Cathal McGloin, CEO of ServisBOT
Traditional banks are under pressure from increasing regulation and challenger banks. This has led to a sharper focus on unit economics and the increasing application of artificial intelligence and automation technologies that lower service costs while still meeting customers’ needs.
Chatbots: The new voice of banking has arrived
To maintain customer service levels while reducing service costs, an army of chatbots are offering game-changing opportunities for financial institutions to transform how they engage with customers across all touch points in their financial interactions. Whether it’s a request to provide a customer with the balance on their account or activate a newly-issued credit card; acquiring new customers by bringing them through a smooth application and approval process, or promoting new banking products and loyalty programs, chatbots can handle a multitude of customer interactions.
New channels of communication, enabled by social messaging platforms, voice-activated assistants, and mobile devices, have created new and exciting possibilities that are increasingly centered on conversations. Powered by Natural Language Processing (NLP) and artificial intelligence (AI) technology, automated customer interactions now enable human-like chat and fluid conversations.
For the consumer, smart chatbots bring greater convenience, lower friction, and increased accessibility for their banking needs. For banks and other financial service providers, it brings a new wave of innovation centered around customer conversations. Now, financial institutions can literally have a voice and deliver their services to customers in more convenient and automated ways, across multiple touchpoints and communication channels.
Chatbots: evolving toward conversational AI
Intelligent banking chatbots can interpret customer intent, understand exactly what they want, elicit any additional information needed, and execute the necessary tasks, all in a single seamless chat. Rather than limiting customers to pre-defined banking processes, departmental siloes, structured forms and menus, cluttered websites, and contact centre availability, a single automated conversation can trigger the tasks that are needed to fulfill the customer’s need. This is what is commonly termed as Conversational AI.
Banking bots help streamline and automate customer-facing processes, lowering the cost of service delivery. Take, for example the simple task of authorising and activating a customer’s newly-issued credit card. A chatbot could be used to replace the call to the contact centre, getting the card activated quickly and easily and without the need for human agent intervention.
In addition to using bots simply to further automate specific tasks and make them available 24/7, there are far-reaching opportunities to use conversational AI to transform customer engagement across the banking organisation. By allowing the automated conversation flow to call on different business processes, the customer can move across various service channels to fulfill their financial service needs.
For example, a customer may request their bank balance by voice over Siri, or Amazon Alexa. The account bot can move the conversation to the customer’s preferred messaging channel, sending them their statement balance. This chat could then call on other bots to send a reminder on the upcoming credit card payment, promote a new product or offer, or to ask the customer if they have any other banking need.
Since conversations are more fluid and less structured they lend themselves to more versatile engagement. They also remove a lot of the friction that frustrates customers when they are trying to complete multiple tasks by enabling this in a single conversational session.
A new way of working
Speaking in a recent television interview, Monzo CEO, Tom Blomfield, reported that, while traditional banks are investing £150 per customer per year to maintain each customer account, his challenger bank can service an account for a tenth of that.
Using a range of customer interaction channels has been key to this cost reduction. Monzo uses a combination of in-app chat, social media, browser-based FAQs and traditional call centre agents, to help customers to find answers in the most customer-friendly and cost-efficient way.
Writing in Monzo’s annual report, Blomfield wrote, “We’ve also been able to make savings by helping our customer support team become more efficient. Together, this has helped us lower the cost per account to around £15.
About £10 of this cost goes towards providing fast, friendly support: the team who speak to our customers and solve their problems every day, in-app, over the phone and on social media. We see that £10 as an investment that lets us provide an effective, delightful service that’s reflected in a Net Promoter Score of almost +80.”
With banks under increasing pressure from new and agile competitors and a more demanding and tech-savvy generation of banking customers, creating superior experiences is a must. Chat, combined with the power of AI, is the key.
Chatbots: go beyond the contact centre
There are multiple ways in which chatbots can transform customer-facing interactions in the banking industry. They can be used to automate tasks to assist with most customers’ financial service interactions. However, chatbots can be extended beyond contact centres to encompass any other operational area involving customer interaction.
Within financial operations, any process that is customer-facing, whether approving a customer for a credit card, fraud prevention, or credit management, are all potential use cases for bots. JPMorgan Chase uses chatbots to streamline back-office operations. Its contract intelligence software, COIN, scans commercial agreements and has saved more than 360,000 hours of employee time. The chatbot also assists employees with regular IT requests such as resetting passwords.
