IBSi Blogs

Like most criminals, cyber hackers want an easy life. Just as burglars prefer forgotten open windows over picking front door locks as a way in, so their digital counterparts are looking for targets that offer maximum return for minimum effort.

by Jason Elmer, Founder and CEO, Drawbridge

As such, while major corporations wise up to the threat of sophisticated attackers and invest in the sort of defences that limit the impact of bad actors, criminals are now turning their attention to potentially easier targets. And that includes businesses that are raising capital or those that recently announced funding – particularly when those businesses not only hold significant financial data but also potentially offer gateways, or open windows, to other companies.

It’s thus no surprise that ransomware attacks are increasingly targeting Private Equity (PE) firms and their portfolio companies (PortCos). As attacks increase, it’s imperative that investors become more aware of the risks they face and take swift action to protect themselves – and their portfolio companies.

Cyber vigilance as a differentiator

Cyber vigilance is increasingly becoming a differentiator for investors when considering companies to add to their portfolios. Gartner highlighted that “by 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements,” and in doing so noted that “Investors, especially venture capitalists, are using cybersecurity risk as a key factor in assessing opportunities.”

There’s also regulatory pressure to get houses in order. In February, the Securities and Exchange Commission (SEC) voted to propose a new set of cybersecurity rules to oversee how alternative investments or private capital firms manage risk, requiring clear policies and procedures to be put in place. In addition, advisers would need to report incidents that impact their firms, funds or clients.

Clearly, PEs need to be as rigorous in checking their own windows are closed as they are in running the rule on the security posture of target companies. For most, it means a wholesale change in their approach to cyber security. The question is, how do they begin to implement this new approach? Securing your own operations is hard enough – how do you extend that to other entities in your orbit?

Check your windows

First, it’s worth considering what open windows there could be. One of the most glaring yet overlooked open windows is the employees at PEs and their PortCos. This isn’t to suggest that everyone is maliciously trying to undermine their employer (though insider attacks do happen), more that too often an assumption is made that workers understand the ways in which they can be targeted.

The reality is that many people don’t realize how many cyber threats are designed to exploit people’s ignorance or naivety. From ransomware to phishing attacks, many of the major leaks we read about in the news can be traced back to individuals who didn’t realize they shouldn’t click on a link, open a suspicious attachment or download an app at work.

Like any good burglar- why would a cyber thief spend time trying to crack encrypted corporate networks when they could simply gain access by targeting unsuspecting employees? They wouldn’t. That’s why

the first step in any PE firm’s cyber security approach should be to focus on educating staff, starting with the PE firm itself and then extending out to its PortCos to ensure they are undertaking similar processes.

Similarly, it’s not too difficult for attackers to take advantage of a lax approach to updating software. Technology is constantly evolving, and changes to critical systems can bring immense business benefits and operational efficiencies – but can also create new gaps in defences. PE firms and their PortCos must ensure that they have a rigorous and consistent process to keep systems up to date and fix bugs as solutions are released to prevent attackers from exploiting any holes.

Sophisticated responses for new attacks

Those are just two of the windows that can be closed relatively quickly. But the fact is that attacks are becoming more sophisticated, which means the responses must too.

Only real-time cyber risk monitoring will enable firms to protect their most sensitive data and safeguard against internal and external threats. That means firms must have more than the traditionally adequate technical and logical controls – they need active, continuous risk mitigation solutions and reporting, and cyber programs that are tested using real-world scenarios that provide a clear picture of how the business would defend against and respond to an incident.

A case of when, not if

Ultimately, PE firms and their PortCos need to realize that it is a case of when, not if, they are targeted. Most businesses understand and accept it; what they will not accept is inaction, attempts to hide issues, or a failure to mitigate the impact.

That’s why the new SEC rules are pushing for incidents to be reported, and why the European Union’s General Data Protection Regulation (GDPR) has fines in place for companies that have not done everything they can to reduce the risk of data breaches. Those businesses that do not do everything in their power to respond appropriately to incidents will not only have to deal with the immediate fallout of the attack itself, but subsequent legal, financial and reputational consequences.

Close the windows to protect firms and PortCos

It’s one thing to be undone by a sophisticated attack that may be far ahead of any of your existing defences; it is quite another for an opportune bad actor to sneak in via an open window. Cybersecurity is challenging, and it’s only becoming more complicated as attackers become more sophisticated and geopolitical threats rise. It’s clear that if there was ever a time to pay attention to cyber risk and buttress your defences, it is now.

