Covr Newsletter November 2019

Being a busy startup, things have a habit of moving fast – especially this time of year. Still, I want to take the time to give you a quick roundup of what’s going on in our corner of the digital world.

Enjoy and stay safe,

Patrik Malmberg and the team at Covr Security

New partners

The market for platforms for Open Banking keeps on growing, and we have recently signed major partner agreements to help accelerate PSD2 compliance and Open Banking value creation.

MobiMedia

We are adding our multi-factor authentication solution to MobiMedia’s overall customer offer. MobiMedia is a public company listed on the Warsaw Stock Exchange- They focus on mobile e-commerce and media services and provides mobile marketing and payment solutions in Eastern Europe.

https://bit.ly/2NAiQh3

KPN

KPN is the leading telco, mobile, and network services provider in the Netherlands, with more than 33 million subscribers. Covr Security will be the first company to provide a secure authentication API to their enterprise/third party marketplace. Our API supports advanced multi-factor authentication and mandatory SCA for Open Banking in Europe. 

https://bit.ly/33BDi6N

Precise Biometrics

An essential step in our progress is the joint agreement with biometric fingerprint solution provider Precise. The agreement is strengthening our offer by adding a verification solution for digital services and transactions between mobile units. The initial goal of the partnership is to carry out pilots during the second half of 2019 and then enter into a commercial phase. 

Are you interested in becoming our partner?

We provide our multi-factor authentication-as-a-service to a wide range of industry partners – eID providers, service providers, enterprise partners, mobile carriers, and other security technology providers. Contact us by hitting reply for more informatio

COVR Software Development Kit (SDK) launch

We are as we speak, releasing our comprehensive SDK that gives third party authentication possibilities like password-free logins, instant verifications of financial transactions. Get in touch with us for a walkthrough!

Covr Security out and about

Mats Holmfeldt, our Senior Executive Operations for the Asia Pacific, attended the SCxSC Fintech Conference in Malaysia as Keynote Speaker. SCxSC is organized by the Malaysian Securities Commission every year and is an important forum for Finch innovations in Asia.  https://lnkd.in/d3vMSSm

Best Fintech Startup

Covr Security nominated for Nordic Startup award

We are happy to announce that Covr Security has made it to the national shortlist as a finalist representing Sweden under the category Best Fintech Startup. The nomination is an excellent achievement since Covr have been selected out of 3329 submissions. 

Global Startup Awards is the biggest Award show celebrating startups in the world – and the Nordics are no exception to that.

The award will be presented at a Grande Finale in Copenhagen, on the 5th of December.

Everyone can vote for their favourite for the awards and then a jury will decide who will win the prizes in each category. If you want to read more and vote for your favourite follow this link – vote here.

The winners from the national events will be automatically shortlisted for the same category in the regional finale and compete against other nations in the same region. In both the national and regional process, the winners are selected by both public voting and jury delegation. 

The winner from each category and region will then placed against each other to determine who is the winner of the Global Startup Awards. A bi-annual award, this year the Finale is in 11-14th, December 2019 Changsha, China.

What is the preferred authentication method?

In recent years being able to prove who you are has become more important. Companies and online services need verification and use different methods for you to do so. We started with increasingly complex passwords, but more and more are looking at 2-factor-authentication, or even multi-factor-authentication. But what method is actually preferred, both from a security and user-experience perspective?

Having passwords that are so complex that you can’t even remember them yourself has lately proven to be a rather poor method of securing your online accounts. Bill Burr, the former manager at National Institute of Standards and Technology (NIST), created the password-guide that is used today to find a secure password. The problem is that the guide was produced in 2003, and Burr now says that he didn’t really understand how passwords worked during the time. The guide that is being used today actually doesn’t ensure safe passwords. A better method of creating safe passwords is to put together three or four unrelated words, resulting in a longer password without being unreasonably difficult to remember.

But having just a password to verify your identity has proven to be insufficient, just look at the Heartbleed bug a few years ago where thousands of passwords were leaked. Through the years there have been several reports where passwords have been compromised by hacks or simple errors. So, in order to stay safe, there should be some other method of proving you are really you.

The answer has come in the form of 2-factor authentication, where you use your password to login to an online account, and then get prompted on a different device (often your mobile phone) to authenticate that you are attempting to log in to that account. This ensures that you are really you, or at least in theory. Many started using text messaging to send a passcode that you entered to verify the login. But lately there have been numerous reports of such text-messages being redirected to a different phone, and thus the authentication process is yet again insecure.

