Category Archives: Security

Is Artificial Intelligence Really Dangerous?

Is Artificial Intelligence Really Dangerous?

Artificial Intelligence

When Tesla CEO, Elon Musk was asked about artificial intelligence, he said it was like ‘summoning a demon’ who shouldn’t be called unless you can control it. Yes, this is the founder of the same company whose cars are pushing new limits of technology every day.

When Stephen Hawking was asked this same question by BBC, he cautioned the public by saying that any further advancement to artificial intelligence could be a fatal mistake. In another interview, he mentioned that AI has the power to re-design itself and take off on its own whereas humans have slow biological evolution, and they wouldn’t be able to compete.

Bill Gates, too, expressed his concern about this topic during a Reddit Ask me Anything session. According to him, AI devices will be fine initially, but as they start learning more and more from us, and about us, they will get more powerful and intelligent than the humankind.

Do we even need Artificial Intelligence

Ever since the beginning of time, we humans have had a desire for technological advancements and innovation. Through our vivid imaginations, we have been able to develop technologies that previously seemed impossible were just a part of our science fiction fantasies. Virtual reality, space tourism, self-driving cars and the much talked about artificial intelligence. Some of the most talented innovators have blurred the lines between fantasy and fiction for us.

Artificial intelligence is now a very real prospect that companies are focusing on. Now, for those of you who are still new to this concept, Artificial intelligence is a field of science which focuses on how hardware and software components of a machine can exhibit intelligent behaviour. Instead of being fed information from the user himself, they learn over the course of time and become more intelligent. Currently, many companies are working on AI projects including Microsoft, Google, Facebook and Minecraft. South Korea also has some high profile AI projects going on.

And these are just the companies that have made this official; there might also be companies that are secretly working on AI projects.

Why should humans be scared of Artificial Intelligence

If there is one thing we have learnt from every science fiction movie, then that is the fact that robots can become evil. If the robots learn to work autonomously, they can be an obvious threat to the people. It has been said that governments are developing AI robots for the military, but if these robots get control over major military weapons, it could be dangerous.

Another theory is that AI robots could take over all the standard jobs like watchmen, accountants, security guards, waiters and drivers. And this is already happening. Machinery has replaced industry workers in many verticals. Workers need monthly pay, bonuses, health insurance and what not but with robots, companies only have to pay one-time and then there are only the maintenance costs.

artifical-int

(Image Source: Anton Watman / Shutterstock)

One more issue with AI is that machines might be able to create codes for themselves. If these machines really learn from the environment, and they become autonomous, then they can also write their own codes and perform work that they weren’t even meant to do in the first place. So, even an AI robot that was initially built to handle minute kitchen work can code itself to become a military robot. But, what happens when the computers can completely teach themselves to run without any humans?

Though the worst threat to AI applications are the humans itself. The main focus of developing AI might just be to ease our everyday activities but what happens when these AI applications get into the wrong hand? After all, at the end of the day, these are just robots, and they can be reprogrammed as well. So, a robot that was initially built by the military, to fight for the country could get into the hands of terrorists, and they could make that robot fight against the country. That AI robot, would not just be fighting, he would also know a lot of secrets of the military which could help it defeat the opposition.

Final Word

While there are a lot of assumptions about AI being dangerous, we have to remember that these are just assumptions and not facts. Humans have always been doubtful about new technologies; there was a time when we were also hesitant about cell phones. But, it’s been more than two decades and cell phones are still here. All in all, it’s about how we create Artificial Intelligence and how we keep it under check.

By Ritika Tiwari

Insider Threats and Sensitive Data in the Cloud

Insider Threats and Sensitive Data in the Cloud

The Age of Sensitive Data in the Cloud

A recent survey report conducted by the Cloud Security Alliance (CSA) revealed that cloud security had reached a tipping point: 64.9% of respondents (which included IT security professionals from enterprises across all industries and regions) believed that the cloud was as secure or more secure than their on-premises software. This is a watershed moment given that the single most influential item holding back cloud adoption has been the security concerns surrounding data stored in the cloud. However, in our latest Cloud Adoption & Risk Report, we found an alarming number of sensitive files that employees were storing in the cloud. This speaks both to the growing trust in the security capabilities of cloud service providers as well as potentially careless employees storing inappropriate data in the cloud.

According to a recent Gartner report, “through 2020, 95% of cloud security failures will be the customer’s fault.” The statistics regarding sensitive data stored in the cloud backs up this assessment. Across industries, companies have a responsibility to protect sensitive data from being hacked or accidently exposed. However, in analyzing cloud usage, we discovered that 15.8% of all documents uploaded to cloud-based file sharing applications had sensitive information.

