This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Tracking fintech, banking & financial services innovations since 1994
SaaS banking platform Mambu is even more prepared to support the banking-as-a service trend that’s sweeping the fintech industry. That’s because the Germany-based company received $135 million (€110 million) in new funding this week.
The investment was led by TCV, followed by new contributors Tiger Global and Arena Holdings and existing investors Bessemer Venture Partners, Runa Capital, and Acton Capital Partners. TCV General Partner, John Doran, will join Mambu’s board of directors.
The company also disclosed a new valuation of more than $2 billion (€1.7 billion), which places it in the fintech unicorn club (two-times over!).
Mambu will use the funds to accelerate growth and boost its presence across the globe. Specifically, the company announced intentions to deepen its footprint in Brazil, Japan, and the U.S.
“As an increasing number of challenger and established banks sign on to prepare themselves to thrive in the fintech era, we have, and will continue to provide them with a world-class platform on which to build modern, agile customer-centric businesses,” said Mambu CEO and Co-founder Eugene Danilkis. “This latest funding round allows us to accelerate our mission to make banking better for a billion people around the world and address one of the largest, most complex global market opportunities that’s still in the infancy of cloud.”
Mambu was founded in 2011 and emerged as one of the pioneering players to move banking software to the cloud. Since then, the company has seen success from its concept of composable banking that allows clients to build a banking experience to suit their needs without being tied to a specific vendor, product, or technology. This shift away from legacy core banking platforms, along with plug-and-play integrations, helps banks future-proof their systems to better serve their customers. Among Mambu’s customers are ABN AMRO, N26, OakNorth, Orange, and Santander.
Today’s news comes after a strong period of growth for Mambu. The company has seen around 100% YoY growth and is planning to support it by doubling its team to more than 1,000 by next year.
Citizens Savings Bank and Trust, the oldest African-American-owned bank in the U.S., is the latest regional FI to partner with Computer Services Inc. (CSI) in order to offer its customers a range of digital banking services.
“We always want to honor and cherish the history and legacy we have, but we must also lead our team and our organization toward the future,” Citizens Bank president and CEO Sergio Ora said. “We can be very committed and passionate about our vision and mission, but in order for us to help people develop financial independence and wealth equality, we must have the resources and technology. CSI will play (an) integral role in giving us that.”
Founded in 1904 by a trio of African-Americans in Nashville, Tennessee, the originally-named One-Cent Savings Bank and Trust Company was dedicated to serving black Americans in the wake of the Civil War and, more directly, the collapse of Reconstruction. Still serving the community over 100 years later as the oldest, continuously operating African-American-owned bank in the U.S., the firm changed its name to Citizens Savings Bank & Trust in 1920. By 1946, the bank had reached $1 million in capital and deposits and, by 2014 arrived at its goal of $100 million in assets.
“For more than 100 years, Citizens Bank has never faltered in its mission to provide financial opportunity to individuals and communities who have been overlooked and underserved,” David Culbertson, president and COO of CSI, said. “We are honored that this important and vibrant institution chose CSI to deliver innovative solutions that will help its customers grow wealth, solidify their businesses and make their dreams come true.”
Citizens Bank will deploy Computer Services’ core banking platform NuPoint. The solution was cited last year in Aite Group’s core vendor report and praised for its “excellence in user experience” and ability to improve internal reporting. “CSI’s newly redesigned core banking platform … stands out from its competition as a result of its modern look and feel, graphics, and innovative way of displaying banking relationships,” Aite Group senior analyst David Albertazzi said last spring.
Headquartered in neighboring Kentucky and founded in 1965, Computer Services Inc. provides digital banking, cybersecurity and IT, and regulatory compliance solutions to financial institutions and corporations around the world. Last month, CSI teamed up with Finovate alum Featurespace to launch a new anti-money laundering solution, WatchDOG AML. Also in December, the company announced a partnership with Iowa-based Premier Bank – who will also deploy CSI’s NuPoint solution.
