Connect with us

News

PCI DSS Compliance in the Cloud – Everything you should know

Published

on

Introduction

PCI DSS 4.0 is the latest and updated version of PCI DSS that was introduced on March 31st, 2022. This updated standard is set to go effective 2 years from now in 2025. PCI DSS is an international payment security standard established to ensure the secure processing of payment cards online. While the security standard is not a mandate, yet it is seen as an industry best practice that should be adopted by every organization and services provider dealing with payment card data. Any organization storing, processing, and transmitting card data must comply with PCI DSS Compliance. By this, we mean any Service Providers including those offering Cloud Service are required to comply with the payment standard. In fact, the PCI Council clearly states that Cloud security is a shared responsibility between the Cloud Service Provider and its clients.

So, while Merchants need to ensure PCI DSS Compliance, Cloud Service providers also need to ensure the security of card data and accordingly meet the PCI compliance requirements. But when we talk about compliance we need to now keep in mind that the requirements have to be met as per the evolved PCI DSS 4.0 version. Although the fundamentals of PCI DSS still remain the same yet the PCI Council has evolved the standard with additional requirements and stringent security requirements.  Elaborating on this, we have today explained how PCI Compliance impacts Cloud Service Providers, the technical and operational requirements they need to meet, and key considerations for them to ensure compliance.

PCI DSS Compliance for Cloud Service Providers

In the payment card industry security and privacy of card data is a major concern, especially when the services are outsourced. There is a very common misconception that prevails concerning PCI DSS Compliance. While some believe PCI DSS Compliance is for Merchants to comply with, some say it is the Cloud Service Providers who need to comply with the payment security standard. But in reality, data security and PCI DSS Compliance is a shared responsibility between both Merchants & Cloud Service Providers.

For these reasons, it is important that all the security-related roles and responsibilities are well-defined between both parties. This should further be documented to ensure accountability. However, it is also important to understand that the responsibility defined should be based on the type of Cloud Service Model which could be Infrastructure as a Service Provider (IaaS), Software as a Service Provider (SaaS), and Platform as a Service Provider (PaaS). Depending on the level of control over the Cloud Infrastructure, the responsibilities concerning PCI DSS Compliance can be defined between Merchants and Service Providers. Besides, PCI Compliance clearly mandates sharing of responsibilities among both Merchants and Service Providers where ever applicable.

If the payment card data is stored, processed, or transmitted in the cloud environment, PCI DSS automatically applies to that environment and will require validation of the Merchants and Cloud Service Provider’s access to the environment. The allocation of responsibility between the Merchant and Cloud Service Provider does not exempt either from their responsibility to secure data as per PCI DSS requirements. For this, clear policies, procedures, and processes must be defined and agreed upon between the Merchant and Cloud Service Providers. This should include defining all the security control requirements, roles, and responsibilities for operation, management, and reporting as per the PCI Requirement.

How Responsibilities can be shared based on the Cloud Model? 

PCI DSS 3.2.1v which is now the older version of PCI DSS, had the responsibilities clearly defined among the merchants and the third-parties involved as outlined in the below table. While this can still be applicable in a given scenario, yet it is also important to note that this may now not be the only approach towards implementing the shared responsibilities. Since the PCI Council has now introduced customized approach along with the option of the traditional defined approach, in the PCI DSS 4.0, the responsibilities between the Merchants and Service Providers may vary accordingly, based on the contracts, agreements and NDAs defined and signed between both the parties. So, in that sense the application of the table may change accordingly.

