Sweden-based payment and shopping service Klarna has completed its latest equity funding round, raising $650 million and achieving a valuation of $10.65 billion – cementing it as the highest-valued private fintech company in Europe.
The funding round was led by Silver Lake Partners, Singapore’s sovereign wealth fund GIC, and funds managed by HMI Capital and BlackRock. Other current investors include Dragoneer, Bestseller, Sequoia Capital and Commonwealth Bank of Australia.
Klarna has announced its intention to use the funding to invest in its shopping service and expand its global presence, singling out the US as an opportunity for growth. The company already has more than 9 million customers in the US, and 90 million worldwide.
Founded in 2005, Klarna offers an app-based service allowing users to shop online and pay in interest-free instalments while Klarna pays the seller. It competes with other high-profile fintechs including Revolut and Checkout.
Klarna co-founder and CEO Sebastian Siemiatkowski said in the deal announcement that the company was at “a true inflection point in both retail and finance.”
“The shift to online retail is now truly supercharged and there is a very tangible change in the behaviour of consumers who are now actively seeking services which offer convenience, flexibility and control in how they pay and an overall superior shopping experience,” he said.
[ymal]
Silver Lake heads Egon Durban and Jonathan Durham hailed Klarna’s business model in a joint statement. “Klarna is one of the most disruptive and promising fintech companies in the world, redefining the eCommerce experience for millions of consumers and global retailers, just as eCommerce growth is accelerating worldwide and rapidly shifting to mobile,” they said.
Klarna’s last funding round was completed in August 2019, raising $460 million and earning the company a $5.5 billion valuation. The company has surged in strength during 2020, as Siemiatkowski claimed in August that the value of transactions processed through its platform increased by 44% through the first six months of the year.
Georg Ludviksson, CEO & co-founder of digital banking solutions provider Meniga, tells Finance Monthly why banks' most important innovation focus must be to help customers build 'financial fitness'.
People across the globe are experiencing new and uncertain circumstances for their personal finances, whether through unemployment, business closures or the sheer impact of the economic recession. One thing is certain, however: that healthy financial habits have a new pertinence in our society and for many, their first port of call to achieve this will be their bank.
We have entered a critical point for the banking industry, where it is now absolutely crucial for banks to step up their innovation game to support their customers in a personalised and engaging manner through digital channels.
It is impossible to predict exactly what the financial ramifications of COVID-19 will be. However, we shouldn’t expect this pandemic to be a short-distance sprint but rather a marathon, and for this, banks need to be there for their customers to ensure that they are financially fit - or they will start training with somebody else.
Banks need to stay ahead of the curve by turning to digital channels and preserving the financial wellbeing of their customers
The personal finance landscape, specifically the way in which people make sense of their finances, has evolved tremendously over the past decade. In particular, there has been a shift in consumer behaviour whereby the demand for personalised services has increased dramatically, and people have become more critical of the banks that fail to help them lead healthier financial lives.
The personal finance landscape, specifically the way in which people make sense of their finances, has evolved tremendously over the past decade.
People no longer view banking as a purely transactional and one-dimensional functionality, but rather as a full-service experience helping them take control of their finances and achieve financial wellbeing. This shift in consumer behaviour and the increasing association of good financial habits with positive health and wellbeing also explains why the notion of ‘financial fitness’ has gained recognition within the personal finance landscape over the past few years as a term describing one’s increasing desire to feel good and confident about one’s financial situation.
The last few years have seen an increased prevalence of digital banking and a plethora of more personalised tools which suit the shifting needs and wants of consumers. The rate of digital banking adoption has also been significantly accelerated by the pandemic.
Research by deVere Group found that the use of fintech apps in Europe rose by 72% in March 2020, whilst a McKinsey study found that the pandemic has accelerated the shift to digital banking by two years. In particular, the latter study found that online bank use rose in most European countries, from a 7% increase in Italy to 19% in Portugal, and that more than 20% of customers in Spain and the UK tried online banking for the first time during lockdown.