The U.S. government has approved a second round of Paycheck Protection Program (PPP) loans. The Consolidated Appropriations Act of 2021, which was signed into law late last year, is the second stimulus package, following the passage of the CARES Act in March of last year.
The second round of PPP loans, or PPP2, provides $284 billion in aid to small businesses suffering because of the pandemic. With PPP2, there are a few key differences from the first iteration. Here’s what you need to know:
Eligibility has changed
Unlike the first round, some 501(c)(6) not-for-profit organizations that have fewer than 300 employees may be eligible for funds if they meet limited lobbying requirements.
Businesses may qualify for a second loan
Businesses are eligible for a second PPP loan of up to $2 million if they have used up their first loan, have fewer than 300 employees, and experienced quarterly revenue declines of 25% in 2020 compared to the same quarter in 2019.
Additional expenses are covered
The first round of PPP stipulated that funds had to be used toward payroll, rent, mortgage, and utilities in order to qualify for forgiveness. PPP2 has added a few categories to that list, including operational expenditures, payments to suppliers, property damage costs resulting from public disturbances, and costs associated with protecting employees.
More time to use funds
The “covered period,” or the time the business was required to use the funds in order to qualify for forgiveness, was originally eight weeks. It was later amended to allow borrowers to chose a 24 week period. Under PPP2, borrowers have more options– they can choose any covered period between eight and 24 weeks.
Is it enough?
According to Greg Ott, CEO of Nav, a platform that matches small businesses with lenders, PPP2 is a “much-needed” improvement, but still falls short for some small businesses.
“The primary reasons for this,” he explains, “include the fact that the burden of navigating the complex and intimidating application process is too heavy for most small business owners struggling to survive day-to-day, the bill itself is written by people who don’t genuinely understand what these businesses need, and the traditional banking system simply isn’t set up to prioritize truly small businesses.”
“The new funds are certainly welcome, but it will unfortunately be too little and too late for many business owners,” Ott added.
U.K.-based crowdfunding platform Seedrs reached a major milestone in recent weeks. The company surpassed $1.4 billion (£1 billion) in investments made on its platform.
This comes almost 12 years after the company was founded in 2009 by Carlos Silva and Jeff Lynn as a way for all types of investors to contribute equity funding to startups in Europe.
“We passed many milestones in 2020; from having hit 17 company exits to delivering over 27,000 investor exits on our secondary market,” said CEO Jeff Kelisky. “However, on Christmas Day we passed the £1 billion mark in platform investments.”
Of those 17 exits, seven ocurred in 2020 alone. In total, Seedrs has delivered over $5.5 million (£4 million) in returns to investors, not including profits received by investors on the Seedrs Secondary Market.
Seedrs’ most recent development is its Secondaries Solution that allows founders, employees, and early investors to receive secondary liquidity without having to wait for an IPO or exit event. As Seedrs Manager Josh Davey explained, “Now, I’m excited by the launch of our liquidity solutions for later-stage companies, which will further open up access to investing in pre-IPO companies for retail investors, while providing financial liquidity to some of the founders and employees that have built some of the startups that have come to define how we live in the 21st century.”
In 2016, Seedrs was cited as the most active investor in private companies in the U.K. In October of last year, Seedrs merged with fellow equity crowdfunding platform Crowdcube.
Two of Finovate’s most innovative alums – open finance/Money Experience specialist MX and financial data infrastructure company Hydrogen – have teamed up in an integration partnership that will make it easier for fintech developers to create sophisticated apps in minutes.
With access to account aggregation and enhanced data courtesy of MX’s financial data APIs, Hydrogen’s clients will be able to embed and secure accurate financial data connections into their solutions. The integration, according to Hydrogen, will improve the efficiency and cost savings of the development process by more than 80% – a major goal of the integration.
“We are very excited to formally launch this partnership with MX,” said Mike Kane, co-founder of Hydrogen. “As we tackle the enormous, embedded finance opportunity, our combined years of experience in working with financial institutions and technology companies made this a natural partnership for us.”
