By Michael Flossman, Security Researcher at Lookout
What security challenges will the banking industry face over the next few years?
The use of mobile in all aspects of life is growing, from the near daily use of banking apps through to accessing work remotely, so it’s become a viable, and currently very profitable, channel that hackers can target in order to steal sensitive data. Over the last several years we have seen threat actors expand their traditionally desktop focussed arsenals to now include a mobile component. This was the case with the actors behind the successful SpyEye and Zeus desktop families who released Spitmo and Zitmo respectively. It isn’t just the established cybercriminal gangs that are breaking into the mobile space, we’re also seeing a number of new players deploy mobile banking trojans like BancaMarStealer / Marcher, Cron, and MazarBot. Leaked source code for an earlier banking trojan known as GMBot has meant that the barrier to entry for threat actors looking to have a mobile capability is quite low.
It’s now more critical than ever that banks upgrade their cybersecurity measures to include mobile, so end users are protected regardless of the channel they use to bank with.
How do these attacks work?
It tricks the user by introducing an overlay, essentially a fake login page which looks identical to what a user would see when browsing to the bank’s legitimate website or when using their official mobile application.
Once the device has been infected, the trojan is sophisticated enough to identify which banking applications are on that device, or what banking website a victim is currently viewing, and uses that information to display a corresponding overlay. Visually there is nothing to indicate to the end user that they are entering sensitive information directly into a malicious application.
Where are these attacks coming from?
These attacks are not always set up by experienced actors. Malware packages are often being sold as a service. More and more of these actors have no experience in creating these tools and instead buy or rent them. This was very much the case with BancaMarStealer, also known as Marcher, which Lookout researchers first saw being used in Eastern Europe before being sold globally as a service. Since emerging its use has exploded and Lookout has seen it deployed in Russia, France, Germany, Austria, Poland, Spain, The Netherlands, The United Kingdom, Australia, Canada, and The United States.
What can banks do to protect customers that use mobile banking?
Mobile transactions authentication numbers (mTANs), require online transactions to be accompanied with a specific token that has been sent directly to a user’s mobile device. However, Lookout has seen some banks in the West move away from mTANs in favour of physical non internet connected two-factor authentication tokens. These require users to physically enter their banking card and pin, which in return provides a short-lived code that is tied to the specific transaction they are making. This approach makes it more difficult for attackers to attempt to make fraudulent transactions from a compromised mobile phone.
If banks upgrade security measures to include two-factor authentication, will consumers be free from hackers and safe to handle their finances online?
This would definitely go a long way towards mitigating attacks and in the short term adversaries in this space would be more likely to first target customers of banks that didn’t provide these security controls. In the long term, it would force threat actors to invest in redesigning how they exploit targets in order to make fraudulent transactions and access their bank accounts. At this point in time it’s unclear what this would entail however, as we’ve seen time and time again in the security space this is a continual game of cat and mouse between attackers and defenders.
Over the last couple of years we’ve seen numerous applications being released that allow customers to quickly transfer money between one another. PingIt, Swish Payments, Apple Pay, Google Wallet, and even via Facebook Messenger are a few examples of this type of money transfer and there are a number of apps for handling cryptocurrencies. As banks continue to refine their security controls, we are expecting to see malicious actors expand their capabilities to go after these apps when they compromise a mobile device.
Mark Wright – No Longer an Apprentice
Just for context, you won The Apprentice and became Lord Sugar’s business partner in 2014 – you set up your digital marketing business Climb Online and are continuing to successfully grow this business today.
With the beauty of hindsight, would you have started your business journey differently?
When growing up, I always knew that I wanted to be in business and that I wanted to be successful. It wasn’t until I was working for a personal training college in Australia that I realised the true power of digital marketing, as the website I built and ranked on the first page of Google for key search terminology enabled them to accelerate revenue from $2,000 to $240,000 per month.
After I travelled to the UK, I wanted a bank loan to help launch my first business, but I wasn’t able to secure one. A friend suggested I try out for BBC’s The Apprentice as an alternative, which was something I hadn’t heard of, let alone watched before, and the rest is history. I don’t believe in regrets and certainly wouldn’t have changed how I started my business journey. The show provided me with an excellent PR and lead generation platform, and I have had the unique opportunity to meet and learn from some incredible business people, particularly Lord Sugar, for which I am very grateful.
