Florian “The Shark” Tudor, the alleged ringleader of a prolific ATM skimming gang that siphoned hundreds of millions of dollars from bank accounts of tourists visiting Mexico over the last eight years, was arrested in Mexico City on Thursday in response to an extradition warrant from a Romanian court.
Florian Tudor, at a 2020 press conference in Mexico in which he asserted he was a legitimate businessman and not a mafia boss. Image: OCCRP.
Tudor, a native of Craiova, Romania, moved to Mexico to set up Top Life Servicios, an ATM servicing company which managed a fleet of relatively new ATMs based in Mexico branded as Intacash.
Intacash was the central focus of a three–partinvestigation KrebsOnSecurity published in September 2015. That series tracked the activities of a crime gang working with Intacash that was bribing and otherwise coercing ATM technicians to install sophisticated Bluetooth-based skimmers inside cash machines throughout popular tourist destinations in and around Mexico’s Yucatan Peninsula — including Cancun, Cozumel, Playa del Carmen and Tulum.
Follow-up reporting last year by the Organized Crime and Corruption Reporting Project (OCCRP) found Tudor and his associates compromised more than 100 ATMs across Mexico using skimmers that were able to remain in place undetected for years. The OCCRP, which dubbed Tudor’s group “The Riviera Maya Gang,” estimates the crime syndicate used cloned card data and stolen PINs to steal more than $1.2 billion from bank accounts of tourists visiting the region.
Last year, a Romanian court ordered Tudor’s capture following his conviction in absentia for attempted murder, blackmail and the creation of an organized crime network that specialized in human trafficking.
Mexican authorities have been examining bank accounts tied to Tudor and his companies, and investigators believe Tudor and his associates paid protection and hush money to various Mexican politicians and officials over the years. In February, the leader of Mexico’s Green Party stepped down after it emerged that he received funds from Tudor’s group.
This is the second time Mexican authorities have detained Tudor. In April 2019, Tudor and his deputy were arrested for illegal firearms possession. That arrest came just months after Tudor allegedly ordered the execution of a former bodyguard who was trying to help U.S. authorities bring down the group’s lucrative skimming operations.
Most marketers today know how to send targeted communications to customers, and there are many tools to help, but when it comes to sending personalized in-house messages, there aren’t nearly as many options. Pyn, an early-stage startup based in Australia, wants to change that, and today it announced an $8 million seed round.
Andreessen Horowitz led the investment with help from Accel and Ryan Sanders (the co-founder of BambooHR) and Scott Farquhar (co-founder and co-CEO at Atlassian).
That last one isn’t a coincidence, as Pyn co-founder and CEO Joris Luijke used to run HR at the company and later at Squarespace and other companies, and he saw a common problem trying to provide more targeted messages when communicating internally.
“I’ve been trying to do this my entire professional life, trying to personalize the communication that we’re sending to our people. So that’s what Pyn does. In a nutshell, we radically personalize employee communications,” Luijke explained. His co-founder Jon Williams was previously a co-founder at Culture Amp, an employee experience management platform he helped launch in 2011 (and which raised more than $150 million), so the two of them have been immersed in this idea.
They bring personalization to Pyn by tracking information in existing systems that companies already use, such as Workday, BambooHR, Salesforce or Zendesk, and they can use this data much in the same way a marketer uses various types of information to send more personalized messages to customers.
That means you can cut down on the company-wide emails that might not be relevant to everyone and send messages that should matter more to the people receiving them. And as with a marketing communications tool, you can track how many people have opened the emails and how successful you were in hitting the mark.
David Ulevitch, general partner at a16z and lead investor in this deal, points out that Pyn also provides a library of customizable communications materials to help build culture and set policy across an organization. “It also treats employee communication channels as the rails upon which to orchestrate management practices across an organization [by delivering] a library of management playbooks,” Ulevitch wrote in a blog post announcing the investment.
The startup, which launched in 2019, currently has 10 employees, with teams working in Australia and the Bay Area in California. Williams says that already half the team is female and the plan is to continue putting diversity front and center as they build the company.
“Joris has mentioned ‘radical personalization’ as this specific mantra that we have, and I think if you translate that into an organization, that is all about inclusion in reality, and if we want to be able to cater for all the specific needs of people, we need to understand them. So [diversity is essential] to us,” Williams said.
While the company isn’t ready to discuss specifics in terms of customer numbers, it cites Shopify, Rubrik and Carta as early customers, and the founders say there was a lot of interest when the pandemic hit last year and the need for more frequent and meaningful types of communication became even more paramount.
mmhmm, the communications platform developed by Phil Libin and the All Turtles team, is getting a variety of new features. According to Libin, there are parts of video communication today that can not only match what we get in the real world, but exceed it.
That’s how this next iteration of mmhmm is meant to deliver.
The new headline feature is mmhmm Chunky, which allows the presenter to break up their script and presentation into “chunks.” Think of the presenter the same way you think of slides in a deck. Each one gets the full edit treatment and final polish. With Chunky, mmhmm users can break up their presentation into chunks to perfect each individual bit of information.