As part of the agreement, users of Hydrogen Money and Cards solutions (supporting PFM/BFM and card issuance functionality, respectively) will also be able to access additional MX solutions, including the company’s automated financial management and ML-powered insights, as well as MX’s account connections for money movement.
Calling the partnership a “perfect match on so many levels,” MX EVP of Partnerships Don Parker said that working with Hydrogen will help MX grow in the embedded finance market, which he called “an increasingly important opportunity” for the company. “The partnership opens up MX functionality to even more fintech companies and organizations that are already working to improve financial strength and access to quality financial tools,” Parker said.
Lehi, Utah-based MX most recently demonstrated its technology at FinovateFall in 2019. The multiple-time Best of Show winner showed how its MX Enabled platform helps financial institutions add to their product offerings by linking them with third-party fintechs through MX’s API ecosystem. More recently, MX forged partnerships with VyStar Credit Union and credit education company Borrowell. This spring, the company discussed how it developed a free, open-sourced loan application portal to facilitate PPP funds at the onset of the global health crisis.
Hydrogen made its Finovate debut in London in 2018. Headquartered in New York, the company announced a strategic investment from FINLAB, a new incubator created by EML Payments, back in November. Also last fall, Hydrogen announced that it had been selected for Plug and Play’s 2020 Winter fintech cohort, and unveiled partnerships with fellow Finovate alum Dwolla and market data services provider Barchart.
With a Democratic administration only weeks away from taking office, some are wondering about the prospects for a revitalized Consumer Financial Protection Bureau (CFPB). Created during the last Democratic administration – and largely sidelined during the now-ending Trump administration – the CFPB has found itself back in the fintech headlines in recent days.
PayPal Takes On CFPB Over Card Rules
A federal judge brought resolution to a lawsuit PayPal filed against the Consumer Financial Protection Bureau in December 2019. U.S. District Court Judge Richard Leon agreed with PayPal that the CFPB had overstepped its authority in its effort to regulate prepaid cards and digital wallets. PayPal had asserted that in forcing them to include “short form” fee disclosures that included categories that were not relevant, the CFPB’s rule was confusing customers. What’s worse, customers were being led to believe, PayPal claimed, that they were exposed to a wide variety of potential fees – which was not the case.
The situation seems almost to be one of mistaken identity. The rules being applied by the CFPB with regard to expenses like ATM balance inquiries make sense for providers of reloadable prepaid cards, but not for PayPal, which does not subject its customers to these fees. That said, it was the CFPB’s rule-making authority itself that was the target of what Reuters described as a judicial “decision studded with exclamation points.”
PayActiv Wins Earned Wages Access Approval
Meanwhile, the Consumer Financial Protection Bureau’s aim seems to be more true in the case of of earned wage access. PayActiv, Finovate alum and innovator in the earned wage access space, announced last week that its program is exempt from Federal lending laws per new regulations established by the CFPB.
The key issue was whether or not PayActiv’s Earned Wages Access (EWA) program, which enables workers to get access to their already-earned wages in advance of scheduled paydays, involves credit. If it did, the program would be subject to the Federal Truth in Lending Act, as well as Regulation Z.
Fortunately, the CFPB ruled that “the accrued cash value of an employee’s earned but unpaid wages is the employee’s own money” and, as such, does not create a debt obligation. PayActiv added that the approval was both the first of its kind from the CFPB and specific to PayActiv’s EWA program. The CFPB added that the company’s initiative was an “innovative mechanism for allowing consumers to bridge the gap between paychecks (and) differs in kind from products the Bureau would generally consider to be credit.”
PayActiv co-founder and CEO Safwan Shah called the approval a “watershed moment” for his company. “We are very proud that the CFPB has recognized this important innovation and validated PayActiv’s pioneering work in creating low or no-cost employer-sponsored access to earned wages. Employers can take comfort in knowing that PayActiv continues to be the leader in responsible EWA for employees.”