The X Factor winners are often lambasted by the press and not taken seriously as artists by the music industry after winning the show. Have you experienced parallel treatment from the business community after your win?
I would certainly say that I experienced parallel negative treatment from the digital marketing industry when I first won BBC’s The Apprentice; where I was even booed going onto stage to speak at a trade event. However, I am always a big believer in the fact that how people treat and respond to others is more a reflection of themselves and it wasn’t something that I let impact me. The best people in business are those who can support and celebrate other people’s successes and that’s what I always strive to do, regardless of the treatment I receive in return.
Do you feel you have had to work harder to prove your credence as an entrepreneur?
Yes, on some level I do think I initially felt like I had to work harder to prove my credibility as an entrepreneur and a business owner. A lot of people audition and make it on to BBC’s The Apprentice out of a desire for public recognition and 5 minutes of fame, whereas I only wanted to go on the show to secure investment for my business having been rejected from a number of UK banks due to my nationality.
I still hold the record as the only Apprentice Winner to turn over in excess of £1 million during my first year in business and to actually make a profit, and this was largely due to the fact I was so focused on building a large business with strong foundations from the outset.
You became a UK Citizen earlier this year, why have you chosen to stay permanently in the UK?
Australia will always have a special place in my heart and I still have a desire to return and even open a Climb Online office there, but the UK has really become my home. I have made some amazing friends and have created a number of brilliant businesses and am very excited about what the future brings here.
What have been your stand out moments since launching Climb Online?
I have been very fortunate in that I have had many standout moments since launching Climb Online, from being listed twice on Forbes 30 under 30 to creating and hosting CLIMBCON in 2019.*
However, my real stand out moment is quite simple, and it happens almost daily and that is being in the office with my team, receiving positive feedback from clients and helping and mentoring other business owners or aspiring entrepreneurs with their own challenges. There is no feeling like helping someone else succeed or realise their own ambitions and I feel incredibly fortunate that I am able to support and give back to others in such a way.
Have you ever just wanted to throw the towel in and head back to the beach?
All business owners at some point will have that feeling of wanting to throw in the towel, particularly on the days when nothing is going right, and everything feels impossible. However, the true marker of success is the ability to continue to show up each day and work through every single challenge. The ones that do will come out on top, maybe not immediately, but eventually.
I am from a small town in Australia where my Dad owns the local car garage and my mum owns the local hair salon, so when we were all sitting round the table at dinner time, they would discuss the challenges of running a business and I would gain real insight into the hardships. So in starting and continuing to work through my business journey I have always had this in the back of my mind. The power of persistence cannot be underestimated and even on days when I feel like it, I wouldn’t ever head back to the beach.
2020 has been a tough year for business. How was your business affected?
I can honestly say that the start of the COVID-19 pandemic was the hardest period I have ever had to work through in business as like the majority, we lost clients and were forced to make challenging decisions. However, I would also say I have learnt the most about business this year and worked hard to implement an effective survival strategy. This not only meant we were able to continue to navigate through the first difficult three months, but in taking the time to look at our costs, our staff and our processes, have had the opportunity to make vast improvements that have enabled us to thrive beyond pre-COVID levels and really come out on top.
What do you think the long-term impact of COVID-19 will be? Will the economy bounce back quicker than predicted?
I think the figures from Q3 were very promising and show that a ‘bounce back’ is possible. However, with further reports revealing that UK borrowing is now at the highest since records began, it means we have a long way to go and it certainly won’t be easy.
Although there haven’t been any changes to taxes as yet, I do think these will come as we start to see economic recovery and hope any increases don’t impact business owners too heavily, particularly as they have worked so hard to survive this unprecedented period.
How has COVID-19 changed the digital marketing industry?
Although there was an initial hit at the start of the pandemic, with businesses cutting digital marketing spend as a cost-saving exercise, I would actually say the pandemic has since played into the hands of the digital marketing industry by emphasising the importance of having a strong digital presence to sell your product or service online.