The best way for PE firms and their PortCos to protect their organizations is to make it as hard as possible for cyber attackers to gain access.  Invest in the right real-time cyber risk monitoring, confirm all your systems are patched and up to date and have your comprehensive incident response plan tested and ready to go on a moment’s notice. Put simply: Don’t be an open window.

Over the course of time, supply chains have evolved and become ever more complex and multifaceted. Where once they were local, or domestic, supply chains are now global. Whilst this drives down per unit costing through comparative advantage, it does mean that businesses need entire departments to source high-quality components for onward processing and distribution. They must also work to maintain positive relationships with suppliers during the procurement and supply chain process.

by Alistair Baxter, Head of Accounts Receivables Finance, Taulia

The changing dynamics of the world around us, whether that be economic or political, mean that we often see a play-off between market protectionism and free trade economics. Events of the last few years combined with various trade measures have significantly disrupted, and ultimately changed forever, global supply chains.

We have observed an increase in global disruptions to supply chains in recent years, particularly during the Covid-19 pandemic – and the impact of that disruption cannot be overstated. Increased shipping costs are now the norm and supply chains are being remapped by companies to try and gain an advantage over competing supply chains. This was brought to the mainstream attention when one of the world’s largest container ships, the Ever Given, whose onboard goods totalled $775 million, blocked the Suez Canal for 6 days in 2021. This form of trade friction has created disruption which negatively impacted businesses and economies and while Ever Given was a first, it may seem obvious to say that it might not be the last and businesses need to be prepared.

Resilience is now a key challenge for those responsible for sourcing and securing strong supply chains. Technology has a massive role to play in supporting this and alleviating some of the current complex challenges. Technology can paint a clear picture of where the disruptions are, or even better, predict where they might happen further down the line, beyond the current field of vision. Continued adoption of technology will dynamically allow information to flow down to suppliers – otherwise known as ‘purchase order cascades’ – to increase transparency for even the smallest suppliers.

The world of supply chains has an opportunity to lead the way in ESG by increasing communication and transparency. Technology is again the enabler, allowing for the tracking and rewarding of supplier ESG performance. It is imperative that those at the very top of the supply chain set the ESG tone and support the raising of standards throughout their supply chains. Working together will improve the supply chain ecosystem for the long-term.

Supply chain managers have a significant role to play in the reshaping of industry. In response to the purchasing habits of consumers in developed markets, it’s the best value chain that wins, as opposed to the best product or retailer, as customers come to expect prompt delivery of goods, or ESG credentials to be made clear at point of purchase. Amazon, as an example, has one of the best value chains: logistics, ease of access, and customer touch points are all carefully considered and planned. Amazon has been acquiring its own shipping containers since 2018 and chartering its own ships to avoid major bottlenecks in its supply chains and to get products onto e-shelves.

Technology has been developed to respond to this shift in behaviour and as hyper-personalisation and emotion-led experiences begin to dominate how we work and live, supply chain managers will have to find different ways to respond.

With change being the only constant, those enabling the building and continuity of supply chains are playing a vital role in reshaping industry and to best position themselves for what is coming down the tracks. Harnessing the technology at their disposal to predict and prevent the obstacles that may materialise will help them to drive success.

There’s little denying we’ve entered the age of crypto. Last year, practically every crypto wallet saw its user figures increase, with Blockchain.com wallets – the site that makes it possible to buy bitcoin – boasting more than 81 million wallet users as of February 2022. And considering the array of multi-million-dollar adverts for crypto apps/currencies shown at this year’s Superbowl, it’s fair to say that cryptocurrency has well and truly entered the mainstream.

by Amir Nooriala, Chief Commercial Officer, Callsign

And with more people interested in digital assets, many financial institutions are rushing to create their own decentralized platforms (DeFi) to cash in on the hype.

However, this growing popularity is also fueling another boom – a boom in fraud. In 2021 alone, crypto scammers stole a record $14 billion, a staggering rise of almost 80% over 2020. And while scamming was the most popular form of crypto-related crime, theft via hacking was a close second – and not just from individuals.

For instance, there were more than 20 occasions last year when a single criminal entity hacked into a crypto exchange or project, making off with a total of at least $10 million. And there were at least six occasions last year when hackers managed to steal more than $100 million from an exchange.

The lucrative nature of digital assets has made them one of the most desirable targets for modern criminals. Yet, despite the enormous sums of money at stake, without fundamental changes to how these crypto exchanges operate – and more specifically, authenticate users – this situation is only going to get worse.