Synchrony Gets Nod for Secured/Unsecured Credit Card
The new dual feature credit cards (DFCC) from Synchrony Bank are designed to provide financing opportunities for consumers who do not have strong credit profiles. Cardholders provide a security deposit in order to use the credit cards in their secured mode and, if certain eligibility criteria are met after a minimum of one year, the cardholder becomes eligible to use the card in its unsecured mode. And last week, the CFPB gave the wholly-owned subsidiary of Synchrony Financial the green light to go forward with its DFCC solution.
In large part, the CFPB’s ruling for Synchrony represented a broader embrace of bringing financing to consumers with lower credit scores. The Bureau referred to these efforts as “represent(ing) a potentially significant point of access to credit for certain consumers” and favorably compared Synchrony’s dual feature card to other secured card offerings.
Critically, Synchrony will provide complete transparency with regard to the cost differences between the secured and unsecured features, including the lower rate on the secured card. Cardholders that graduate to the unsecured Synchrony credit card are not eligible to return to the secured card.
Corporate card and expense management platform Divvy is starting off the new year with new cash. The Utah-based company closed a $165 million series D investment, boosting its total funding to $417 million.
The new round also crowns Divvy with unicorn status; the company is now valued at $1.6 billion. New investors Hanaco, PayPal Ventures, Whale Rock, and Schonfeld participated, as well as previous backers NEA, Insight Venture Partners, Acrew, and Pelion.
Divvy will use the funds to “invest heavily in product development and engineering in order to accelerate [its] future roadmap.”
Divvy was founded in 2016 and offers free expense management software combined with corporate credit cards to provide its clients visibility and control over their budgets. Among the company’s clients are Noom, Solo Stove, Rhone, EyeCare Partners, the Utah Jazz, and the Atlanta Dream.
“The best in every vertical choose Divvy,” said Divvy CEO Blake Murray. “We’re not just building for tech startups—we help businesses across the country by providing the capital and financial software they need to thrive. We’re fortunate to be able to build for companies of all sizes and we’re grateful to everyone who has helped us get here.”
Because managing expenses is a key element in helping small businesses survive a financial crisis like the one brought on by COVID, Divvy is in the midst of a growth spurt. Since March of last year, the company has seen a 500% increase in monthly sign-ups.
According to TechCrunch, Divvy’s competitors in the space include Ramp, Teampay, and Airbase. Each of these startups has closed a major round of funding recently, indicating the expense management space is heating up. The fact that Divvy offers its software for free is likely to offer it a leg up over some of its other competitors.
“With its compelling free software, Divvy is poised to become a key part of the financial nervous system for businesses,” said Peter Sanborn, Vice President, head of corporate development at PayPal and managing partner of PayPal Ventures.
With $7.5 million in fresh capital and a green light from the U.S. Patent & Trademark Office for its “Credit Bureau 2.0” moniker, Finovate newcomer Trust Science enters 2021 even better prepared to fulfill its mission of empowering lenders who serve un- and underbanked communities.
“Between 64 million and 100 million Americans, adult consumers, cannot be scored for credit, or scored properly. In the world, it’s three billion adults,” Trust Science founder and CEO Evan Chrapko explained during his company’s Finovate debut in 2019. “We’re here to solve that problem and give deserving people the credit that they deserve.”
Founded in 2007 and headquartered in Edmonton, Alberta, Canada, Trust Science is part of the burgeoning subprime credit risk analysis industry. In recent days, Trust Science confirmed both that it has boosted its total capital to $11.5 million and that it had secured trademark approval for its AI-powered, dynamic credit scoring platform – Credit Bureau 2.0.
Trust Science’s platform leverages AI and machine learning to generate profiles that can be used to provide credit scoring for thin file and no-hit consumers. The solution uses alternative and unstructured data, such as the size and scope of social networks, message and data sentiment, and other factors to “expand the scorable universe” of potentially worthy borrowers and to provide better product fits for all customers.
