Inside this issue:
PCN Pulse Edna Conway of Microsoft Correcting Cybersecurity Tech for Good The Pettycashless Revolution Supporting Open Payments Europe Your gateway to the world of fintech and payments
Volume 7 Issue 2 July 2021
The team behind the PCN Magazine: Andre Van der Westhuizen: Editor Mark Manzi: CD & Graphic Design Zsofia Bodnar: Marketing Viliana Peleva: Digital Marketing & Design Mert Ali Kiraz: Media & Content Marketing
With the largest network of payment/fintech industry professionals across the globe, & reaching over 150 000 people, PCN helps companies stay on the Pulse of an industry rapidly Curving and adapting to change. We’re all connected like Nodes - Leverage it.
We do Expert Staffing, Multi-media content production, Events, and Exposure! Fintech. Ecommerce. SaaS. Cyber-Security. Find us on social media
People create networks
C D Q
Reach us at: marketing@teampcn.com
Cover image: Ioana Cristiana via Unsplash PCN MagazineTM is the property of Payments & Cards Network, Keizersgracht 477, 1017 DL, Amsterdam, The Netherlands. Company registration #67852815. All material contained within PCN Magazine is the property of Payments & Cards Network. All other product and service names may be trademarks of their respective companies.
PCN Magazine is created and the property of Payments & Cards Network BV. Art and photos © Payments & Cards Network, pexels.com and unsplash.com excluding advertisements, company logos & images. ©2021 Payments & Cards Network. All rights reserved. Reproduction of any kind is strictly prohibited without the express prior written consent of Payments & Cards Network.
Contents 06
16
10
12
22
28
04 PCN Pulse 08 Edna Conway of Microsoft 10 IXOPAY partners with Volt 14 Tech for Good 18 Industry Events 20 Virginie Cornu x JELLYSMACK 22 Ted Harrington Feature 24 Hot Jobs 26 The Pettycashless Revolution 3
PCN Pulse On the pulse of industry news
2021 - A record year for European fintech investment Barely halfway through 2021, Europe has already broken the record for annual investment into fintechs. So far this year, European fintechs have raised €10.4bn, trumping the €9.3bn raised across the whole of 2019 — the previous highest year on record according to Dealroom data. It’s also a marked recovery from 2020 when, in the midst of Covid-19, European fintechs raised a total of €8.4bn. The fintech sector looked vulnerable at the start of last year, hitting a three year low as governments shut down and investors took stock. 4
Early-Stage Fintechs Luring Gen Z Let’s recap: Neobanks’ newest threat - Having shaken up finance for the past five years, the neobanks are now being taken on by a fresh wave of newcomers catering to a group that will soon outnumber millennials. What this means: Gen Z: the under 23s - today’s largest generation - are beginning to enter the workforce. That could prove dangerous to the early neobanks, whose core demographic is aged 32 to 35.
China trials blockchain digital Yuan salary payments
Basel Committee urges recognition and management of crypto
Implemented in the Xiong’an New Area, China has progressed with its central bank digital currency (CBDC) and used a blockchain-based payment platform to pay worker salaries. Engineering sub-contractors made payments directly to builders’ digital wallets.
Experts have welcomed the news that the Basel Committee on Banking Supervision has proposed splitting cryptocurrency assets into two categories and managing them according to their current stability.
The pilot was supported by the Shijiazhuang-based PBoC branch, the Bank of China Hebei Xiong’an branch, and the National Development and Reform Commission.
The regulatory body has recommended that crypto be assessed on its operational risks to the bank, its credit, and its market liquidity. Well-established currencies, such as Bitcoin, will be managed in line with a “new conservative prudential treatment”, the committee said.
EU’s New MiCA Regulation for Cryptocurrencies
NFT marketplace startup Rarible closes $14.2 million Series A
This regulation will form part of the EU’s Digital Finance Strategy and is likely to significantly impact the operation of the crypto market in the EU. It is a complex (and 168-page-long) regulation whose effects require extensive discussion.
NFT marketplace Rarible announced they’d closed a $14.2 million Series A from Venrock Capital, CoinFund and 01 Advisors. The startup allows users to buy and auction off digital art. The startup says it has reached $150 million in sales on the platform since launching 18 months ago.
Visa to buy Swedish fintech Tink for $2.2 billion Visa Inc (V.N) has agreed to a 1.8 billion euro ($2.2 billion) takeover of European open banking platform Tink months after it ditched a planned acquisition of the startup’s U.S. rival Plaid. Founded in 2012, Sweden-based Tink enables banks and other financial firms to access consumer financial data quickly and securely.