58.4% of the sensitive files were a MS Office file type. 18.8% were adobe pdfs, and the remaining 22.8% were a mixtures of files types ranging from CAD diagrams to Java source code. All told, 29.2% of all files containing sensitive data were Excel files, 16.7% were MS Word files, while another 10.1% were Power Point files.

Q4-2015-CARR-Sensitive-Data-in-Cloud-961

Of the 15.8% of documents that contained sensitive data, 48% were confidential files (including financial records, business plans, source code, trading algorithms, etc). 27% of documents containing sensitive were those that had Personally Identifiable Information (PII such as social security numbers, tax ID numbers, phone numbers, home addresses, etc). 15% of files containing sensitive data were one which are regulated by the Payment Card Industry Data Security Standard (PCI-DSS), while a startling 10% contained data regulated by the Health Insurance Portability and Accountability Act (HIPAA-HITECH). One of the mandates of HIPAA is that if more than 500 individuals’ data gets hacked/leaked, the health care provider is required to inform the individuals as well as the press about the data loss. This can have far reaching impact both in terms of monetary fines as well as long term loss of trust and reputation.

One of the more alarming trends we uncovered was the naming convention of files that are being stored in the cloud. Cybercriminals are always looking for the types of data that can be sold in the darknet. The most valuable type of data is healthcare data, but anything from account credentials to credit numbers are common forms of data on sale in the darknet. It’s clear employees aren’t helping themselves or the organization they work for given the types of names uncovered for files stored in the cloud.

The average enterprise has 1,156 files with the word “password” in the file name. If these files gets breached, the hackers would essentially have the keys to the kingdom. A whopping 7,886 files stored in file sharing services contain the word “budget,” while 2,217 files contain the word “confidential.”

Q4-2015-CARR-Whats-in-a-Name-550

Internal and External Threats

Owing to the large amounts of sensitive data being stored in the cloud, the average organization experienced 19.6 cloud-related security cases each month. These may include anything from insider threats which may be accidental or malicious, privileged user threats, stolen credentials, or attempts to exfiltrate data using the cloud.

Sadly, nearly every company (89.6%) experiences at least one threat caused by an insider each month, which lends credence to the earlier Gartner quote regarding the role the organization itself will play in cloud security breaches. At the same time, 55.6% of organizations become victims of stolen login credentials each month. The average organization is hit by an unauthorized user attempting to exploit a compromised account a total of 5.1 times each month.

Detecting and preventing insider threats

If 95% of cloud security incidents are expected to be caused by an employee within an organization, then protecting data from within becomes one of the most important goals of the IT security team. However, the most difficult part of detecting insider threats is sifting through a sea of false positives to pinpoint an actual insider threat incident. As an analogy, credit card companies must detect suspicious credit card charges accurately or else the end user will be irritated by constantly having to verify their identity with the credit card company every time a “suspicious” transaction takes place. They’re mandated by their customer base to minimize false positives.

The solution that credit card companies have employed is called User Behavior Analytics (UBA), where they use machine learning to build a baseline for what is considered real credit card transactions. For example, they’ve realized that during the holiday seasons around Christmas time, both the amount and the frequency of credit card transactions increase for most individuals, so they use contextual clues to create the baseline normal behavior. The number of data points that is used is vast and can only be correlated using high performing computer algorithms. However, once this baseline has been established, they can accurately pick out fraudulent transactions, much like successfully finding the needle in a haystack.

Chasing false positive insider threats would be a major waste of resources, so IT security teams need to employ the same thing when attempting to detect and thwart insider threats. Every user’s cloud usage should be profiled and a baseline should be established that takes into account the location, device, time of the day, cloud service being used, and anything else visible to the security team in order to accomplish this.

You can find the full CSA report here.

By Sekhar Sarukkai

The FBI’s War On Encryption – Now What?

The FBI’s War On Encryption – Now What?

As of last night, Apple’s San Bernardino troubles are officially over. Yesterday, the FBI announced that it no longer needs Apple’s help in breaking into an iPhone linked to last year’s attacks, thanks to a new method for unlocking the phone submitted by an anonymous outside source. For the first time in weeks, Apple’s lawyers can breathe easy.