Since its FinovateSpring appearance, Trust Science has forged partnerships with Inovatec Systems, Vergent Loan Management Software (formerly eSoftware Solutions), and was nominated as AI Company of the Year by the Canadian FinTech and AI Awards. Just under a year ago, the company hired former Equifax executive Jeremy Mitchell as its Chief Data and Analytics Officer. As part of his 20 years of experience in alternative data and analytics, Mitchell was part of the original development team that built VantageScore, a rival to the traditional FICO score.
“Trust Science is building solutions that benefit both the consumer and the lender,” Mitchell said when the appointment was announced. “This decade will see the world expect Alternative Data and AI to be harnessed for good, like Financial Inclusion.”
We cannot yet speak for the decade and alternative data. But we already know the role alternative data has played in supporting financial inclusion over the past year, as the health and economic consequences of COVID-19 have put severe financial stresses on small businesses, their workers, and their families.
Chrapko addressed this challenge – and opportunity – in a CEO Letter early last year as the lockdowns were taking hold across the world. “Individuals and businesses are already feeling financial shortfalls,” he wrote. “Lenders like you are going to need to make decisions about a growing number of individuals within the context of a volatile and uncertain market.”
With concerns over new, more contagious strains of the coronavirus forcing more lockdowns and social distancing, the pressure on lenders is not likely to relent any time soon. Leveraging alternative data – via partnerships with companies like Trust Science – may help them make more accurate, fairer, credit decisions to ensure that thin-file borrowers get the help they need and lenders take on only the risk they can afford.
Venmo‘s new launch is making it easier for users to deposit their paper stimulus checks. The PayPal-owned company unveiled a new feature called Cash a Check that enables users to do just that– cash paper checks in the Venmo app.
Eligible users can take a picture of their check, Venmo reviews the check, and the funds are usually approved within seconds and available in the user’s account in a few minutes (though the company disclosed the approval may take up to an hour).
“We know that with health and safety top of mind for many, having a safe way to access stimulus payments is essential for many of our customers, especially those who are receiving paper checks and traditionally would have to visit a physical check-cashing location,” said Venmo SVP and CM Darrell Esch. “By introducing the Venmo Cash a Check feature, we are not only enabling our customers to access their money quickly and safely from the comfort of their own homes but are also waiving all fees for cashing government issued checks to ensure customers can use their stimulus funds to pay for the things they need most.”
Users should not expect to be able to deposit the check they received from their grandma for Christmas, however. The initial launch is limited to printed payroll and government checks. In fact, the launch seems to focus on helping users cash their stimulus checks.
As Esch noted, fees for depositing government-issued checks will be waived for a limited time, until Venmo has cashed a total of $400,000 in government-issued checks. After that point– and for printed payroll check deposits– users face a fee of 1% to 5%, depending on whether the signature is hand-signed or pre-printed.
The steep fees are owed to the risk associated with remote deposit check capture. In addition to the risk of fraud, Venmo now exposes itself to costly human errors, such as unintentional efforts to deposit a single check multiple times.
Today’s launch is the latest effort in a series of moves Venmo has recently made to compete with the rise in challenger banks. Last October, the company launched a credit card offering and, a few months earlier, unveiled a new tool to help micro-businesses accept payments.
Digital banking platform Oxygen secured $17 million in new funding today. The Series A round featured participation from a sizable array of investors ranging from Runa Capital and Rucker Park, to fintech entrepreneurs like Plaid co-founder William Hockey and celebrity athletes like NFL wide receiver Larry Fitzgerald.
Added to the $7 million in seed funding the company picked up just over a year ago, this week’s investment takes Oxygen’s total capital to $24 million. In its announcement, the company noted that the financing will enable it to add talent, accelerate growth, and continue to develop its consumer and SMB banking solutions.
“This investment not only validates what we’ve built but also enables us to continue pursuing our vision of building financial tools that integrate seamlessly with the digital world of today and delight our customers,” Oxygen CEO Hussein Ahmed said. “We founded Oxygen because we wanted to provide financial services in the same way people interact with technology in their everyday lives.”
