Uncategorized

With the European Commission first adopting the PSD2 proposals in 2015, Strong Customer Authentication (SCA) has now officially come into force across the UK. Now that this long-anticipated wait is over, we can start to look at what SCA means in practice and how merchants can do go beyond these regulations.

by Scott Dawson, Director of Operations, Pixxles

How SCA impacts merchants

In simple terms, SCA requires a customer to verify themselves with two of the three following pieces of information, such as a password, mobile device, fingerprints, facial recognition, or even subtle cues like how they type before payments can be processed. Although these regulations introduce increased friction in the payments process, SCA is necessary to prevent fraud.

Overall, the roll-out of SCA across Europe as a whole has been smooth, despite alarming news of a third of all transactions being blocked and losses of €100 billion. This is likely to be down to the flexibility built into SCA from the outset: transactions under €30 were exempt, and many merchants will receive exemptions on transactions up to €30 if their acquirer’s fraud rate is below 13 basis points and €250 if their fraud rate is below 6bps. This flexibility encourages acquirers and merchants to be proactive about fraud, as the lowered friction from a lack of SCA challenges will likely translate into more sales.

Despite offering increased protection, European eCommerce merchants have seen fraud rates rise as much as 350%. However, this does not indicate that SCA is not effective. The sharp influx in fraud, in general, is down to the rise in new eCommerce shoppers during the pandemic. In fact, if SCA was not in place, it is possible that this figure could have been even greater. Therefore, SCA should be seen as one of many systems that a merchant should have in place if they want to reduce fraud on their eCommerce site.

A collaborative approach to reducing fraud

With that said, what then are merchants’ options for going beyond to minimise fraud rates even further than SCA regulation currently allows, whilst maintaining a frictionless payment process for legitimate customers?

First and foremost, it is important to understand the exemptions process and what level of protection is available to your company. For example, if your fraud rate is already very low, you might have the option of exempting customers from SCA. In order to do this, you will need to contact your current acquirer, and if your current payments partner can’t offer you high enough exemptions you may need to consider changing acquirers.

Next is to adopt additional security technology to support SCA. There are a number of systems that use AI and machine learning to spot the signatures of fraud before it gets to the payment stage. Very few fraud attempts are carried out by a human being on a computer – instead, bot networks with increasingly sophisticated and humanlike behaviour are used to carry out hundreds of automated attacks simultaneously. This is a powerful tool, but there are some obvious tell-tale signs when attacks are carried out by machines that AI can spot. Due to the accuracy of AI, even when attacks break through machine learning can be used to prevent them from happening again.

Lastly, attacks are not always malicious in nature. Around 90% of merchants say that ‘cardholder abuse of the chargeback process is a leading concern for their business. While sometimes this abuse can be intentional, it could also be innocent. For example, a customer might not recognise a charge on their card statement and, instead of looking into it, asks their card provider for a chargeback. It is possible to put systems in place that can dramatically reduce both malicious chargebacks and unintentional ‘friendly fraud’. Having robust order-tracking systems in place is one way to cut down on chargeback claims from customers who think that their order has been lost when it is in fact running late.

Continually evolving to fight fraud

When it comes to fraud prevention, collaboration in terms of tools and expertise is key. As we have seen, by itself SCA isn’t the one and only solution for fraud, but when combined with multiple anti-fraud systems and a focus on learning more about current threats it can become part of a multi-factor solution.

Therefore, although SCA is a step in the right direction, in order to keep up with the fraud ecosystem you will need to be continually evolving too.

Like many places, Latin America has seen the dramatic rise of e-commerce, accelerated by the pandemic and subsequent lockdown measures. This has been accompanied by the increasing use of alternative payment methods (APMs), such as eCash, digital wallets, and bank transfers. All of this makes Latin America an attractive market for merchants. But a key question is whether these changes in consumer habits will endure in the long term?

by Gustavo Ruiz Moya, CEO of eCash for Latin America and Global Head of Open Banking, Paysafe

With a view to better understanding consumers’ payment habits in the region, Paysafe commissioned a survey of 3,000 consumers across Brazil, Chile, and Peru in April 2022.

Our survey paints a positive picture when it comes to how long-term this opportunity really is, with 74% of respondents in the Lost in Transaction survey saying their payment habits have changed permanently since the start of the pandemic.

This means it’s an exciting time for consumers and merchants. Access to the internet and e-commerce through mobile phones is growing, and different ways to pay are driving greater choice and inclusivity for consumers. Merchants can now look slightly differently at a region that might have seemed prohibitive in the past due to a lack of local knowledge and partnering opportunities, as well as payment hurdles and difficulties of cross-border transactions.

Latin American countries’ increased digitalization its support of instant payments against the backdrop of a population which is keen to adopt APMs (63% had used a digital or mobile wallet, eCash, or crypto in the last month) has made this a market with huge potential.

Driving greater inclusion through e-cash

Although there are many differences between one Latin American country and another, demographics, banking environments and regulations, and payment preferences, to name but a few, there are also some common characteristics. This includes a general tendency toward an informal economy with a large unbanked population – 45% according to the World Bank. Also, a preference for cash over debit or credit cards, largely driven by the turbulent economic climate over the last decade, access to credit, an air of mistrust of the economic system, and high fees and interest rates of debit and credit cards.