Many companies, such as Google, have therefore created their own app that ensures that the verification code is only sent to that specific phone. In countries such as Sweden, the banks have joined forces and created a Bank-ID that is linked to the citizen’s personal identification number. The problem with these is that they do not work globally or universally across platforms. In Google’s case, the service provider must then use Googles authentication, and thus their login-system, something that might be undesirable for many service providers. In the case of the Swedish Bank-ID, you must have a Swedish personal number and also have a Swedish bank account.

In other cases, the verification process often requires several steps, which then becomes a hassle for the user. This reduces the willingness to use the verification system. Since people tend to use the path of least resistance, the user experience must be at the centre of the system. If the process of logging in to your account isn’t easy, then you will probably use a less secure method instead.

Developing a universal and global multi-authentication system that is secure and easy to use is, therefore, something that is desired and urgent. Luckily, we are now seeing several such systems being developed, and the one that is currently leading the charge towards secure and easy online verification is Covr Security. They are a Swedish company that has used the experiences from the Swedish Bank-ID to create a system that is non-affiliated to a vendor with their own agenda and works around the globe. The system is easy to use, easy to implement and ensures the highest level of security. Simply put, it offers all that you could ask for in a multi-factor authentication system.

COVR Newsletter – February 2019

Here is the new COVR newsletter for February 2019. In this letter, we give you some news about cybersecurity, tell more about COVRS´s participation in Accelerator Frankfurt and why SMS-authentication is not a good solution.

Prevent fraud and build trust with your customers by merely buffing up your FDP-system.

You don’t want to lose money due to online fraud, do you? Then you better buff up your FDP-solutions, because retailers are expected to lose $ 130 billion in CNP-fraud in just the next five years.

We see a rise in online fraud, as online retail and other digital solutions are increasingly more popular worldwide, cybercriminals are becoming more creative, and they continue to find new ways to attack. As an online retailer, it is of the uttermost importance to increase and expand your Fraud Detection, and Prevention (FDP) measures to keep the criminals away. Would you like to prevent your business from the fraudulent damage and substantial loss in the upcoming years?

Read the full blog here >

Covr takes part in an exclusive accelerator program in Germany

During the past three months, Covr Security has taken part in a highly exclusive accelerator program in Germany, through the organization Accelerator Frankfurt. Here the founder of Accelerator Frankfurt, Ram Shoham explains more about the program and why he thinks Covr is perfect for it.

Accelerator Frankfurt has been active for just over six years with a clear vision and central focus set on the FinTech and Cybersecurity industry. The two founders, Ram Shoham, and Maria Pennanen have a background in finance and tech, that is why it was a natural step for them to help companies working in that industry.

Read the full article here >

Another example of why SMS-authentication is a horrible idea!

You’d think that in today’s high-tech society, nobody uses text-messages as part of their 2-factor authentication system. But despite hoping that this was dead and buried practice, now and then we see examples of when it’s being used and subsequently hacked.

Recently the customers of Metro Bank in the UK suffered the consequences from this, which goes to show that it is time that we start using safer and more reliable solutions.

Read more >

A Long Day (with no Cybersecurity)

Imagine waking up, and everything in the entire world has been hacked. How do you commute to work, how do you pay for your food, and how long will the electricity keep your lights on? Cybersecurity matters, more today than ever before!

COVR to pitch during Accelerator Frankfurt’s Demo Day on February 5.

On February 5, COVR will pitch the company to German investors and potential customers during Accelerator Frankfurt’s Demo Day. This great opportunity will position us very well for a rapid expansion in Germany.

COVR presenting in Frankfurt 2018

During the autumn COVR, together with two other startups, was chosen from hundreds of companies to take part in Accelerator Frankfurt’s fifth Acceleration Wave Program. The Accelerator Frankfurt Program is very prestigious and COVR is very fortunate to have been chosen. During the three-month program Accelerator, Frankfurt offers 200+ consulting hours on important subjects such as communication, digital marketing, finance, tax-regulations, strategic planning and executive coaching, aimed at the German Market. These experiences and insights will drive our expansion in Germany and further on in Europe to bring the best mobile security solution in the world, to the world.