For credit card providers, collections management is an important operational issue to reduce the number of delinquent accounts and bad debts that impact cash flow. However, connecting with customers often proves difficult when arranging collections. This situation is exacerbated by reduced engagement levels via phone.
A collections bot can proactively contact late payers at convenient times via messaging, which has measurably higher engagement rates. The bot can make it easy for customers to make a payment within a single chat session and can guide the customer to enrol in payment programmes, such as autopay or prepaid cards. A collections bot can also take the necessary actions to reduce a credit limit or suspend the card and can send multiple reminders to ensure that payment is made, without increasing service costs to the credit card provider.
Banking chatbot use cases, both inbound and outbound, can be tailored to customer segments, by geography, and by operational department. Conversational AI can transform how banks engage with customers, not just in single siloed transactions but in more fluid and flexible ways that can make banks more competitive and build their brand identity.
Chatbots: a banking ambassador for customer loyalty
From the early days of print and telephone to the emergence of the internet and online banking, financial institutions have engaged with their customers using a range of communication channels. Conversational AI represents one of the biggest shifts in user interfaces since the introduction of the ATM forty years ago.
To meet the needs of millennial customers, banks need to up the ante on convenience, trust, and personalization, applying the latest technology to attract and retain this growing customer segment. Wells Fargo uses a chatbot to allow customers to check their latest transactions over Facebook Messenger. Using technology to pre-empt questions, Monzo reduced the number of customers that needed to get in touch with its contact centre by 33 per centin three months.
Voice-activated interfaces including Siri, Echo, Cortana and Google Home and message-based interfaces such as SMS, Facebook Messenger and WhatsApp, are increasingly shaping how banks engage with these customers and create brand loyalty through smart conversations. By keeping the conversation flowing, AI can help banks maintain the vital balance of keeping customers happy while managing costs.”
PCI DSS Compliance in the Cloud – Everything you should know
PCI DSS 4.0 is the latest and updated version of PCI DSS that was introduced on March 31st, 2022. This updated standard is set to go effective 2 years from now in 2025. PCI DSS is an international payment security standard established to ensure the secure processing of payment cards online. While the security standard is not a mandate, yet it is seen as an industry best practice that should be adopted by every organization and services provider dealing with payment card data. Any organization storing, processing, and transmitting card data must comply with PCI DSS Compliance. By this, we mean any Service Providers including those offering Cloud Service are required to comply with the payment standard. In fact, the PCI Council clearly states that Cloud security is a shared responsibility between the Cloud Service Provider and its clients.
So, while Merchants need to ensure PCI DSS Compliance, Cloud Service providers also need to ensure the security of card data and accordingly meet the PCI compliance requirements. But when we talk about compliance we need to now keep in mind that the requirements have to be met as per the evolved PCI DSS 4.0 version. Although the fundamentals of PCI DSS still remain the same yet the PCI Council has evolved the standard with additional requirements and stringent security requirements. Elaborating on this, we have today explained how PCI Compliance impacts Cloud Service Providers, the technical and operational requirements they need to meet, and key considerations for them to ensure compliance.
PCI DSS Compliance for Cloud Service Providers
In the payment card industry security and privacy of card data is a major concern, especially when the services are outsourced. There is a very common misconception that prevails concerning PCI DSS Compliance. While some believe PCI DSS Compliance is for Merchants to comply with, some say it is the Cloud Service Providers who need to comply with the payment security standard. But in reality, data security and PCI DSS Compliance is a shared responsibility between both Merchants & Cloud Service Providers.
For these reasons, it is important that all the security-related roles and responsibilities are well-defined between both parties. This should further be documented to ensure accountability. However, it is also important to understand that the responsibility defined should be based on the type of Cloud Service Model which could be Infrastructure as a Service Provider (IaaS), Software as a Service Provider (SaaS), and Platform as a Service Provider (PaaS). Depending on the level of control over the Cloud Infrastructure, the responsibilities concerning PCI DSS Compliance can be defined between Merchants and Service Providers. Besides, PCI Compliance clearly mandates sharing of responsibilities among both Merchants and Service Providers where ever applicable.