As both digital banking and financial health have gained increasing significance in 2020, it highlights the urgent need for banks to view their digital channels as a strategic asset and start re-prioritising their resources to focus on developing personal finance management (PFM) services and the financial self-help tools their customers need. If not, they risk losing significant market share to the challenger banks, who already excel in user experience and have digital leadership in their DNA.
The last few years have seen an increased prevalence of digital banking and a plethora of more personalised tools which suit the shifting needs and wants of consumers.
Becoming your customer’s financial personal trainer and drawing upon the health and fitness world when developing PFM services
In a global financial crisis, a bank’s underlying mission statement should be focused around helping their customers lead healthy financial lives. By instilling financial fitness into the organisation’s mission, banks will be able to truly prioritise developing PFM services, and thus provide their customers with the support they need to take ownership of their financial health.
In fact, when developing PFM services, banks should consider studying what makes health and fitness apps so addictive. The popular fitness app Strava uses all kinds of features and gamification to keep users engaged and to encourage them to take control of their own health, from social activity feeds, to weekly targets and personalised nudges.
In a way, physical health is very similar to financial health, it’s about building the right habits to positively impact your fitness and wellbeing. Banks should analyse what makes fitness apps successful and replicate some of their gamified features and elements of their design to develop user-friendly banking apps which can be comparable to personal finance coaches and which focus on helping customers achieve goals and build healthier habits.
Ultimately, the main functionalities of a digital banking app must on one hand be to ensure it delivers the right information to customers through features like spending reports and automated budgeting, and on the other, enable customers to build better habits and stay in control of their finances. The latter can be achieved through financial gamification like savings challenges, or other features including personalised nudges and notifications, social media-like activity feeds, cash-flow assistants and personalised cashback rewards.
One bank that has done particularly well to create personalised banking solutions for their customers is Portugal’s Crédito Agrícola. Like many other European banks, Crédito Agrícola has been facing rapidly growing competition from challenger banks like Revolut and N26, but by bringing their own digital innovations to market they have been successful in maintaining their position as one of one of Portugal’s most reputable banking groups.
[ymal]
In September 2019, Crédito Agrícola collaborated with Meniga to launch one of Portugal’s most popular digital banking apps, “moey!”. The moey! app relies on Meniga’s technology as an engine for categorisation and enrichment, to provide customers with a more immersive and interactive experience. The app enabled Crédito Agrícola customers to, firstly, stay on top of their finances through a number of informative features, such as insights, reports, budgeting and financial planning; and secondly, be encouraged and motivated to build and maintain healthy financial habits through a feature that is, in many ways, the foundation of all fitness apps: the ‘Activity Feed’. The activity feed is a functionality that enables banks to engage with their customers through personalised messages such as insights, advice, fun facts, targeted rewards and product recommendations.
The results were almost instantaneous, with over 130,000 app installs in the first 6 months after launch. Crucially, the app enabled Crédito Agrícola to increase its user engagement, with 90% of transactions being made via the app and more than 50% of moey! customers now active users.
By drawing upon the health and fitness world and understanding what functionalities engage users and encourage them to take control of their own health, banks will be able to develop banking solutions which provide much-needed support during this pandemic and help them build good financial habits.
The dependency of people on their banks has never been stronger, and banks now have a real opportunity to maintain the loyalty of their customers and stave off competition from the challengers. To succeed, they need to recognise the importance of shifting their value proposition and core product offering to focus on elements of digital banking, financial fitness and personal finance management.
Hamzah Almasyabi, co-founder and CEO of the gold-buying platform Minted, outlines the benefits and drawbacks of adopting an investor trading app.
Some of the best-known investment apps, such as Freetrade, Trading 212, Plum and Moneybox, have reported a strong uptick in customer numbers since the start of March, when the UK Government’s lockdown restrictions were imposed. However, in truth, consumers had become more interested in managing their own finances online well before the pandemic. Some platforms have noticed more interest, particularly from younger online investors, who are attracted by the familiarity and gamified nature of the latest investment platforms across a range of asset classes. Equally, older people or more experienced online investors have been exploring ways to make their money go further, sometimes with a view to bringing forward their retirement.