Understanding the crypto ‘Wild West’

The nature of cryptocurrency has always been antithetical to how most financial services institutions work. Blockchain technology is a dynamic, decentralized innovation, so developing the controls and frameworks to better manage it has always been a daunting task for financial services businesses, governments, and regulators (which is why many banks are still resistant to it).

And despite the public’s growing interest in crypto, many still struggle to understand the basics of how a blockchain works – they simply know it may make them rich. That confluence of poor understanding and high desirability is also why crimes – such as the One Coin cryptocurrency scam – can happen.

Detailed in the book (and podcast) The Missing Cryptoqueen, millions of people paid billion dollars for a cryptocurrency called One Coin – even though it was never really a cryptocurrency or even on a blockchain.

The leader of the company/scam, Dr Ruja Ignatova, used the confidence and excitement in cryptocurrency – along with the general lack of true understanding as to how the technology works – to prey on people all around the world looking for their own crypto success story.

However, when it comes to crypto crime, there are much simpler ways of pilfering incredible wealth without the hassle of leading a fake financial revolution. That’s because there are mechanisms enabling most of these crimes to happen, and the fault very much lies with most exchanges themselves – not individuals.

Fighting modern threats with archaic weapons

Despite the futuristic nature of crypto, criminals haven’t had to reinvent the wheel to gain access to wallets and exchanges. Because many methods of attack being leveraged by most criminals are scams that traditional financial institutions have long been aware of, such as Remote Access Trojans (RATs) and Account Takeover Fraud (ATO).

However, the problem is that crypto exchanges haven’t learnt from these techniques that fraudsters have been deploying for many years. Instead, they are deploying controls banks stopped using 10 years ago. While these controls would be fine to protect social media accounts, they are no longer enough to protect your cryptocurrencies which are now incredibly valuable.

In addition, crypto exchanges aren’t bound by the same stringent rules and regulations other financial institutions – such as banks – are. For instance, in comparison to the billions mentioned above that have been scammed from exchanges in recent months, the £1.3 billion lost by banking customers to fraudsters in 2020 is but a drop in the bucket. And that’s despite the uptick in fraud due to Covid-19.

One way crypto exchanges are particularly letting their users down is in how they conduct authentication. When these businesses want to authenticate a user’s ID, the tendency is still to use passwords and usernames, reinforced by “possession factors” – such as an OTP (one-time-password) sent via SMS message to users’ phone.

On the surface, OTPs seem like a reasonably secure method of authentication, but SIM cards were never designed for security which is why many banks have moved away from authenticating customers with them. So, credit stuffing, SIM swapping and SS7 attacks, passwords, usernames and OTPs all present fraudsters with very convenient workarounds for all the subsequent layers of security these platforms have.

But even though these are old vulnerabilities being exploited, that doesn’t mean cybercriminals are resting on their laurels – scams are getting larger and more devastating every year.

RATs for instance – whereby scammers use malware to remotely control infected computers and send/receive data from the system – are increasingly being substituted with its mobile equivalent, MRATS, to gain access to devices.

Used in tandem with other forms of attack such as credit stuffing, has proven to be incredibly effective for criminals. For instance, an ATO attack is when fraudsters use stolen credentials to try and gain access to genuine accounts, often leveraging automated tools to “credit stuff” at an astounding rate. One fraud prevention platform estimated that incidences of ATO grew a staggering 307% over just the last two years.

Simply put, it’s time for this new wave of financial institutions to stop the fraudulent activity taking place in the crypto sector under their watch. And the only way to achieve that is to uproot the broken foundation of authentication that’s currently letting its users down, in lieu of a modern solution better fitted to our digital world.

The age of biometrics

Despite the many makeovers usernames and passwords may have undergone, they’re still analogue solutions that are merely being used in a digitized context. As such, the entire notion of digital identity is built on a fundamentally broken system not built for a truly digital world.

Biometrics, on the other hand, presents a truly digital solution capable of keeping up with our dynamic world. Unlike a username or password which can be intercepted or compromised, behavioural biometrics, such as Callsign’s platform can be finetuned to individuals. It can consider everything from how a device is being held, the speed and style of keystrokes, and numerous other idiosyncrasies that are impossible to mimic.

Behavioural biometrics give businesses a method of authentication that requires no additional hardware on the part of the user (device agnostic) and doesn’t impact the user experience in any way. All while learning and adapting over time as that user’s relationship with the business evolves.

So, as crypto fraud shows no sign of slowing down, it’s now incumbent on these exchanges to interrogate the ways they authenticate users and ask themselves if their security policies are in fact putting their customers at risk. Because the sooner they can start fixing digital identities in a meaningful way, the better.