There will still be agencies who will be down on a revenue. However this won’t be because the business and sales opportunities aren’t out there, but because they aren’t pushing hard enough and are ultimately using COVID-19 as an excuse. At Climb Online we have won many new clients recently just because we were the only agency to actually answer the phone, which is quite unbelievable and shows that many are still operating remotely and haven’t got the right virtual infrastructure in place.
What advice would you give for business owners struggling to drive new sales?
This is going to sound very simple, but the first thing business owners struggling with sales should do is hire a salesperson to implement a clear and consistent business development strategy. I’ve met thousands of business owners over the years and it still amazes me that the vast majority don’t have any form of sales operation to keep the pipeline full and to proactively sell the product or service. Often the business owner is hesitant to hire a salesperson due to a bad experience or because they believe no one will be able to sell the business as well as they can, and whilst the latter is likely to be true, you still need additional people on the ground generating as many leads as possible. Without a sales team, any form of sales strategy becomes inconsistent and ineffective, limiting the opportunity for growth.
Will you ever retire? Absolutely not. Never.
*CLIMBCON is the only business summit dedicated to teaching businesses how to grow and scale from real life successful entrepreneurs
in an authentic and empowering live event
The evolving payments landscape
Q&A with Prajit Nanu, Co-Founder and CEO, Nium
- The global pandemic has negatively impacted economies around the world, but we’re also seeing an acceleration in e-commerce and consumer behaviours. What trends are you seeing, and what is the takeaway for Nium?
At the start of the global pandemic, no one had a clue on where things were headed. But luckily for Nium, we have a 360-degree view on how different industries are adapting because of the number of industries we serve. For instance, we saw that there was a rise in gaming, e-learning, and e-commerce while the travel industry was significantly impacted.
According to Newzoo, the leading global provider of games and esports analytics, the games market will to grow to $217.9 billion by 2023, representing a strong +9.4% CAGR between 2018 and 2023. This is up from a previous forecast of $200.8 billion. The sudden shift away from the classroom in many parts of the globe also led to a rise in e-learning adoption, where schools have had to distribute gadgets to students to ensure they have access to learning materials. Schools in New York, US for example distributed around 500,000 laptops and tablets to their students in early April.
To cater to these sudden shifts in consumer behaviour, banks are coming to Nium with an accelerated timeline to leverage and implement our services, including instant real-time cross-border payments. This is positive because banks are reacting to new consumer behaviours promptly.
That said, while these are positive trends, we need to think about how we can sustain this momentum into the future. Initially when the pandemic hit, we saw a huge shift of revenues from offline to online channels. However, now that countries are gradually re-opening, we see that many consumers are preferring to go back to offline channels. The question now lies in how we keep up with these changes and continue to deliver great customer service.
- The world is shifting to an API economy, how is this going to impact your customers?
Our definition of an API economy is one that deploys best-of-breed products seamlessly and efficiently – and this is a core mantra of what we believe we are powering at Nium. If you think about it, banks today are being unbundled at a rapid pace. 15 years ago, if a customer wanted a loan or a travel card, they would have had to walk into a physical bank. Today, customers can turn to a small and medium-sized enterprise (SME) lender or any pre-paid travel card business.
Nium is actually leading the charge in this rapid unbundling through our banking-as-a-service (BaaS) offering. For instance, E-commerce companies no longer only provide e-commerce as a service but instead have tapped onto a new range of services within that ecosystem. Companies today can choose partners for their payment solutions – for instance, they can use X for payments, Y for card issuance, and Z for lending. The API impact that Nium makes goes beyond just a few customers; we make it easy for everyone to plug in and rapidly deploy our service.
The future of the API economy is all about how to make APIs easy to understand, and that is where Nium is driving our vision forward.
- What is Nium doing to cater to the under-penetrated segment that may not have access to payments today?
Nium is providing an infrastructure platform catered for anyone – from everyday customers and businesses, to large banks, and even to fintechs – aimed at levelling the playing field through the provision of financial services to all members of the population. In other words, our platform enables our partners to reach out to the population and provide greater access to payments than ever before.
To take a recent example, Nium partnered with Aptiv8, an IT and manpower solution provider, to launch a remittance service called MyRemit. This service allows migrant workers in Singapore to conduct digital remittance transactions via a mobile app, anywhere and anytime. This has been particularly vital during this year’s strict social distancing and lockdown measures, as migrant workers can still remit money back home for their family’s needs through a digital channel.
