An interview with Ben Cade, CEO, Trustonic
Tell us about Trustonic; what do you do?
Trustonic is a global cybersecurity company that was founded in 2012 by security leaders ARM and Gemalto, a Thales company. Our mission is to embed the best security into the world’s smart devices and apps. This empowers developers – like banks, fintechs, payment providers, cryptocurrency platforms and softPOS vendors – to build the trust required to deliver simple, fast and more secure solutions and services. Our solutions for the financial services sector include:
- Trustonic Application Protection (TAP) – a mobile application security platform that enables app developers to deliver the most secure in-app protection on any iOS or Android-based mobile device. It combines software and hardware-based security, which provides optimal protection for critical mobile apps and associated sensitive data.
- Trustonic Secured Platform (TSP) – a proven and scalable hardware-based mobile security solution that enables smartphone, wearable and other smart device manufacturers to hardware-protect their products and comply with industry-mandated security requirements. TSP is already embedded into two billion devices.
What makes Trustonic unique among its competitors?
Simple: its proven technology that can protect financial services apps on any device.
If you’ve ever had an Android smartphone or a Samsung Gear smartwatch, or used Samsung Pay, WeChat Pay or AliPay, chances are that Trustonic technology has already protected you. Trustonic cybersecurity technology is so prolific because it can be used to shield apps on any device by providing one software development kit (SDK) for developers to build apps and services that leverage the best available software and hardware-based security across Android and iOS.
That’s why it’s used to protect applications across sectors sharing critical private data, from payments and financial services to healthcare and automotive.
And it’s not just about protecting the app. Richer and faster user experiences are key to our success. TAP allows app developers to employ features that both enhance security and enrich the UX. Developers, for example, can use Trustonic’s Trusted User Interface (TUI) to protect sensitive information exchanged between an application and its user. Think about PIN entry or displaying an OTP on screen. Many financial services apps also use TAP to properly secure biometric authentication for Strong Customer Authentication (SCA).
By providing this level of security as well as an improved UX, TAP dramatically reduces friction in the onboarding process. This is crucial for increasing adoption of services – nobody wants to go through 20 separate steps to set up a bank account.
These are just some of the reasons we’re seeing significant adoption from the financial services sector.
What’s the market demand for your products?
With news of the latest hacks, attacks and breaches an almost daily occurrence, companies are waking up to how important a secure-by-design approach to mobile applications and devices is. Of course, then, we’re seeing significant interest from players in banking and at all stages of the payments value chain.
For example, KB Bank, Korea’s largest financial institution, launched LIIV TalkTalk in 2017. It was the first mobile app in Korea to provide financial services, including P2P payment and pension, credit card and savings account enquiries, combined with an encrypted messaging service for consumers and businesses. The bank selected TAP to enhance its existing security infrastructure to protect personal and financial data by securing the private keys used to decode chat messages. The bank has also added TAP to its Liiv mobile app to provide a safe and easy authentication service, in particular through the secure storage of authentication data. KB Bank now has protection that covers almost all possible end user devices for its over 30 million customers. By providing apps through both the Google Play Store and Apple App Store, it satisfies the need for both strong security and scalability.
Beyond consumer financial services, our work protecting mPOS applications is in high demand. The presence of better security within smartphones is enabling them to be used as payment acceptance devices, massively expanding the payment network to include small merchants. Truly secure mPOS and softPOS solutions are in such high demand because using a smartphone as a mobile point of sale solution enables traders, small retailers and SMBs to save money on costly payment acceptance hardware, improve staff efficiency and increase customer satisfaction. Payment platforms and solution providers also benefit, as they can eliminate the costs associated with procuring and managing traditional POS terminals. The ease of adding new functionalities to smartphone apps also shortens time to market for innovative new digital marketing and customer loyalty features – so everybody benefits. In Malaysia alone, the Government has set a target to increase the number of e-payment transactions to 200 per capita by 2020, up from 49 in 2011; a reflection of the country’s growth ambition.
We’re also seeing demand from sectors newly under pressure to meet the same level of cybersecurity as financial services, such as telecoms, where mobile network operators are seeking to protect smartphone investment and revenues by minimizing theft, fraud and trafficking, and automotive companies looking to secure their in-vehicle infotainment (IVI) systems and digital car keys.
What do you think are the biggest opportunities and challenges facing the company?
The biggest opportunity for us is the digital transformation happening globally across all sectors, particularly in fintech and payment. Consumers and business end-users expect to be able to live their whole lives through their smartphone applications, which increasing use and share more ‘critical’ data. This necessitates properly secured apps and devices – including devices manufactured by sectors that historically haven’t needed to worry too much about cybersecurity, such as automotive.
This digital transformation is driving growth in the number of connected endpoints and apps that need protecting. Where once it was just smartphones, this now includes wearables, medical devices, cars and IoT sensors just to name a few. As device and application security specialists, this is a clear opportunity for Trustonic – particularly as legislative mandates, like PSD2, Strong Customer Authentication, KYC and GDPR are driving an increasing focus on device and app security.
The biggest challenge we face is education. Still, too many of the C-suite don’t fully recognise the security risks that must be guarded against when taking digital services to market, the dynamism of the constantly growing threat landscape or the potential impact a breach could have on reputation and revenues.
What’s next for Trustonic?
Enterprise interest in in-app protection for mobile applications will only continue to grow alongside the increase in mobile transactions. Our success protecting payments and banking applications, with partners and customers like Cartes Bancaires, Rubean and KB Bank, has created a strong commercial pipeline – both in payments and the wider banking and fintech space.
It’s not just enterprises, either – we are increasingly supporting government initiatives that are targeting financial inclusion goals. In Indonesia, for example, the provision of secure eKYC, with partners like VIDA, is enabling a lightning fast change in the rate of financial inclusion - from 20% in 2011 to 49% in 2017.
Beyond mobile banking and payment apps, we have leveraged our in-app security experience gained in financial services to protect new applications in the automotive sector. Working with Hyundai and Volkswagen Group to protect their digital car keys and key-sharing apps, we see the demand for mobility as a service as a key opportunity to grow Trustonic further. As cars become more connected, it won’t be just digital keys that need protection, but payment-enabled digital cockpits too. Our in-app protection has been developed to be versatile enough to secure different applications across different devices, which, as edge computing and augmented reality begin to come into their own, will be crucial.