Coinbase Planning Decentralized App Store. The end goal is self-custody - listing all legal assets and putting decision-making into the hands of the users and digital citizens. As more economic activity moves onto the blockchain rails “We’re seeing crypto quickly mature from its initial use case of trading bitcoin to the trading of thousands of new assets, and the adoption of new use cases like Decentralized Finance (DeFi), NFTs, smart contracts, Decentralized Autonomous Organizations (DAOs), and more,” Coinbase CEO Brian Armstrong
From Startups to Funding Scale-Up Europe present to Emmanuel Macron. Bringing together more than 200 members of the European tech ecosystem - the initiative aims at developing actionable proposals to support the emergence of 10 technology leaders valued at over $100 billion by 2030 while at the same time strengthening the continents digital sovereignty.
5
by Andries Van Der Westhuizen
Letter from the Editor: Expanding cross-platform services deliver increasingly value-driven products and services to both consumers and businesses. Exacerbated by the global pandemic, Mckinsey reports an acceleration rate of digitisation by three years globally - and respondents say post-crisis (not Covid, but the crisis of operational reform due to Covid), 80% of their customer interactions are digital. Edna Conway from Microsoft considers the inherent security risks that multiply with added third-party providers in the ecosystem. In turn, how an architectural approach adhering to global standards is imperative moving into an interconnected digital future.
The pettycashless revolution is a testament to the everyday reforms in business. The demise of the cheque was accelerated by retailers refusing to accept it as a payment method – should and could the same thing happen with cash and hasten its demise?
Following along the same thread of cybersecurity - Ted Harrington corrects startling misnomers in the industry. Penetration Testing vs Vulnerability assessments - do you know the difference and which one you need? - I also had the pleasure of interviewing Ted on In Check With Fintech, PCN’s podcast show. Have a listen here.
Digital solutions are paving the way across several industry verticals. The way data, third-party services, and security is implemented and used needs to be standardised and architectural to future-proof our rapidly expanding digital frontier.
Tech for good by Theodora Lau covers humanity in a datafueled future. Nothing illustrates the immense power of data more than the Covid pandemic. We need to invest in bridging the digital divide and education so all can benefit from the growing digital economy.
Thank you to our incredible contributors, readers, and the team at PCN.
Connect with Andries via 6
C
For more information on our industry-leading media and recruitment services, contact marketing@teampcn.com.
Connecting people, supporting careers. As one door closes, another one opens, and so in-person attendance to seminars and conferences become impossible, PCN Webinars rise to the occasion. Whether it is in German, French, or English, we got you covered with events discussing topics ranging from the home office, over leadership issues, and to starting your own businesses. Take the opportunity to learn about many topics through insightful discussions of our many excellent panellists, wherever and whenever you’d like! teampcn.com 7
Edna Conway
Today’s Imperative:
A Comprehensive Approach to Security and Resilience The growing challenge of sustaining business operations during any major event has created a need for a comprehensive approach to security and resilience. Edna Conway
C LinkedIn 8
Edna Conway is VP, Chief Security & Risk Officer, Azure at Microsoft. She is responsible for the security, resiliency and governance of the cloud infrastructure upon which Microsoft’s Intelligent Cloud business operates. She is recognized domestically (U.S. Presidential Commissions) and globally (NATO) as the developer of architectures delivering security, sustainability and resiliency.
For years we have addressed risk from a cybersecurity perspective as if it operates independently from other risk factors. We need to change our lens and focus on security and resilience together. The ultimate goal is operational resilience. How do we get there… together? The fact is we live in a world of platforms – they are pervasive in industry and our personal lives. From reliance on real-time mobile financial services to use of “on demand” personal transportation platforms. The foundation of this platform economy is cloud and mobility technology. We all operate in a hyper-connected world. As a result, we all live and operate in a world of “WE”. We cannot even approach operational resilience if we view our business or government operations through the lens of us and them. We must drive resilience and integrity across enterprises. This includes third party ecosystems as well as remote workforces and operations.
As enterprises, the core of our mission is ensuring customer trust - trust in our solutions and services and trust in us as a partner in our customers’ success. Earning that trust requires two digital capabilities—Security and Resilience. To be secure, we must ensure the integrity of every operation, transaction, workflow and capability of our solutions and deliver productivity free of compromise. To be resilient, we must proactively monitor and prepare for disruption to deliver continuous quality service.