In this environment, alternative payment options are drivers of financial inclusion. Consumers avoid high fees, they conveniently pay in their neighbourhood merchants, no need to go through complex application processes, there are no credit checks, and they don’t have to share a load of sensitive information online. It’s just a better overall experience for the cash-preferred customers.

So there’s no surprise that the use of e-cash is on the rise in Latin America. Our findings tell us that 20% of respondents use e-cash more frequently than they did a year ago, with 17% saying they use it about the same amount as a year ago. Our survey also gathered responses from 8,000 consumers across the UK, US, Canada, Germany, Austria, Bulgaria, and Italy, and it highlighted more use of eCash in Latin America with 15% saying they used eCash in the last month compared to 9% across Europe and North America.

Security ranks top for consumer concerns

Alternative payment methods such as e-cash, Pix, and QR-code-based services have been increasingly popular over the last couple of years in Latin America. Although reasons such as convenience, simplicity, and speed are good indications of why we have seen this uptake, it also highlights concerns around the security of financial information.

In our survey, 45% of consumers said security is the most important factor when choosing how to pay for online purchases. Further, 66% don’t feel comfortable entering financial details online and 78% are more comfortable using a payment method that doesn’t require them to share their details with merchants.

Payment methods such as eCash remove the need to enter financial or personal details online, giving people access to e-commerce in a way that makes them feel secure. We can also see that 38% of Latin Americans feel they don’t know enough about e-cash, while 21% would use it in the next 2 years if it becomes more widely available. So the key to wider acceptance and uptake is at least in part about understanding alternative payment options as well as how they work. With greater awareness, combined with increasing smartphone adoption (81% by 2025, as mentioned above), e-cash is likely to become a more everyday payment choice across the region.

Cost of living, credit, and crypto

In terms of more general payment trends, the cost of living has had a significant impact on Latin American consumers’ choice of payment method for online purchases, with 63% saying they’ve changed the way they use certain payment methods, compared to 36% in Europe and 39% in North America.

This indicates a willingness to adapt payment habits to circumstances, whether that’s trying to avoid high fees or interest rates – of those who have said they’ve changed their habits, 63% are avoiding using pay-by-instalment plans. Or opt for a method that doesn’t involve credit – 58% are using their debit cards more often, while 45% are using direct bank transfers more regularly. Digital wallets have also seen fast adoption: 35% of consumers say they use them more often as a result of the rising cost of living. And 27% are using e-cash more often for the same reason.

Finally, crypto is starting to gain traction with 8% using it more frequently as a payment method compared to a year ago.

In summary, what once might have seemed a difficult and complex market to enter now presents a rich opportunity for businesses outside Latin America, especially for online merchants with virtual deliverables. It really can be as simple as choosing the right provider with a well-established presence ‘on the ground’ and the regulatory requirements in place to get instant access to local payment networks.

Accelerated changes in the lending industry are reshaping the competitive landscape of loan origination. Borrowers have come to expect the same immediacy in applying for a loan as they do when online shopping for goods or entertainment.

by Brandi Hamilton, Director Marketing Communications, Equifax

Financial institutions (FIs) of all sizes are working diligently to adapt to new customer expectations of speedy and efficient transactions, as well as a fair chance in the lending approval process. Incorporating automation and cloud technology into the lending process will allow FIs to gauge loan repayment propensity more efficiently and allow lenders to say “yes” to more loan applicants.

There are four lending trends that will help FIs create a frictionless loan origination experience for borrowers, while also asserting themselves as industry leaders.

The very meaning of having a job is changing

The workforce has become more mobile, embracing the concept of employees working from home — allowing leeway for traditional employees to take on freelance work or start small businesses to earn additional income. Some have left the traditional workforce altogether and are pursuing solopreneurship full-time. People with jobs are quitting them en masse, and for the 30 to 45 age group — the largest cohort of homebuyers — resignation rates were up more than 20 percent from 2020 to 2021. Many workers simply do not want to return to the office. They may also be quitting for various reasons: to look for a new job, join the gig economy, or forge their path as an entrepreneur. The shift was perhaps triggered by the coronavirus pandemic and the resulting move to remote work, but it is here to stay. The unpredictable nature of their income complicates these consumers’ financial capacity and how FIs can measure their ability to repay loans.

With potential borrowers diverting away from multi-year histories of job stability and high credit scores, FIs must expand the scope of creditworthiness. Lenders should consider that changes in the way people work do not always equate to loan affordability issues. Borrowers with complex employment profiles should not be denied financial equality due to outdated methods for an individual’s propensity to repay loans.

Financial inclusion

Many Americans who are entering the workforce for the first time face a Catch-22: they can’t get credit because they don’t already have credit. Others are seeking to recover from damage to their credit records because of an extended period of unemployment, family changes, or other life events. By considering alternative data for determining creditworthiness, lenders can foster greater financial inclusion.