A presenter can switch between live and pre-recorded chunks in a presentation. So you can imagine a salesman making a pitch and switching over to his explanation of the pricing as a pre-recorded piece of his pitch, or a teacher who has a pre-recorded chunk on a particular topic can throw to that mid-class.
But mmhmm didn’t just think about the creation side, but also the consumption side. Folks in the audience can jump around between chunks and slides to catch up, or even view in a sped-up mode to consume more quickly. Presenters can see where folks in the audience are as they present or later on.
Libin sees this feature as a way to supercharge time.
“At mmhmm, we stopped doing synchronous updates with our fully distributed team,” said Libin. “We don’t have meetings anymore where people take turns updating each other because it’s not very efficient. Now the team just sends around their quick presentations, and I can watch it in double speed because people can listen faster than people can talk. But we don’t have to do it at the same time. Then, when we actually talk synchronously, it’s reserved for that live back-and-forth about the important stuff.”
mmhmm is also announcing that it has developed its own video player, allowing folks to stream their mmhmm presentations to whichever website they’d like. As per usual, mmhmm will still work with Zoom, Google Meet, etc.
The new features list also includes an updated version of Copilot. For folks who remember, Copilot allowed one person to present and another person to “drive,” or art direct, the presentation from the background. Copilot 2.0 lets two people essentially video chat side by side, in whatever environment they’d like.
Libin showed me a presentation/conversation he did with a friend where they were both framed up in Libin’s house. He clarified that this feature works best with one-on-one conversations, or, one-on-one conversations in front of a large audience, such as a fireside chat.
Alongside mmhmm Chunky, streaming and Copilot 2.0, the platform is also doing a bit of spring cleaning with regards to organization. Users will have a Presentation Library where they can save and organize their best takes, and organizations can also use “Loaf” to store all the best videos and presentations company-wide for consumption later. The team also revamped Presets to make it easier to apply a preset to a bunch of slides at once or switch between presets more easily.
A couple other notes: mmhmm is working to bring the app to both iOS and Android very soon, and launch out of beta on Windows.
Libin explained that not every single feature described here will launch today, but rather you’ll see features trickle out each week as we head into summer. He’ll be giving a keynote on the new features here at 10 a.m. PT/1 p.m. ET.
https://phxtechsol.com/wp-content/uploads/2017/02/PTS-Horiz-logo-1-1200-300x53.jpg00Phoenix Technologyhttps://phxtechsol.com/wp-content/uploads/2017/02/PTS-Horiz-logo-1-1200-300x53.jpgPhoenix Technology2021-05-27 17:59:102021-05-27 17:59:11mmhmm, the video conferencing software, kicks off summer with a bunch of new features
Breinify is a startup working to apply data science to personalization, and do it in a way that makes it accessible to nontechnical marketing employees to build more meaningful customer experiences. Today the company announced a funding round totaling $11 million.
The investment was led by Gutbrain Ventures and PBJ Capital with participation from Streamlined Ventures, CXO Fund, Amino Capital, Startup Capital Ventures and Sterling Road.
Breinify co-founder and CEO Diane Keng says that she and co-founder and CTO Philipp Meisen started the company to bring predictive personalization based on data science to marketers with the goal of helping them improve a customer’s experience by personalizing messages tailored to individual tastes.
“We’re big believers that the world, especially consumer brands, really need strong predictive personalization. But when you think about consumer big brands or the retailers that you buy from, most of them aren’t data scientists, nor do they really know how to activate [machine learning] at scale,” Keng told TechCrunch.
She says that she wanted to make this type of technology more accessible by hiding the complexity behind the algorithms powering the platform. “Instead of telling you how powerful the algorithms are, we show you [what that means for the] consumer experience, and in the end what that means for both the consumer and you as a marketer individually,” she said.
That involves the kind of customizations you might expect around website messaging, emails, texts or whatever channel a marketer might be using to communicate with the buyer. “So the AI decides you should be shown these products, this offer, this specific promotion at this time, [whether it’s] the web, email or SMS. So you’re not getting the same content across different channels, and we do all that automatically for you, and that’s [driven by the algorithms],” she said.
Breinify launched in 2016 and participated in the TechCrunch Disrupt Startup Battlefield competition in San Francisco that year. She said it was early days for the company, but it helped them focus their approach. “I think it gave us a huge stage presence. It gave us a chance to test out the idea just to see where the market was in regards to needing a solution like this. We definitely learned a lot. I think it showed us that people were interested in personalization,” she said. And although the company didn’t win the competition, it ended up walking away with a funding deal.
Today the startup is growing fast and has 24 employees, up from 10 last year. Keng, who is an Asian woman, places a high premium on diversity.
“We partner with about four different kinds of diversity groups right now to source candidates, but at the end of the day, I think if you are someone that’s eager to learn, and you might not have all the skills yet, and you’re [part of an under-represented] group we encourage everyone to apply as much as possible. We put a lot of work into trying to create a really well-rounded group,” she said.
https://phxtechsol.com/wp-content/uploads/2017/02/PTS-Horiz-logo-1-1200-300x53.jpg00Phoenix Technologyhttps://phxtechsol.com/wp-content/uploads/2017/02/PTS-Horiz-logo-1-1200-300x53.jpgPhoenix Technology2021-05-27 17:59:092021-05-27 17:59:10Breinify announces $11M seed to bring data science to the marketing team
Box executives have been dealing with activist investor Starboard Value over the last year, along with fighting through the pandemic like the rest of us. Today the company reported earnings for the first quarter of its fiscal 2022. Overall, it was a good quarter for the cloud content management company.