 

PCI DSS Requirements Responsibility Assignment of Management of Controls
IaaS PaaS SaaS
1 Install and maintain a firewall configuration to protect cardholder data Both Both CSP
2 Do not use vendor-supplied defaults for system passwords and other security parameters Both  Both CSP
3. Protect stored cardholder data Both Both CSP
4. Encrypt transmission of cardholder data across open, public networks Client Both CSP
5. Use and regularly update anti-virus software or programs Client Both CSP
6. Develop and maintain secure systems and applications Both Both Both
7. Restrict access to cardholder data by businesses need to know Both Both Both
8. Assign a unique ID to each person with computer access Both Both Both
9. Restrict physical access to cardholder data CSP CSP CSP
10. Track and monitor all access to network resources and cardholder data Both Both CSP
11. Regularly test security systems and processes Both Both CSP
12. Maintain a policy that addresses information security for all personnel Both Both Both
PCI DSS Appendix A: Additional PCI DSS Requirements for Shared Hosting Providers CSP CSP CSP

Source: PCI Council

PCI DSS Compliance Requirements in Cloud

PCI DSS Compliance comprises 12 requirements that Merchants and Service Providers need to comply with. The standard applies to anyone who stores or processes cardholder data. This extends the applicability to even the third-party service providers including the Cloud Service Providers. So, now with the advent of PCI DSS 4.0, there are security controls and compliance requirements that have evolved in terms of introducing additional requirements, making certain security controls stringent, and having brought in flexibility in terms of allowance to adopt a customized approach to payment security. All of these evolved requirements should now be taken into consideration in the Cloud environment. So, elaborating on it we have shared the PCI Requirements specific to Cloud.

Build and Maintain a Secure Network and Systems

The payment systems and network need to be secured against unauthorized access by malicious

Individuals. This is to protect sensitive cardholder data and sensitive authentication data from any

Breach, theft, or comprise of the data.

Requirement 1: Install and Maintain Network Security Controls

Network Security Controls (NSCs), are security control technologies that help manage network traffic between physical network segments, based on pre-defined policies or rules. Network Security Controls like Firewalls that are generally an integral part of network security work as a front-end defense for protecting cardholder data. Deploying firewalls across all systems and networks within the card environment ensures protection against unauthorized access from an untrusted source, filtering the traffic entering (ingress) and leaving (egress) the network. Traditionally this functionality was provided by physical firewalls, but now it can be provided by virtual devices, cloud access controls, virtualization/container systems, and other software-defined networking technology as well. So, Cloud Service Providers are expected to implement adequate Network Security Controls to secure data and limit network access to and from the cardholder data environment across any computer network (public and private networks).

Requirement 2: Apply Secure Configurations to All Systems and Components

Using vendor-supplied defaults system passwords can be a huge threat to the systems in

Cardholder Data Environment. This is because defaults passwords are easy to hack and at times even available on public domains. So using default password settings and other security parameters will mean leaving the doors open for hackers to hack into systems. Generally, organizations verify and access cloud resources manually for identifying and validating cloud misconfigurations, default settings, and other security vulnerabilities. However, it is recommended that organizations implement measures with a practical approach and use advanced tools and software to check defaults configured and validate cloud security. Applying secure configurations to system components reduces the possibility of compromise by an attacker to systems. Changing default passwords, removing unnecessary software, functions, and accounts, and disabling or removing unnecessary services all help to reduce the potential attack surface.

Protect Account Data

Protecting account data is an important requirement in PCI DSS and both Merchants and Service

Providers are expected to meet this requirement. Cloud Service Providers must implement measures to ensure the prevention of unauthorized access to sensitive payment data or cardholder data. Protecting account data does not just mean ensuring the prevention of unauthorized access but also preventing data compromise.

Requirement 3: Protect Stored Account Data

Protection of stored account data is an essential requirement in PCI DSS and one way to ensure this is by limiting the storage of the data in the environment and limiting the retention period. Organizations are expected to follow a key rule which is not to store card data that is not needed or required for business. PCI DSS requires Cloud Service Providers to implement appropriate security measures that ensure the account data stored in the environment is safe. Further, the organization needs to ensure secure configuration and management of passwords, and encryption keys that are deployed to secure data. Cloud Service Providers are expected to implement security measures such as encryption, truncation, masking, and hashing that are critical components of account data protection.