Financial inclusion leads to FIs attracting diverse groups of borrowers across all generations, regardless of their credit file. “Thin file” or “credit invisible” applicants face higher rates of denial amongst underserved demographics.

FIs embracing alternative data will allow expanded access to credit inclusion through tailored digital experiences that better serve marginalized communities and those with unique circumstances. Ensuring underserved consumers aren’t continually left without access to credit and capital can be a critical step to financial inclusion.

Fortunately, there are a few easy ways for lenders to address more financial inclusion for all — while reaping the benefits along the way. And it all starts with data.

Alternative data and APIs

Historically, consumers had less access to credit and data information. But today, collaboration and access technologies enable third-party access to personal account data through application programming interfaces (APIs). This open data exchange allows fintechs, banks, and third-party providers to share financial data through a digital ecosystem that requires little effort. These instant and seamless data transfers enable consumers to get loans faster and more efficiently.

APIs and the use of alternative data also create opportunities for potential borrowers by narrowing the space between traditional banking and lending and the evolving fintech category. For example, FIs can expand their use of data to capture more accurate financial strength indicators, resulting in lenders having the ability to say “yes” to more applicants while reducing risk and default rates and improving operational efficiencies.

This holistic view potentially enables an untapped demographic of quality borrowers to get approved for loans, establishing security and wealth development for underserved communities.

Low friction lending could mean improved customer experience

When it comes to lending, many borrowers demand the same speed when applying for a loan as they do when they make purchases with large online retailers. Automating loan origination tasks and processes allows for a fast, flexible, low friction lending process that feels easy and convenient. In addition, evolving consumer trends and preferences mean lenders should continue to streamline processes and leverage data to meet consumer expectations. Banks leveraging these and other technologies can reduce the number of steps consumers may encounter applying for a loan – filling out a cumbersome application, contacting employers to provide proof of income and employment, or providing sensitive banking log-in or payroll credentials to share data.

Having automated and secure technology solutions integrated during decisioning can reduce the need to request sensitive banking log-in credentials or outdated paper-based processes. As a result, some applicants may walk away from business transactions that inconvenience them. Adopting a digital lending process that attracts diverse borrowers across all generations, regardless of their credit file, and providing exceptional lending experiences is key to surviving the evolving lending landscape.

Keeping up with these consumer trends will better equip FIs to serve their borrowers’ unique circumstances better. A positive and fast borrower interaction without friction is critical to FIs reaping success. Lenders that meet the demands for a digital-first, frictionless experience and incorporate open data will become preferred lenders of the future.

Recently we have seen unprecedented movements in the financial markets. With the crypto crash and the recent stagnation of the stock markets, some have been left scrambling to recoup their losses.

by Roger James Hamilton, Founder and CEO of Genius Group 

Globally, Governments have been spending big on stimulus packages, and inflation has hit record numbers. We are living in unprecedented times, and we are heading into what experts agree is a highly unpredictable future for investors and businesses.

Yet, in times of the greatest crises lie major opportunities. Now is not the time to continue with the same investment strategies you had been doing prior to 2022. Here, we look at 10 key investment trends that every investor should know. 

Dollar destruction

Due to the recent pandemic, 35% of all U.S. Dollars in existence have been printed in the last 10 months. But endlessly printing money does not help economies and creates further divide in the wealth gap.

With inflation soaring and money being worth less and less, banks around the world are predicting a recession towards the end of 2023 and early 2024. This recession is said to be worse than we have previously seen with things getting worse before we start to see any recovery.

To combat inflation there is actually very little a country can do other than printing more to make the physical currency more expensive to store and move. But by doing this interest rates increase, which can then in turn lower growth. These economic trends are currently playing out, with Deutsche Bank recently informing investors that they are expecting the worst recession in history to hit in late 2023.

The Age of Exponentials

At the beginning of Society 5.0, the imagination society is coming into play, where digital transformation and creativity from a diverse population will accelerate technological growth and adoption. Big data harvested by IoT and converted into a new type of intelligence by AI, will impact every corner of society and change our infrastructure for the better. People will see their lives become more comfortable and sustainable as they are provided with the products and services in real-time, as they need them. Investments will be focused on the future with any disruptive or innovative technology being lucrative.

The Meme Generation

As individuals using memes became viral it was then realised this pathway could lead to becoming an influencer which can be a lucrative job with some people becoming multi-millionaires from it. Meme investments using products or brands do a similar thing and are created to attract retail investors to invest in the company stocks and shares. This idea that a simple meme can create huge visibility for a brand is one that takes skill but can be worth the investment as it’s a quick way to get brands in front of a huge audience.

The DeFi economy

Historically we’ve used various different devices for different uses, think video cameras, cameras, CD players and the radio. Now we have just one device – our phones to do everything. The same is happening with services, think taxi ranks that are now being replaced with Uber or Google replacing libraries. Everything is becoming streamlined and minimised. The same is happening with financial services where the decentralised system has fewer transaction points and middlemen. Ethereum could displace many traditional financial services and its native token Ether could compete as global money.