If the payment card data is stored, processed, or transmitted in the cloud environment, PCI DSS automatically applies to that environment and will require validation of the Merchants and Cloud Service Provider’s access to the environment. The allocation of responsibility between the Merchant and Cloud Service Provider does not exempt either from their responsibility to secure data as per PCI DSS requirements. For this, clear policies, procedures, and processes must be defined and agreed upon between the Merchant and Cloud Service Providers. This should include defining all the security control requirements, roles, and responsibilities for operation, management, and reporting as per the PCI Requirement.
How Responsibilities can be shared based on the Cloud Model?
PCI DSS 3.2.1v which is now the older version of PCI DSS, had the responsibilities clearly defined among the merchants and the third-parties involved as outlined in the below table. While this can still be applicable in a given scenario, yet it is also important to note that this may now not be the only approach towards implementing the shared responsibilities. Since the PCI Council has now introduced customized approach along with the option of the traditional defined approach, in the PCI DSS 4.0, the responsibilities between the Merchants and Service Providers may vary accordingly, based on the contracts, agreements and NDAs defined and signed between both the parties. So, in that sense the application of the table may change accordingly.
|PCI DSS Requirements||Responsibility Assignment of Management of Controls|
|1 Install and maintain a firewall configuration to protect cardholder data||Both||Both||CSP|
|2 Do not use vendor-supplied defaults for system passwords and other security parameters||Both||Both||CSP|
|3. Protect stored cardholder data||Both||Both||CSP|
|4. Encrypt transmission of cardholder data across open, public networks||Client||Both||CSP|
|5. Use and regularly update anti-virus software or programs||Client||Both||CSP|
|6. Develop and maintain secure systems and applications||Both||Both||Both|
|7. Restrict access to cardholder data by businesses need to know||Both||Both||Both|
|8. Assign a unique ID to each person with computer access||Both||Both||Both|
|9. Restrict physical access to cardholder data||CSP||CSP||CSP|
|10. Track and monitor all access to network resources and cardholder data||Both||Both||CSP|
|11. Regularly test security systems and processes||Both||Both||CSP|
|12. Maintain a policy that addresses information security for all personnel||Both||Both||Both|
|PCI DSS Appendix A: Additional PCI DSS Requirements for Shared Hosting Providers||CSP||CSP||CSP|
Source: PCI Council
PCI DSS Compliance Requirements in Cloud
PCI DSS Compliance comprises 12 requirements that Merchants and Service Providers need to comply with. The standard applies to anyone who stores or processes cardholder data. This extends the applicability to even the third-party service providers including the Cloud Service Providers. So, now with the advent of PCI DSS 4.0, there are security controls and compliance requirements that have evolved in terms of introducing additional requirements, making certain security controls stringent, and having brought in flexibility in terms of allowance to adopt a customized approach to payment security. All of these evolved requirements should now be taken into consideration in the Cloud environment. So, elaborating on it we have shared the PCI Requirements specific to Cloud.
Build and Maintain a Secure Network and Systems
The payment systems and network need to be secured against unauthorized access by malicious
Individuals. This is to protect sensitive cardholder data and sensitive authentication data from any
Breach, theft, or comprise of the data.
Requirement 1: Install and Maintain Network Security Controls
Network Security Controls (NSCs), are security control technologies that help manage network traffic between physical network segments, based on pre-defined policies or rules. Network Security Controls like Firewalls that are generally an integral part of network security work as a front-end defense for protecting cardholder data. Deploying firewalls across all systems and networks within the card environment ensures protection against unauthorized access from an untrusted source, filtering the traffic entering (ingress) and leaving (egress) the network. Traditionally this functionality was provided by physical firewalls, but now it can be provided by virtual devices, cloud access controls, virtualization/container systems, and other software-defined networking technology as well. So, Cloud Service Providers are expected to implement adequate Network Security Controls to secure data and limit network access to and from the cardholder data environment across any computer network (public and private networks).
Requirement 2: Apply Secure Configurations to All Systems and Components
Using vendor-supplied defaults system passwords can be a huge threat to the systems in
Cardholder Data Environment. This is because defaults passwords are easy to hack and at times even available on public domains. So using default password settings and other security parameters will mean leaving the doors open for hackers to hack into systems. Generally, organizations verify and access cloud resources manually for identifying and validating cloud misconfigurations, default settings, and other security vulnerabilities. However, it is recommended that organizations implement measures with a practical approach and use advanced tools and software to check defaults configured and validate cloud security. Applying secure configurations to system components reduces the possibility of compromise by an attacker to systems. Changing default passwords, removing unnecessary software, functions, and accounts, and disabling or removing unnecessary services all help to reduce the potential attack surface.