With an emphasis on both consumer and small business banking, Oxygen brands itself as the bank for “free thinkers, rebels, and entrepreneurs.” The challenger bank offers personal accounts with no monthly fees, cashback rewards, up to two-day early deposit, an Oxygen Visa debit card, and multiple virtual cards. Business customers benefit from these features also, as well as business management tools for making cash flow projections, integrating accounting solutions, creating LLCs, and mailing checks from the Oxygen app. Both personal and business accounts are FDIC-insured through Oxygen’s partnership with The Bancorp Bank.
Headquartered in San Francisco, California, Oxygen has gained more than 125,000 accounts and achieved revenue growth of more than 900x since launching at the beginning of last year. In May, the company announced a partnership with CPI Card Group to develop its own personal and small business debit cards. Tearsheet.co profiled Oxygen founder Ahmed in December.
The following is a guest post by Lily Tran, content writer for MoneyTap.
Southeast Asia is one of the fastest-growing fintech markets in the world. The expected market growth is estimated to be between $70 billion and $100 billion by 2020, outpacing the likes of the U.S., U.K. and China.
One of the contributing factors to this growth in this region is its insufficient financial inclusion. The World Bank data points to a lack of access to financial tools in southeast Asia. As per the data, in Indonesia, only 49% of adults have formal bank accounts; in Cambodia, the number is 22%, and in the Philippines and Vietnam, it’s 34% and 31%, respectively. The penetration of insurance and wealth management is also low.
This makes it difficult for people to save, borrow, and manage money easily. This has given a tremendous opportunity to fintech companies to offer innovative opportunities for unbanked consumers to take fintech services and improve their financial situation.
Investors are channelling funding into the region, with financial technologies as their primary investment. According to new data from CB Insights, fintech fundraising activity in southeast Asia grew by 143% year on year in 2018. Fintech investments in Southeast Asia increased by more than 30% through 2018 to reach approximately $6 billion.
An international finance company, Robocash Group, in its recent report released the names of the top five countries experiencing the fintech boom in southeast Asia. So let’s take a closer look:
Singapore is at the forefront of the fintech boom, dominating the region’s fintech market for several years now. In 2017, 400 local fintechs raised a combined total of $229 million.
With an appetite to consume a range of fintech offerings, Singapore fetched more than 50% of all fintech deals made in the region between 2013 and 2016. The diversified fintech market includes fund transfers, cryptocurrency trading, peer-to-peer payments, investment apps, insurance services, money lending services, and crowdfunding platforms.
Indonesia is largely populated, but only over 50% of its population are active internet users. This means roughly 150 million people have the means to use fintech. 61% of Indonesia’s internet users have registered for mobile banking apps. And 11% of its population transact online to purchase items or pay bills. However, online payments increased to $313.6 million in 2018.
By the end of 2019, only 49% of Indonesia’s population had a bank account. Now, alternative payment platforms are rising in popularity. Peer-to-peer payment platforms make up over 30% of the all fintechs. Along with payment platforms, e-commerce is expected to push the market further forward.
3. The Philippines
2018 saw the Philippines’ central bank roll out plans to make at least a fifth of its transactions go digital within two years. The digital payment adoption was projected to increase by 20% by 2020.
The country has 71% active internet users and 65.5% unbanked. And fintech companies have emerged to bridge the gap. In 2017, $78 million in funds were raised, an increase of 13% from the year before. As mobile banking has diversified, 54% of the country’s internet users have at least one mobile banking app.
According to Singapore Fintech News, one-third of all fintech companies registered in 2018 were payment platforms, followed by alternative finance at 30%, and blockchain companies at 16%.
In Vietnam, the total transaction value in the personal finance sector has crossed the $1 billion mark. Further, this value is projected to show an annual growth rate of 38.4% resulting in a projected total amount of $4.5 billion by 2024.
According to a report, between 2017 and 2020 the number of fintech startups grew more than 179%, with payment apps leading the sector, consisting 31% of the total startups.
Along with payments, peer-to-peer lending was another field which grew rapidly during this phase. The government is planning to get more than 70% of its people over 15 years of age to own a bank account within a year’s time. In 2017 and 2018, only 31% of adults owned a bank account, and only 4.1% of its people owned a credit card. In the phase between 2010 and 2020, a vast number of personal loan apps emerged, some of which have become huge.