Stocks & Crypto Trading

Traditional currency is being taken away from the individual at source via taxes, bank charges, the rising costs of goods and currency debasement. Investing in stocks and crypto can give you returns of around 5% to even 15% if you just have the strategies to invest wisely. When you then add money each month you may well see your profits grow via the power of compounding.

Marcus De Maria, Founder and Chairman of Investment Mastery, comments: “The recent crypto crash has been difficult for the industry and the death of crypto has been bandied around so many times, but we have never seen it actually fail. Many investors will see this as a huge opportunity if you buy it low; you stand to see a massive % increase as it goes back up. This is the fundamental strategy we use when investing – we invest when prices are low and aim to have a really low average value across our portfolio.”

The Digital Decade

Everything that we do is being digitised and will encompass society 5.0.; in the digital decade, this will be apparent through a digital overlay on your day-to-day experience. The revenue from the virtual world could approach $400 Billion by 2025. Global gaming and AR and VR markets will drive this growth. Investing in these areas or companies that are implementing these technologies is a good idea as they are likely to see huge growth over the next few years.

The Rise of Robots

Automation will empower humans and increase productivity and wage growth. It has the potential to shift unpaid labour to paid labour and Cathie Wood, CEO of Ark Invest believes that automation will add 5% or $1.2 trillion to US GDP over the next 5 years. The metaverse and the gaming industry are driving the change of automation. AI and ML will help this change happen as we will see automation get smarter and take on volumes of information that would take humans much longer. We will see companies using AIs as their CEOs and they will be making better and smarter decisions.

Genius Generation

Entrepreneurship will become a vocation and will be taught in school and as a preferred option for employment by 2025. This is what Genius Group believes and is forecasting for the industry.  Edtech will continue to improve people’s skills, wealth, and life chances with more education available to a wider demographic. The UN sustainable development goals will be met by people and companies who have invested in themselves and in the future.

Wholesale Investing

By teaming up with other like-minded groups or collaborators, investors can access a vast new area of wholesale investing. As with purchasing wholesale, the price is usually cheaper as you are buying in bulk, and you are able to find market opportunities that wouldn’t usually be open to an individual.

If you take the idea of retail or the stock market, you are buying at price, whereas when you team up with others there are new offers that are available to you. Using the power of the crowd you become an insider rather than an outsider.

Time for Impact

Buying property has always been a popular investment and given that the population is growing, and property won’t ever go to zero, banks are happy to lend. When growing a property portfolio, you can make infinite ROI by releasing money as the property increases in value, which leads to a tax-free cash-back to invest in the next property.

Simon Zutshi, CEO of CrowdProperty, says: “For those that can’t afford a whole house, it is still possible to invest in property via a group scheme or crowdfunding. The members of property investors network (pin) have benefitted from this form of investment and have even said that investing in this way can see better returns.”

Like most criminals, cyber hackers want an easy life. Just as burglars prefer forgotten open windows over picking front door locks as a way in, so their digital counterparts are looking for targets that offer maximum return for minimum effort.

by Jason Elmer, Founder and CEO, Drawbridge

As such, while major corporations wise up to the threat of sophisticated attackers and invest in the sort of defences that limit the impact of bad actors, criminals are now turning their attention to potentially easier targets. And that includes businesses that are raising capital or those that recently announced funding – particularly when those businesses not only hold significant financial data but also potentially offer gateways, or open windows, to other companies.

It’s thus no surprise that ransomware attacks are increasingly targeting Private Equity (PE) firms and their portfolio companies (PortCos). As attacks increase, it’s imperative that investors become more aware of the risks they face and take swift action to protect themselves – and their portfolio companies.

Cyber vigilance as a differentiator

Cyber vigilance is increasingly becoming a differentiator for investors when considering companies to add to their portfolios. Gartner highlighted that “by 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements,” and in doing so noted that “Investors, especially venture capitalists, are using cybersecurity risk as a key factor in assessing opportunities.”

There’s also regulatory pressure to get houses in order. In February, the Securities and Exchange Commission (SEC) voted to propose a new set of cybersecurity rules to oversee how alternative investments or private capital firms manage risk, requiring clear policies and procedures to be put in place. In addition, advisers would need to report incidents that impact their firms, funds or clients.

Clearly, PEs need to be as rigorous in checking their own windows are closed as they are in running the rule on the security posture of target companies. For most, it means a wholesale change in their approach to cyber security. The question is, how do they begin to implement this new approach? Securing your own operations is hard enough – how do you extend that to other entities in your orbit?

Check your windows

First, it’s worth considering what open windows there could be. One of the most glaring yet overlooked open windows is the employees at PEs and their PortCos. This isn’t to suggest that everyone is maliciously trying to undermine their employer (though insider attacks do happen), more that too often an assumption is made that workers understand the ways in which they can be targeted.

The reality is that many people don’t realize how many cyber threats are designed to exploit people’s ignorance or naivety. From ransomware to phishing attacks, many of the major leaks we read about in the news can be traced back to individuals who didn’t realize they shouldn’t click on a link, open a suspicious attachment or download an app at work.