Our approach to security must be comprehensive and embrace the key elements of security in our digital world, namely:
So too, our efforts to drive world class resilience demands that we address, at a minimum, the following for each of our solutions and services offerings:
• • • • • •
• • • • • •
Physical security Logical/operational security Behavioral security Information security Intellectual property protection Privacy
I propose that the path to earning that trust is to develop an architectural approach to security & resilience. Deploying a comprehensive architecture with effective prevention, detection and response mechanisms allows us to better understand, assess, and mitigate risk. Embracing the reality that our world is now a world of WE, not us and them, this architecture should apply to both third parties and our internal operations as well. Customers, international standards bodies, and global laws and regulations are increasingly demanding deeper scrutiny of how we operate, both within our enterprise and with our third-party partners. An architectural approach that establishes security and resiliency goals and requirements aligned with global standards and internal policies will allow you to manage the collective achievement of goals and adherence to requirements in direct partnership with our third party partners.
Business continuity/disaster recovery Anti-bribery and anti-corruption Human rights/labor rights Health and safety Environmental sustainability Trade & export controls
Applying this architectural approach demonstrates a commitment to trust across all parts of the lifecycle of products and services, and ensures transparency and accountability for the enterprise, its third parties and its customers.
Final thought Today, we all operate in a hyper-connected world. The growing complexity and opacity of our internal and external ecosystems has led to increased potential attack vectors, exacerbating the need for ever more vigilance, resilience, and security across and through these interconnected ecosystems. A comprehensive architectural approach to security and resilience is our pathway to build trust and meet the challenges of today’s platform economy.
9
London, UK 5 May 2021
IXOPAY partners with Volt to support open payments in Europe Volt integration offers IXOPAY merchants access to account-to-account payments across Europe from one connection
Payment orchestration platform IXOPAY and Volt, the leading open payments gateway, today announced a new partnership that will give IXOPAY’s merchant clients another option to accept PSD2-compliant Open Banking payments through its payment orchestration platform. IXOPAY is an industry leading acquirer-agnostic payment orchestration platform. With just one API, clients have access to the best payments processing options per country, intelligent routing, cascading, and unparalleled risk management function. IXOPAY’s flexible and scalable architecture also provides reconciliation and settlements, along with simplified integration of acquirers, payment service providers, and risk service providers. By integrating with Volt, IXOPAY strengthens its payments offering, giving merchants greater flexibility and autonomy, and allowing European consumers to initiate direct payments from accounts held at more than 4,500 banks across the UK and Europe. 10
Volt’s open payments gateway offers merchants and PSPs seamless connectivity to Open Banking, standardising and operationalising the PSD2 API interface to a simple and single point of access. It provides multiple paths for each payment request, removing single point of failure, and improves conversion rates and reliability by using machine learning to optimise payment routing.
Nathalie Siegl, CEO of IXOPAY
Tom Greenwood, CEO of Volt
The partnership with Volt brings together two companies that provide connectivity and flexibility to merchants operating online. By working together, we will be able to offer our clients access to leading open payments network and streamline merchant checkouts with Open Banking.
We are delighted that IXOPAY has chosen Volt to power its open payments offering, providing its customers with access to the leading Open Banking connectivity network. Delighted to be working with Nathalie and the exceptional IXOPAY team.
About IXOPAY
About Volt
TIXOPAY is a payments orchestration platform enabling independent, flexible and global payment processing. As a highly scalable and PCI-DSS certified “fintech enabler”, IXOPAY fulfills the needs of large merchants as well as those of “white label” clients: payment service providers (PSPs), acquirers and independent sales organizations (ISOs).
Founded in 2019, Volt is building the infrastructure for global instant payments. Today, its open payments gateway allows merchants and PSPs to process transactions securely between accounts held at more than 4,500 banks in the UK and EU. Volt’s unique aggregation model provides unrivalled open payments reach, maximises the speed, security and resilience of transactions. 11
The Fintech Watchlist: Companies making waves in our industry with unique and disruptive solutions.
With more than 120 patents, SPS designs, manufactures, and markets contact and contactless solutions in identity cards, electronic passports and bank cards on every continent in high-security environments. Recent expansion includes its ePassport component, bringing flexible and cost-effective solutions to ID document manufacturers and governments. — s-p-s.com
A RegTech delivering an award-winning SaaS solution, Konsentus Verify, providing confidence in open banking through protecting financial institutions and their customers from fraud and risk. — konsentus.com
Powering data-driven decision making with mathematical modelling software for commercial insurance, this cutting-edge fintech startup is transforming the world of insurance. CEO Amrit Santhirasenan and his team also just landed $18 million in funding - Listen to a recent episode of In Check with Fintech, where we explored this exciting startup and its journey.