The firm reported revenue of $202.4 million, up 10% compared to its year-ago result, numbers that beat Box projections of between $200 million to $201 million. Yahoo Finance reports the analyst consensus was $200.5 million, so the company also bested street expectations.
The company has faced strong headwinds the past year, in spite of a climate that has been generally favorable to cloud companies like Box. A report like this was badly needed by the company as it faces a board fight with Starboard over its direction and leadership.
Company co-founder and CEO Aaron Levie is hoping this report will mark the beginning of a positive trend. “I think you’ve got a better economic climate right now for IT investment. And then secondarily, I think the trends of hybrid work, and the sort of long-term trends of digital transformation are very much supportive of our strategy,” he told TechCrunch in a post-earnings interview.
While Box acquired e-signature startup SignRequest in February, it won’t actually be incorporating that functionality into the platform until this summer. Levie said that what’s been driving the modest revenue growth is Box Shield, the company’s content security product and the platform tools, which enable customers to customize workflows and build applications on top of Box.
The company is also seeing success with large accounts. Levie says that he saw the number of customers spending more than $100,000 with it grow by nearly 50% compared to the year-ago quarter. One of Box’s growth strategies has been to expand the platform and then upsell additional platform services over time, and those numbers suggest that the effort is working.
While Levie was keeping his M&A cards close to the vest, he did say if the right opportunity came along to fuel additional growth through acquisition, he would definitely give strong consideration to further inorganic growth. “We’re going to continue to be very thoughtful on M&A. So we will only do M&A that we think is attractive in terms of price and the ability to accelerate our roadmap, or the ability to get into a part of a market that we’re not currently in,” Levie said.
A closer look at the financials
Box managed modest growth acceleration for the quarter, existing only if we consider the company’s results on a sequential basis. In simpler terms, Box’s newly reported 10% growth in the first quarter of its fiscal 2022 was better than the 8% growth it earned during the fourth quarter of its fiscal 2021, but worse than the 13% growth it managed in its year-ago Q1.
With Box, however, instead of judging it by normal rules, we’re hunting in its numbers each quarter for signs of promised acceleration. By that standard, Box met its own goals.
How did investors react? Shares of the company were mixed after-hours, including a sharp dip and recovery in the value of its equity. The street appears to be confused by the results, weighing the report and working out whether its moderately accelerating growth is sufficiently enticing to warrant holding onto its equity, or more perversely if its growth is not expansive enough to fend off external parties hunting for more dramatic changes at the firm.
Sticking to a high-level view of Box’s results, apart from its growth numbers Box has done a good job shaking fluff out of its operations. The company’s operating margins (GAAP and not) improved, and cash generation also picked up.
Perhaps most importantly, Box raised its guidance from “the range of $840 million to $848 million” to “$845 to $853 million.” Is that a lot? No. It’s +$5 million to both the lower and upper-bounds of its targets. But if you squint, the company’s Q4 to Q1 revenue acceleration, and upgraded guidance, could be an early indicator of a return to form.
Levie admitted that 2020 was a tough year for Box. “Obviously, last year was a complicated year in terms of the macro environment, the pandemic, just lots of different variables to deal with…” he said. But the CEO continues to think that his organization is set up for future growth.
Will Box manage to perform well enough to keep activist shareholders content? Levie thinks if he can string together more quarters like this one, he can keep Starboard at bay. “I think when you look at the next three quarters, the ability to guide up on revenue, the ability to guide up on profitability. We think it’s a very very strong earnings report and we think it shows a lot of the momentum in the business that we have right now.”
https://phxtechsol.com/wp-content/uploads/2017/02/PTS-Horiz-logo-1-1200-300x53.jpg00Phoenix Technologyhttps://phxtechsol.com/wp-content/uploads/2017/02/PTS-Horiz-logo-1-1200-300x53.jpgPhoenix Technology2021-05-27 17:59:082021-05-27 17:59:09Box beats expectations, raises guidance as it looks for a comeback
You could almost hear the collective sigh of relief across the macOS security research community last week when Craig Federighi, Apple’s Senior VP of Software Engineering, finally spoke up about the problem that many of us have been voicing for several years now: Macs get malware, and Apple are struggling to cope with it.
For some, it’s a tune that can be hard to hear, so good has Apple’s marketing been over the years about the security of its platform. “Apple has built-in tools like XProtect to protect the Mac”, you will hear people say. “Apple has barriers to distribution like codesigning, Gatekeeper and Notarization”; and perhaps the most oft-cited one of all: “The Mac has such small market share it’s not worth the time of financially-motivated malware authors”.
As we’ll see in this post, that last assertion is demonstrably false, and as Apple has now also publicly admitted for the first time, Apple’s layers of security have not prevented malware from becoming a problem for Mac users and indeed for businesses with Mac fleets.