Like the other countries in the region, Vietnam’s unbanked population are turning to fintech for its sheer ease of financial transactions. Around 50% of the country’s internet users use mobile banking platforms, 39% make mobile payments, and 9.3% own some form of cryptocurrency.
82% of Thailand’s population is on the internet, and 74% of them bank online. 47% of all internet users make mobile payments, and 71% of them use their phones to purchase goods online each month.
Even though such a massive number of people are active online, Thailand is not a very friendly market for fintech compared to other countries in the region. The country attracts fewer investments for fintech, but that said, it’s still experiencing the fintech boom as 10% of its internet users own some form of cryptocurrency. This makes Thailand the second country after South Africa in the world for crypto ownership.
Key Takeaways from Southeast Asia’s Fintech Boom
The most disruptive fintech sectors are payments and lending.
Fintech has changed the way people and businesses make payments, save their money, borrow, invest, and buy insurance products.
Fintech has given access to finance for poor people and people in remote areas, boosting the economy and stimulating demand. Fintech has made it easier for SMEs to get small loans and credits anytime to keep their business running.
Many economies have implemented regulatory sandboxes to motivate innovation in the fintech sector.
Lily Tran is a content writer, working for MoneyTap, who writes about all things finance. Her passion for credit, debt, loan and investment drives her to help readers get an insight about everyday finance.
From fears of a cyberspace-based New Cold War between Russia, China, and the U.S., to emerging fraud threats to financial services companies, small businesses, consumers, and work-from-anywhere employees, the issue of cybersecurity is likely to loom large over all technology discussions in 2021.
To this end, we caught up with Uri Rivner, Chief Cyber Officer of BioCatch. Headquartered in Tel Aviv, Israel, and a Finovate alum since 2014, BioCatch offers an AI-driven behavioral biometrics-based platform that enables online identity verification and reduces fraud by providing account opening and account takeover protection, as well as defense against social engineering scams.
I would be remiss if I didn’t take this opportunity to ask a cybersecurity expert about the massive breach involving SolarWinds and, allegedly, Russian hackers. How do you think about this incident as a professional and how should we think about it as individuals, consumers, etc.?
Uri Rivner: This is the broadest, deepest cyber espionage campaign in a decade; the last wave of this magnitude was attributed to China, which launched a massive industrial espionage campaign some 10 years ago against hundreds of major U.S. and global corporations. I was on the receiving end of that attack during my time at RSA, which was breached in March 2011, and it was a watershed event with far-reaching implications. It galvanized the U.S. intelligence community to action, brought cyber awareness in Corporate America to the Board level, and injected a real sense of urgency to the cyber security industry.
The SolarWinds campaign has a similar effect. When FireEye – the gold standard in endpoint protection and cyber intelligence against state-sponsored attacks – is itself breached, people take notice. When dozens of high-security networks deploying every imaginable combination of state-of-the-art tools and security procedures are compromised, everyone raises an eyebrow. Those who wonder whether the cyber security scene is growing into a new “bubble” received a very clear message: listen, folks, let’s get something straight – cyber security is still unfinished business.
What was the big theme in cybersecurity in 2020? Do you believe this trend will remain as strong in 2021?
Rivner: The big theme in cybercrime in 2020 was the impact of the global pandemic on fraud and identity management. Fraud teams worldwide had to operate from home, resulting in deficiencies that fraudsters were quick to exploit. Online account opening and account takeover fraud surged, and potentially billions of dollars were scammed through government stimulus package fraud. When the dust settles in 2021, we should see the financial sector adopt new, automated fraud controls to close those gaps.
With banks accelerating their mobile-first strategy and releasing new, high-risk functionality available only for mobile platforms – e.g. P2P payments – we should expect 2021 to feature more mobile-based social engineering and malware attacks. Mobile authenticators such as fingerprint and selfie biometrics will suffer from the same fate as any other “strong authentication” technology – they’ll be circumvented using end-users as “moles” to tunnel below the security fences.