The convenience and simplicity of many new generation investor trading apps is helping to democratise the world of investor trading. It is allowing people to invest in stocks and shares, or precious metals and other commodities, using their mobile phone, while sitting at their own kitchen table. Of course, there are risks but there are also incredible opportunities for people who want to get involved.
When considering investing online for the first time, it makes sense to try out various platforms before starting to invest actual cash. Some platforms offer newcomers a chance to spend virtual money, just to see how their investments might have fared in the real world. Such ‘try-before-you-buy’ services also allow users to test the app’s functionality and make sure it suits their preferences. However, convenience and user-friendly architecture shouldn’t be the main criteria when deciding where to invest for the first time. It makes sense to download a number of options, try them out and compare the terms and conditions of their offer carefully.
When considering investing online for the first time, it makes sense to try out various platforms before starting to invest actual cash.
In some cases, the precise nature of the investment opportunity may not be clear, particularly to the novice online investor. For example, some platforms may appear to be offering a chance to buy stocks and shares, when in fact they are just giving the investor exposure to any movement in the value of the shares. If the investor wants to own shares, this may not be the right option for them.
In a climate of significant stock market volatility, interest in ‘safe haven’ assets such as gold has increased significantly. While there are fewer gold-buying platforms to choose from, there are still some important differences to be aware of. Gold Exchange Traded Funds (ETFs) are popular with some individuals because they provide an easy way of gaining exposure to any increases in the value of gold, whilst still having easy access to the funds if they are needed. On the other hand, gold investors looking to the longer term may prefer to own a physical asset, which has intrinsic value in countries around the world. Buying physical gold can now be achieved without incurring excessive entry and exit costs, making it possible for people with modest amounts of cash to invest incrementally in this luxury asset for the first time.
Before becoming an online investor, individuals should take a step back and consider their personal and financial objectives, taking into account the amount of money they can afford to invest and their risk appetite. These factors will not only influence their choice of asset class, but the features they look for when considering different investment platforms. If any platforms appear to be downplaying risk, over promising returns, or pushing the investor to spend money within a certain timeframe, they should be treated with caution.
[ymal]
As long as investors have taken the right steps to prepare themselves and understand the potential risks and rewards, online investing can be an empowering and enjoyable experience. What started as a new habit during the pandemic, could have a positive effect on financial wellbeing.
This is according to Aaron Lint, Chief Scientist and VP of Research at Arxan Technologies, who discusses with Finance Monthly below, touching on the key elements of tech security and the use of financial applications across devices.
There’s a systemic problem across the financial services industry with financial institutions failing to secure their mobile apps. With mobile banking becoming the primary user experience and open banking standards looming, mobile security must become a more integral part of the institution’s overall security strategy, and fast.
When a company fails to consider a proper application security technology strategy for its front line apps, the app can be easily reverse-engineered. This sets the stage for potential account takeovers, data leaks, and fraud. As a result, the company may experience significant financial losses and damage to brand, customer loyalty, and shareholder confidence as well as significant government penalties.
Where’s the proof?
A recent in-depth analysis conducted by Aite Group of financial institutions’ mobile applications highlighted major vulnerabilities including easily reverse-engineered application code. Each app was very readily reversible, only requiring an average of 8.5 minutes per application analysed. Some of the serious vulnerabilities exposed included insecure in-app data storage, compromised data transmission due to weak cryptography, insufficient transport layer protection, and potential malware injection points due to insufficient integrity protection.
For example, of the apps tested, 97% lacked binary code protection, meaning the majority of apps can be trivially reverse engineered. Of equal concern was the finding that 90% of the apps shared services with other applications on the same device, leaving the data from the financial institution’s app accessible to any other application on the device.
This metadata is built by default into every single unprotected mobile application in the world. It provides not only an instruction manual for the APIs which are used to interact with the data center, but also the location of authorization keys and authentication tokens which control access to those APIs. Even if the applications are implemented without a single runtime code-based vulnerability, this statically available information can provide an attacker with the blueprints they are seeking when performing reconnaissance.