Like any good burglar- why would a cyber thief spend time trying to crack encrypted corporate networks when they could simply gain access by targeting unsuspecting employees? They wouldn’t. That’s why

the first step in any PE firm’s cyber security approach should be to focus on educating staff, starting with the PE firm itself and then extending out to its PortCos to ensure they are undertaking similar processes.

Similarly, it’s not too difficult for attackers to take advantage of a lax approach to updating software. Technology is constantly evolving, and changes to critical systems can bring immense business benefits and operational efficiencies – but can also create new gaps in defences. PE firms and their PortCos must ensure that they have a rigorous and consistent process to keep systems up to date and fix bugs as solutions are released to prevent attackers from exploiting any holes.

Sophisticated responses for new attacks

Those are just two of the windows that can be closed relatively quickly. But the fact is that attacks are becoming more sophisticated, which means the responses must too.

Only real-time cyber risk monitoring will enable firms to protect their most sensitive data and safeguard against internal and external threats. That means firms must have more than the traditionally adequate technical and logical controls – they need active, continuous risk mitigation solutions and reporting, and cyber programs that are tested using real-world scenarios that provide a clear picture of how the business would defend against and respond to an incident.

A case of when, not if

Ultimately, PE firms and their PortCos need to realize that it is a case of when, not if, they are targeted. Most businesses understand and accept it; what they will not accept is inaction, attempts to hide issues, or a failure to mitigate the impact.

That’s why the new SEC rules are pushing for incidents to be reported, and why the European Union’s General Data Protection Regulation (GDPR) has fines in place for companies that have not done everything they can to reduce the risk of data breaches. Those businesses that do not do everything in their power to respond appropriately to incidents will not only have to deal with the immediate fallout of the attack itself, but subsequent legal, financial and reputational consequences.

Close the windows to protect firms and PortCos

It’s one thing to be undone by a sophisticated attack that may be far ahead of any of your existing defences; it is quite another for an opportune bad actor to sneak in via an open window. Cybersecurity is challenging, and it’s only becoming more complicated as attackers become more sophisticated and geopolitical threats rise. It’s clear that if there was ever a time to pay attention to cyber risk and buttress your defences, it is now.

The best way for PE firms and their PortCos to protect their organizations is to make it as hard as possible for cyber attackers to gain access.  Invest in the right real-time cyber risk monitoring, confirm all your systems are patched and up to date and have your comprehensive incident response plan tested and ready to go on a moment’s notice. Put simply: Don’t be an open window.

Over the course of time, supply chains have evolved and become ever more complex and multifaceted. Where once they were local, or domestic, supply chains are now global. Whilst this drives down per unit costing through comparative advantage, it does mean that businesses need entire departments to source high-quality components for onward processing and distribution. They must also work to maintain positive relationships with suppliers during the procurement and supply chain process.

by Alistair Baxter, Head of Accounts Receivables Finance, Taulia

The changing dynamics of the world around us, whether that be economic or political, mean that we often see a play-off between market protectionism and free trade economics. Events of the last few years combined with various trade measures have significantly disrupted, and ultimately changed forever, global supply chains.

We have observed an increase in global disruptions to supply chains in recent years, particularly during the Covid-19 pandemic – and the impact of that disruption cannot be overstated. Increased shipping costs are now the norm and supply chains are being remapped by companies to try and gain an advantage over competing supply chains. This was brought to the mainstream attention when one of the world’s largest container ships, the Ever Given, whose onboard goods totalled $775 million, blocked the Suez Canal for 6 days in 2021. This form of trade friction has created disruption which negatively impacted businesses and economies and while Ever Given was a first, it may seem obvious to say that it might not be the last and businesses need to be prepared.

Resilience is now a key challenge for those responsible for sourcing and securing strong supply chains. Technology has a massive role to play in supporting this and alleviating some of the current complex challenges. Technology can paint a clear picture of where the disruptions are, or even better, predict where they might happen further down the line, beyond the current field of vision. Continued adoption of technology will dynamically allow information to flow down to suppliers – otherwise known as ‘purchase order cascades’ – to increase transparency for even the smallest suppliers.

The world of supply chains has an opportunity to lead the way in ESG by increasing communication and transparency. Technology is again the enabler, allowing for the tracking and rewarding of supplier ESG performance. It is imperative that those at the very top of the supply chain set the ESG tone and support the raising of standards throughout their supply chains. Working together will improve the supply chain ecosystem for the long-term.

Supply chain managers have a significant role to play in the reshaping of industry. In response to the purchasing habits of consumers in developed markets, it’s the best value chain that wins, as opposed to the best product or retailer, as customers come to expect prompt delivery of goods, or ESG credentials to be made clear at point of purchase. Amazon, as an example, has one of the best value chains: logistics, ease of access, and customer touch points are all carefully considered and planned. Amazon has been acquiring its own shipping containers since 2018 and chartering its own ships to avoid major bottlenecks in its supply chains and to get products onto e-shelves.

Technology has been developed to respond to this shift in behaviour and as hyper-personalisation and emotion-led experiences begin to dominate how we work and live, supply chain managers will have to find different ways to respond.