But San Bernardino was just one battle in a much larger fight. The FBI’s Going Dark Initiative has been pushing for encryption backdoors since 2014, and they have no intention of stopping now. As soon as last night’s filing came in, the Department of Justice announced its intention to continue challenging devices with strong encryption. “It remains a priority for the government to ensure that law enforcement can obtain crucial digital information to protect national security and public safety,” the department said in a statement. In other words, the fight is still going. The question is just how and where it will play out…

Full Article Source: The Verge

CloudLock Unveils Method For Isolating True Security Threats

CloudLock Unveils Method For Isolating True Security Threats

CloudLock New Method

Q1-16 Cybersecurity Report: The CloudLock CyberLab’s “Cloud Threat Funnel” Methodology Reveals Distinct User Behavior Patterns, Helping Businesses Lock Into Only the Real Threats

WALTHAM, MA–(Marketwired – Mar 28, 2016) – When is a security alert not a real security alert? With hacks and breaches a daily reality for businesses, security teams deal with a barrage of suspicious and anomalous user behaviors and have little time to isolate and focus on the true threats. Today, CloudLock’s security intelligence arm, The CloudLock CyberLab announced its breakthrough discovery that solves this challenge — the “Cloud Threat Funnel.” Following its extensive research of the daily behavior of 10 million users, 1 billion files and 140,000 cloud apps, CloudLock CyberLab detected distinct patterns of user behaviors and developed a new process for isolating truly malicious threats from the noise of other potentially suspicious or unusual behaviors. CloudLock’s findings and methodology are presented in its Q1-16 cloud cybersecurity report published today, “The Cloud Threat Funnel: Suspicious User Behavior That Matters.”

The report reveals that 99.6 percent of users accessed cloud platforms from just one or two countries per week. Establishing this as the norm, the team was then able to isolate the long tail revealing anomalies: 1 in 20,000 users, for example, logged in from six or more countries and, within this group, the CyberLab found some users logging in from as many as 68 different countries in a given week — real needles in the haystack. By applying the Cloud Threat Funnel methodology, the CyberLab was able to correlate these anomalous behaviors with other high-risk suspicious user activities and pinpoint compromised accounts.

How the Cloud Threat Funnel Works

It starts with all user behavior — looking at high-fidelity information from an array of sources. This data set can be enriched with third-party threat intelligence resources and run through anomaly detection algorithms to reduce the likelihood of false positives. The threat funnel then moves into anomalies, recognizing outliers that do not conform to expected patterns, like a sudden burst of activity. Anomalies are then distilled down to high-risk, high-impact suspicious activities, by coupling the results of anomaly detection with custom-defined rules and correlating access to sensitive assets and applications. An adaptive, self-learning model, the threat funnel reduces the number of alerts being generated to improve the signal-to-noise ratio and visibility. Using this approach allows security professionals to focus their efforts on true malicious threats.

Identifying Patterns of High-Risk Behaviors

CloudLock’s research determined the following user behavior patterns that are representative of the signal-to-noise challenge faced by security teams:

  • The activities of top offenders are significantly higher than the average user. Top offenders exhibit up to 227 times more anomalous activities than average users.
  • Only 0.02 percent (1 in 5,000) of all user activities represent suspicious behaviors.
  • Eight percent of all user logins fail or get challenged. Of these, 1.3 percent originate from risky countries.

What Now?

To embrace the Cloud Threat Funnel, organizations need to deploy an adaptive security model that can provide security teams with predictive, preventive, detective and responsive capabilities. Key components of an adaptive security model include threat intelligence, cloud vulnerability insight, cyber research, community intelligence, centralized policies, and contextual analysis. Leveraging these factors in unison will help avoid alert fatigue and improve the precision of identifying threats.

Starting with the highest impact incidents is the key to success. By narrowing the focus on top offenders and user activities that are the most indicative of true threat, security teams can make confident decisions much faster than ever before and avoid costly breaches with little effort.

To download the full report, visit https://go.cloudlock.com/ebook-cloud-threat-funnel-report.html.

About The CloudLock CyberLab

The CloudLock CyberLab is a global team of leading security experts, analysts, penetration testers, incident responders, forensic investigators and security researchers focused on driving unique insight into cybersecurity threats related to the cloud. CloudLock is the only security vendor uniquely combining U.S. and Israeli Military Intelligence with real-time, crowdsourced cloud security insight, continuously monitoring over one billion files daily across more than 10 million users. Security professionals feed into CloudLock’s unique security insight through peer-driven, crowdsourced Community Trust Ratings™. This intelligence allows organizations to immediately respond to emerging cloud cyber threats and risky apps.

About CloudLock

CloudLock is the cloud-native CASB and Cloud Cybersecurity Platform that helps organizations securely leverage cloud apps they buy and build. CloudLock delivers security visibility and control for SaaS, IaaS, PaaS and IDaaS environments across the entire enterprise in seconds. Founded by Israeli Elite Cybersecurity Military Intelligence experts, the company delivers actionable cybersecurity intelligence through its data scientist-led CyberLab and crowdsourced security analytics across billions of data points daily. CloudLock has been recognized by Inc. Magazine as the fastest growing security product company in the U.S. and by Glassdoor as one of the top 3 best places to work in the U.S. Learn more at www.cloudlock.com.

Why Online Marketers Should Be Concerned About Privacy In The Cloud

Why Online Marketers Should Be Concerned About Privacy In The Cloud

Privacy In The Cloud

If you’re an average consumer, your concerns about the Internet Cloud systems should justifiably stem from the threat of the Unknown: is your data private? Is it secure? Do you own it, or does the cloud service provider? Being a marketer, however, means that your concerns will extend far beyond just these commonplace worries. Why? It’s because, as the old adage goes, with great power comes great responsibility.

Let’s take on the issue of cloud potential before delving deeper into this. Today, the cloud has a reach that we couldn’t have foreseen in, say, 2009. The Oslo metro railway system, for instance, relies entirely on cloud-based systems to analyze its conditions. IFTTT buttons send out company notes and emails to persons concerned without any manual initiatives involved in the process.

Marketer Concerns

GoogleDrive, OneDrive, Rackspace hold thousands of sensitive data and information. Banks have secure servers online with the ability to assess risks and withhold user information. Naturally, the cloud is like a giant disaster waiting to happen if used the wrong way. As a marketer, therefore, you might not feel too concerned: until you consider what is in it for you. Most marketers’ concerns should ideally stem FROM the knowledge of the kind and amount of data online, rather than a LACK of it. It’s easy to feel that you don’t need to worry about exploitation of information, sensitive storage and handling, but that’s wrong. Consumers require a safe and protected space, and your task is to give it to them.

What’s the Big Deal about Privacy?

Ten years ago, data privacy would have been no big deal for people. But with the kind of data leaks we’ve seen in the past two-three years: NSA-Snowden, WikiLeaks, Ashley Madison, Target, people are a lot more conscious of their data.

comic-dating-game

Let’s see how the consumer feels about online marketing: if you, as a marketer, require data to market to the right demographic, you may find yourself without potential consumers simply because they don’t trust you enough to upload their data to the cloud. After all, the cloud can sometimes feel like a bit of a black-hole: no consumer ever knows what’s in there, and how much stuff is actually known about them. Naturally, everyone is concerned over protecting their identity, financial and personal information. This can be a huge problem if you’re a marketer: you want to track customers to offer them personalized services, you want to expand your relationship with them and engage them more, but you simply can’t get the info you need for it.

See what we’re getting at? Even IoT (Internet of Things), one of the most innovative new technologies that are totally dependent on the cloud, falls flat on its face if consumers can’t get the kind of security they require.

All kinds of people are now worried

There are several reasons why the cloud is such a big part of our everyday life now. From storage solutions to online backups, from home automation to augmented computation, from finance to grocery purchases, everything depends on the cloud to work. After all, we are too impatient to wait while a server retrieves info, we just want everything quickly, and that’s where the cloud comes in.

Whether you’re a consumer or a marketer, you need remote capabilities, and fast, right? But stop, what happens to the Steam user who stops using Steam because he can’t trust the service to protect his financial and personal info? Then again, what happens if a banker suddenly decides to steal all the account information for his investors, and all their money, just because it was all safely uploaded to the cloud?

True, there are better encryption systems these days, but that does not mitigate the risks in the slightest. In 2015, there were about 411 known breaches of data, on top of the 761 from 2014 which leaked 85.6 million records. As per the Identity Theft Resource Center, 40 of past year’s breaches were in the banking and finance sectors alone: with hacks conducted at Citibank, TD Bank, BB&T, and Virginia Credit Union among some of the sufferers.

data-issues

So if you are, say, a marketer for one of those banks, you would have a tough job convincing people to bank with you online, wouldn’t you?

Ways in which you can fix Privacy Concerns

The good news is that there’s plenty to be done for fixing privacy concerns. To meet the kind of privacy needs required, you should ensure encryption of all data. The easiest way is to choose a storage service provider who uses layered encryption. When seeking information, over-reliance on Facebook and Social Media logins can kill customer trust, so you should make sure you’re not invading into personal territory in an intrusive manner.

After all, asking for information should never be a trap: give your customers a custom-user experience by allowing them a) freedom to refrain from answering, b) information on what you’ll do to their data, c) agency to decide what is best for them, and d) security. As long as you maintain a privacy policy page which clearly states the cloud policies and security methods you’ve taken, making sure that your customers are aware of what they are signing on for, you should have little to worry about.

By Mauricio Prinzlau

What Technology Can Displace The Password?

What Technology Can Displace The Password?

The Future Password

Many people shout that the password is dead or should be killed dead. The password could be killed, however, only when there is an alternative to the password. Let us think about what technology can displace the password.

Some people might say that multi-factor authentications or ID federations will do it. It is not easy, however, to conceive that the password can be displaced by multi-factor schemes for which one of the factors is a password or ID federations which require a reliable password as the master-password.

Some might say “Not using any password altogether is the way to kill the password dead”. Yes, I have to admit, the password could then be killed dead entirely, but it would be criminals rather than us that will be the beneficiaries of such password-free cyber space. In a world where we live without remembered passwords, i.e., where our identity is established without our volitional participation, we would be able to have a safe sleep only when we are alone in a firmly locked room. It would be a Utopia for criminals and a Dystopia for most of us.

shutterstock_379201975

(Image Source: Shutterstock)

Some might say “PIN can”. This observation would, however, only lead us to the entrance to Alice’s Wonderland. If a PIN that is a weak form of numbers-only password could displace the password, a puppy should be able to displace the dog, a kitten the cat, a cub the lion.

Many are saying “Biometrics can”. This observation would lead us to another entrance to Alice’s Wonderland. Biometric solutions used in cyber space need a password (fallback password) registered in case of false rejection. If “something” which has to rely on“the other thing” could displace “the other thing”, your foot should be able to displace your leg for walking. Alice’s Wonderland might receive it, but I have huge difficulties in imagining what it could look like in this 4D Space-Time universe.

There are a lot of people who take it for granted that the password can be displaced by the biometrics operated in cyberspace together with a fallback password. How could such a misconception happen?

Blind Spot in Our Mind

Let us imagine that we are watching two models of smart phones – Model A with Pincode and Model B with Pincode and Fingerprint Scan. Which of the two models do you think is securer?

  • when you hear that Model A is protected by Pincode while Model B is protected by both Pincode and Fingerprints
  • when you hear that Model A can be unlocked by Pincode while Model B can be unlocked by both

Pincode and Fingerprints

  •  when you hear that Model A can be attacked only by Pincode while Model B can be attacked by both Pincode and Fingerprints

Is your observation the same for all the 3 situations?

Eye-Opening Experience

Now let us imagine that there are two houses – (1) with one entrance and (2) with two entrances placed in parallel. Which house is safer against burglars? Every one of us will agree that the answer is plainly (1). Nobody would dare to allege that (2) is safer because it is protected by two entrances. Similarly, the login by a Pincode/password alone is securer than the login by a biometric sensor backed up by a fallback Pincode/password.

Debates over Backdoor between Apple vs FBI

It appears that something crucial is overlooked in the heated debates about the backdoor on smartphones, which is the focus point of the recent events with Apple and the FBI that have drawn a lot of attention worldwide.

data-security

I would like to point out that there already exists a backdoor on many of the latest smartphones, namely, a fingerprint scanner or a set of camera and software for capturing faces, irises and other body features which are easily collected from the unyielding, sleeping, unconscious and dead people.

As the technologies of sensing biometric features advance, so do the technologies of copying and replaying them. None of body temperature, movement, pulse and brainwave can be exceptions. Biometrics could be great technologies for forensic and physical security, but far from valid for identity assurance in cyber space.

Suggestions

As analysed above, the authentication by biometrics in cyber space comes with poorer security than Pincode/password-only authentication in most cases. A false sense of security is often worse than the lack of security. I would like to put forward the suggestions below.

  • The vendors of those smart devices, who are conscious of privacy and security of consumers, could tell the consumers not to turn on the biometric functions.
  • Consumers, who are concerned about their privacy and security, could refrain from activating the biometric backdoors.
  • The deployment of biometric solutions could instead be recommended where consumers can accept “below-one” factor authentication in return for better convenience as the case may be.

By Hitoshi Kokumai

(Visit Hitoshi’s LinkedIn profile for more information and continued discussion on this subject. You can also visit CloudTweaks for future updates from Hitoshi)

FBI Hiring A “Third Party” To Hack Open San Bernardino iPhone?

FBI Hiring A “Third Party” To Hack Open San Bernardino iPhone?

“Third Party” iPhone Hack

Here comes a new twist in the ongoing Apple vs. FBI saga over the iPhone used by one of the shooters in last year’s San Bernardino terror attack. While nothing is confirmed yet, it seems like the FBI may have found a solution to unlock the device without any assistance from Apple engineers, which the company had repeatedly refused to provide in any case.

The US prosecutors on Monday submitted before the court that a “third party”, of which little is known at this point, had offered to help the federal agency with a possible method to hack open the encrypted iPhone used by the San Bernardino terrorist.

On Sunday, March 20, 2016, an outside party demonstrated to the FBI a possible method for unlocking Farook’s iPhone,” the Justice Department’s lawyers briefed the court. “Testing is required to determine whether it is a viable method that will not compromise data on Farook’s iPhone. If the method is viable, it should eliminate the need for the assistance from Apple…set forth in the All Writs Act Order in this case.”

The federal judge hearing the case agreed to the government’s plea to postpone Tuesday’s hearing so as to allow the FBI just enough time to evaluate the new method. The Justice Department will update the court on April 5, as reported by Reuters.

Why This Sudden Change In The Government’s Stand?

Until now, the US government had maintained that it was practically impossible for them to hack open the device in question without any assistance from the Apple engineers who had designed and developed the encryption system in the iPhone.

security-cloud

Apple, however, refused to comply with the FBI’s demands saying that it was an overreach by the government that could lead to disastrous consequences to consumers’ online safety and privacy. In fact, there were reports that Apple encryption engineers were ready to offer mass resignation if the government tried to force them to give into its demands.

Meanwhile, Apple lawyers seemed to have been taken aback by this sudden shift in the government’s stand on the issue. Apparently, they were oblivious to the fact that the government had been exploring other avenues to hack into the phone without Apple’s assistance, the Wired reports.

Interestingly, this has led many to believe that the government was somewhat uncertain about its chances in the legal battle. Meanwhile, there are also those who believe that this could be a part of the government’s larger ambitions of having an encryption backdoor.

Apple won’t be hurt by a ‘third party’ hack

If the government indeed pulls off the much speculated ‘third party’ stint with absolute success,it is still unlikely to hurt Apple’s public image, according to analysts monitoring the development in the Apple vs. FBA case. It will be a matter of serious concern for users’ right to privacy, though, they point out.

However, it won’t be all hunky dory for the fruit themed company either. A third party hack of its encryption system will inevitably shatter the idea that Apple creates ‘unhackable’ software.

By Brent Anderson

The Rise of Fintech and the End of Traditional Banking

The Rise of Fintech and the End of Traditional Banking

The Rise of Fintech

Developments in financial technology, or fintech, are changing the way we make payments, with new products gradually transforming how personal and commercial transactions are processed. The pace of these developments has opened up a whole range of opportunities for fintech start-ups and new players; but the arrival of cutting-edge technology has also presented challenges to traditional banks and the retail sector, which have had to adjust their strategies accordingly. For customers, however, there are two key areas where we can see the impact of fintech – namely, security and the arrival of the “mobile wallet”. In this post, I want to take an in-depth look at these areas and weigh up the challenges and opportunities for retailers.

From the customer’s point of view, fintech has the potential to deliver increased security and improved flexibility. Indeed, the consumer and retail sector has led the early adoption of new payment methods, with digital growth encouraging and facilitating the move towards a “post cash” economy. According to a report published last year, mobile payments grew from an estimated $5bn in 2013 to as much as $16bn in 2015. As customer expectations change and consumers grow used to mobile payments, it is becoming more and more important for retailers to provide an optimized, secure and convenient payment system.

shutterstock_394354936

(Image Source: Shutterstock)

The smartphone is of course one of the main factors behind this innovation. Consumers can now easily make in-store payments and transfer money to friends using their phone. Last month’s launch of Apple Pay in China is a reminder of the scale of the opportunities – even if the company must first overcome resistance from big banks and retailers. This is important because the system requires a digitized version of a credit or debit card to be stored in the “mobile wallet”. At present, transactions are secured using “digital secure remote payment”, with authentication with Apple TouchID authorizing a transaction up to limited amount.

But Apple is just one entrant in a market that is moving rapidly and in different directions, and shifts in consumer expectations are as much an indicator as a driver of change. Pivotal here is the role being played by cloud-based technology, new security measures and the analysis of big data. Cloud- based solutions, for example, have allowed organizations to develop scalable and cost-effective services, with APIs allowing for more intelligent and efficient data management. Providers of online payment systems such as Stripe and PayPal have been working hard to expand and develop their services, as well as competing to get their products embedded into social media channels.

GPS Developments

shutterstock_392845684
(Image Source: dennizn / Shutterstock)

This new technology has prompted some to voice concerns about privacy and information security. In response, traditional banks and start-ups have been investing large sums in the development of new security technology, with biometric security – fingerprints, facial recognition and even iris scanning – now widely available. This is combined with the development of increasingly sophisticated algorithms based on individuals’ spending history. One significant development is the possibility of using GPS to confirm an individual’s location: if an alert is raised by a potentially fraudulent payment, the bank can use the account holder’s smartphone to verify their location. Some customers, however, may still have doubts about the possible implications for privacy.

Big data is another area of real opportunity for banks and for start-ups looking to disrupt the market. Indeed, a bank’s capacity to leverage the possibilities opened up by big data is becoming an increasingly important factor in the competition for customers and clients. This is the reason why banks, and venture capitalists, have started to invest such huge sums in the analysis of financial data. Those banks that can effectively analyze and interpret the vast quantities of financial information will be better able to develop new, client-friendly products that today’s tech-savvy customers want and, perhaps more importantly, deliver a more reliable and cost-effective service. With person-to- person (P2P) mobile payments, for instance, customers can now make payments directly into other accounts with their smartphone.

In light of these developments in fintech, traditional retailers and online businesses need to do several things. To begin with, we need to come up with strategies and payment solutions that account for changing customer expectations by delivering fast, secure and convenient payment across multiple devices. But, perhaps more importantly, we need to find ways of leveraging new technologies and payments infrastructure to remain competitive and ultimately deliver better products and services to our customers.

By George Foot

CloudTweaks Comics
Cloud Infographic – Guide To Small Business Cloud Computing

Cloud Infographic – Guide To Small Business Cloud Computing

Small Business Cloud Computing Trepidation is inherently attached to anything that involves change and especially if it involves new technologies. SMBs are incredibly vulnerable to this fear and rightfully so. The wrong security breach can incapacitate a small startup for good whereas larger enterprises can reboot their operations due to the financial stability of shareholders. Gordon Tan contributed an…

The Future Of Cloud Storage And Sharing…

The Future Of Cloud Storage And Sharing…

Box.net, Amazon Cloud Drive The online (or cloud) storage business has always been a really interesting industry. When we started Box in 2005, it was a somewhat untouchable category of technology, perceived to be a commodity service with low margins and little consumer willingness to pay. All three of these factors remain today, but with…

Will Your Internet of Things Device Testify Against You?

Will Your Internet of Things Device Testify Against You?

Will Your Internet of Things Device Testify Imagine this:  Your wearable device is subpoenaed to testify against you.  You were driving when you were over the legal alcohol limit and data from a smart Breathalyzer device is used against you. Some might argue that such a use case could potentially safeguard society. However, it poses…

M2M, IoT and Wearable Technology: Where To Next?

M2M, IoT and Wearable Technology: Where To Next?

M2M, IoT and Wearable Technology Profiling 600 companies and including 553 supporting tables and figures, recent reports into the M2M, IoT and Wearable Technology ecosystems forecast opportunities, challenges, strategies, and industry verticals for the sectors from 2015 to 2030. With many service providers looking for new ways to fit wearable technology with their M2M offerings…

Driving Success: 6 Key Metrics For Every Recurring Revenue Business

Driving Success: 6 Key Metrics For Every Recurring Revenue Business

Recurring Revenue Business Metrics Recurring revenue is the secret sauce behind the explosive growth of powerhouses like Netflix and Uber. Unsurprisingly, recurring revenue is also quickly gaining ground in more traditional industries like healthcare and the automotive business. In fact, nearly half of U.S. businesses have adopted or are planning to adopt a recurring revenue model,…

Cloud Infographic – Cloud Computing And SMEs

Cloud Infographic – Cloud Computing And SMEs

Cloud Computing And SMEs SMEs (Small/Medium Sized Enterprises) make up the bulk of businesses today. Most cloud based applications created today are geared toward the SME market. Accounting, Storage, Backup services are just a few of them. According to the European Commission, cloud based technology could help 80% of organisations reduce costs by 10-20%. This infographic provided…

5 Surprising Ways Cloud Computing Is Changing Education

5 Surprising Ways Cloud Computing Is Changing Education

Cloud Computing Education The benefits of cloud computing are being recognized in businesses and institutions across the board, with almost 90 percent of organizations currently using some kind of cloud-based application. The immediate benefits of cloud computing are obvious: cloud-based applications reduce infrastructure and IT costs, increase accessibility, enable collaboration, and allow organizations more flexibility…

15 Cloud Data Performance Monitoring Companies

15 Cloud Data Performance Monitoring Companies

Cloud Data Performance Monitoring Companies (Updated: Originally Published Feb 9th, 2015) We have decided to put together a small list of some of our favorite cloud performance monitoring services. In this day and age it is extremely important to stay on top of critical issues as they arise. These services will accompany you in monitoring…

Infographic: The Evolving Internet of Things

Infographic: The Evolving Internet of Things

Evolving Internet of Things  The Internet of Things, or IoT, a term devised in 1999 by British entrepreneur Kevin Ashton, represents the connection of physical devices, systems and services via the internet, and Gartner and Lucas Blake’s new infographic (below) explores the evolution of the IoT industry, investigating its potential impact across just about every…

Cloud-Based or On-Premise ERP Deployment? Find Out

Cloud-Based or On-Premise ERP Deployment? Find Out

ERP Deployment You know how ERP deployment can improve processes within your supply chain, and the things to keep in mind when implementing an ERP system. But do you know if cloud-based or on-premise ERP deployment is better for your company or industry? While cloud computing is becoming more and more popular, it is worth…

Cloud Security Risks: The Top 8 According To ENISA

Cloud Security Risks: The Top 8 According To ENISA

Cloud Security Risks Does cloud security risks ever bother you? It would be weird if it didn’t. Cloud computing has a lot of benefits, but also a lot of risks if done in the wrong way. So what are the most important risks? The European Network Information Security Agency did extensive research on that, and…

Is Machine Learning Making Your Data Scientists Obsolete?

Is Machine Learning Making Your Data Scientists Obsolete?

Machine Learning and Data Scientists In a recent study, almost all the businesses surveyed stated that big data analytics were fundamental to their business strategies. Although the field of computer and information research scientists is growing faster than any other occupation, the increasing applicability of data science across business sectors is leading to an exponential…

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

Why Businesses Need Hybrid Solutions Running a cloud server is no longer the novel trend it once was. Now, the cloud is a necessary data tier that allows employees to access vital company data and maintain productivity from anywhere in the world. But it isn’t a perfect system — security and performance issues can quickly…

The Cancer Moonshot: Collaboration Is Key

The Cancer Moonshot: Collaboration Is Key

Cancer Moonshot In his final State of the Union address in January 2016, President Obama announced a new American “moonshot” effort: finding a cure for cancer. The term “moonshot” comes from one of America’s greatest achievements, the moon landing. If the scientific community can achieve that kind of feat, then surely it can rally around…

Achieving Network Security In The IoT

Achieving Network Security In The IoT

Security In The IoT The network security market is experiencing a pressing and transformative change, especially around access control and orchestration. Although it has been mature for decades, the network security market had to transform rapidly with the advent of the BYOD trend and emergence of the cloud, which swept enterprises a few years ago.…

Using Cloud Technology In The Education Industry

Using Cloud Technology In The Education Industry

Education Tech and the Cloud Arguably one of society’s most important functions, teaching can still seem antiquated at times. Many schools still function similarly to how they did five or 10 years ago, which is surprising considering the amount of technical innovation we’ve seen in the past decade. Education is an industry ripe for innovation…

Maintaining Network Performance And Security In Hybrid Cloud Environments

Maintaining Network Performance And Security In Hybrid Cloud Environments

Hybrid Cloud Environments After several years of steady cloud adoption in the enterprise, an interesting trend has emerged: More companies are retaining their existing, on-premise IT infrastructures while also embracing the latest cloud technologies. In fact, IDC predicts markets for such hybrid cloud environments will grow from the over $25 billion global market we saw…

Cost of the Cloud: Is It Really Worth It?

Cost of the Cloud: Is It Really Worth It?

Cost of the Cloud Cloud computing is more than just another storage tier. Imagine if you’re able to scale up 10x just to handle seasonal volumes or rely on a true disaster-recovery solution without upfront capital. Although the pay-as-you-go pricing model of cloud computing makes it a noticeable expense, it’s the only solution for many…

Don’t Be Intimidated By Data Governance

Don’t Be Intimidated By Data Governance

Data Governance Data governance, the understanding of the raw data of an organization is an area IT departments have historically viewed as a lose-lose proposition. Not doing anything means organizations run the risk of data loss, data breaches and data anarchy – no control, no oversight – the Wild West with IT is just hoping…