There is no shortage of anecdotal evidence which shows that hackers are actively seeking to take advantage of vulnerabilities like the ones identified in the research. For example, recently mobile malware was uncovered that leveraged Android’s accessibility features to copy the finger taps required to send money out of an individual’s PayPal account. The malware was posted on a third-party app store disguised as a battery optimisation app. This mobile banking trojan was designed to wire just under £800 out of an individual’s PayPal account within three seconds, despite PayPal’s additional layer of security using multifactor authentication.
So, what’s the solution?
To minimise the risk of all of the vulnerabilities being identified and ultimately exploited, it is essential that financial institutions adopt a comprehensive approach to application security that includes app shielding, encryption, threat detection and response; and ensure their developers receive adequate secure coding training.
App shielding is a process in which the source code of an application is augmented with additional security controls and obfuscation, deterring hackers from analysing and decompiling it. This significantly raises the level of effort necessary to exploit vulnerabilities in the mobile app or repackage it to redistribute it with malware inside. In addition, app-level threat detection should be implemented to identify and alert IT teams on exactly how and when apps are attacked at the endpoint. This opens a new avenue of response for an organisation’s SOC (Security Operations Center) Playbook, allowing immediate actions such as shutting down the application, or sandboxing a user – essentially isolating them from critical system resources and assets, revising business logic, and repairing code.
App shielding and the other types of application security solutions mentioned above should be incorporated directly into the DevOps and DevSecOps methodologies so that the security of the application is deployed and updated along with the normal SDLC (Software Development Life Cycle). App Shielding is available post-coding, so as not to disrupt rapid app development and deployment processes by requiring retraining of developers. This combination of best practices increases an organisation's ability to deliver safe, reliable applications and services at high velocity.
Conclusion
It’s no secret that the finance industry is a lucrative target because the direct payoff is cold, hard cash. Research is showing that virtually none of the finance apps have holistic app security measures in place that could detect if an app is being reverse-engineered, let alone actively defend against any malicious activity originating from code level tampering.
We would reasonably expect our fundamental financial institutions to be leaders in security, but unfortunately, the lack of app protection is a disturbing industry trend in the face of a significant shift into reliance on mobility. Organisations need to take a fresh look at their mobile strategy and the related threat modeling, and realise how significant the attack surface really is.
If mobile payment apps became as popular in the US as they are in China, banks would lose a projected $43 billion in revenue annually. Bloomberg QuickTake explains how cheap and easy payments by phone are threatening one of the banking industry's most profitable businesses.
Banking apps are set to have the biggest impact on commercial banking within the next five years according to more than two thirds (68%) of commercial bankers, a study has revealed.
Banking apps are also predicted to become one of the most disruptive technologies during the same time period. Only cryptocurrencies (56%) and virtual assistants (48%) are expected to be greater disrupters, according to a study by Fraedom that polled 1000 decision-makers in commercial banks including senior managers, middle managers and shareholders.
The research also found that just under half (45%) of respondents listed digital wallets to have a substantial impact on the industry while nearly one third (32%) noted machine learning as having a future influence.
Kyle Ferguson, CEO, Fraedom, said: “The research highlights that the commercial banking world is beginning to shift towards a more consumer focused approach. Business executives are increasingly wanting a real-time view for their payments, just like they can in their personal lives. This trend is also mirrored by commercial banks who are planning to invest in the key technology areas to make consumerisation possible.”
The study revealed that data analytics (55%) and enhanced mobility (41%) are two of the most likely areas of a commercial bank to receive investment within the next five years. Unsurprisingly updating security systems was most likely area to receive an investment boost, as cited by 65% of respondents.
The research also uncovered that almost half (45%) of financial services organisations believe that increased regulation will drive the adoption of new technologies, with 32% predicting it will lead to better customer engagement. In addition to this, nearly two thirds (60%) of commercial bankers believe that a more ‘consumer focused’ approach to engagement is the most important factor when strengthening relationships with SME customers.
“Regulations have transformed the commercial banking sector over the past few years, and while this appears to be restrictive approach, this research proves that banks are seeing regulation as an opportunity to adopt new technologies and improve customer engagement,” said Ferguson.