Protect Account Data
Protecting account data is an important requirement in PCI DSS and both Merchants and Service
Providers are expected to meet this requirement. Cloud Service Providers must implement measures to ensure the prevention of unauthorized access to sensitive payment data or cardholder data. Protecting account data does not just mean ensuring the prevention of unauthorized access but also preventing data compromise.
Requirement 3: Protect Stored Account Data
Protection of stored account data is an essential requirement in PCI DSS and one way to ensure this is by limiting the storage of the data in the environment and limiting the retention period. Organizations are expected to follow a key rule which is not to store card data that is not needed or required for business. PCI DSS requires Cloud Service Providers to implement appropriate security measures that ensure the account data stored in the environment is safe. Further, the organization needs to ensure secure configuration and management of passwords, and encryption keys that are deployed to secure data. Cloud Service Providers are expected to implement security measures such as encryption, truncation, masking, and hashing that are critical components of account data protection.
Requirement 4: Protect Cardholder Data with Strong Cryptography During Transmission Over Open, Public Network Maintain a Vulnerability Management Program
Cryptography is the key to ensuring the data confidentiality, integrity, and security. So, encryption is one way of protecting cardholder data when in transit. PCI DSS requires Cloud Service Providers to encrypt data that is processed and in transit to prevent hackers from intercepting and accessing card data sent over open networks. For these reasons, organizations are expected to render the card data unreadable. Implementing strong encryption protocols such as TLS 1.2, SFTP, or IPSec as per PCI DSS becomes a mandate as per requirements. Further, the organization must maintain an inventory of the entity’s trusted keys and certificates used to protect PAN during transmission.
Requirement 5: Protect All Systems and Networks from Malicious Software
Malware can damage the system and compromise the confidentiality, integrity, or availability of the data, applications, or operating system. Malware can enter the network through the use of the Internet (public & private network), computer and mobile devices, and storage devices, resulting in unauthorized access, data theft, and compromise of data. So, it is recommended that organizations including the Cloud Service Providers use anti-malware solutions to address all the issues of malware and protect systems from current and evolving malware threats. Further, there must be measures in place to perform periodic scans to detect such malware.
Requirement 6: Develop and Maintain Secure Systems and Software
The applicability of PCI DSS requirements may vary from organization to organization and the types of cloud services offered. This simply means when using a managed service, the cloud user does not have any responsibilities in ensuring that the provider’s systems are secure. But in an IaaS and PaaS model, the merchants need to ensure that their Cloud Service Providers are tested for vulnerabilities in systems, apply security updates, and adopt secure development practices. PCI DSS requires verification of all code developed for public web applications, and implementation of a web application firewall (WAF) on all cloud resources that comprise or deal with sensitive cardholder data. Further appropriate software patches must be implemented, evaluated, and further tested sufficiently to ensure they do conflict with existing security configurations. Applying Software Lifecycle (SLC) Processes and Secure Coding techniques is crucial.
Implement Strong Access Control Measures
Ineffective access controls can result in unauthorized access to data and result in a data breach. So organizations must implement strong access controls with access rights granted on a need-to-know basis and ensure the least privilege based on job classification and function.
Requirement 7: Restrict Access to System Components & Cardholder Data by Business Need-to-Know
Access to cardholder data should be limited to only authorized individuals based on their roles and responsibilities. For this, merchants and service providers need to clearly define and document their roles and responsibilities. Access should be then accordingly granted based on a need-to-know basis to ensure the data is accessed by only authorized personnel. Higher number of access granted will inversely increase the risk exposure and chances of a data breach in the card environment. So access granted with the least privilege should be based on job classification and function. Further, all user accounts and related access privileges, including third-party/vendor must be reviewed every 6 months and documented to ensure user accounts and access remain appropriate based on job function.
Requirement 8: Identify Users and Authenticate Access to System Components
PCI DSS 4.0 requires measures specific to identifying and authenticating user access to sensitive systems and data. This requires the implementation of Multifactor Authentication to secure access to systems components and to prevent misuse of data access. There is also a need for assigning unique user IDs to every individual having access to the data and CDE including the third-party Cloud Service Providers. Individuals accessing system components should be assigned a unique ID to ensure that the activities around the data are only performed by authorized users. Further, this ensures easy tracking and monitoring of activities in the environment and also ensures accountability on the part of the Cloud Service Providers having access to the card data. For this, merchants need to develop a secure password policy and share the same with Cloud Service Providers to ensure they are aware of the same and meet the requirements of the policy. The Unique IDs for users and administrators should be managed throughout an account’s lifecycle.