The Amsterdam-based startup recently secured $2.7 million in funding and partnered with Viva Wallet - delivering an advanced AI-driven patented super brain fraud-fighting innovation. The network effects and future proof system scales growing business - not costs. — fraudio.com
They are supercharging open banking by allowing their customers to initiate direct payments from their bank account to yours in real-time. With a rapidly expanding partner portfolio, a recent $23.5 million raise, Volt enables open payments in Europe and is undoubtedly one to watch. — volt.io
The single accounting, commerce, and bank data API powers small businesses’ financial products and services. Codat recently raised $40 million after growing its annual recurring revenue by 3x. Codat plans to add new data products to its API, accelerate hiring, and onboard new customers as they expand into the US. — codat.io
— hyperexponential.com Stay up to date on the latest developments in our industry by following us on LinkedIn and Twitter
C D 12
We’re building connections and a team in Berlin. Get in touch with us if you’d ike to join the process. m Tel: +49 408 221 0685
Find out more at: teampcn.com 13
Theodora Lau
Tech For Good Humanity in a data-fueled future
The past year is both extraordinary and challenging in many ways. In a world that has changed dramatically, from finding new ways to live, work, and learn, to pushing the boundaries of technology to find a vaccine, the human race has never been tested the way we did. In our ever evolving data-fueled future, where will we go next? How do we define success beyond the pandemic when we get to the new normal? How do we go Beyond Good and where does humanity fit?
Power of data in our zettabyte future Organizations are expecting a data tsunami, according to the Data Paradox, a recent study from Forrester, commissioned by Dell Technologies. At the recent Dell Technologies World, Michael Dell, Founder, Chairman, and CEO of Dell Technologies, predicted that more than US $700 billion in capital expenditures will be spent within the decade on Edge infrastructure. With 75% of data being processed outside of a traditional data center or cloud by 2025, we will need real time analytics and intelligence to be able to extract useful insights from the data.
14
Technology is the powerful connector across every industry, enabling innovation from anywhere and fostering new experiences from literally everywhere. Time is ripe for us to take this one step further and use technology and data for good. Source: Dell Technologies
A new future with data as an enabler Nothing can illustrate the immense power of data in recent history as vividly as COVID-19. Having data points can help build awareness of the challenges we face as a society, bringing us one step close to solving them. Here are some examples:
30%
81 million
30% of American K-12 public school students (15 million to 16 million K–12 students) are caught in the digital divide, due to lack of access to connectivity, e-learning devices (such as computers), and digital training and support. During COVID-19, when many schools have switched to remote learning, such inequalities are exacerbated, especially among the urban poor and those who live in more rural areas.
According to the US Department of Agriculture, prepandemic, “37.2 million people, including 11.2 million children, did not have adequate access to nutritious food to live a healthy life.”
Closing the digital divide will allow everyone to be part of the innovation economy, and provide access to resources — from education to healthcare — to millions of American households. It will also help propel a more inclusive economy of the future by breaking the cycle of poverty.
As a result of the crisis, however, communities across America are going through a drastic increase in hardship. As many as 81 million Americans experienced food insecurity in the week before Christmas in 2020; that amounts to about 1 in 4 people, in one of the wealthiest nations in the world. Unsurprisingly, Black and Latino families are being impacted the most, likely due to economic disparities that these communities have long suffered from.
1 in 4
99.9%
1 in 4 women are considering leaving their jobs, cutting back hours, or scaling back their career due to the impact of COVID-19. While many of us have been able to work remotely from home, it is a privilege not available to everyone, especially to single parents and people from communities of color.
Small businesses comprise 99.9% of all businesses in the U.S., employing nearly 60 million Americans and driving 44% of all economic activity. At the peak, approximately 23% of small and medium businesses were closed due to the economic downturn. Unsurprisingly, small businesses owned by communities of color and women are harder hit than the others.
The pandemic has greatly exposed the gender inequality in our society, where women bear an outsized share of caregiving and domestic housework. This worrisome trend can set back the hard-earned progress in women’s economic opportunities, and even widen the gender disparity for women. The World Economic Forum has recently reported that closing the global gender gap has increased by a generation from 99.5 years to 135.6 years, as the impact of the pandemic continues to be felt.
With small businesses being the frontline of our economy, providing extra support for these businesses to thrive and create opportunities for entrepreneurs to grow is crucial as we move forward together to strengthen our communities.