But let’s be clear: our aim here is not to bash Apple. As a hardware, software and services developer and supplier, Apple has many things to do besides malware hunting, detection and protection. Rather, our aim is to illustrate the very real problems facing Apple and Apple users from a growing malware problem that the OS vendor rightly says is “unacceptable”. Help is out there, but Mac users first need to hear what Mr Federighi and the macOS security research community is trying to tell them.
Apple Admit It: Macs Have a Malware Problem
Let’s start with what Apple has now publicly stated. In a wide-ranging testimony ostensibly about iOS security last week, Apple’s Senior VP for Software Engineering, Craig Federighi noted that Macs can be safe:
“If operated correctly, much like that car, if you know how to operate a car and obey the rules of the road and are very cautious, yes. If not, I’ve had a couple of family members who have gotten some malware on their Macs.”
Some of the malware that targets macOS users work as ‘pay per install’ delivery platforms that are sold to unscrupulous developers both to inject unwanted advertisements into a user’s browsing experience and to load the user’s Mac with unwanted programs. Such programs typically use high-pressure marketing tactics to lure unwary users into signing up for expensive subscriptions for applications that have very little or no utility. In some cases, these include scareware security programs.
Federighi also noted that gaining access to or control of user data, cameras, and microphones is “incredibly valuable to an attacker”. As many macOS users and developers have noted with frustration over recent iterations of Apple’s operating system, access to these has been increasingly locked down behind so-called ‘transparency, consent and control’ mechanisms that are supposed to keep malware out. These have largely proven ineffective against malware due to multiple known bypasses.
Federighi did not make reference to targeted attacks facing developers and businesses from known and unknown threat actors, but some high-profile incidents such as XcodeSpy and XCSSET have hit the headlines in the last 12 months.
Regarding Apple’s approach to fighting malware, Federighi explained that “Each week, Apple identifies a couple of pieces of malware on its own or with help of third parties” and that the company is engaged in “an endless game of whack-a-mole” in its attempt to fight the “significantly larger malware problem” facing Mac users.
Malware vs macOS – How High Are the Barriers?
Perhaps the most important message for anyone running macOS, particularly businesses with a fleet of Macs, is that the barriers for an attacker to achieve code execution are not as high as they may have been led to believe.
Apple has invested heavily in touting Gatekeeper as the primary barrier to unwanted programs, and backed that up with requirements for code signing and Notarization. We’ve discussed Gatekeeper – really a set of related technologies – in the past. Nothing much has changed with respect to that: it relies on downloaded files being tagged with an extended attribute which is then examined by the OS to see whether it is allowed to execute. There are several points of failure here, all of which in-the-wild malware regularly exploit, and which we’ve described before.
More recent technologies like Notarization are also defeasible by the removal of the same extended attribute: in short, if the attribute doesn’t exist or is removed, the Notarization check won’t come into play.
More worryingly still, there have now been numerous cases of malware actually being notarized by Apple. This in part is what Federighi likely meant by saying “it’s an endless game of whack-a-mole”. Malware gets past Apple’s notarization checks, is discovered after the fact, and the certificate is revoked. The malware authors then re-sign the code with a different developer ID and we all get to go again.
One of many recent examples of notarized malware found in the wild
When it comes to code signing and the new M1 Macs, there’s also a couple of gotchas to watch out for: while it’s widely believed that M1 Macs are somehow more secure because code signing requirements are stricter, the fact is M1 Macs can run unsigned code via Rosetta.
Running unsigned code on an M1 Mac via Rosetta
Similarly, even when an M1 Mac does check for a code signature, it does not require that the code signature belongs to a known developer. Code signed with an ad hoc signature will run without hindrance, and ad hoc signatures can be created on the fly by other code or by malicious insiders. This technique is currently being used by XCSSET malware for the express purposes of running on M1 Macs.
Code from XCSSET malware showing ad hoc code signing
Testing Known Malware? Beware A False Sense of Security
While we’re on the subject of code signing and certificate checks like Notarization and OCSP, there’s another important caveat to bear in mind when assessing how safe your Macs are from real world macOS malware.
As a security solution vendor, SentinelOne encourages customers to test the efficacy of their security solutions – whether 3rd party or provided by Apple as part of the macOS platform – but depending on what you test, you may get misleading results.
As we noted above, Apple regularly revokes code signing certificates belonging to developers found to distribute malware, and via Notarization, Apple can block specific samples of code that have been notarized by revoking their notarization ticket.
That means if you set about testing a particular known malware family with a sample whose code signature and/or notarization ticket has been revoked by Apple, you will of course see that sample blocked on your test. Importantly, however, you can’t conclude from that test that you’re going to block other samples of the same malware family.
For example, this sample of SilverSparrow malware can be downloaded from the blog of a popular macOS security researcher and will appear to be blocked by the OS if you try to run it:
Blocking a sample via certificate revocation
However, remove the signature or re-sign the malware with a different signature and the same sample will pass those checks (to test that, you would need to use a clean environment from the first test, since once the code is blocked the local device will remember that code is blocked even if you re-sign it or manipulate it in other ways).