With change being the only constant, those enabling the building and continuity of supply chains are playing a vital role in reshaping industry and to best position themselves for what is coming down the tracks. Harnessing the technology at their disposal to predict and prevent the obstacles that may materialise will help them to drive success.

There’s little denying we’ve entered the age of crypto. Last year, practically every crypto wallet saw its user figures increase, with Blockchain.com wallets – the site that makes it possible to buy bitcoin – boasting more than 81 million wallet users as of February 2022. And considering the array of multi-million-dollar adverts for crypto apps/currencies shown at this year’s Superbowl, it’s fair to say that cryptocurrency has well and truly entered the mainstream.

by Amir Nooriala, Chief Commercial Officer, Callsign

And with more people interested in digital assets, many financial institutions are rushing to create their own decentralized platforms (DeFi) to cash in on the hype.

However, this growing popularity is also fueling another boom – a boom in fraud. In 2021 alone, crypto scammers stole a record $14 billion, a staggering rise of almost 80% over 2020. And while scamming was the most popular form of crypto-related crime, theft via hacking was a close second – and not just from individuals.

For instance, there were more than 20 occasions last year when a single criminal entity hacked into a crypto exchange or project, making off with a total of at least $10 million. And there were at least six occasions last year when hackers managed to steal more than $100 million from an exchange.

The lucrative nature of digital assets has made them one of the most desirable targets for modern criminals. Yet, despite the enormous sums of money at stake, without fundamental changes to how these crypto exchanges operate – and more specifically, authenticate users – this situation is only going to get worse.

Understanding the crypto ‘Wild West’

The nature of cryptocurrency has always been antithetical to how most financial services institutions work. Blockchain technology is a dynamic, decentralized innovation, so developing the controls and frameworks to better manage it has always been a daunting task for financial services businesses, governments, and regulators (which is why many banks are still resistant to it).

And despite the public’s growing interest in crypto, many still struggle to understand the basics of how a blockchain works – they simply know it may make them rich. That confluence of poor understanding and high desirability is also why crimes – such as the One Coin cryptocurrency scam – can happen.

Detailed in the book (and podcast) The Missing Cryptoqueen, millions of people paid billion dollars for a cryptocurrency called One Coin – even though it was never really a cryptocurrency or even on a blockchain.

The leader of the company/scam, Dr Ruja Ignatova, used the confidence and excitement in cryptocurrency – along with the general lack of true understanding as to how the technology works – to prey on people all around the world looking for their own crypto success story.

However, when it comes to crypto crime, there are much simpler ways of pilfering incredible wealth without the hassle of leading a fake financial revolution. That’s because there are mechanisms enabling most of these crimes to happen, and the fault very much lies with most exchanges themselves – not individuals.

Fighting modern threats with archaic weapons

Despite the futuristic nature of crypto, criminals haven’t had to reinvent the wheel to gain access to wallets and exchanges. Because many methods of attack being leveraged by most criminals are scams that traditional financial institutions have long been aware of, such as Remote Access Trojans (RATs) and Account Takeover Fraud (ATO).

However, the problem is that crypto exchanges haven’t learnt from these techniques that fraudsters have been deploying for many years. Instead, they are deploying controls banks stopped using 10 years ago. While these controls would be fine to protect social media accounts, they are no longer enough to protect your cryptocurrencies which are now incredibly valuable.

In addition, crypto exchanges aren’t bound by the same stringent rules and regulations other financial institutions – such as banks – are. For instance, in comparison to the billions mentioned above that have been scammed from exchanges in recent months, the £1.3 billion lost by banking customers to fraudsters in 2020 is but a drop in the bucket. And that’s despite the uptick in fraud due to Covid-19.

One way crypto exchanges are particularly letting their users down is in how they conduct authentication. When these businesses want to authenticate a user’s ID, the tendency is still to use passwords and usernames, reinforced by “possession factors” – such as an OTP (one-time-password) sent via SMS message to users’ phone.

On the surface, OTPs seem like a reasonably secure method of authentication, but SIM cards were never designed for security which is why many banks have moved away from authenticating customers with them. So, credit stuffing, SIM swapping and SS7 attacks, passwords, usernames and OTPs all present fraudsters with very convenient workarounds for all the subsequent layers of security these platforms have.

But even though these are old vulnerabilities being exploited, that doesn’t mean cybercriminals are resting on their laurels – scams are getting larger and more devastating every year.

RATs for instance – whereby scammers use malware to remotely control infected computers and send/receive data from the system – are increasingly being substituted with its mobile equivalent, MRATS, to gain access to devices.

Used in tandem with other forms of attack such as credit stuffing, has proven to be incredibly effective for criminals. For instance, an ATO attack is when fraudsters use stolen credentials to try and gain access to genuine accounts, often leveraging automated tools to “credit stuff” at an astounding rate. One fraud prevention platform estimated that incidences of ATO grew a staggering 307% over just the last two years.

Simply put, it’s time for this new wave of financial institutions to stop the fraudulent activity taking place in the crypto sector under their watch. And the only way to achieve that is to uproot the broken foundation of authentication that’s currently letting its users down, in lieu of a modern solution better fitted to our digital world.