This is not a women’s issue — but a society concern.
15
A more inclusive and equitable recovery for all While the pandemic is unprecedented and organizations have simply scrambled to cope, there are many measures that we can take to make our collective future more equitable, including being more intentional about building back better. We must do more to bridge the digital divide and invest in education, to allow more people to benefit from the growing digital economy. Digital inclusion is economic inclusion. Having access to affordable digital tools and technology is no longer a nice-tohave; it is essential for economic and social mobility. Without them, we risk leaving behind the very same communities that technology has the potential to equalize and empower.
Imagine each byte of data not purely as information — but bits and pieces of one’s life story. How can we create a more inclusive future for everyone in our zettabyte world — one where more dreams can be weaved and new stories can be written?
Our future prosperity is dependent on the choices that we make — together — today.
“Our Digital Future is one where human progress is transformed by technology.”
Lau’s Bio Theodora Lau is the Founder of Unconventional Ventures. She is a public speaker, writer, and advisor, whose work seeks to spark innovation to improve consumer financial well-being. She focuses on developing and growing an ecosystem of financial institutions, corporates, entrepreneurs and venture capitalists to better address the unmet needs of consumers, with a focus on women and minority founders. She co-hosts One Vision, a podcast on innovation and fintech. Theodora’s new book, Beyond Good, co-authored with Bradley Leimer, is a call to arms for business leaders to recognize how they can do well by doing good. 16
Do you want to be our podcast guest and share your fintech story to 10,000 listeners? Reach us at: marketing@teampcn.com
Industry Events Open Banking Expo Awards 15 July 2021 London
3rd Emerging Asia E-Commerce & Last Mile Logistics Virtual Summit
27-28 July 2021
Finnovex Southern Africa 27-28 July 2021 Virtual event
Money 20/20 Europe 21-23 September 2021 Amsterdam
Virtual event
IFINTEC Finance Technologies Conference and Exhibition 12-13 October 2021 Istanbul
Fintech Surge 17-20 October 2021 Dubai
Crypto Fest 29 October 2021
Forex Expo 2021 18-19 November 2021
Virtual event
Limassol
Your future webinar with PCN Date to be announced Online webinar Interested to collaborate on a webinar with us? Contact us at marketing@teampcn.com
18
WORLD LEADER IN CONTACTLESS PAYMENT SOLUTIONS Follow us on www.s-p-s.com and :
PCN produces original multi-media content catering to a network of over 160 000 people in the fintech and payments community to connect, exchange knowledge, and showcase their strengths and aspirations. PCN publishes a successful Podcast Series, Editorials, Webinars, Newsletter, and Social Media content - coupled with Marketing and Exposure services, it renders us as the ideal partner to achieve success and to establish your company voice and presence. Leveraging our network of over 160 000 people in our industry niche provides you access to the leaders and visionaries who are shaping the present and future of the Fintech landscape. Reach out to us at marketing@teampcn.com 19
Image via: jellysmack.com
C
Digital Source Interview: Virginie Cornu x JELLYSMACK JELLYSMACK Bio: Jellysmack is a global creator company that detects and develops the world’s most talented video creators. Their proprietary video data and optimization technology drive massive social audience growth for creators, unlocking new revenue streams and amplifying monetization. All while letting creators stay focused on their passion: creating
You’ve been involved with data for quite some time now, can you tell us about some of your most rewarding experiences?
There is something truly rewarding about opening people’s eyes when it comes to data. I’ve been working in data for the past 15 years, so I saw the rise of data and data cleaning companies. In some of my experiences, there was nothing but raw data, and no one knew how to make sense of it. However, when you start to put everything in place; the team, the processes, the tools, the culture around it, you open a new world for people. As long as they don’t have access to data, they are guessing. But from the moment they’re given meaningful information, they start being empowered. They have data to back them up. I think this realisation is very rewarding for the teams. And that’s something that I’ve experienced as well. JELLYSMACK work with the likes of PEWDIEPIE, YouTube’s biggest star with over 110m subs.
20
Virginie’s Bio: With 10+ years of experience in both technical and non-technical positions, Virginie Cornu is an experienced manager in IT and Data. With a passion for data and analytics coupled with an eagerness to “dig deeper”, she is drawn to innovation, technologies and IoT. Virginie is the current VP of Data at Jellymack.
“It’s not just a matter of having people to drive, but making the most out of those people...” It’s great to see more and more female leaders in data. How has the data industry been for you as a woman?
You’ve been led by others and you’re also leading individuals and teams, but what traits do you think are key to being a good leader?