Relying on code signatures as a first line of defense is fine, but given the ‘endless game of whack-a-mole’ whereby the same malware just comes back with a different certificate, it’s a barrier that is easily cleared.
What you really want to know is whether you have protection against malware families, not individual samples. Apple provides a built-in technology called XProtect to scan executable files for known malware families. Let’s see how well that works.
Why XProtect Alone Won’t Protect You From Malware
As we noted above, one of the main malware families you can run across in the wild is Adload. This family of malware has been around for some years now, has a number of different variants, and is particularly tricky to remove once it gets a hold in a system. XProtect certainly has some signatures for Adload: 14 of its 157 malware YARA rules are dedicated to Adload variants.
Apple’s XProtect contains 14 different YARA rules for Adload malware
However, it’s trivial to find Adload samples on VirusTotal that are not detected by XProtect, some as old as three years, others a few months.
Known samples of Adload malware not detected by XProtect
But perhaps that’s not a fair test. It’s easy to pick holes in a security solution for the odd detection miss here or there. Let’s take a selection of known malware families: Bundlore, Shlayer, SilverSparrow, RLoad/Lador, all of which are detected by static AV engines on VirusTotal (the list of 20 hashes as well as those above are provided at the end of this post).
A variety of common macOS malware found on VirusTotal
Again, as can be seen from the image of the first eight shown above, the dates these were first detected vary from 2018 to a few months ago. Let’s see how XProtect does with these. If you want to try this at home you will need to install YARA, and then point YARA to the XProtect.yara file.
I use a few functions in my shell profile to make this easier (the xprotect_families.txt file is a list of XProtect rule names that can be extracted from this file on SentineLabs github, but it isn’t necessary to run the test).
Adding functions to your shell profile can make it easier to test XProtect with a local YARA installation
Unfortunately, XProtect doesn’t have a signature for any of these 20 samples from common, known malware families.
What should we conclude from this? As stated at the outset, we’re not Apple-bashing here: XProtect does do a decent job of blocking the macOS malware that it knows about, particularly since recent versions of the OS ensure files are scanned by XProtect even if they are missing the com.apple.quarantine extended attribute.
The problem is there’s just a lot more malware out there than XProtect knows about. Yes, Apple has another tool, the MRT.app, that can remediate some known malware infections, again if it knows about them, but there are other problems with MRT.app, chief among them the frequency with which it runs (or doesn’t run). We’ve written about MRT.app before at length here and here.
Conclusion
For enterprises running macOS fleets, the macOS malware problem isn’t going to go away on its own or be solved by relying on Apple’s built-in tools, welcome as they are. A solution like SentinelOne brings to the table the missing detection, protection, visibility and control features that macOS lacks. Developed in-house with native support for Apple silicon, kextless and 365+ data retention options, we have a long-term investment in securing Macs. We are Mac users, too, and security is our business.
If you would like to see how SentinelOne can help protect your Mac fleet, contact us for more information or request a free demo.
The 1st XProtect Test
1a8a17b615799f504d1e801b7b7f15476ee94d242affc103a4359c4eb5d9ad7f
1f7cbbdab36ce50c7a78faf67a960ffb3d7be830f5ace911f28e57770718c914
4ba7ebdb4bfb0a9e7f191e75abd89d2006de981a5db1b943bb36d936b61fb28a
668ca96dc34c9843e0bae599ea0f38dd1e5b3747a9ec46f3008e01b6b9c0fba9
https://phxtechsol.com/wp-content/uploads/2021/05/When-Apple-Admits-macOS-Malware-Is-A-Problem-Its-Time-To-Take-Notice-4.jpg6281200Phoenix Technologyhttps://phxtechsol.com/wp-content/uploads/2017/02/PTS-Horiz-logo-1-1200-300x53.jpgPhoenix Technology2021-05-26 17:50:142021-05-26 17:50:14When Apple Admits macOS Malware Is A Problem – It’s Time To Take Notice
Sinch — a Twilio competitor based out of Sweden that provides a suite of services to companies to build communications and specifically “customer engagement” into their services by way of APIs — has been on a steady funding and acquisitions march in the last several months to scale its business, and today comes the latest development on that front.
The company has announced that it has raised another $1.1 billion in a direct share issue, with significant chunks of that funding coming from Temasek and SoftBank, in order to continue building its business.
Specifically, the company — which is traded on the Swedish stock exchange Nasdaq Stockhom and currently has a market cap of around $11 billion — said that it was making a new share issue of 7,232,077 shares at SEK 1,300 per share, raising approximately SEK 9.4 billion (equivalent to around $1.1 billion at current rates).
Sinch said that investors buying the shares included “selected Swedish and international investors of institutional character,” highlighting that Temasek and SB Management (a direct subsidiary of SoftBank Group Corp.) would respectively take SEK 2,085 million and 0.7 million shares. This works out to a $252 million investment for Temasek, and $110 million for SoftBank.
Sinch is not saying much more beyond the announcement of the share issue for now, except that the raise was made to shore up its financial position ahead of more M&A activity.
“Sinch has an active M&A-agenda and a track record of successful acquisitions, making [it] well placed to drive continued consolidation of the messaging and [communications platform as a service, CPaaS] market,” it said in a short statement. “Furthermore, the increased financial flexibility that the directed new share issue entails further strengthens the Company’s position as a relevant and competitive buyer.”