With so much data locked in unstructured formats, such as PDFs, invoices and emails, discovering information to either prove compliance or non-compliance at scale is becoming increasingly difficult. Remaining compliant is a mission critical consideration for organisations operating within regulated industries. For regulators, it’s also vital that processes are strictly followed, and that non-compliance is identified as soon as possible. On both sides of the regulatory fence, having access to the right information as and when it is needed is key.

by Ryan Moore, Head of Data and Analytics at Aiimi

To overcome the challenges of managing information across systems, organisations are increasingly adopting insight engines to intelligently identify and surface all relevant information. By leveraging this capability, both the regulated and the regulators are able to streamline regulatory compliance processes.

Organisations operating within heavily regulated industries, such as financial services, will typically hold vast amounts of historical data and information that will fall within the scope of regulatory audits. The key challenge here is that much of this information is contained within unstructured and semi-structured documents that are hidden within multiple systems, presenting significant challenges when it comes to discoverability and disclosure.

Organisations should, of course, be fully aware of the regulatory compliance frameworks that govern their usage and management of data. These frameworks are usually transferred into business rules that dictate the processes by which documents and data are shared, stored and managed—for example data classification and security and access controls. This is best practice, but it’s often only when audits are conducted that organisations discover how stringently business rules have been followed. Add to this problem the likelihood that data regulations will have been updated or superseded by new regulations over a number of years, and that the personnel responsible for creating business rules may have left the organisation, and the compliance challenge becomes clear.

With essential pieces of information missing, producing compliance reports requires a significant amount of manual intervention, which is both costly and time-consuming; the average cost of compiling a DSAR (data subject access request) response, for example, is £6,000. In short, business rules can only take the organisation so far when it lacks the capability to intelligently search, discover and classify structured and unstructured data.

This is where insight engines can deliver significant benefits and move organisations towards an advanced compliance model that allows regulatory reports to be compiled and delivered with confidence.

Enriching and evolving with deeper insights

By crawling through systems and identifying relevant information that lies within unstructured documents, insight engines eliminate compliance risks by interconnecting and enriching all data across the enterprise. This allows the organisation to quickly determine the information assets that conform to business rules—i.e. regulatory frameworks—and those that do not. The latter can then be audited and classified through further enrichment steps, such as named-entity recognition, which identifies terms or phrases within unstructured documents, and assigning labels to them.

Not only does this build in an advanced level of intelligence and automation when it comes to compliance, it also brings agility to governance and compliance, as organisations can adapt to regulatory changes with ease by adapting or implementing new business rules. Without an insight engine to surface the information that relates to new regulations, this would not be possible.

Predictive compliance

Another benefit of adopting insight engines is that they prepare organisations for more advanced information management capabilities. For example, organisations can take advantage of the classification and labelling function of insight engines and enable new documents and data to be automatically assessed for compliance. Machine learning can also be used to predict potential risks, providing advanced alerting capabilities taking us one step closer to automating compliance.

This is useful for both the regulators and the regulated. For regulators, alerts can be created when organisations exhibit risk. An example might be an alert that flags the creation of a new company that has the same postcode or founder as an organisation that has previously been closed down for serious regulatory breaches.

For regulated organisations, advanced alerting and risk scoring can provide a fast route to remediation when non-compliant documentation and data is introduced to systems. Further to this advanced redaction technology can also be used to eliminate risks associated with sharing larger data sets, allowing only the relevant information to be disclosed.

The right information at the right time

Key to automating the regulatory process for both the regulated and regulators is the ability to discover and order data. Insight engines bring more information to a visible state, meaning the landscape of information is richer and more detailed. This means reports are more accurate and organisations more compliant. The potential for advanced analytics is also unlocked once all information is made discoverable.

With regulators increasingly able to identify compliance risk with insight engines, it is incumbent upon the regulated to stay ahead by adopting similar technology. Insight engines make information readily discoverable at the right time, allowing both sides to ensure regulatory processes are more efficient, accurate and cost effective.

In an era of fintech innovation, banking outside of a bank branch is now the widespread norm, as we have all become accustomed to accessing and managing our finances with the press of a few buttons. Through embedded finance, we’ve seen fintech influence our lives even further in recent years, enabling non-financial providers to seamlessly embed financial products into their customer journeys.

by Karan Shanmugarajah, CEO, WealthKernel 

However, the success of embedded finance is now highlighting an untapped opportunity – embedded wealth. Just as embedded finance has enabled customers to access payment, lending and insurance products from non-traditional providers, embedded wealth will see businesses integrating wealth and investment services for their customers. With the technology for embedded wealth now readily available, it might not be long before you can buy stocks and shares alongside your meal deal of crisps, a sandwich and a drink.