I began my career as a software engineer, and over time I have seen this evolve. I can already tell you that there are more women in data than before, but still not enough. From my personal experience, I’ve always been the only woman in the room. Sometimes there were maybe one or two women, but never in leadership positions. So I had to form my own vision of being a leader and a female leader. But I would say that right now, it’s not the case.
I would say that being a good leader is being a good human being first. It’s not just a matter of having people to drive, but making the most out of those people — individually, but also collectively. I would also say a good leader should have a vision. You don’t drive someone when you don’t know where you are going yourself.
Diversity is key. And it really enriches a team and it also allows for dreams and opportunities when it comes to the younger generation. I hope that now, when I have women in my team, that they can see that it’s possible to do this.
Finally, I would say that you have to lead by example. A good leader has asked me to lead by example and also to put his team first. This could mean pointing your collaborator in the right direction, or another direction. It’s all about opening someone’s eyes about what he or she can do, and what would be better for them. accountable, transparent and open.
21
Ted Harrington
So...
If you have a software system that protects valuable data or other assets, you probably want to have it tested for security vulnerabilities. That has perhaps led you to explore types of security assessments, and you’ve probably found that the most commonly referenced one is “penetration testing.” What many companies don’t realize, however, is that “penetration testing” often isn’t penetration testing at all. Worse yet, they don’t realize that they actually might need something else. When it comes to testing applications for security vulnerabilities, terms are used incorrectly all the time. If you don’t realize it’s happening, it can have dire consequences. Most people ask for penetration testing but are sold vulnerability scanning instead. However, what most people need is something else entirely: vulnerability assessments. Those are remarkably different things. Each requires different investment of time, effort and money. Each has different goals. Each produces different outcomes.
22
Penetration Testing The most commonly referenced type of security testing is “penetration testing.” That has become a catchall term, and, unfortunately, it’s misleading. Actual penetration testing is a tactical service suitable for robust, hardened, thoroughly tested systems. It’s a timeconstrained effort to measure a single outcome. For example, a penetration test might seek to determine “could an attacker escalate basic user privileges to admin rights?” The result is either yes or no. There is no other outcome. Penetration testing is excellent when you have a mature, welltested defence, and you want to determine if that defence still stands up to a simulated attack. Think of it like when a carmaker seeks to understand how a vehicle performs in a crash situation, so they crash it into a wall to see what happens. It’s great for understanding a specific scenario, but it is only suitable for a system that’s already been thoroughly tested. And it’s only intended to inform what happens in that particular scenario; it’s not intended to be holistic.
Vulnerability Scanning
Know Your Goal
Unfortunately, the term is often used to refer to something else: vulnerability scanning. Thanks to misleading marketing and confused customers, “vulnerability scanning” has become synonymous with “penetration testing.”
As you can see, each of these terms means something entirely different, so it’s essential to understand four things. First, there is a difference. Second, terms are commonly misused for each other. Third, they shouldn’t be. Fourth, it’s up to you to make sure you get what you need.
It’s not. Vulnerability scanning involves running an automated tool that looks for common vulnerabilities that are known to exist. The goal is to quickly and inexpensively find basic issues, including checking for unpatched vulnerabilities. Given that running a scanner is one of the first steps your attacker will take, it’s a good idea for you to do this, too. You want to see what they see. It’s good if you’re going to keep timelines and cost to a minimum (with the understanding that it will also limit the value you get as a result). It’s like the diagnostic tool that mechanics use when the “check engine” light comes on in your car. The tool scans for known issues, spitting back readable codes. It’s easy, inexpensive, and quick. But it’s certainly not a comprehensive way to evaluate vehicle safety. Think about that: you ask to simulate a car crash, yet are sold a way to remove the check engine light. Those are pretty different!
The best way to do this is to start with your goal. What do you want to achieve with the testing? If you have a mature, heavily hardened system that’s already been through extensive security testing and you want to know how it stands up to a simulated attack against a specific area, get penetration testing. If you need to find basic, common issues quickly, keep costs to a minimum, and are fine without finding custom exploits, get vulnerability scanning. If you need to find as many security vulnerabilities as possible— including custom exploits—understand their severity, fix them based on priority ranking, get vulnerability assessments. Be clear on your goal when discussing testing with your security company, and you’ll be able to get the outcomes you need, irrespective of which term is being used to refer to the testing.
Vulnerability Assessments
The frustrating confusion doesn’t end there.