The company is profitable and active in more than 40 markets, and CEO Oscar Werner said in Sinch’s most recent earnings report that in the last quarter alone that its communications APIs — which work across channels like SMS, WhatsApp, Facebook Messenger, chatbots, voice and video — handled 40 billion mobile messages.
Notably, its strategy has a strong foothold in the U.S. because of the Inteliquent acquisition. It will be interesting to see how and if it continues to consolidate to build up market share in that part of the world, or whether it focuses elsewhere, given the heft of two very strong Asian investors now in its stable.
“Becoming a leader in the U.S. voice market is key to establish Sinch as the leading global cloud communications platform,” said Werner in January.
While Sinch has focused much of its business, as has Twilio, around an API-based model focused on communications services, its acquisition of Inteliquent also gave it access to a large, legacy Infrastructure-as-a-Service (IaaS) product set, aimed at telcos to provide off-net call termination (when a call is handed off from one carrier to another) and toll-free numbers.
Tellingly, when Sinch acquired Inteliquent, the two divisions each accounted for roughly half of its total business, but the CPaaS business is growing at twice the rate of IaaS, which points to how Sinch views the future for itself, too.
E-commerce is on the rise, but that also means the risk, and occurrence, of e-commerce fraud is, too. Now, Forter, one of the startups building a business to tackle that malicious activity, has closed $300 million in funding — a sign both of the size of the issue and its success in tackling it to date.
The new funding, a Series F, values Forter at $3 billion — notable not least because the funding is coming only about six months since Forter’s previous round, a $125 million Series E that valued it at over $1.3 billion.
Tiger Global Management is leading this latest equity infusion, with new backers Third Point Ventures and Adage Capital Management, and existing investors Bessemer Venture Partners, Sequoia Capital, March Capital, NewView Capital, Salesforce Ventures and Scale Venture Partners, also involved.
The plan will be to use to the money to expand Forter — founded in Tel Aviv and now based in New York — geographically, bring more functionality into its product and explore adjacent areas where Forter might expand its capabilities, either organically or by way of acquisition.
Forter today focuses mainly on identifying fraud at the point of transaction and building an AI-based platform that “learns” more behaviors to improve its accuracy; it also builds models that keep more people transacting and helps bring down the number of “false positives” where activity that appears suspicious actually is not.
One area on its roadmap for expansion is remediation after the fraud occurs, said Liron Damri, Forter’s co-founder and president.
“Our vision is to serve the merchant as the go-to trusted partner for everything, so remediation is definitely on our roadmap,” he said of potential acquisition targets.
Damri, who co-founded the company with Michael Reitblat, CEO, and Alon Shemesh, chief analyst, said in an interview that the startup — which works with some 350 large customers like Priceline and Instacart and a growing number of service providers like FreedomPay and Flutterwave, altogether seeing some $250 billion worth of transactions globally last year — wasn’t proactively looking for more money.
“All we wanted to do was go back to run the company,” he said. “But in the past six months we’ve seen such a great momentum, doubling revenue and ARR, and seeing our customer volumes grow.”
That led to a lot of investors proactively reaching out and asking questions, he continued. He described Tiger as a “kingmaker” in the category of e-commerce, so it was an easy decision to make, and gave it the “gas” it needed to take its next growth steps.
E-commerce has been one of the major technology growth stories of the last year, fueled by a rush of consumers and businesses playing out their lives online at a time when it has been harder, and in some cases impossible, to transact in person.
While we have definitely seen a lot of growth, and growing sophistication, in the number of tools on the market to combat cybercrime, it’s in some ways an ouroboros of a problem: The more transactions that are made, the more there are that need to be monitored for suspicious activity. And in any case, fraud in e-commerce is not exactly going away. It’s estimated that it will cost retailers some $20 billion in 2021 and is always on the rise.
Forter got its start in 2013 focusing first on monitoring activity on sites wherever customers happened to be to identify suspicious behavior — a sign that it might be a bot or someone on an illicit spending spree racking up a lot of items in quick succession — with the bigger concept being to build a network of activity from which to learn and help make more informed decisions over time.
In more recent years, the essence of the issue has expanded somewhat, and also grown more sophisticated. As companies have grown their businesses to reach beyond early adopters and core audiences, and into a more “omnichannel” environment beyond basic check-outs on their own sites, so too have the kinds of consumers coming to shop.
This has meant that traditional “signals” of legitimate buyers no longer were the same as before — a predicament that really rose in profile in the last year, as many newcomers came to e-commerce for the first time during the pandemic. In fact, Damri told me that in 2020 there were seven times more “newcomers” to sites than in 2019.
So with most of the flagging of suspicious activity coming up at the point of transaction, Forter expanded to analyzing activity there.
As with a recent acquisition of Stripe’s, Bouncer, to build out its own anti-fraud product, a large part of Forter’s attention these days is on providing tools to companies to identify suspicious purchasing, but even more than that, to make sure that the many occasions that might look suspicious are not, to help reduce the amount of “cart abandonment” and increase conversions.