Similarly, Nium recently partnered with Cebuana Lhuillier, the Philippines’ largest microfinancial services provider, to launch their mobile remittance app, Quikz, in Singapore. Powered by Nium’s Remittance-as-a-service (RaaS) solution, this app allows thousands of Filipinos based in Singapore to send money to their loved ones back in the Philippines. Our platform ensures the transactions are processed securely and in real-time – providing more customers with a safe and more affordable way to make transactions.
- What was 2020 like for Nium and what is it going to be like in 2021?
This year has been interesting for Nium because the pandemic forced us to rethink and review our company playbook for success. At the peak of COVID-19, I gathered my leadership team together to reflect on the impact the world had faced, how the world is going to change, and what we, as a company, need to consider when adapting to these changes. This exercise was extremely useful and it has formed the basis of a refreshed playbook for us.
Our team members came up with many different stories on how we need to over-communicate not only to our clients, but also internally with our colleagues. We also spoke about product prioritisation. For instance, travel used to be an industry that most of our products served, but it has become much smaller today, while other industries such as e-learning and gaming have burst through the scenes. So, do we still create products for the travel industry knowing that it will come back in the next two years, or do we focus on the growing industries right now? The good thing is, because we work with clients across a large spectrum of industries, we have been able to observe these changes panning out early and react swiftly.
Come 2021 and 2022, product will be key for us. There is a lot of pent-up demand across industries that were restricted due to the pandemic, such as travel, and we are looking forward to capturing this new demand, which I believe will definitely come back once we tide over these difficult times. At Nium, we will continue to focus on growing our revenue and expanding our team worldwide.
At the same time, we are also aware of the impact that the pandemic has had on our employees this year. I want to take a brief moment here to acknowledge the efforts of our employees worldwide. They have rallied hard over the past few months, putting in the extra hours as they work remotely, to ensure they deliver quality work. Ensuring that our employees remain engaged and prioritising their mental health will also be a focus for us in the new year.
Treasury’s digital revolution: How corporates can ensure stability in uncertain economic conditions
The digital revolution in treasury may have been under way for some years now, but the past few months have shown there is plenty of room to improve and refine. We talk to Frank Nicolaisen, UniCredit’s Head of Global Transaction Banking, Americas, about how the coronavirus pandemic has intensified the need for corporates to upgrade their treasury infrastructure and what they can do to get started.
Q: The pandemic looks to have added significant impetus to the digital push in treasury. How has the use of financial technology in the treasury space evolved in recent years and where does this fit into the story?
The narrative of innovation around treasury has been building for some time – and for good reason. A host of recent innovations, such as application programming interfaces (APIs) and optical character recognition (OCR), are already live and streamlining treasury processes for corporates of all sizes.
At the core of this is the rise of e-banking – following experiences in the retail sector, corporates have moved away from branch-based or over-the-phone banking to platforms, with many banks, including UniCredit, investing to make this a seamless, fast and more efficient experience. This, in turn, paves the way for other efficiencies, such as virtual accounts – a concept that sees corporates hold a single physical bank account that can be sub-divided into “said virtual accounts, which work much like real ones, with their own budgets, permissions and account numbers, all whilst feeding into the physical parent account. This solution is growing in popularity and is especially beneficial to corporates with multiple banking relationships and complex account structures, minimising the number of physical accounts they need to maintain.
While these technologies have been around for some time, they have seen a spike in adoption during the recent economic downturn, enabling corporates to rationalise accounting processes, cut maintenance costs, increase transparency over funds and efficiently optimise their financial assets from a remote basis.
To take treasury management to the next level, even newer technologies are emerging, such as artificial intelligence (AI) and machine learning, which promise to bring a raft of benefits, including the streamlining of bureaucratic processes in a safe and secure manner.
Q: What should a successful treasury set-up look like today?
For some time, a digital, real-time treasury set up – with fully-automated routine processing – has been the vision and the gold standard. This has the capability to turn the sheer amount of data that many treasurers handle on a daily basis from an administrative burden to a source of strategic insight.