Regularly Monitor Access to Networks and Data
Malicious Individuals can exploit vulnerabilities and loopholes in systems and networks connected with payment card applications and comprising cardholder data. So both Merchants and Service Providers must regularly monitor access networks to identify and remediate vulnerabilities. Tracking and monitoring access to cardholders can be achieved through logs.
Requirement 10: Log and Monitor All Access to Systems Component and Cardholder Data
Tracking and monitoring all access to system components and cardholder data must be achieved by maintaining a log. The process of logging is crucial for effective vulnerability management. The process facilitates thorough tracking, monitoring, and analysis of network and card data access especially when an incident occurs. If not it is extremely difficult to find the cause of the data breach in the card environment. The audit logs and monitoring process supports the detection and identifying anomalies and suspicious activities including forensic analysis of incidents and events. Further, these logs prevent destruction and unauthorized modifications of data. For these reasons, having Google Cloud logging metrics and alerts is essential for monitoring and tracking to meet the PCI DSS Requirement 10.
Requirement 11: Test Security of Systems and Networks Regularly
Organizations are expected to regularly perform security tests on systems and networks to identify vulnerabilities. For instance, all wireless access points need to be regularly tracked and monitored to identify vulnerabilities and unauthorized access points. So, with regular systems and network tests performed the network intrusions, unauthorized changes, and unexpected file changes can be immediately detected and addressed. For this, tests such as the Vulnerability Test and Penetration Tests must be regularly performed to identify exploitable vulnerabilities and security weaknesses. It is also important that the Cloud Service Providers ensure segmentation of CDE from other networks to ensure complete isolation and segregation of network comprising, transmitting sensitive data.
Source: PCI Council
Key PCI DSS Considerations to account for in Cloud
PCI Council in its Guidelines for Cloud has clearly outlined certain considerations that must be thought through for ensuring PCI DSS Compliance. Given below are the key considerations explained.
Merchants looking to collaborate with Cloud Service Providers must understand the security impact of this consideration on the cardholder data environment. Depending on the cloud deployment type, for instance, in private-cloud deployment, the organization can implement adequate segmentation to isolate in-scope systems from other systems and services or consider the entire cloud in scope for PCI DSS. Whereas in the public cloud, the Merchants and the Cloud Service Provider will need to work together to define scope boundaries and the roles and responsibilities towards data security as both parties will have their systems and services within the scope of PCI DSS.
Merchants availing Cloud Services need to ensure that using the public or shared cloud will require adequate isolation of the environment from the rest. Further isolation or segmentation of the environment may also be required at the Merchants CDE from other non-CDE components as well to reduce its PCI DSS scope. The segmentation and isolation are required to be maintained at the network, operating system, application layers, and most importantly isolation of data stored. In a hybrid environment, the responsibility for segmentation is shared by the Cloud Service Provider and the Merchant. It is the Merchants responsibility to ensure that the device, application, or peering transit networks connecting to the Cloud Service Provider is secure. Further, the Merchants must ensure isolation is maintained on their side of the CDE and by the Cloud Service Provider at all times. For this, Merchants should conduct Penetration tests annually or after significant changes are introduced in the environment to ensure compliance (Requirement 11.4.5)
Understanding PCI DSS Responsibilities
Merchants will have to work with their Cloud Service Providers to define the roles and responsibilities in protecting card data. The responsibilities between Merchants and the Cloud Service Provider for meeting PCI DSS are based on various factors including the purpose of using the cloud service, the scope of PCI DSS outsourced to the Cloud Service Provider, services and system components that fall within the scope, Cloud service model opted by Merchant’s avail (IaaS, PaaS or SaaS) are some factors to be considered carefully. Merchants need to know and understand the scope of responsibility given and accepted by the Cloud Service Provider for each PCI DSS requirement, and the services and system components to be validated for each PCI requirement. The roles and responsibilities need to be clearly defined to ensure both Merchants and Cloud Service Providers meet the requirements respectively without considering it to not be in their scope.