(Source: Fraedom)
With the future looking more cashless by the day, the future of cybersecurity looks even more risk heavy. Below Nick Hammond, Lead Advisor for Financial Services at World Wide Technology, discusses with Finance Monthly how banks/financial services firms can ensure a high level of cyber security as we move towards a cashless society.
Debit card payments have overtaken cash use for the first time in the UK. A total of 13.2 billion debit card payments were made in the last year and an estimated 3.4 million people hardly use cash at all, according to banking trade body UK Finance.[1] But with more people in the UK shunning cash in favour of new payments technology, including wearable devices and payment apps as well as debit and credit cards, the effects of IT outages could be more crippling than ever.
Take Visa’s recent crash, for example, which left people unable to buy things or complete transactions. Ultimately, payment providers were unable to receive or send money, causing serious disruption for users. And all because of one hardware issue. Finding new ways to mitigate the risk of system outages is a growing area of focus for financial services firms.
Application Assurance
At a typical bank, there will be around 3,500 software applications which help the bank to deliver all of its services. Of these, about 50-60 are absolutely mission critical. If any of these critical applications goes down, it could result in serious financial, commercial and often regulatory impact.
If the payments processing system goes down, for instance, even for as little as two hours in a whole year, there will be serious impact on the organisation and its customers. The more payments systems change to adapt to new payments technology, the more firms focus their efforts on ensuring that their applications are healthy and functioning properly. As Visa’s recent hardware problems show, much of this work to assure critical applications must lead firms back to the infrastructure that their software runs on.
Having a high level of assurance requires financial services firms to ensure that applications, such as credit card payment systems, are in good health and platformed on modern, standardised infrastructure. Things become tricky when shiny new applications are still tied into creaking legacy systems. For example, if a firm has an application which is running on Windows 2000, or is taking data from an old database elsewhere within the system, it can be difficult for banks to map how they interweave. Consequently, it then becomes difficult to confidently and accurately map all of the system interdependencies which must be understood before attempting to move or upgrade applications.
Protecting the Crown Jewels
Changes to the way financial services firms use technology means that information cannot simply be kept on a closed system and protected from external threats by a firewall. Following the enforcement of Open Banking in January 2018, financial services firms are now required to facilitate third party access to their customers’ accounts via an open Application Programming Interface (API). The software intermediary provides a standardised platform and acts as a gateway to the data, making it essential that banks, financial institutions, and fintechs have the appropriate technology in place.
In addition, data gets stored on employee and customer devices due to the rise of online banking and bring-your- own- device schemes. The proliferation of online and mobile banking, cloud computing, third-party data storage and apps is a double edged sword: while enabling innovative advances, they have also blurred the perimeter around which firms used to be able to build a firewall. is no longer possible to draw a perimeter around the whole system, so firms are now taking the approach of protecting each application individually, ensuring that they are only allowed to share data with other applications that need it.
Financial services firms are increasingly moving away from a product-centric approach to cyber-security. In order to protect their crown jewels, they are focusing on compartmentalising and individually securing their critical applications, such as credit card payment systems, in order to prevent a domino effect if one area comes under attack. But due to archaic legacy infrastructure, it can be difficult for financial institutions to gauge how applications are built into the network and communicating with each other in real-time.
To make matters more difficult, documentation about how pieces of the architecture have been built over the years often no longer exists within the organisation. What began as relatively simple structures twenty years ago have been patched and re-patched in various ways and stitched together. The teams who setup the original systems have often moved on from the firm, and their knowledge of the original body has gone with them.
The Next Steps
So how can this problem be overcome? Understanding how applications are built into the system and how they speak to one another is a crucial first step when it comes to writing security policies for individual applications. Companies are trying to gain a clear insight into infrastructure, and to create a real-time picture of the entire network.
As our society moves further away from cash payments and more towards payments technology , banks need the confidence to know that their payments systems are running, available and secure at all times. In order to ensure this, companies can install applications on a production network before installation on the real system. This involves creating a test environment that emulates the “real” network as closely as possible. Financial players can create a software testing environment that is cost-effective and scalable by using virtualisation software to install multiple instances of the same or different operating systems on the same physical machine.