The rise of embedded finance

If you are reading this article on a smartphone, there is a good chance that the next app you open uses embedded finance. Everything from the ride-hailing app Uber to the food delivery service Deliveroo, is now integrating financial solutions to give customers more convenient payment options. This opportunity offered by embedded finance has seen widespread adoption, with research from Juniper projecting a value of $138 billion in 2026, a dramatic increase of $95 billion from 2021 (Juniper, 2021).

What makes embedded finance so appealing for businesses are the low costs and easy integration compared to traditional bank offerings. All processes relating to money management from digital wallets like Apple Pay to the over $4.07 billion BNPL industry (Grandview Research, 2021) fall under this remit of financial products offered under embedded finance. There are other benefits beyond cost to integrating financial products into a business’ offering – allowing for monetisation based on their established brand. By integrating these third party financial services, businesses can gain increased insight into customer spending and allow for a data-driven approach to further improve customer experience. Due to the relatively low costs, companies can also experiment with a broader offering without compromising heavily on revenue or reputation; for instance, Uber was able to quickly de-prioritise its financial service Uber money, a digital wallet allowing drivers instant payments.

By embedding finance, customers can also pay or access a financial product instantly without searching for their physical credit or debit cards. Popular coffee brands such as Costa and Starbucks now even offer embedded payments through their apps, letting customers pick up reward points or pay through the company app. Customers can also top up this card using Apple and GooglePay.

The market opportunity for embedded wealth

Embedded wealth is essentially an extension of embedded finance – offering regulated wealth and investment products from a non-wealth body, typically via API. This could see customers invest, trade, and access various wealth products beyond payment and lending services.

Embedded finance has already added tremendous value to the customer journey. The blueprints of this, applied to wealth and investment, could make investing and saving more attainable for a wide array of consumers. For a business already offering its customers payments and lending services, wealth and investment could be a natural progression to improve experiences. Typically ‘wealth management’ brings to mind a service offered to individuals with significant amounts of cash or assets to invest. However, embedded wealth could see investment products offered to customers with even smaller amounts to invest or grow or to those who may have not even considered investing previously. There is a real opportunity to broaden access to investing through embedded wealth as customers become more accustomed to utilising financial products offered by familiar brands. With API-enabled wealth technology now readily available, it can be offered at a lower, more-accessible cost for many.

For consumers experiencing significant life changes- whether purchasing a home or planning retirement – a familiar brand integrating wealth management offerings could help provide security and confidence. This has become particularly relevant since the pandemic, where trust in financial services has shifted drastically, with fintechs surpassing banks in levels of trust, according to Mckinsey (2021).

We should also consider customer loyalty to everyday brands like supermarkets or retailers where embedded wealth could provide value. A recent study conducted by Solarisbank revealed that 61 per cent of respondents indicated a willingness to use financial products from trusted brands such as Amazon, Lidl and IKEA (Solarisbank, 2021).

Embedded wealth could help onboard customers who may not have previously considered investing with a financial institution, but are open to the idea of it with a business they are loyal to. A well-placed wealth offering could allow for longer-term customer relationships, as customers would see this business as not only a provider of their favourite products but also as a place to grow and invest their money.

Adding embedded wealth to your shopping list

So with the potential of embedded wealth on the horizon, could our new supermarket list of milk, eggs, bread… include stocks and shares? With technology now making the possibilities for embedded wealth potentially endless, it wouldn’t be surprising if we soon see this scenario become a reality.

Retailers are already recognising the potential of integrating financial products into their platforms, so wealth products could be a logical next step. Walmart, for example, recently announced its transition into the fintech space by partnering with fintech investment firm Ribbit Capital to provide its customers with tech-driven financial solutions (Business Wire, 2021).

For supermarkets already providing banking and savings products, or even credit cards, an investment portfolio may even already be on the to-do list – helping customers with money already saved with them to grow their finances even further. Additionally, most supermarkets today also offer loyalty or point schemes, allowing customers to save up points and spend them in-store. Could a potential entry-level embedded investment product see customers invest these points to grow their money in-store?

And so, as the appetite for wealth, investment and trading services has seen widespread growth across fintech in recent years – investment portfolios developed by retailers and supermarket chains could be on the horizon. With a recent OpenPayd study revealing that 70 per cent of brands are expected to launch embedded finance offerings (OpenPayd, 2021), it might not be long before we see a level of usage of embedded wealth by notable brands.