The age of biometrics

Despite the many makeovers usernames and passwords may have undergone, they’re still analogue solutions that are merely being used in a digitized context. As such, the entire notion of digital identity is built on a fundamentally broken system not built for a truly digital world.

Biometrics, on the other hand, presents a truly digital solution capable of keeping up with our dynamic world. Unlike a username or password which can be intercepted or compromised, behavioural biometrics, such as Callsign’s platform can be finetuned to individuals. It can consider everything from how a device is being held, the speed and style of keystrokes, and numerous other idiosyncrasies that are impossible to mimic.

Behavioural biometrics give businesses a method of authentication that requires no additional hardware on the part of the user (device agnostic) and doesn’t impact the user experience in any way. All while learning and adapting over time as that user’s relationship with the business evolves.

So, as crypto fraud shows no sign of slowing down, it’s now incumbent on these exchanges to interrogate the ways they authenticate users and ask themselves if their security policies are in fact putting their customers at risk. Because the sooner they can start fixing digital identities in a meaningful way, the better.

With so much data locked in unstructured formats, such as PDFs, invoices and emails, discovering information to either prove compliance or non-compliance at scale is becoming increasingly difficult. Remaining compliant is a mission critical consideration for organisations operating within regulated industries. For regulators, it’s also vital that processes are strictly followed, and that non-compliance is identified as soon as possible. On both sides of the regulatory fence, having access to the right information as and when it is needed is key.

by Ryan Moore, Head of Data and Analytics at Aiimi

To overcome the challenges of managing information across systems, organisations are increasingly adopting insight engines to intelligently identify and surface all relevant information. By leveraging this capability, both the regulated and the regulators are able to streamline regulatory compliance processes.

Organisations operating within heavily regulated industries, such as financial services, will typically hold vast amounts of historical data and information that will fall within the scope of regulatory audits. The key challenge here is that much of this information is contained within unstructured and semi-structured documents that are hidden within multiple systems, presenting significant challenges when it comes to discoverability and disclosure.

Organisations should, of course, be fully aware of the regulatory compliance frameworks that govern their usage and management of data. These frameworks are usually transferred into business rules that dictate the processes by which documents and data are shared, stored and managed—for example data classification and security and access controls. This is best practice, but it’s often only when audits are conducted that organisations discover how stringently business rules have been followed. Add to this problem the likelihood that data regulations will have been updated or superseded by new regulations over a number of years, and that the personnel responsible for creating business rules may have left the organisation, and the compliance challenge becomes clear.

With essential pieces of information missing, producing compliance reports requires a significant amount of manual intervention, which is both costly and time-consuming; the average cost of compiling a DSAR (data subject access request) response, for example, is £6,000. In short, business rules can only take the organisation so far when it lacks the capability to intelligently search, discover and classify structured and unstructured data.

This is where insight engines can deliver significant benefits and move organisations towards an advanced compliance model that allows regulatory reports to be compiled and delivered with confidence.

Enriching and evolving with deeper insights

By crawling through systems and identifying relevant information that lies within unstructured documents, insight engines eliminate compliance risks by interconnecting and enriching all data across the enterprise. This allows the organisation to quickly determine the information assets that conform to business rules—i.e. regulatory frameworks—and those that do not. The latter can then be audited and classified through further enrichment steps, such as named-entity recognition, which identifies terms or phrases within unstructured documents, and assigning labels to them.

Not only does this build in an advanced level of intelligence and automation when it comes to compliance, it also brings agility to governance and compliance, as organisations can adapt to regulatory changes with ease by adapting or implementing new business rules. Without an insight engine to surface the information that relates to new regulations, this would not be possible.

Predictive compliance

Another benefit of adopting insight engines is that they prepare organisations for more advanced information management capabilities. For example, organisations can take advantage of the classification and labelling function of insight engines and enable new documents and data to be automatically assessed for compliance. Machine learning can also be used to predict potential risks, providing advanced alerting capabilities taking us one step closer to automating compliance.

This is useful for both the regulators and the regulated. For regulators, alerts can be created when organisations exhibit risk. An example might be an alert that flags the creation of a new company that has the same postcode or founder as an organisation that has previously been closed down for serious regulatory breaches.

For regulated organisations, advanced alerting and risk scoring can provide a fast route to remediation when non-compliant documentation and data is introduced to systems. Further to this advanced redaction technology can also be used to eliminate risks associated with sharing larger data sets, allowing only the relevant information to be disclosed.

The right information at the right time

Key to automating the regulatory process for both the regulated and regulators is the ability to discover and order data. Insight engines bring more information to a visible state, meaning the landscape of information is richer and more detailed. This means reports are more accurate and organisations more compliant. The potential for advanced analytics is also unlocked once all information is made discoverable.

With regulators increasingly able to identify compliance risk with insight engines, it is incumbent upon the regulated to stay ahead by adopting similar technology. Insight engines make information readily discoverable at the right time, allowing both sides to ensure regulatory processes are more efficient, accurate and cost effective.

In an era of fintech innovation, banking outside of a bank branch is now the widespread norm, as we have all become accustomed to accessing and managing our finances with the press of a few buttons. Through embedded finance, we’ve seen fintech influence our lives even further in recent years, enabling non-financial providers to seamlessly embed financial products into their customer journeys.

by Karan Shanmugarajah, CEO, WealthKernel 

However, the success of embedded finance is now highlighting an untapped opportunity – embedded wealth. Just as embedded finance has enabled customers to access payment, lending and insurance products from non-traditional providers, embedded wealth will see businesses integrating wealth and investment services for their customers. With the technology for embedded wealth now readily available, it might not be long before you can buy stocks and shares alongside your meal deal of crisps, a sandwich and a drink.

The rise of embedded finance

If you are reading this article on a smartphone, there is a good chance that the next app you open uses embedded finance. Everything from the ride-hailing app Uber to the food delivery service Deliveroo, is now integrating financial solutions to give customers more convenient payment options. This opportunity offered by embedded finance has seen widespread adoption, with research from Juniper projecting a value of $138 billion in 2026, a dramatic increase of $95 billion from 2021 (Juniper, 2021).

What makes embedded finance so appealing for businesses are the low costs and easy integration compared to traditional bank offerings. All processes relating to money management from digital wallets like Apple Pay to the over $4.07 billion BNPL industry (Grandview Research, 2021) fall under this remit of financial products offered under embedded finance. There are other benefits beyond cost to integrating financial products into a business’ offering – allowing for monetisation based on their established brand. By integrating these third party financial services, businesses can gain increased insight into customer spending and allow for a data-driven approach to further improve customer experience. Due to the relatively low costs, companies can also experiment with a broader offering without compromising heavily on revenue or reputation; for instance, Uber was able to quickly de-prioritise its financial service Uber money, a digital wallet allowing drivers instant payments.

By embedding finance, customers can also pay or access a financial product instantly without searching for their physical credit or debit cards. Popular coffee brands such as Costa and Starbucks now even offer embedded payments through their apps, letting customers pick up reward points or pay through the company app. Customers can also top up this card using Apple and GooglePay.

The market opportunity for embedded wealth

Embedded wealth is essentially an extension of embedded finance – offering regulated wealth and investment products from a non-wealth body, typically via API. This could see customers invest, trade, and access various wealth products beyond payment and lending services.

Embedded finance has already added tremendous value to the customer journey. The blueprints of this, applied to wealth and investment, could make investing and saving more attainable for a wide array of consumers. For a business already offering its customers payments and lending services, wealth and investment could be a natural progression to improve experiences. Typically ‘wealth management’ brings to mind a service offered to individuals with significant amounts of cash or assets to invest. However, embedded wealth could see investment products offered to customers with even smaller amounts to invest or grow or to those who may have not even considered investing previously. There is a real opportunity to broaden access to investing through embedded wealth as customers become more accustomed to utilising financial products offered by familiar brands. With API-enabled wealth technology now readily available, it can be offered at a lower, more-accessible cost for many.

For consumers experiencing significant life changes- whether purchasing a home or planning retirement – a familiar brand integrating wealth management offerings could help provide security and confidence. This has become particularly relevant since the pandemic, where trust in financial services has shifted drastically, with fintechs surpassing banks in levels of trust, according to Mckinsey (2021).

We should also consider customer loyalty to everyday brands like supermarkets or retailers where embedded wealth could provide value. A recent study conducted by Solarisbank revealed that 61 per cent of respondents indicated a willingness to use financial products from trusted brands such as Amazon, Lidl and IKEA (Solarisbank, 2021).

Embedded wealth could help onboard customers who may not have previously considered investing with a financial institution, but are open to the idea of it with a business they are loyal to. A well-placed wealth offering could allow for longer-term customer relationships, as customers would see this business as not only a provider of their favourite products but also as a place to grow and invest their money.

Adding embedded wealth to your shopping list

So with the potential of embedded wealth on the horizon, could our new supermarket list of milk, eggs, bread… include stocks and shares? With technology now making the possibilities for embedded wealth potentially endless, it wouldn’t be surprising if we soon see this scenario become a reality.

Retailers are already recognising the potential of integrating financial products into their platforms, so wealth products could be a logical next step. Walmart, for example, recently announced its transition into the fintech space by partnering with fintech investment firm Ribbit Capital to provide its customers with tech-driven financial solutions (Business Wire, 2021).

For supermarkets already providing banking and savings products, or even credit cards, an investment portfolio may even already be on the to-do list – helping customers with money already saved with them to grow their finances even further. Additionally, most supermarkets today also offer loyalty or point schemes, allowing customers to save up points and spend them in-store. Could a potential entry-level embedded investment product see customers invest these points to grow their money in-store?

And so, as the appetite for wealth, investment and trading services has seen widespread growth across fintech in recent years – investment portfolios developed by retailers and supermarket chains could be on the horizon. With a recent OpenPayd study revealing that 70 per cent of brands are expected to launch embedded finance offerings (OpenPayd, 2021), it might not be long before we see a level of usage of embedded wealth by notable brands.