As their network grows, additional physical machines can be added to grow the test environment. This will continue to simulate the production network and allow for the avoidance of costly mistakes in deploying new operating systems and applications, or making big configuration changes to the software or network infrastructure.
Due to the growth in payments data, application owners and compliance officers need to be open to talking about infrastructure, and get a clear sense of whether their critical applications are healthy, so that they can assure them and wrap security policies around them. An in-depth understanding of the existing systems will enable financial services firms to then upgrade current processes, complete documentation and implement standards to mitigate risk.
[1] http://uk.businessinsider.com/card-payments-overtake-cash-in-uk-first-time-2018-6
Mobile shopping in the UK, France and Germany accounted for 28% of online Christmas orders in 2016, according to CJ Affiliates, with the UK bringing in an even bigger proportion at 44%. And these figures are set to grow even more in the lead-up to the 2017 festive period.
According to Keiron Dalton, mobile banking expert from Aspect Software, with the Golden Quarter set to see another boom in mobile payments and complex transactions, the opportunities for fraudsters to make their move on the shopping public is higher than ever. Keiron, head of Aspect’s global digital identity division, also argues that fraud that relies heavily on social engineering and bypassing weak security processes, such as SIM Swap, is seeing an upward trend in the UK and other regions, including Africa. According to Keiron, fraudsters not only take advantage of the upswing in mobile payments activity, but the sentiment surrounding the holiday for a lot of people.
Keiron explained: “SIM Swap fraud occurs when a criminal registers an existing phone number of a victim on a new SIM card by impersonating the victim to the mobile phone provider. Once activated, a criminal will receive all the calls and SMS notifications sent to the victim’s mobile number and can deactivate the original SIM card in the process. Once in control, criminals are able to bypass SMS-based one-time-passcodes, and steal large amounts of money quickly. This often happens before the victim is even aware they have been targeted.”
“We are working closely with the GSMA, as well as with a number of big banks and leading mobile network operators in the UK and in the rest of Europe to build a collaborative effort to fight new types of fraud like SIM Swap, but consumer awareness of the crimes has stayed relatively out of the headlines. If your phone or SIM card has been compromised, there are a number of tell-tale signs to look out for before it gets too far,” Keiron said.
- Phishing messages and suspicious communications asking for information
SIM Swap fraud requires the hacker to have access to a victim’s bank details. These are often obtained through an email phishing attack, unsolicited communications asking for details, or by purchasing that information from online crime gangs. You should never respond to these types of communications or send your bank details on any platform that could be read by someone else. Your bank will never ask for this information so don’t be fooled by fraudsters imitating your bank. This leads to the initial opportunity to get account access or access to a duplicate SIM card; it also could provide criminals with the answers to personal security questions.
- Extended loss of signal
Once SIM Swap fraud has occurred, it is not instantly noticeable to the victim. Extended loss of signal is the initial sign that SIM Swap fraud has taken place, as the control has been switched to a new device. Contact your mobile network provider to check if it is a widely known issue, or isolated to your device.
- Floods of calls and messages
This is a tactic that runs parallel to the extended loss of signal. Criminals will send a flurry of nuisance calls and/or messages in an attempt to get victims to turn their phone off. If you’re suspicious, it’s vital that you don’t turn your phone off as this is used as a distraction to delay you noticing a loss of service when a SIM is swapped.
- Opening links on your phone
Whether the link is sent to a victim via a phishing message or is on an unknown website, mobile phone users should be cautious when opening links on their device, and delete anything suspicious immediately. Hackers can use links that contain application packages that, if installed, will give the people behind the malware administrator rights to the victim's device.
- Be aware of the source of any applications you download
Only download applications or make in-app purchases from approved sources or stores. To prevent suspicious applications from being installed, Android phone users can go to Settings/Security and turn the ‘Unknown Sources’ option off, which will stop the phone installing them from anywhere other than Google Play.
(Source: Aspect)