As if asking for one thing but being sold something else wasn’t frustrating enough, there’s this: neither of those delivers the outcome that people are usually after. When it comes to security testing, most people seek a comprehensive understanding of their system’s security vulnerabilities. They want to know what the problems are across the entire sytem and how to fix them, with a way to prioritize what to focus on first. Then they want to be able to prove that the system is more secure. That’s not what either penetration testing or vulnerability scanning delivers. But it’s exactly what vulnerability assessments offer. Vulnerability assessments leverage experienced humans who solve problems manually to address your unique circumstances. In the real world, you’re defending against smart, motivated, problem-solving humans—not just scans. Vulnerability assessments help you defend accordingly. They’re great for both well-hardened systems and those still figuring it out (and everyone in between). Unlike a single crash test or running the diagnostic tool to clear the “check engine” light, vulnerability assessments are like the entire safety engineering department. They consider all of the different safety systems—from seatbelts to airbags—and how they all work together. It’s a holistic view of where the weaknesses are and how to improve them.
Ted’s Bio: Ted Harrington is the #1 best selling author of Hackable: How to Do Application Security Right, and is the Executive Partner at Independent Security Evaluators (ISE), the company of ethical hackers famous for hacking cars, medical devices, and password managers. He’s helped hundreds of companies such as Google, Amazon, Microsoft, and Netflix fix tens of thousands of security vulnerabilities. Ted has been featured in more than one hundred media outlets, including the Wall Street Journal, Financial Times, and Forbes. His team founded and organizes IoT Village, an event whose hacking contest has produced three DEF CON Black Badges.
23
🔥
Here are some of the latest job offerings from PCN. Take your fintech career to the stratosphere. Internal PCN roles
Graduate Sales Program, Amsterdam
Recruitment Consultant, Amsterdam
Are you a recent graduate or a professional looking to make a change and launch a career in recruitment, sales or business development?
You’ll get the chance to trial and error as an entrepreneur in your self-built network, of course not without the guidance and coaching of your mentors.
We are specifically looking for native Dutch and German speakers for this role.
You will be building out the Fintech space in the Nordics market, an unbelievably thriving industry with tons of opportunity at every corner.
Apply here
Apply here
Open roles via PCN
London, England
Principal Product Manager
Hamburg, Germany
Senior Sales Executive
Remote, Germany
Product Manager
Remote, Germany
Solution Architect
Berlin, Germany
Principal Product Manager
London, England
Senior Site Reliability Engineer
Utrecht, Netherlands
Product Manager
Paris, France
Customer Care
Find out more at: teampcn.com 24
Data, nom nom nom! Our team are experts at finding data lovers and data eaters. Give us a call or drop us an email, we’ll get it covered. Digital Source is focused on building transparent relationships between all candidates, roles and employers. When it comes to digital recruitment, this is how we stay ahead of the rest.
Find more at: digitalsource.io 25
Mike Chambers
Have digital options even replaced the petty cash tin? Mike Chambers, CEO, Northey Point Limited
26
Any glance at any payment statistic, from Faster Payments to contactless, to click and collect and to the growing global trend of Request to Pay, would suggest that cash no longer has a place in any business in this mid-pandemic 2021 digital world. Have digital options even replaced the petty cash tin? In a later post we will look at cash usage from the point of view of a consumer but here we look at the situation from a business stance. With all the digital possibilities, why would any business still need to pay anything in cash and why would they still be accepting payments by way of cash? Have digital options even replaced the petty cash tin?
Taking business payments first For medium to larger businesses, electronic banking, Bacs payments together with credit, debit and charge cards for business payments and expenses have long been reducing the need to hold cash for any purchase or supplier payment for the business. The “petty cash tin” may well have been the only place left, largely wiped out now by the rise in contactless payments and the associated acceptance for small value payments, coupled with cost effective and secure platforms to manage and control business expenses and payments, particularly across large workforces in multiple locations. For smaller businesses, access to digital solutions has been assisted by product developments in online banking and mobile banking providing low cost and effective payment methods for supplier and payroll payments. Indeed, the rise in digital only banking tariffs, Faster Payments, free online banking and challenger bank online or app only banking, has revolutionised payments for businesses of all sizes but particularly for smaller businesses where anecdotally we would have expected most of the cash transactions to occur. All these solutions were in place before the pandemic and cash usage for business payments has been in decline for many years – according to the PSR report for 2019, only 3% of Business payments were made in cash. Thus for 97% of the time, even before the pandemic, businesses did not need cash for their payments. The 3% of payments made in cash – and likely now to be a lower percentage still - represent a business choice to use cash. If removed as an option, then any of the methods used for the remaining 97% could be introduced as an alternative.
Does the same apply for payments to businesses? For any business where there is no face-to-face contact with customers – whether business to business or business to consumer – again with the range of digital options now possible it is difficult to see why any would need to accept cash from their customers or indeed would even choose it as a payment option. The situation has not been so clear cut for retailers with face-to-face transactions but at all levels, the move to digital has been assisted by the prevalence of payment solutions which have enabled card payments to be accepted without the need to be tied into expensive monthly contracts. This has been a virtuous circle with the rise in contactless payments: there has been a greater demand to use contactless payments and with easy to set up, instantly available payments solutions without a minimum monthly contract, there has been a greater ability and willingness for businesses to accept card payments.
digital has been assisted by the prevalence of payment solutions... without the need to be tied into expensive monthly contracts
27
For example, just 10 years ago finding a mobile food outlet that accepted a card payment would be a rare sighting; now most have a mobile or digital device – and certainly again over the last year (when allowed to operate) many have chosen either only to accept contactless payments or certainly have expressed a preference for contactless over cash. Thus, perhaps we would come to the same conclusion that for businesses of all sizes and of all types, the need to either accept or pay by cash has now disappeared, hastening in a wholly digital world. Thus, the main reason for choosing to accept cash is to acknowledge that – currently - to become cashless is to exclude those who have to use cash or choose to use cash. If cash were not available this would not be an option but while it remains in circulation any business refusing to accept cash by default will exclude those customers. During the pandemic this was more prevalent due to the possible concerns for staff in handling cash but as the restrictions are lifted many who had refused cash may now be re-considering their decision as we return to more normal conditions. Taking a local independent coffee shop as an example, over the last year the owners may have chosen to become cashless with the perceived safety outweighing both the potential loss of sale and the disenfranchising of the consumer who cannot use a digital payment method.
28
As we move out of lockdown, like many outlets they may relax their cashless stance as in our not quite cashless world it does exclude those for whom cash is the only option. What was acceptable during the pandemic where safety was the over-riding issue may be less so under normal conditions. So, given the above, should we continue to advocate cash as the answer to exclusion thus preserving cash for its own sake? The demise of the cheque was accelerated by retailers refusing to accept them as a method of payment – should and could the same thing happen with cash and hasten its demise?
“Over the last year the owners may have chosen to become cashless with the perceived safety...”
“Until cashless solutions are accessible to all, it is likely that many businesses will continue to choose to accept cash...”
The difference is that removing cheques was an initial inconvenience to those who had become used to this method of payment but the removal did not exclude anyone – consumers could either move to digital options or switch to cash.
Access to cash and the ability to pay by cash is currently necessary but it is only part of the answer. Alongside should be an equal focus on ensuring that cashless options are inclusive and removing the barriers that prevent people from accessing digital options.
The same option would be possible if we only needed to consider the consumer who chooses to use cash but, if forced, could switch to digital methods. It would be an inconvenience but one that could be managed with relative ease.
This is not something that businesses can tackle – it needs a holistic approach from government and industry to manage the decline in cash and provide inclusive and accessible cashless options.
However, this is not the case and the removal of cash as a payment option leaves large sections of society without any viable alternative.
Mike Chambers | Bio
Our overall conclusion therefore comes back to the individual choices of each business owner. There are many payment solutions available for all types of industries and for all types of businesses covering all requirements – so a business can choose to be wholly digital even including all face-to-face retail transactions. Businesses do not need cash. However, until cashless solutions are accessible to all, it is likely that many businesses will continue to choose to accept cash even though they do not need to do so.
Mike Chambers is the former CEO of the UK’s systemically important payment schemes (Bacs, CHAPS and Faster Payments). Mike is the Chairman of Request to Pay (the UK’s first accredited Request to Pay provider) and the founder of Northey Point Limited providing payments advisory services to Payment Service Providers, Payment System Operators, Central Banks, financial institutions, trade bodies, infrastructure providers & corporates.
29
Bonjour Paris. Creating networks. The fintech space grew like never before in 2020 - and it is not stopping anytime soon. Last year was the second-best time to enter the industry. The best time? Right now. More than 80.000 industry contacts are not the only thing making us the leading supplier of executive recruitment, RPO services and headhunting in the fintech and payments industry. Our dedication to our clients, our passion for payments, and our commitment to finding the best possible opportunities for you that defines who we are. PCN is here to fulfil all your recruitment needs. m +31 203 030 257 30
Find out more at: teampcn.com