The old way of doing things, Damri said, involved “thousands of rules and applying suspicion on everyone. You were guilty unless proved otherwise.”
Using its AI engine and some risk analysis (not unlike the kind that, say, an insurance or loan provider might apply in their businesses), Forter turned the proposition on its head.
“We wanted to approve as much as possible. We wanted to gradually increase the trust you have of your own customers. We changed the sentiment and approach… especially in areas that were neglected, such as those who saw significant changes in life,” Damri said. “This was extremely important as COVID-19 hit.”
Forter’s risk tolerance model, it seems, has so far proven out. Damri said that its algorithms applied reduce the total number of declines by 80%, but also reduce the number of chargebacks — one indicator of a mistake — by 60%.
This implies that it’s blocking more of the “wrong” kind of purchases, and letting through more of the legitimate ones. (That is, he pointed out, in addition to a few bad actors Forter intentionally lets buy things, just to learn how they operate. Damri referred to this as “paid-tuition.”)
Risk-based approvals, coupled with algorithms to learn what is truly bad, has resonated with customers, and investors.
“With the unprecedented rate of digital transformation and the fierce competition in creating the slickest user experience, superior fraud prevention plays an ever more critical role in e-commerce revenue growth” said John Curtius, a partner at Tiger Global Management, in a statement. “After we talked with dozens of customers of every relevant solution in this space, it was very clear to us that Forter is the clear leader in performance and scale.”
“As a longtime investor, it’s been incredible to see Forter’s ascent,” added Ravi Viswanathan, NewView Capital. “It’s a testament to the leadership team’s vision and execution in allowing merchants to provide the seamless experiences customers expect and to be able to accept as many transactions as possible, while still accurately identifying and blocking fraud.”
https://phxtechsol.com/wp-content/uploads/2017/02/PTS-Horiz-logo-1-1200-300x53.jpg00Phoenix Technologyhttps://phxtechsol.com/wp-content/uploads/2017/02/PTS-Horiz-logo-1-1200-300x53.jpgPhoenix Technology2021-05-26 17:50:112021-05-26 17:50:12Forter raises $300M on a $3B valuation to combat e-commerce fraud
With more people than ever before going online to pay for things and pay each other, startups that are building the infrastructure that enables these actions continue to get a lot of attention.
In the latest development, Paysend, a fintech that has built a mobile-based payments platform — which currently offers international money transfers, global accounts, and business banking and e-commerce for SMBs — has picked up some money of its own. The London-based startup has closed a round of $125 million, a sizable Series B that the company’s CEO and founder Ronnie Millar said it will be using to continue expanding its business geographically, to hire more people, and to continue building more fintech products.
The funding is being led by One Peak, with Infravia Growth Capital, Hermes GPE, previous backer Plug and Play and others participating.
Millar said Paysend is not disclosing valuation today but described it as a “substantial kick-up” and “a great step forward in our position ahead toward unicorn status.”
From what I understand though, the company was valued at $160 million in its previous round, and its core metrics have gone up 4.5x. Doing some basic math, that gives the company a valuation of around $720 million, a figure that a source close to the company did not dispute when I brought it up.
Something that likely caught investors’ attention is that Paysend has grown to the size it is today — it currently has 3.7 million consumer customers using its transfer and global account services, and 17,000 small business customers, and is now available in 110 receiving countries — in less than four years and $50 million in funding.
There are a couple of notable things about Paysend and its position in the market today, the first being the competitive landscape.
On paper, Paysend appears to offer many of the same features as a number of other fintechs: money transfer, global payments, and banking and e-commerce services for smaller businesses are all well-trodden areas with companies like Wise (formerly “TransferWise”), PayPal, Revolut, and so many others also providing either all or a range of these services.
To me, the fact that any one company relatively off the tech radar can grow to the size that it has speaks about the opportunity in the market for more than just one or two, or maybe five, dominant players.
Considering just remittances alone, the WorldBank in April said that flows just to low- and middle-income countries stood at $540 million last year, and that was with a dip in volumes due to COVID-19. The cut that companies like Paysend make in providing services to send money is, of course, significantly smaller than that — business models include commission charges, flat fees or making money off exchange rates; Paysend charges £1 per transfer in the U.K. More than that, the overall volumes, and the opportunity to build more services for that audience, are why we’re likely to see a lot of companies with ambitions to serve that market.
Services for small businesses, and tapping into the opportunity to provide more e-commerce tools at a time when more business and sales are being conducted online, is similarly crowded but also massive.
Indeed, Paysend points out that there is still a lot of growing and evolution left to do. Citing McKinsey research, it notes that some 70% of international payments are currently still cash-to-cash, with fees averaging up to 5.2% per transaction, and timing taking up to an hour each for sender and recipient to complete transfers. (Paysend claims it can cut fees by up to 60%.)
This brings us to the second point about Paysend: How it’s built its services. The fintech world today leans heavily on APIs: Companies that are knitting together a lot of complexity and packaging it into APIs that are used by others who bypass needing to build those tools themselves, instead integrating them and adding better user experience and responsive personalization around them. Paysend is a little different from these, with a vertically integrated approach, having itself built everything that it uses from the ground up.