You have outlined a variety of cybersecurity trends you think we will face next year. You talk about the rise of “mule detection” as a priority for fraud detection teams. Can you elaborate on how widespread this has become and what is being done to fight it?
Rivner: Thousands of bogus U.S. bank accounts are opened each day online for the purpose of serving as “mules”. Opening a fake bank account is easy as identity records are traded in the dark web, and it’s cheaper to create your own digital mule account than to recruit a living-and-breathing collaborator to funnel your funds. Fortunately, banks use new, next-generation technologies. Device reputation highlights compromised devices used by criminals, while behavioral biometrics can identify when a genuine user uses long-term memory to enter personal information; whereas fraudsters are not familiar with the victim’s personal data and can’t type it the same way.
Outside the U.S., “work from home” mule recruitment is surging given the constant lockdowns and economic crisis caused by the pandemic. But consider this: say a user normally holds their device in a certain way, has a certain typing cadence and finger press size. All of a sudden you spot a different personality inside their account, with new habits and gestures, and the “guest” always checks in shortly after money is received… You just detected a mule, sharing their account with a “controller.” Often these “mule herders” control dozens, or even hundreds of mule accounts.
You’ve also noted that regulators worldwide are taking greater notice of social engineering scams. We’ve known that these are some of the most powerful ways that systems have been penetrated. What are regulators doing to help fight social engineering scams?
Rivner: Social engineering isn’t new, but deep social engineering is a new and dangerous mutation. This is when cybercriminals convince the user to log into their bank account and simply move money to another account belonging to the fraudster. This is done so cleverly that it has become a real epidemic – first hitting U.K. banks a few years ago, and then spreading to mainland Europe and Australia. It’s likely to reach North America in 2021, and banks are far from being ready to deal with this massive problem.
Global regulators are paying close attention to what’s happening in this front. They’re likely to demand strict and immediate measures to protect the vulnerable population from such scams using a combination of traditional transaction monitoring and next-gen capabilities such as detecting signs of hesitation, duress, distraction or being guided based on subtle behaviors measured on the user’s PC or mobile device.
On the technology front, you’ve pointed to the growing attention fraudsters are giving to fintechs and the emerging industry of mobile-first banks. What are the vulnerabilities here and what can fintechs and neobanks do to fix them?
Rivner: The mobile transformation in the financial sector is not evenly spread geographically. In Europe and Asia, mobile-only banks, payment apps and fintech are old news. In North America, the revolution is much more recent, and revolutions are always the best drivers for financial crime. Many U.S. banks offer Zelle, a peer-to-peer payment service, only through mobile apps and not yet via online banking. Additionally, the number of mobile-only financial services, loan providers and other fintechs is skyrocketing.
Crime rings that have focused their online fraud strategy solely on web applications have to adapt fast. Expect to see heavy showers of Mobile RATs and help desk scams, mobile-focused social engineering, mobile overlay malware, rogue apps, mobile emulators and other nasty fraud schemes. Fintechs and neobanks use a risk-based approach in which passive, frictionless device and behavioral biometric controls trigger active biometric controls in case of an anomaly.
You’ve said that one interesting development in fraud technology is the greater role they are playing in “trust and safety.” What do you mean by this and why is it happening now?
Rivner: The banking industry has been using advanced device and behavior analysis to fight fraud, but those technologies are also poised to play a major role in trust and safety. The problem is not stopping cyber criminals, but rather identifying genuine end-users who misuse the system, circumvent controls, gain unfair advantage over other end-users in, say, a marketplace or a gaming site, and generally breach trust and safety controls.
The global pandemic accelerated digital transformation and exposed many of these risks. For example, remote workers who have been vetted and background checked can share their accounts with others who haven’t so they can punch in more hours, creating new security exposures for the company that employs those workers. Once something like this happens, a company can lose things that are sometimes more important than actual money: accountability, fairness, trust and reputation.