PCI DSS Responsibilities for Different Cloud Service Categories
PCI DSS Requirements are shared responsibilities between Merchants and Cloud Service Providers. Depending on the Cloud Service Model availed the responsibilities may either be shared or remain to be one’s individual responsibility. For most of the outsourced operations, Merchants will need to ensure maintaining and verifying the PCI DSS requirements are met and the Cloud Service Providers based on their roles and responsibility maintain and verify the requirement for its customers (Merchants). While certain aspects of the service functionality will be clear to the scope and define boundaries, there may be certain aspects that may result in an overlap of responsibilities. This needs to be clearly defined in the contract between the Merchant and Cloud Service Provider. So while it may be the responsibility of the Cloud Service Provider to meet certain requirements it is still the responsibility of the Merchants to monitor and ensure that the Service Provider meets the requirements and ensure ongoing compliance with all the applicable requirements. There must be records of the same verifying security controls are in place and there is ongoing compliance with PCI DSS. Merchants need to constantly ensure and validate their compliance in accordance with PCI DSS and the payment brand.
Source: PCI Council
Understanding the key requirements and considerations for PCI DSS in Cloud is crucial. Moreover, clearly defining roles and responsibilities and being aware of their own responsibility is essential for both Merchants and their Cloud Service Providers to meet PCI DSS Requirements and ensure compliance.
Narendra Sahoo (PCI QSA, PCI QPA, CISSP, CISA, and CRISC) is the Founder and Director of VISTA InfoSec, a global Information Security Consulting firm based in the United States, Singapore, UAE & India.
The power of diversity: The need for female role models in FinTech
By Isavella Frangou, VP of Sales and Marketing, payabl.
As our world is constantly evolving, it’s easy to believe we have made great progress when it comes to women in business, but have you ever heard the saying ‘You can’t be what you can’t see’? Unfortunately, that remains true in FinTech. Only 5.6% of all FinTech CEOs globally are women.
While a significant amount of people are under the impression that gender bias is gone, I would argue that it most definitely is not. With less than four percent of women holding the title of chief innovation or technology officer, I think it is fair to say that issues of gender diversity within the FinTech industry are still very much present.
Being a female leader, in a male-dominated industry, I’m proud to work with inspiring women – at payabl. the team is 65% female, with 60% of the management team made up of talented female business leaders. I am passionate about encouraging women into the industry that I love, to change it for the better.
The business case
Did you know that diverse companies enjoy 2.3 times higher cash flow per employee, and diverse management has shown to increase revenue by 19 percent? At payabl., we believe to build an inclusive workplace, both female and male leadership is needed to encourage creative thinking and expertise. We do not only embrace diversity; we value and celebrate it.
Failing to include women can potentially affect product development if there’s no female voice or perspective in the room or make you a less attractive prospective employer. Think about it, if your team is all-male, you’ve already excluded half the population, and with it, half your potential market.
It’s not just about the bottom line. Research also shows that diverse teams create more innovative solutions. The FinTech industry is booming and with so much competition and opportunity, innovation is business-critical for surviving.
A diverse workforce that celebrates differences, fosters teamwork and productivity, will unearth new perspectives, creative ideas, different ways of thinking and unique approaches to problem-solving. I advocate for more women in FinTech because I believe it is a competitive advantage to innovation.
Invaluable leadership skills
Women bring unique talents to the table, valuable to any organisation. Playing a variety of roles in society, women have long been the backbone of nations’ economic success. It’s fair to say we wear many different hats on a daily basis. Each hat requires something different from us, whether that’s running a household and looking after children or running a global business. All of these hats require us to be excellent problem solvers, have fantastic people skills and multi-task, qualities which I believe are invaluable in a leader.
Leadership and communication go hand in hand. Communication is undoubtedly the most critical skill found in a successful leader. If asked about women’s top skills, I’m sure many would mention communication. Women leaders who communicate effectively tend to provide their employees with useful guidance, ask questions, and seek feedback. In fact, the top three communication skills for women are reading body language, listening and displaying empathy. Communicating and delegating are key factors in creating a work-life balance and effective workload distribution. Being transparent in communication also helps reduce the risk of misunderstandings and confusion.
I genuinely believe that our gender-diverse leadership team is one of the biggest contributors to making payabl. more profitable, productive, and an overall better place to work. Turning enhanced productivity and staff morale into customer benefits, I’m proud to be part of a company that genuinely values female leadership while inspiring female leadership and change across the globe.