With the right technology, corporates can automate a huge range of previously time-consuming administrative tasks, such as opening, closing and managing accounts, generating cash-flow forecasts, executing routine payments; reconciling incoming payment flows, calculating FX exposures and even executing FX conversions. All of this frees team members to focus on more value-adding tasks, while reducing human error in the workflow.At the same time, the data captured in these digital systems can also be reviewed and mined for valuable insights, helping treasurers further refine their processes.
Implementing such a system, of course, will be easier for some businesses than others. Young companies, for instance, will not have to overhaul any legacy infrastructure, and can simply implement a new, modern system. Older or larger companies, on the other hand, will likely be less agile, and have to undertake the more time-consuming process of updating existing systems, while managing operational risks during the transition.
Nevertheless, establishing a robust digital set-up remains central to most treasurers’ strategic vision. Once complete, this switch-over promises benefits to corporates of all kinds – and an opportunity to future proof their business against economic shocks, the likes of which we’ve seen over the last year.
Q: How can corporates yet to initiate the transition to digital treasury get started?
The first step is to investigate the process. Treasurers can speak to their banks and other potential partners, asking questions such as: What are the stakes? What can be achieved? What treasury set-up best suits my business? What benefits is the transition likely to bring in the long-term?
This conversation typically begins either when a treasurer notices the benefits the transition has brought to other businesses, or when triggered by an urgent business need. But it doesn’t necessarily need to be prompted in this way. Starting the conversation now means treasurers are forearmed should necessity arise.
Q: How will you leverage your position as UniCredit’s Head of GTB Americas to deliver these treasury solutions to corporates?
Broadly speaking, my mandate is to continue to develop the Group’s unique, digital Global Transaction Banking (GTB) offer – helping US multinational clients thrive in Europe, and European clients access the US markets.
As part of this, I’m looking to facilitate the delivery of UniCredit’s proprietary GTB solutions from our core European markets to businesses operating in the Americas. Having previously played a key role in the expansion of UniCredit’s Tech Team in Germany – which focused on serving fast-growing technology companies – I am hoping to draw on this experience to oversee the first step in this process: the roll-out of the bank’s global e-banking portal. Once complete, this innovation promises to vastly improve the banking experience for our corporate clients in the US.
It’s one of a number of digital tools corporates can leverage to help them through the many challenges of the current environment. Over the next few years, I think we’ll see adoption continue to climb across the board and I’m looking forward to playing a part in it.
Voice Quality Matters: Quarter of Employees Working From Home Still Experiencing Regular Connectivity Issues
-Survey of 1007 SMEs in the UK by Spitfire Network Services Ltd reveals pain points for employees working from home-...
Employee Ownership Trusts increasing in popularity amid a backdrop of continuing uncertainty
With 2020 behind us, the impacts of the COVID-19 Pandemic and Brexit are still being felt throughout the economy, and...
Open Banking: the perfect pandemic tool – Equifax comments
With COVID-19 related financial fallout set to dominate the credit landscape in 2021, Dan Weaver, Open Banking Expert at Equifax...
How can we benefit from mandated e-invoicing?
By Mark Stephens, the CEO of Blackstar Capital Electronic invoicing is at a tipping point. On the one hand, only...
World Tourism Organization (UNWTO) and Sommet Education launch Hospitality Challenge Pitch
World Tourism Organization (UNWTO) and Sommet Education launch Hospitality Challenge Pitch – a series of online discussions focusing on revealing some of the winners...
Is MiFID II still fit for purpose in a post-COVID financial landscape?
By Martin Taylor, Deputy CEO and co-founder at Content Guru January 2nd, 2021 was the third anniversary of the implementation...
First of a kind Virtual Coffee Machine app with social meeting moments to support workforce wellbeing in a remote workplace
Powell Software’s first in a series of wellbeing technology innovations help remote employees socially connect with colleagues and keep the...
Top 5 Ways To Lose Your Video Files
There are lots of reasons why you can lose video files in your system or device. While some of these...
FSS and India Post Payments Bank AePS Partnership Advances Financial Inclusion in India
New Delhi, January 12th,2020: FSS (Financial Software and Systems), a leading global payment processor and provider of integrated payment products,...
Seven lessons from 2020
Rebeca Ehrnrooth, Equilibrium Capital and CEMS Alumni Association President Attending a New Year’s luncheon on 31 December 2019, we...