Requirement 4: Protect Cardholder Data with Strong Cryptography During Transmission Over Open, Public Network Maintain a Vulnerability Management Program

Cryptography is the key to ensuring the data confidentiality, integrity, and security. So, encryption is one way of protecting cardholder data when in transit. PCI DSS requires Cloud Service Providers to encrypt data that is processed and in transit to prevent hackers from intercepting and accessing card data sent over open networks. For these reasons, organizations are expected to render the card data unreadable. Implementing strong encryption protocols such as TLS 1.2, SFTP, or IPSec as per PCI DSS becomes a mandate as per requirements. Further, the organization must maintain an inventory of the entity’s trusted keys and certificates used to protect PAN during transmission.

Requirement 5: Protect All Systems and Networks from Malicious Software

Malware can damage the system and compromise the confidentiality, integrity, or availability of the data, applications, or operating system. Malware can enter the network through the use of the Internet (public & private network), computer and mobile devices, and storage devices, resulting in unauthorized access, data theft, and compromise of data. So, it is recommended that organizations including the Cloud Service Providers use anti-malware solutions to address all the issues of malware and protect systems from current and evolving malware threats. Further, there must be measures in place to perform periodic scans to detect such malware.

Requirement 6: Develop and Maintain Secure Systems and Software

The applicability of PCI DSS requirements may vary from organization to organization and the types of cloud services offered. This simply means when using a managed service, the cloud user does not have any responsibilities in ensuring that the provider’s systems are secure. But in an IaaS and PaaS model, the merchants need to ensure that their Cloud Service Providers are tested for vulnerabilities in systems, apply security updates, and adopt secure development practices. PCI DSS requires verification of all code developed for public web applications, and implementation of a web application firewall (WAF) on all cloud resources that comprise or deal with sensitive cardholder data. Further appropriate software patches must be implemented, evaluated, and further tested sufficiently to ensure they do conflict with existing security configurations. Applying Software Lifecycle (SLC) Processes and Secure Coding techniques is crucial.

Implement Strong Access Control Measures

Ineffective access controls can result in unauthorized access to data and result in a data breach. So organizations must implement strong access controls with access rights granted on a need-to-know basis and ensure the least privilege based on job classification and function.

Requirement 7: Restrict Access to System Components & Cardholder Data by Business Need-to-Know

Access to cardholder data should be limited to only authorized individuals based on their roles and responsibilities. For this, merchants and service providers need to clearly define and document their roles and responsibilities. Access should be then accordingly granted based on a need-to-know basis to ensure the data is accessed by only authorized personnel. Higher number of access granted will inversely increase the risk exposure and chances of a data breach in the card environment. So access granted with the least privilege should be based on job classification and function. Further, all user accounts and related access privileges, including third-party/vendor must be reviewed every 6 months and documented to ensure user accounts and access remain appropriate based on job function.

Requirement 8: Identify Users and Authenticate Access to System Components

PCI DSS 4.0 requires measures specific to identifying and authenticating user access to sensitive systems and data.  This requires the implementation of Multifactor Authentication to secure access to systems components and to prevent misuse of data access. There is also a need for assigning unique user IDs to every individual having access to the data and CDE including the third-party Cloud Service Providers. Individuals accessing system components should be assigned a unique ID to ensure that the activities around the data are only performed by authorized users. Further, this ensures easy tracking and monitoring of activities in the environment and also ensures accountability on the part of the Cloud Service Providers having access to the card data. For this, merchants need to develop a secure password policy and share the same with Cloud Service Providers to ensure they are aware of the same and meet the requirements of the policy. The  Unique IDs for users and administrators should be managed throughout an account’s lifecycle.

Regularly Monitor Access to Networks and Data

Malicious Individuals can exploit vulnerabilities and loopholes in systems and networks connected with payment card applications and comprising cardholder data. So both Merchants and Service Providers must regularly monitor access networks to identify and remediate vulnerabilities. Tracking and monitoring access to cardholders can be achieved through logs.

Requirement 10: Log and Monitor All Access to Systems Component and Cardholder Data

Tracking and monitoring all access to system components and cardholder data must be achieved by maintaining a log. The process of logging is crucial for effective vulnerability management. The process facilitates thorough tracking, monitoring, and analysis of network and card data access especially when an incident occurs. If not it is extremely difficult to find the cause of the data breach in the card environment. The audit logs and monitoring process supports the detection and identifying anomalies and suspicious activities including forensic analysis of incidents and events. Further, these logs prevent destruction and unauthorized modifications of data. For these reasons, having Google Cloud logging metrics and alerts is essential for monitoring and tracking to meet the PCI DSS Requirement 10.

Requirement 11: Test Security of Systems and Networks Regularly

Organizations are expected to regularly perform security tests on systems and networks to identify vulnerabilities. For instance, all wireless access points need to be regularly tracked and monitored to identify vulnerabilities and unauthorized access points. So, with regular systems and network tests performed the network intrusions, unauthorized changes, and unexpected file changes can be immediately detected and addressed. For this, tests such as the Vulnerability Test and Penetration Tests must be regularly performed to identify exploitable vulnerabilities and security weaknesses. It is also important that the Cloud Service Providers ensure segmentation of CDE from other networks to ensure complete isolation and segregation of network comprising, transmitting sensitive data.

Source: PCI Council   

Key PCI DSS Considerations to account for in Cloud

PCI Council in its Guidelines for Cloud has clearly outlined certain considerations that must be thought through for ensuring PCI DSS Compliance. Given below are the key considerations explained.

Scoping Consideration

Merchants looking to collaborate with Cloud Service Providers must understand the security impact of this consideration on the cardholder data environment. Depending on the cloud deployment type, for instance, in private-cloud deployment, the organization can implement adequate segmentation to isolate in-scope systems from other systems and services or consider the entire cloud in scope for PCI DSS. Whereas in the public cloud, the Merchants and the Cloud Service Provider will need to work together to define scope boundaries and the roles and responsibilities towards data security as both parties will have their systems and services within the scope of PCI DSS.

Segmentation Considerations

Merchants availing Cloud Services need to ensure that using the public or shared cloud will require adequate isolation of the environment from the rest. Further isolation or segmentation of the environment may also be required at the Merchants CDE from other non-CDE components as well to reduce its PCI DSS scopeThe segmentation and isolation are required to be maintained at the network, operating system, application layers, and most importantly isolation of data stored. In a hybrid environment, the responsibility for segmentation is shared by the Cloud Service Provider and the Merchant. It is the Merchants responsibility to ensure that the device, application, or peering transit networks connecting to the Cloud Service Provider is secure.  Further, the Merchants must ensure isolation is maintained on their side of the CDE and by the Cloud Service Provider at all times.  For this, Merchants should conduct Penetration tests annually or after significant changes are introduced in the environment to ensure compliance (Requirement 11.4.5)

Understanding PCI DSS Responsibilities

Merchants will have to work with their Cloud Service Providers to define the roles and responsibilities in protecting card data. The responsibilities between Merchants and the Cloud Service Provider for meeting PCI DSS are based on various factors including the purpose of using the cloud service, the scope of PCI DSS outsourced to the Cloud Service Provider, services and system components that fall within the scope, Cloud service model opted by Merchant’s avail (IaaS, PaaS or SaaS) are some factors to be considered carefully. Merchants need to know and understand the scope of responsibility given and accepted by the Cloud Service Provider for each PCI DSS requirement, and the services and system components to be validated for each PCI requirement.  The roles and responsibilities need to be clearly defined to ensure both Merchants and Cloud Service Providers meet the requirements respectively without considering it to not be in their scope.

PCI DSS Responsibilities for Different Cloud Service Categories

PCI DSS Requirements are shared responsibilities between Merchants and Cloud Service Providers. Depending on the Cloud Service Model availed the responsibilities may either be shared or remain to be one’s individual responsibility. For most of the outsourced operations, Merchants will need to ensure maintaining and verifying the PCI DSS requirements are met and the Cloud Service Providers based on their roles and responsibility maintain and verify the requirement for its customers (Merchants). While certain aspects of the service functionality will be clear to the scope and define boundaries, there may be certain aspects that may result in an overlap of responsibilities. This needs to be clearly defined in the contract between the Merchant and Cloud Service Provider. So while it may be the responsibility of the Cloud Service Provider to meet certain requirements it is still the responsibility of the Merchants to monitor and ensure that the Service Provider meets the requirements and ensure ongoing compliance with all the applicable requirements. There must be records of the same verifying security controls are in place and there is ongoing compliance with PCI DSS. Merchants need to constantly ensure and validate their compliance in accordance with PCI DSS and the payment brand.

Source: PCI Council

Final Thought

Understanding the key requirements and considerations for PCI DSS in Cloud is crucial. Moreover, clearly defining roles and responsibilities and being aware of their own responsibility is essential for both Merchants and their Cloud Service Providers to meet PCI DSS Requirements and ensure compliance.

 

Author Bio

Narendra Sahoo (PCI QSA, PCI QPA, CISSP, CISA, and CRISC) is the Founder and Director of VISTA InfoSec, a global Information Security Consulting firm based in the United States, Singapore, UAE & India.

 

News

Fractional NFTs- A Positive Impact on the Market

Published

on

By

Non-Fungible Tokens (NFTs) have been making headlines for quite some time now. The phenomenon is getting a lot of attention from people across the world. NFTs generally cost a fortune but thanks to Fractional NFT(https://www.mesha.club/fractional-nft/) (F-NFT), people can acquire expensive assets for a few bucks.

 

What Are Fractional NFTs?

In simple words, Fractional NFT is a non-fungible token that has been divided into smaller fragments. Hence, different people can claim partial ownership of the same NFT. To understand this concept of NFT investing(https://www.mesha.club/nft-investing/), take an example of a cake that is sliced to serve several people. Considering that NFTs are unique and can’t be duplicated, fractional NFTs go beyond these restrictions by enabling people to divide their ownership.

 

Difference Between F-NFT(Fractional NFT) and Traditional NFT

A fractional NFT or segmented NFT represents a certain percentage of ownership or portion of an NFT. A traditional NFT is a whole while F-NFT is a part of it. Moreover, the segmentation process can be reversed to convert fractional NFT into a complete NFT. A single NFT with a buyback option allows the investor to purchase all the shards and acquire the original NFT.

To convert fractional NFT ownership into a single NFT ownership, the holder must initiate a buyback option by transferring a certain amount of ERC-20 tokens to the smart contract. This triggers a buyback auction which will happen in a fixed period. Therefore, allowing some time for NFT holders to make a decision. In case a purchase takes place during that period, fractions of the NFT are returned automatically to the smart contract and the buyer will have complete ownership.

 

Advantages of Fractional NFT

Democratization

The NFT market restricts small and medium investors as the assets are mostly high valued. So, only a few of them can afford to buy these NFTs. However, fractional NFT benefits newcomers and small investors by reducing the cost of the assets and opening up more opportunities for them.

Greater Liquidity

For a high-priced NFT, you have to wait for a wealthy investor who can afford it. F-NFTs are more accessible and easy to sell as you can split the ownership of an ERC-721 token into multiple ERC-20 tokens and sell each of them individually.

Price Discovery

With no or limited transaction history, it is difficult to find the right price for a whole NFT. However, splitting it into smaller tokens make it affordable and more people can trade the asset. Hence, making it easier for investors to assess its true value.

Increased Visibility for Creators

A fractional NFT has a more liquid market that lets digital creators go online and reach a wider audience.

 

Industries F-NFTs Can Potentially Disrupt

Art

Digital artists along with NFT owners will have the option to divide their assets into smaller segments and sell each F-NFT portion individually to investors. Thus, emerging artists can also easily sell their digital artworks in the market easily.

Gaming

Games that involve trading cards can also seek the benefits of the NFT market. People can sell their cards for impressive amounts. Also, they can auction their in-game items, such as guns, rare skins, and armor through F-NFT and sell rare gaming products to multiple buyers by fractionalizing them.

Collectibles

One of the popular fractional NFT use cases is collectibles that have great potential with crypto being sold for over $1 million. Recently, a collection of 50 CryptoPunks was offered for sale after being fractionalized. This allowed small investors to acquire the asset and get a share in the collection.

Domain Names

With the evolution of the crypto market, the domain names like .crypto and .rth are in demand. So, rare and popular domain names can be fragmented and sold to different buyers.

Real Estate

Luxury properties that were too expensive to afford earlier are now accessible to more people. These high-valued properties can be fractionalized into F-NFT so multiple investors can acquire them. Also, there will be no need for mortgages as tenants could hold different parts of the property together.

Music

The music industry is making the best of fractional NFTs as music artists can fractionalize their albums and sell them to fans without involving third parties. This also resolves the problem of the direct artist-to-fan relationship.

The concept of fractional NFT is still in its initial phase but we can expect it to grow rapidly and become the next trend in the crypto market. F-NFTs open more opportunities for small and medium investors to acquire digital assets at affordable prices. They can easily invest in valuable assets that have the potential to offer many-fold returns in the future. Also, it will encourage people to start their NFT journey without delay as they need not have millions of dollars to buy popular NFT pieces.

Continue Reading

News

Four tech IPOs you haven’t heard of that are likely to go public

Published

on

By

With the tech sector expanding drastically, Maxim Manturov, Head of Investment Advice at Freedom Finance Europe, explores four unfamiliar IPOs likely to go public that investors should watch.  

The technology sector is constantly evolving and making ground-breaking advancements that are shaping life as we know it. Helping with education, user experience, information storage, communication, and many more areas, technology is designed with what it can bring the user in terms of convenience.

With a sector of immeasurable popularity, comes a colossal number of companies investors must shuffle through. It is important to remember that name popularity does not always equal a good return on investment. All public companies begin from the same starting point and have tofile for an IPO. With media attention usually focusing on a few set names, we wanted to bring something new to the table for investors.

What are the new tech IPO investors can watch out for?

Trax Image Recognition was founded in 2010 and is currently headquartered in Singapore. Trax focuses on delivering technology that carries out merchandise scanning using a mobile app and specialised high-tech cameras. Operating in more than 90 countries, Trax delivers sale control and efficiency for some of the most well-known brands in the world including Coca-Cola, Unilever, Shell, and Heineken. Currently, Trax is a leader in its sector, holding 23 patents, and is included in Deloitte’s Technology Fast 500. Recently, Trax announced the acquisition of Qopius, a Paris-based company that provides in-store technology solutions using artificial intelligence in Europe. This new acquisition helped the company come to a valuation of more than £1.6bn($2bn).

Cohesity is a ‘secondary data storage’ company located in San Jose, California. Founded in 2013, Cohesity provides its customers a sanctuary to store non-critical data, such as backups, development copies, and analytics. Their primary customers include Cisco Systems Inc. and NASA whereby they provide data management services. Cohesity has filed with the U.S. Securities and Exchange Commission (SEC) for an IPO with a preliminary market valuation of £2.9bn ($3.7bn), a significant increase from its £2.2bn ($2.5bn) valuation last year. Cohesity’s total funding is £340m ($420m), and investors may see the IPO take place in the next couple of months.

Byju’s is an Indian startup company that has developed an educational app with a focus on the Indian and U.S markets. As of December 2021, it has more than 115 million registered users. Byju’s founders Bew Ravindran and Divya Gokulnath said the company could have had a revenue of £1bn ($1.3bn) in 2021. As of December 2021, the startup was valued at $21 billion($21bn), making it India’s most expensive startup and one of the most expensive EdTech projects globally. Byju’s expects a valuation of more than £36.4bn ($45bn) according to TechCrunch. The total investment over time has been £3.6bn ($4.5bn) and is due to go public at the end of 2022.

Rubrik is a technology startup company founded in 2014, based in Palo Alto, California. Rubrik specializes in cloud-based data management software and is the fourth biggest player in the data management and storage market. They have recently acquired a Seattle-based data management company called Igneous Software Systems. With this new acquisition, and as of the last funding round, Rubrik has a valuation of £2.7bn ($3.3bn). With total funding of £444m($553bn), Rubrik is one of the industry’s largest privately-held data protection software providers and is a company investors should keep their eyes on over the coming months.

Continue Reading

Magazine

Trending

Finance9 hours ago

Hey, Gen Y and Gen Z do you think you can retire comfortably?

By Penelope Gregoriou, technical investment specialist at Alexforbes   Millions of South Africans rely on the money saved in their...

Uncategorized10 hours ago

GDPR: data security four years on

Bruce Penson, the managing director of cyber security and IT support company Pro Drive IT, outlines how GDPR has changed...

Banking10 hours ago

The importance of Customer Experience (CX) for retail banks today

By James Isaacs, President, Cyara   Today’s retail banks face considerable challenges. Open banking initiatives –  that make it easier...

Finance10 hours ago

Getting ready for VAT digitisation: automation is key

Christiaan Van Der Valk, Vice President for Strategy and Regulatory at Sovos, says technology will power real strategic success for...

Banking10 hours ago

Challenging the challenger: Why the digital transformation of traditional banking is key for competing with challenger banks

By Sam Schofield, Senior Vice President: Global Enterprise at Udacity   Monzo and Revolut are only seven years old. Starling,...

Wealth Management11 hours ago

Green with Envy – an Environmentally Conscious Data Center

Mark Fenton, Product Manager, Future Facilities   Environmental considerations are at the top of every business leader’s agenda and an...

Technology11 hours ago

How Digital Adoption Platforms can enhance digital transformation and customer experience in the insurance industry

By Vara Kumar, CPTO & Co-founder, Whatfix   Like many industries, the insurance sector was prematurely hastened towards digitalisation due...

Business19 hours ago

Why do Traders Need a Managed Service Partner?

Jeff Mezger, Vice President of Product Management, Financial Markets, TNS   Does your financial institution have the understanding, resources, talent...

Business20 hours ago

The FCA will take immediate action on customer vulnerability; here’s how firms can prepare.

Author: Jonathan Barrett, CEO and Co-Founder at Comentis   Identifying and supporting vulnerable clients has become a priority for financial...

The Green Revolution In Investing - Sustainable Investing The Green Revolution In Investing - Sustainable Investing
Business1 day ago

How fintech is key to empowering climate action

Attributed to: Rory Spurway, CEO & Founder of CarbonPay   As human activity continues to have a significant impact on...

News2 days ago

Fractional NFTs- A Positive Impact on the Market

Non-Fungible Tokens (NFTs) have been making headlines for quite some time now. The phenomenon is getting a lot of attention...

Technology2 days ago

Are cyber insurance and incident response budgets the same thing?

Dominic Trott, head of strategy – UK, Orange Cyberdefense   Cyberattacks on businesses increased by 13% in 2021 compared to...

Business2 days ago

Ticketing modernization: the key success factors for an outstanding deployment

Arnaud Depaigne, Product Manager, Smart mobility, Fime   Technology has transformed the way we pay, and transport ticketing has been...

Finance2 days ago

How to increase the growth of crypto apps in a challenging market environment

By Alexandre Pham, Vice President, EMEA at Adjust   Crypto and digital assets became one of the hottest tech topics...

Business3 days ago

Businesses must adapt to meet customers’ evolving payment needs

Nathan Shinn, Founder and Chief Strategy Officer, BillingPlatform   From the lingering impact of the COVID-19 pandemic, through to the...

Banking4 days ago

Carbon Neutral and Net Zero: The New Disrupter-in-Chief

Authored by Jason Matteson, Director of Product Strategy, Iceotope   When we think of market disruptors we typically think of...

Business4 days ago

Balancing risk management with a seamless customer experience

By Andrew Davies, VP, Global Market Strategy, Financial Crime Risk Management, Fiserv   For quite some time, measures to mitigate...

Business4 days ago

The need for blockchain to be interoperable and why it matters

By Kai Waehner, Field CTO and Global Technology Advisor at Confluent   In mid-2022, it would be fair to say that...

Interviews4 days ago

How MFA can protect the financial sector from the unprotectable

The financial sector has long been a primary target for threat actors. However, the unique infrastructure of core financial systems...

Business5 days ago

Why a three-step framework can help financial advisers support their most vulnerable customers.

Author: Tim Farmer, Co-founder and Clinical Director at Comentis   We are witnessing a vulnerability epidemic. With the Financial Conduct...

Trending