As the conflict between Russia and Ukraine continues and no sign of resolution in near sight, the broader secondary implications are being felt far beyond the region’s borders. Amongst them are serious cyber implications that could have devastating and far-reaching consequences – not just for countries directly involved in or close to the conflict, but the global financial system.

by Guy Warren, CEO, ITRS Group

In particular, institutions critical to the infrastructure and running of their country are probably the most vulnerable. And when it comes to these criteria, financial institutions are at the top of the list. As such, it is critical for banks and other financial institutions to assess, thoroughly and quickly, their vulnerability to such attacks.

A global problem

Though some in the west might believe that the Russia-Ukraine crisis isn’t their problem, recent history indicates otherwise. NotPetya – a Russian-organised cyberattack targeting Ukrainian power, transportation, and financial systems – was less than five years ago. And while its intention was to destabilise Ukraine, NotPetya spread rapidly.

The consequences of the attack included massive operational disruption to countries across the globe – including the US, UK, France, Germany and India, with ripple effects hitting almost every corner of the global economy. The consequences were disastrous – with the White House estimating that the total worldwide cost of the attack exceeded $10 billion.

Now, both the threat and potential impact of a cyberattack are even higher. The US Cybersecurity and Infrastructure Security Agency (CISA) recently issued a warning of the risk of Russian cyberattacks spilling over onto US networks, which follows previous CISA warnings on the risks posed by Russian cyberattacks on US critical infrastructure. And the European Central Bank (ECB) has warned European financial institutions of the risk of retaliatory Russian cyber-attacks in the event of sanctions and related market disruptions.

Clearly, countries across the globe are anticipating the possibility of their critical financial infrastructures getting caught in the cyber-crossfire of the conflict. But what can they do to protect themselves?

Ultimately, this requires a two-phased approach: understanding the risk, and then putting measures in place to mitigate and minimise the impact, should they experience a cyberattack.

Understanding the risk

Firms have no hope of protecting themselves against cyberattacks unless they have a comprehensive understanding of the range of attacks that they can be subjected to.

And there are many forms of cyberattacks that banks are vulnerable to. There are attempts to crash a website (DDOS); hacking to penetrate the network; Trojan horse with software running inside the firewalls reaching out to the criminals; spam and attempts to fool someone to let them in; virus payloads that can encrypt the computers; and these are just a few.

When it comes to the impact, this can vary – from bringing down a critical service to stealing data, to ransom to de-encrypt, etc. However, because of the intertwined nature of the financial services industry, if one part is hacked, it can have ripple effects on other parts. For example, if payment processors were victims of a cyberattack, stock exchange transactions would be impacted.

Damage mitigation and control

While these techniques are known and understood, it is significantly harder to ensure that all means of access are not vulnerable – particularly as banks’ infrastructures are more complex than ever, and, for many traditional players, suffer from significant siloes.

Fortunately, there are techniques to prevent each form of cyberattack – but preparation is key. Firms must consider not only their ability but the ability of their third-party providers, to withstand cyberattacks.

Another effective tactic is raising staff awareness – including re-running staff ethical phishing campaigns and holding drills to ensure your firm is prepared. For example, in November 2021, the Securities Industry and Financial Markets Association, a trade association, led a global ransomware drill to practice fighting against such attacks, which over 240 public and private sector institutions, including financial firms and central banks. And banks often allocate significant budgets towards cybersecurity – Bank of America, for example, spends $1 billion annually on its cybersecurity efforts.

However, in a large, complex IT estate with many staff, as is the case for many banks, it is very difficult to prevent all techniques all the time. Teams looking at cybersecurity, geopolitical risk, and physical security should be working closely together, not in silos – and it’s far better to build communication and cooperation before disaster strikes, rather than in the face of a crisis.

Regulators around the world have increased focus on this of late – such as by introducing new Operational Resilience regulations (DORA in the EU for example). And the FCA recommends that firms report material operational incidents to them in a timely way in order to ensure that they can provide specialist expertise and work to minimise harm to consumers, markets and the wider UK financial sector.

Ultimately, totally escaping such consequences of the crisis is impossible. Cyberattacks remain a key risk, and a cyber or IT problem quickly becomes a business problem – so ensuring that you have measures in place to mitigate and protect against a worst-case scenario is crucial – not just for the firm itself, but when it comes to financial services, the stability of the entire country.

Over the past few weeks, we’re all likely to have gone through extra rounds of verification when conducting activities online, particularly when buying goods or services.

by Bala Kumar, Chief Product Officer, Jumio

This is thanks to the recently introduced Strong Customer Authentication (SCA), which means additional security measures are now part and parcel of making online payments. With the UK losing £2.5bn to fraud and cybercrime in 2021, SCA has a clear place, aiming to verify a user’s identity through multi-factor authentication (MFA) methods – such as a one-time password received by text or phone call – to authorise online purchases.

Though SCA requirements will no doubt help mitigate the risk of online fraud, businesses must consider the impact of these measures on user experience. From a convenience point of view, these additional measures, though necessary, create barriers when it comes to making online purchases seamless and efficient. What it does do, though, is force focus on how businesses can better verify customers – in all online instances, not just those governed by SCA – and whether outdated password-based verification methods, for example, really have a place today. SCA is clearly another factor that makes the case for the potential of biometrics, particularly in higher-value scenarios, whereby businesses can remain customer-centric and bridge the gap between security, compliance and customer experience.

From the old to the new

In Q4 of 2021, roughly 80% of orders on mobile devices in the UK were incomplete. During the same period, over seven in 10 online carts created were abandoned. Clearly, inconvenient checkout processes can have a damaging impact on whether customers engage with online brands. For online businesses, user experience is undoubtedly important, and when it comes to identity verification, ensuring a seamless and secure process can go a long way.

In fact, 93% of consumers prefer biometrics over passwords for validating payments. By leveraging biometrics for identity proofing and user authentication, businesses can effectively establish a customer’s identity and provide a seamless user experience.

Convenience and security are the lock and key

Biometric-based authentication delivers a simple, intuitive user experience for legitimate customers and simultaneously thwarts and deters cybercriminals because of the high assurance of the biometric captured upfront and on an ongoing basis.

Research predicts that mobile biometrics will be used to authenticate transactions worth $2 trillion by 2023, compared to $124 billion in 2018. In the same way that biometrics have clearly transformed the mobile space, it’s also rapidly taking hold of the payments world. Payment providers that allow online businesses to implement biometric methods at the verification stage can reap the benefits of greater security for themselves, customers, and businesses thanks to the uniqueness of everyone’s biometric features. And, as consumers become increasingly accustomed to using biometric data to identify themselves in their daily lives, businesses that offer this option to their customers will stand out as innovators, while also benefiting from reduced costs and enhanced security.

Bridging the gap between security, SCA compliance and customer experience

As expected with digital transformation, we saw an increase in fraudulent transactions in these faceless channels. Even with post-pandemic recovery, we expect the digital shift to continue. Businesses must address the transformation drivers and potential ongoing threats to ensure customer retention.

Biometrics can significantly enhance security measures, especially in mobile payments, without adding unnecessary friction to the process. For example, coupling facial recognition with liveness detection can not only prevent spoofing attacks but is also a secure and convenient way for users to verify their identity. Going one step further by adding an independent, app-based biometric allows easy two-factor authentication, whilst simultaneously ensuring users continue having access to their accounts – even if they lose or switch their device.

In the face of SCA, payments providers and online merchants alike must look to harness the power of face-based biometrics for identity verification and authentication to successfully bridge the gap between security, SCA compliance and customer experience.

Do you remember your first discussion with an adult about money? Do you believe that it was too late in life? Would your life have been different if someone discussed money with you earlier in life? If the answer is yes, imagine the life of a child of this generation. They are exposed to concepts like NFT, Bitcoin, Shark Tank, Funding and a lot more without knowing even the basics of money.

by Payal Jain, Founder, Funngro

A recent study found that more than 70% of Indian households don’t understand basic financial concepts, despite being exposed to financial products throughout their lives. According to National Centre for Financial Education, just 27% of Indians are financially educated and India has the lowest financial literacy among the BRICS countries. Moreover, according to a global survey of 20 countries by the Organization for Economic Co-operation and Development, 1 in 4 kids are unable to make even simple decisions about everyday spendings, such as understanding a bank statement or choosing a phone plan.

The democratisation of financial services is fast altering how people perceive and manage their finance and thus financial inclusion should not be viewed as a goal in and of itself. Financial education is becoming increasingly important as financial solutions become more widely available. The necessity for financial education begins at a young age with children as early as ten years old who may comprehend the fundamental concept of money, and by the time they become adults, their financial habits have already been established.

Most parents offer their children a piggy bank in which they can store their spare change, birthday money, or monetary presents from relatives/families. This notion aids them in maintaining a saving discipline. However, financial markets are complicated and go much beyond the idea of merely saving.

Growing contribution of FinTech applications

Fintech apps are addressing the gap by giving students targeted resources to learn about personal finance. A fintech app that could provide students with an introductory crash course on everything from saving, investments, debt, and student loans to personal finance fundamentals would be a valuable addition to schools’ financial education curriculum.

Fintech apps take some of the pressure off teachers by giving students resources to learn on their own.

Technology changing the connotations of monotony

Applications like Funngro make learning easy and fun, which helps kids be more engaged in learning about personal finance. Many fintech companies are increasingly employing technology to devise novel solutions to challenging money problems in order to relieve the strain on parents and children. The use of technology to make the planning process more enjoyable and simple is progressively changing the paradigm. Fintech applications for kids not only teach them valuable financial concepts like saving, investing, and compound interest rates, but they also help them keep track of their money and expenses by establishing limits and goals.

With roughly 41% of the country’s population under the age of 18, this new and enormous market has a lot of untapped potential and is quickly becoming a crucial focus area. It is important to teach kids about money at an early age. But we all know that kids are often more interested in playing with their friends, or on their phones than sitting down and learning about personal finance. That’s where apps come in. These apps make learning easy and fun, which helps kids be more engaged in learning about personal finance. It is never too late to start teaching your kids the importance of saving and investing their money, and they will thank you later. Incentivizing financial education from an early age will empower the children towards a financially resilient future.

When youngsters understand the idea, they may influence their families by sharing information about the value of saving and taking the actions necessary to properly manage their money. As a result, promoting financial literacy and raising financial awareness among youngsters may be quite beneficial.

The FinTech industry is constantly evolving, making it a rather exciting sector to be in. New solutions are continuously being developed to transform the way we bank and pay for goods and services both domestically and internationally. However, just like the rest of the technology industry, for many decades, this sector has been dominated by men. Luckily, this is changing.

by Terry Monteith, SVP Acquiring & Payments at BlueSnap

I have witnessed the shift throughout my career. I started my professional journey at a large financial institution. By the time I joined BlueSnap in 2013, I noticed a big difference, in not only the number of women entering the industry in more junior roles but in the number of women who were taking on senior leadership roles with decision-making responsibilities. This has only grown since then, and I have noticed this trend towards equality in many other tech/fintech organisations.

Having said that, there are still some barriers to women entering the industry. It is important that we unpack these hurdles and spotlight the solutions so we can drive more inclusivity within the industry.

The barriers for women in fintech/tech

There is a need to educate people about the various paths into tech. There is a misconception that you need a coding background in order to enter the industry, which isn’t true at all. The people I work with come from various disciplines. Hence, there is more we can do to show people the range of roles available in the industry.

And for those that want to learn to code, there are so many online platforms that aren’t expensive (some are free) that will allow them to develop this skillset from the comforts of their own home. We are happy to see some universities adding Fintech tracks to their curriculums.

A lack of work flexibility can also act as a deterrent for women either entering the industry or climbing to those senior positions. When putting together work policies, it is important that companies consider the work-life balance that people now demand – such as remote workdays and flexible work hours. This will help foster a more inclusive workplace.

How to encourage more women into tech

The key to attracting more women into the industry is by creating a healthy work environment that people regardless of gender want to be a part of and stay in. Having a senior management team with multiple women makes women in all positions more open to your organisation. When the culture is right, it makes it easier to just focus on hiring the right talent.

One of the first things people do when looking for a job or preparing for an interview is to go on platforms like LinkedIn, to understand who the key stakeholders are. Therefore, when they see diversity throughout the company, especially at the top, they will feel more welcome. It’s one of those things where, if you can see it, then you can be it.

At BlueSnap for example, we have created a culture where women feel welcome and are able to rise to very senior positions. Our senior executive team is very balanced between the number of men and women. A third of BlueSnap’s senior executive team are women and it’s worth noting that there are a number of women in senior-level positions, including coding and developing.

Key considerations for women entering FinTech

There is so much to learn about fintech. I would encourage people to think globally. For example, if you are based in the US, where payments are quite a card centric, it is imperative that you know what’s happening in other countries. And learn about those emerging payment trends. Understanding the big picture will place you in a better position to get ahead. The more you know, the more positioned you are to help.

Additionally, payments are a detailed oriented business. You have to get into the weeds of things. So, learn about the little frames that help tell the big picture, and understand the importance of keeping things simple.

Throughout my career, I have strived to be part of what’s next in finance, banking, and payments. I’m inquisitive by nature, so thinking about where the industry is headed has always helped me navigate my career and be a part of the continuous evolution of the sector.