The Demo Day will live-stream on YouTube, and already know you can set a reminder at:

Live Stream – Accelerator Frankfurt 5th Wave Demo Day >

Read more about the Accelerator Frankfurt Program here >

COVR in cooperation in Dubai

COVR in cooperation in Dubai

Last week COVR´s CEO Patrik Malmberg and CIO Peter Alexandersson travelled to Dubai to meet representatives and discuss new cooperations in Payment Gateways.

Peter Alexandersson and Patrik Malmberg meet Mr Suresh and his team.

Peter Alexanderson is one of the 10 Most Prominent Personalities in the Security Industry, 2018

The Magazine Mirror Review has appointed the CEO of COVR Security, Peter Alexanderson, as one of the 10 most Prominent Personalities in the Security Industry, 2018.

Peter Alexanderson: A Cybersecurity Leader With Feathers Of Experience In His Cap.” 

 /Mirror Review

Read the article here

Covr Founder and CEO Peter Alexanderson receives accolades

Earlier this fall, Peter was featured in the Mirror Review with an article about Cover and its inception. Amongst other notable company leaders he is now named one of the 10 most prominent personalities in the Security Industry, 2018.  Read article here >>

Open Banking is here to stay – time to make that trouble free transition

The more popular mobile platforms become for money transactions the more important the security aspect becomes.

The new EU regulation PSD2 that recently has come into play requires stronger identity checks by the users themselves when they pay online. When customers access their online payment accounts, initiate electronic payment transactions, or perform other actions through remote channels, so-called strong authentication is required.

The users are actually not allowed to authenticate themselves with just one static password anymore. The transition from passwords to a combination of login codes and biometrics or tokens can be troublesome – and expensive – for banks and payment services, and this is where Covr is the ultimate solution!

The users are actually not allowed to authenticate themselves with just one static password anymore. The transition from passwords to a combination of login codes and biometrics or tokens can be troublesome – and expensive – for banks and payment services, and this is where Covr is the ultimate solution!

Convenience vs. security in mobile banking

People want an ultra-low-friction mobile payment experience that says yes to a lickety-split transaction, with a minimum of taps and without the extra hoo-ha.

Pay on the go, wherever you are, is the catchphrase of today. This is the inevitable reality so let’s take a second to untangle some of the pitfalls and opportunities for banks to get on top of this development.

In-app purchasing, person-to-person payments and e-wallets are all results of consumers’ relentless demand for instant access to their money. Needless to say, this is why the most convenient and readily available device of them all – the smartphone – is becoming the payment channel of choice. Sending money to friends and family, shopping or doing day-to-day things like paying a bill inside various apps are all examples of consumer behaviours that are taking off in a phenomenal way.

“Tap-sign-done”

It’s no longer just well known online payment services like PayPal, Google Wallet and Apple Pay (that have been around long enough to earn trust) that are competing for a piece of the mobile instant payments pie. Thanks to the revised payment services directive (PSD2), the entire payment services ecosystem have entered the race and offer competitive-edge and value-added “overlay” payments that boost consumer instant access. Whether it’s game-changing players like Square, Klarna, Paym and Dwolla or run-of-the-mill banks, the potential success stands and fall with a combination of convenience and security.

The educated guess would be that as long as people can stay secure, they will take the path of least resistance. But convenience will only go so far when it comes to the adoption of mobile payments. Without the underpinning security, this ever-growing trend could halt in mid-stride if consumers don’t trust that their money is a hundred per cent secure.

Photo by Matthew Kwong on Unsplash

Trust, trust, trust

Even though banks are late to the mobile payment user-convenience party, research shows that consumers still have a much higher level of confidence dealing with their banks, than online platforms and social-media companies when it comes to payments services. This is a slam-dunk advantage that gives banks the chance to stay competitive by drawing from the hard-earned trust they have built with their customers over the years.

As payment innovation has been about striking the right balance between customer convenience and security banks are successively abandoning yesterday’s security methods and have started to evaluate new and more robust alternatives at hand. But bringing about a genuinely effortless mobile user experience and at the same time reach fool-proof security is no easy feat. To begin with, instant payment features radically shortens the time to identify fraud so no matter which way you look at it, you need to invest in extremely secure real-time fraud detection based on strong user authentication. Exceptional user convenience on the smartphone may be the term of the day as it stands, but without up-to-date security tech behind it, it could be good for nothing.

In the near future, those who offer their customers the security and sought-after split-second payment convenience will survive. This is why we have developed Covr, a user-centric mobile security management platform. It will help banks and other financial players to overcome the biggest hurdles in the transition to large scale open banking as it doesn’t require hardware or huge installations costs.