Millar — a Scottish repeat entrepreneur (his previous company Paywizard, which has rebranded to Singula, is a specialist in pay-TV subscriber management) — notes that Paysend has built both its processing and acquiring facilities. “Because we have built everything in-house it lets us see what the consumer needs and uses, and to deliver that at a lower cost basis,” he said. “It’s much more cost-efficient and we pass that savings on to the consumer. We designed our technology to be in complete control of it. It’s the most profitable approach, too, from a business point of view.”
That being said, he confirmed that Paysend itself is not yet profitable, but investors believe it’s making the right moves to get there. To be clear, Paysend actually does partner with other companies, including those providing APIs, to improve its services. In April, Plaid and Paysend announced they were working together to power open banking transfers, reducing the time to initiate and receive money.
“We are excited by Paysend’s enormous growth potential in a massive market, benefiting from a rapid acceleration in the adoption of digital payments,” said Humbert de Liedekerke, managing partner at One Peak Partners, in a statement. “In particular, we are seeing strong opportunities as Paysend moves beyond consumers to serve business customers and expands its international footprint to address a growing need for fast, easy and low-cost cross-border digital payments. Paysend has built an exceptional payment platform by maintaining an unwavering focus on its customers and constantly innovating. We are excited to back the entire Paysend team in their next phase of explosive growth.”
https://phxtechsol.com/wp-content/uploads/2017/02/PTS-Horiz-logo-1-1200-300x53.jpg00Phoenix Technologyhttps://phxtechsol.com/wp-content/uploads/2017/02/PTS-Horiz-logo-1-1200-300x53.jpgPhoenix Technology2021-05-26 17:50:102021-05-26 17:50:10UK’s Paysend raises $125M at a $700M+ valuation to expand its all-in-one payments platform
Hyro, formerly Airbud, is today announcing the close of a $10.5 million Series A financing round led by Spero Ventures, with participation from Twilio and Mindset Ventures. Existing investors Hanaco Ventures, Spider Capital and Entrepreneurs Roundtable Accelerator also participated in the round.
Hyro is an enterprise application, currently aimed at the healthcare sector but with eyes on new verticals, that adds an intelligent layer of voice chat or text chat to any application or website.
The company calls itself an adaptive communications platform, which essentially means that customers use plug-and-play tools to get information to end-users in a conversational way, whether that be voice or chat. It can integrate with contact centers, chatbots, SMS and other forms of communication. Essentially, Hyro targets information-heavy industries that often have to communicate with end-users.
This type of scenario, in the words of co-founder Israel Krush, usually leads to a terrible experience for the end user and a costly, inefficient process for the organization. The problem was no more apparent than in the healthcare sector during the pandemic. End users would flood platforms for information regarding the virus, the vaccine, testing, etc., but ask those redundant questions in myriad ways. On the enterprise side, the answers to those questions were changing over time.
Hyro allows these organizations to easily edit and change that information and deliver it to end users in an efficient way. But perhaps most importantly, Hyro scrapes information from the website to set up its own conversational tree, so the client doesn’t have to do a lot of heavy lifting up front.
Krush says that the problem is big, which means that the space is crowded. He views Twilio’s participation in this round of fundraising as a differentiator.
“The market is crowded so it’s really hard to differentiate yourself from the crowd,” said Krush. “Even though we have great technology, everyone says they have great technology. Twilio coming into this round and the partnership we’re trying to develop around contact centers really attests to the differentiation of our approach, to the scalability and the modularity of our approach.”
He added that Hyro is not a healthcare company — “it’s really about serving any enterprise.”
Hyro healthcare customers include Carroll, Wheelpros, Mercy Health, University of Rochester Medical Center and Weill Cornell Medicine, but the company plans to use this new funding to scale into more verticals, with an aim toward real estate, government and other information-heavy industries.
This latest round brings Hyro’s total funding to $15 million.
We may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.
Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.
Essential Website Cookies
These cookies are strictly necessary to provide you with services available through our website and to use some of its features.
Because these cookies are strictly necessary to deliver the website, refusing them will have impact how our site functions. You always can block or delete cookies by changing your browser settings and force blocking all cookies on this website. But this will always prompt you to accept/refuse cookies when revisiting our site.
We fully respect if you want to refuse cookies but to avoid asking you again and again kindly allow us to store a cookie for that. You are free to opt out any time or opt in for other cookies to get a better experience. If you refuse cookies we will remove all set cookies in our domain.
We provide you with a list of stored cookies on your computer in our domain so you can check what we stored. Due to security reasons we are not able to show or modify cookies from other domains. You can check these in your browser security settings.
Google Analytics Cookies
These cookies collect information that is used either in aggregate form to help us understand how our website is being used or how effective our marketing campaigns are, or to help us customize our website and application for you in order to enhance your experience.
If you do not want that we track your visit to our site you can disable tracking in your browser here:
Other external services
We also use different external services like Google Webfonts, Google Maps, and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.
Google Webfont Settings:
Google Map Settings:
Google reCaptcha Settings:
Vimeo and Youtube video embeds:
Other cookies
The following cookies are also needed - You can choose if you want to allow them:
