security vendor. Data security, scalability, visibility and control as well as openness are necessities to be kept in mind in order to protect data, and mitigate reputational damage which can be devastating for any FS institution.

However, it’s important to note that the threat landscape from the last two years is unrecognisable now, and predicting the next big innovations in tech is impossible. In the cyber security industry, the fast-paced environment means that 5 years is equivalent to 20 years in any other industry! We will be more cyber resilient if we find better ways to communicate with other organisations and sectors and put data security at the heart of this.

If you could give one piece of advice to a financial institution on its cyber security strategy, what would it be?

Weir: For all financial institutions, every application and the data held within it is important, but it’s up to them to understand and prioritise what is important to customers. The trust financial institutions have with customers is critical to preserve brand loyalty and their reputation in the industry. They should build a security strategy around that trust, and the data held within their organisation.

If they don’t have an understanding of this, they need a plan to get there. In order to make this plan, organisations should pull together key stakeholders in the business, not just from IT and security but from all lines of the business. If the IT function acts in silo, without insight from other departments, this can lead to making an application which is unsuitable for particular use cases. This is why Line of Business representatives across departments need to be present in security workshops in order to create a high level plan which all stakeholders can buy in to. This is a problem which is particularly faced by financial institutions, the larger the business the more difficult it is to have these kinds of meetings to ensure that everybody is on the same page when it comes to cyber security.

FinDEVr London 2017: Welcome to Day One

Welcome to FinDEVr 2017 London!

The first presentation begins at 9:30 Monday morning. There will be four sessions today, with presentations from 13 companies. There will 30-minute coffee breaks in the morning and afternoon and, during lunch, there will be three roundtable discussions led by FinDEVr presenters. Day One concludes with an hour-long networking session and Happy Hour with open bar.

And before you head out to the event, don’t forget to download the FinDEVr London event app. You can use the app to schedule meetings, vote for your favorite presentations daily, access the attendee list and more! To download the app, search “FinDEVr” in the Apple App Store or Google Play Store. Join by logging in with the email address you used to register for the event. If you’re not able to join, please email for assistance.

Presentation Session: 9:30 to 10:55

  • 09:35 Trulioo
    Trulioo API = Global Electronic Identity Verification + ID Document Verification + AML Screening
  • 09:55 NuCypher
    Body Armor for Big Data
  • 10:15 Currencycloud
    Flexible APIs in Action
  • 10:35 HackerOne
    Tapping Hackers to Improve Security

<<Coffee Break: 10:55 to 11:30>>

Presentation Session: 11:30 to 12:30

  • 11:30
    How JavaScript is Radically Changing the Way Financial Institutions Create Enhanced Customer Experiences Fostering Creativity
  • 11:50 Trusted Key
    Secure Digital Identity
  • 12:10 Zuhlke Engineering
    Digital Transformatiom of HSBC – or Changing the Engines of a Jumbo in Flight

<<Lunch Roundtable Discussions: 12:30 to 13:30>>

  • 12:30 Led by Trusted Key’s CEO, Prakash Sundaresan: Fintech climate change: Top challenges & regulatory impacts facing the financial services environment.
  • 12:30 Led by Trulioo’s Anatoly Kvitnitsky, VP of Growth and Mike Kim, Strategic Accounts Manager: AML, KYC, OMG: How to manage compliance with a smaller team and a better UX.
  • 12:30 Led by NuCypher’s MacLane Wilkison, CEO, and Michael Egorov, CTO: Regulatory compliance and data protection in the era of GDPR and PSD2 

Currencycloud Sponsored Lunch (Invite Only) 12:30-13:30

Presentation Session: 13:30 to 14:50

  • 13:30 LeanXcale
    Blending Operational & Analytical Capabilities for Fintech Data Intensive Applications
  • 13:50 Kontomatik
    FinTech Dictionary: Learn How to Navigate through the FinTech Bull*
  • 14:10 ISARA
    Why (and How) You Should Make Your FinTech Security Quantum Safe Today
  • 14:30 Cognitect
    Unlocking Hidden Value in Your Data

<<Coffee Break: 14:50 to 15:20>>

Presentation Session: 15:20 to 16:00

  • 15:20 TokBox
    Financial Services in the Social Age: Cost or Opportunity
  • 15:40 Ixaris
    2017 – The Year of Open Payments: Exploiting Disruption in the Payments Industry with the Open Payments Cloud

<<Networking with open bar & appetizers: 16:00 to 17:00>>

FinDEVr London: Tech Talk at the Tobacco Dock

Is it any surprise that data is at the center of our Theme Cloud for FinDEVr London 2017?

Think about it. Everything is about data. Security is about safeguarding our data. APIs are about accessing and sharing data. Behavior analytics helps us undercover and utilize new forms of data – the unique timbre of a voice, patterns of strokes on a touchpad – that we previously didn’t even consider as data. Fraud prevention, KYC, digital identity … all of these themes are both top of mind for fintech professionals and critical applications of, you guessed it, data.

During one of the many insightful presentations from our developers conference in the States earlier this year, Sandeep Sood, VP of Software Engineering for Capital One, underscored how central data is to the trajectory of technological change, including in fintech. After pointing out that the mathematic underpinning for recent breakthroughs like facial recognition has been available since the late 1880s, Sood asked, “then why has it taken so long for us to have facial recognition technology?”

“The mathematics were never the limiting factor when it came to this sort of technology and our ability to do artificial intelligence and machine learning,” Sood explained. “Nor was it the computing power. The major breakthrough in the last 10 years was actually access to data.” Sood quoted Google Research Director, Peter Norvig who said, “We don’t have better algorithms. We just have more data.”

FinDEVR London starts tomorrow. Launched in Silicon Valley in the fall of 2014, our developers conference has brought together hundreds of professionals who specialize in tackling some of fintech’s trickiest challenges from the inside out. And as our Title Cloud for this week’s event shows, these professionals include everyone from Chief Technology Officers and IT Heads to software engineers, developers, and architects. These are the individuals whose names are often not well known, but whose talent and hard work is what enables us to manage our finances on our smartphones, safeguard our online identities against cybercriminals, and so much more.

Our two-day event runs all day Monday and Tuesday. Both days will feature 15-minute presentations from a wide variety of fintech professionals – all with explicitly technical backgrounds. FinDEVr London will also provide plenty of opportunities for attendees to mix, mingle, and meet up with our presenters, our sponsors, and their fellow attendees. For our first U.K. developers conference, we’ve added a handful of new features designed to help you maximize your time at FinDEVr London. These include lunchtime roundtable discussions led by our presenters, and a special panel on the open banking era hosted by the Finovate research team.

Tickets to this week’s conference are still available. So be sure to stop by our registration page and save your spot today. In the meanwhile, to help you get ready for the conference, here are a few things to know to help you make the most of your FinDEVr London experience.

Time & Date

  • FinDEVr London takes place on Monday, 12 June, and Tuesday, 13 June. Registration opens at 8:30am and the first presentation begins at 9:3oam on both days.


  • FinDEVr London will be held at London’s Tobacco Dock at Tobacco Quay, Wapping Lane, St Katharine’s & Wapping, London E1W 2SF.


  • Get a preview of what’s coming over the two days of FinDEVr London.  Presentations and presenters, roundtables, our panel, networking … check out our agenda to see what’s happening when.

Learn about the companies that will be presenting at FinDEVr London 2017 in our FinDEVr Previews series, while our FinDEVr Interviews give you a change to find out more about the teams behind the technologies. And if you like what you read, we hope we’ll see you bright and early Monday morning at the Tobacco Dock for FinDEVr’s U.K. debut.

FinDEVr London 2017 is sponsored by TestDevLab.

FinDEVr London 2017 is partnered with Aite Group, Banking TechnologyBayPay Forum,, Brave New CoinBreaking Banks, Byte Academy, The Canadian Trade Commissioner ServiceCelent, Cointelegraph, Colloquy, Cooper Press, DistributedEconomic Journal, Empire Startups, Femtech Leaders, Finmaps, Fintech Finance, Global DataHarrington Starr, Holland FintechLevel39, London Tech Week, Mapa ResearchMercator Advisory Group, The Paypers, Plug and Play,, SME Finance Forum, StartupbootcampSwiss Finance + Technology Association, and Women Who Code.

Feature Friday: Editing Transactions in Online/Mobile Banking

One basic feature missing from most online and mobile banking services is the ability to edit/annotate transactions. Some banks, BMO Harris for example, support transaction and/or category editing in their PFM modules. But it’s very rare to see it within basic digital banking.

One exception, is BBVA Compass’s Simple banking unit. Simple allows full editing of the transaction name, category, and goal. And users can add a memo and an attachment to individual transactions. Clicking on a transaction brings up the detail section along the right (see screenshot below). The feature is functional on the desktop, but it’s easier to use, and more robust, on a mobile phone where the built-in camera aids photo attachments. And the transaction is visually more appealing after editing on mobile (see After mobile screenshot).

Thoughts: While it’s a little harder to use than I’d like, it feels wrong to complain about UX issues at Simple, when the vast majority of FIs don’t allow any editing whatsoever. But my job is to whine, so I’ll make this suggestion. The best user experience is to edit directly within the transaction record rather than following commands over to the right. And on mobile, voice editing should be supported.

Bottom line: While Simple’s transaction editing may not quite live up to the digital banking pioneer’s name, it’s head and shoulders above the competition. And that’s no simple feat.

Transaction editing on the desktop

Step 1: Select transaction on left; if desired, change category (#1), or funding source (#2), then press “edit”

Step 2: Annotation options (1) Edit name, (2) Add memo, (3) Upload image, (4) Add location

Transaction editing on mobile

Before edits                                                             After edits
















Author: Jim Bruene is Founder & Senior Advisor to Finovate as well as
Principal of BUX Advisors, a financial services user-experience consultancy. 



FinDEVr London: Around the Corner and Across the Globe

We’re nearing the end of the work week and shifting our focus to FinDEVr London, which starts on Monday, 12 June. This is the first FinDEVr outside of the U.S. and marks our most international FinDEVr event to date. The presenter map (above) highlights the geographic diversity of this year’s presenting companies.

Don’t forget to register before the event– tickets are still available, but act soon! Here are a few, quick reminders to help you get ready:

Next week’s show will be held at Tobacco Dock in London (Tobacco Quay, Wapping Ln, St Katharine’s & Wapping, London E1W 2SF)

The first presentation takes place at 9:30 AM on 12 June and registration opens at 8:30 AM so feel free to come early, take advantage of the free breakfast, and save your seat. Check out the full agenda on our website.

The agenda is loaded with fintech companies working on relevant issues for the global finance industry. View the presenter list on our website, check out previews of the companies’ presentations, and read interviews from company representatives on our blog.

Attendees traveling to FinDEVr London will be coming in from all over the world. Check out the presenter map to see the locales:


FinDEVr London 2017 is sponsored by TestDevLab.

FinDEVr London 2017 is partnered with Aite Group, Banking TechnologyBayPay Forum,, Brave New CoinBreaking Banks, Byte Academy, The Canadian Trade Commissioner ServiceCelent, Cointelegraph, Colloquy, Cooper Press, DistributedEconomic Journal, Empire Startups, Femtech Leaders, Finmaps, Fintech Finance, Global DataHarrington Starr, Holland FintechLevel39, London Tech Week, Mapa ResearchMercator Advisory Group, The Paypers, Plug and Play,, SME Finance Forum, StartupbootcampSwiss Finance + Technology Association, and Women Who Code.

Financeit Receives New Funding Capacity of $85 Million

Point-of-sale consumer financing company Financeit announced $85 million in new funding capacity this week. The funds are made available to the Canada-based company through a $75 million renewable securitization facility and $10 million warehouse line of credit.

The warehouse line of credit comes from a major Canadian life insurance company. While Financeit declined to name the specific contributor, the company said it is a “major” player in the space. Financeit COO Casper Wong said, “We have a history of managing successful securitization programs, and we’re thrilled to be launching this new partnership.” He added, “We see this as the natural evolution of our growth and a major milestone. The company is a known leader in this space and we’re proud to be working with them.”

Financeit will use the new funds to “execute on its growth strategy.” Since acquiring TD Bank’s home improvement financing assets in September 2016, Financeit has experienced notable growth. The company’s founder Michael Garrity said last December that the deal had “transformed the business” and doubled its loan value and revenue. Because of this success, Garrity went on to state that he is open to considering more acquisitions.

In October 2016, Financeit closed on $17 million in venture funding from the Pritzker Organization and DNS Capital to fund the $339 million purchase of TD Bank’s home improvement financing assets and to fuel the company’s growth. Earlier in 2016, Financeit debuted its direct-to-consumer financing platform, Financeit Direct, which enables consumers to apply for funds via their mobile device. At FinovateFall 2014, Financeit made its U.S. debut in conjunction with FIS.

Sandstone Technology Inks Digital Banking Deal with SBS Bank

Guess who’s getting a brand new digital banking platform?

Sydney, Australia-based Sandstone Technology is teaming up with SBS Bank to provide customers of the 148-year member bank with an “anywhere, anytime banking experience.” Fellow Finovate alum and Sandstone partner, Liferay, is also participating in the project, which will ultimately feature an online sales channel to “support the origination and fulfilment of Member applications for accounts and investments.” SBS Bank CEO Shaun Drylie highlighted Sandstone’s implementation, calling it “key” to moving the bank toward its goal of providing “a banking eco-system where we can seamlessly plug-in to a range of smart third party and/or self-powered digital services for our Members to consume.”

Pictured: Sandstone Technology’s Mathew Cagney (General Manager, Sales) and Sam Plowman (CEO) demonstrating BankFast Mobile App 2.0 at FinovateEurope 2016.

Founded in 1996, Sandstone Technology demonstrated the BankFast Mobile App 2.0 at FinovateEurope 2016. The company has 35 customers in Australia, Asia, Europe and New Zealand, and more than 400 deployments worldwide. Sandstone was featured in AustralianBroker earlier this year in an article about how ING used Sandstone solutions to increase efficiencies in the origination process. Last December, the company helped ME Bank launch its new internet banking service, built using Sandstone’s BankFast platform. We highlighted Sandstone as part of our look at fintech in Australia last year.

With assets of more than $2.5 billion, SBS Bank is a New Zealand-based bank founded in 1869. The first building society to earn bank registration while maintaining its mutual ownership structure, SBS Bank has 16 branches in New Zealand’s North and South Islands, and provides mobile mortgage managers in Auckland and Christchurch.

Finovate Alumni News


  • Sandstone Technology Inks Digital Banking Deal with SBS Bank.
  • Financeit Receives New Funding Capacity of $85 Million.


Around the web

  • Misys adds Synechron to its InFusion Partner Program.
  • Fiserv leverages robo-advisory and automation technology from fellow Finovate alum Trizic to enhance its wealth management solutions.
  • Bento Chief Operations Officer Sean Anderson discusses the future of regtech and the problem of one-size-fits-all compliance programs.
  • The 2017 NSS Labs gives Check Point Software Technologies a ‘Recommended’ rating.
  • Money Marketing features Scalable Capital.
  • City of Memphis to leverage to offer student loan debt reduction program for employees.

This post will be updated throughout the day as news and developments emerge. You can also follow all the alumni news headlines on the Finovate Twitter account.

Stratumn Lands $7.8 Million, Forms Strategic Partnership with NASDAQ

Regtech blockchain startup Stratumn just landed $7.8 million in Series A financing. This sum brings the company’s total funding to just over $8 million when combined with the $670k seed money it received in March of 2016.

The round was led by CNP Ventures, with contributions from Otium Venture, Nasdaq and Digital Currency Group. Stratumn will use the funds to accelerate development by focusing on research, product design, and business development. The company will also address human resources, with a plan to double its 15-person workforce by the end of next year. While Stratumn has already developed 10 projects with NASDAQ, along with a handful of France-based corporations– including CNP Assurances, Allianz France, Thales, Bureau Veritas and Bouygues Immobilier.

Stratum also announced today that it is deepening its collaboration with the Nasdaq via a new, strategic partnership. The co-research and development partnership aims to leverage Proof of Process Technology “to enhance the software solutions and products for the capital markets, particularly in Nasdaq’s Market Technology business and its own enterprise technology unit.”

In a press release, Stratumn CEO Richard Caetano said:

“We are very confident about Stratumn’s development prospects in the upcoming months and years. The successful closing of this round, as well as our investor’s commitment as strategic partners, is rocket fuel which will power the development and launch of Proof of Process Technology.”

Above: Stratumn CEO Richard Caetano presenting at FinDEVr New York 2016

Founded in 2015, Paris-based Stratumn’s Proof of Process technology helps streamline and secure the exchange of data among partners, customers, and regulators by leveraging the blockchain. At FinDEVr New York 2016, Caetano, gave a presentation titled Building and Securing Smart Workflow Using Chainscript and the Stratumn Blockchain Development Platform.

Want to see more fintech aimed at developers? FinDEVr London is happening next week on 12 & 13 June. Register today to save your spot.

FinDEVr Preview: HackerOne

FinDEVr Previews highlight companies presenting new developer tools, platforms, and integrations at FinDEVr London 2017.  Get ready – FinDEVr’s London conference is just a few days away! Register today before the show starts June 12  & 13. 

Bug bounty programs are popping up all over the place, as more and more companies embrace collaborating with friendly hackers to find vulnerabilities before cyber criminals have a chance to exploit the same bugs for nefarious purposes. The presentation from HackerOne will show how external hackers can help assess and quantify your security posture.


Why it’s a must-see

Today, most fintech companies are running these bug bounty programs in private. Whether you run an active program, or if your security email address is routed to /dev/null, this session will help attendees shed blind dogma and walk away armed with an analytical approach towards building an effective vulnerability disclosure program.

Check out more previews of upcoming FinDEVr London 2017 presentations. Visit our registration page to save your spot.