Many women tend to underestimate their abilities and qualifications, making us overlook leadership role opportunities. My advice for fellow women looking to enter the FinTech industry is to believe in yourself and your unique insights. Join a team that embraces diversity instead of fearing it, where your knowledge and experience will not be underestimated.
Despite plenty of talented women working in the industry, it’s only in recent years that more of them are starting to be recognised for what they do. Unfortunately, however, the financial sector, and by extension, the FinTech business is still something of a boys club.
I believe being a great female leader isn’t about leading like a man. Instead, it starts by embracing your own potential and qualifications and claiming your space in the industry.
Rivery Raises $30M B Round of Venture Funding from Tiger Global
With data needs growing and data talent scarcity, there is huge demand for Rivery’s 100% SaaS solution to create an...
Wealth Managers and the Future of Trust: Insights from CFA Institute’s 2022 Investor Trust Study
Author: Rhodri Preece, CFA, Senior Head of Research, CFA Institute Corporate responsibility is more important than ever. Today, many...
Q&A with Andréa Jacquemin, founder and CEO of Beamy
Beamy is a fast-growing scale-up that focuses on pioneering a new approach to SaaS management for large companies. Founded in...
How to reignite your store with streamlined operations and a distinctive customer experience
Colin Neil, MD, Adyen UK Retailers know that prioritising customer experience is vital to success today. This, amongst the...
5 tips to ensure CSR efforts come across as genuine
By Mick Clark, Managing Director, WePack Ltd Corporate social responsibility – or CSR – is playing an increasingly pivotal role...
How to Build Your Credit Up Safely
by Taylor McKnight, Author for Compare Credit What Is Credit? Credit is money owed by a person that allows...
PCI DSS Compliance in the Cloud – Everything you should know
Introduction PCI DSS 4.0 is the latest and updated version of PCI DSS that was introduced on March 31st, 2022....
2022 ESG Investment Trends
Jay Mukhey, Senior Director, ESG at Finastra Environmental, Social and Governance (ESG) themes have been front and center throughout...
PROTECT THE VALUE OF YOUR SAVINGS AND AVOID RISING INFLATION PRESSURE
Planning for the next financial year? Former Bank Manager and successful whisky investor, Roger Parfitt, tells us why cask ownership is...
UK Organisations turn to artificial intelligence to fight sophisticated cyberattacks
New research by cybersecurity expert Mimecast finds that email attacks are becoming more frequent and sophisticated More and more companies...
The power of diversity: The need for female role models in FinTech
By Isavella Frangou, VP of Sales and Marketing, payabl. As our world is constantly evolving, it’s easy to believe...
Securing BNPL Platforms for Merchants
By: James Hunt, Payments SME at Feedzai The buy now, pay later (BNPL) market has boomed because it offers...
Addressing the talent gap within cybersecurity
By Merlin Piscitelli, Chief Revenue Officer, EMEA at Datasite Rising geopolitical tensions and increasingly sophisticated cyberwarfare tactics have meant...
Biometric payment card FAQs with Michel Roig, Fingerprints’ President of Payments & Access
We sat down with Michel Roig to answer your frequently asked questions regarding biometric payment cards – their benefits, current...
Opportunities for UK Challenger Banks to address AML Compliance
Author: Gabriel Hopkins, Chief Product Officer, Ripjar UK challenger banks have revolutionised the banking sector with innovative products and...
HOW GOING DIGITAL COULD HELP CHARITIES OVERCOME THE CHALLENGES OF INFLATION
By Shaf Mansour, not for profit solutions specialist at The Access Group. The topic of inflation and its impact...
How to manage transformational change successfully
Adrian Odds, Marketing and Innovation Director, CDS 2020 accelerated change in the business landscape significantly. Many were already considering –...
Why the pandemic has put the pressure back on fintechs
Ben Walker, Partner & CTO, Airwalk Traditionally, the only genuine threats to the incumbent banking giants were macroeconomic instability and...
Neobank Fi launches new feature ‘Connected Accounts’ allowing users to sync multiple bank accounts on a single app.
Neobanking app Fi launched its ‘Connected Accounts’ feature to become one of the first fintechs to build a product on...
Accounts Payable fraud: Do you know who’s accessing your finances?
Mark Blakemore, CFO at Compleat Software The use of social engineering and phishing attacks on accounts payable (AP) departments...