Connect with us

Biz & IT

Flutterwave and Visa launch African consumer payment service GetBarter

Published

on

Fintech startup Flutterwave has partnered with Visa to launch a consumer payment product for Africa called GetBarter.

The app based offering is aimed at facilitating personal and small merchant payments within countries and across Africa’s national borders. Existing Visa card holders can send and receive funds at home or internationally on GetBarter.

The product also lets non card-holders (those with accounts or mobile wallets on other platforms) create a virtual Visa card to link to the app.  A Visa spokesperson confirmed the product partnership.

GetBarter allows Flutterwave—which has scaled as a payment gateway for big companies through its Rave product—to pivot to African consumers and traders.

“Rave is B2B, this is more B2B2C since we’re reaching the consumers of our customers,” Flutterwave CEO Olugbenga Agboola—aka GB—told TechCrunch.

The app also creates a network for clients on multiple financial platforms, such as Kenyan mobile money service M-Pesa, to make transfers across payment products, national borders, and to shop online.

“The target market is pretty much everyone who has a payment need in Africa. That includes the entire customer base of M-Pesa, the entire bank customer base in Nigeria, mobile money and bank customers in Ghana—pretty much the entire continent,” Agboola said.

Flutterwave and Visa will focus on building a GetBarter user base across mobile money and bank clients in Kenya, Ghana, and South Africa, with plans to grow across the continent and reach those off the financial grid.

“In phase one we’ll pursue those who are banked. In phase-two we’ll continue toward those who are unbanked who will be able to use agents to work with GetBarter,” Agboola said.

Flutterwave and Visa will generate revenue through fees from financial institutions on cards created and on fees per transaction. A GetBarter charge for a payment in Nigeria is roughly 40 Naira, or 11 cents, according to Agboola.

With this week’s launch users can download the app for Apple and Android devices and for use on WhatsApp and USSD.

Founded in 2016, Flutterwave has positioned itself as a global B2B payments solutions platform for companies in Africa to pay other companies on the continent and abroad. It allows clients to tap its APIs and work with Flutterwave developers to customize payments applications. Existing customers include Uber, Facebook, Booking.com, and African e-commerce unicorn Jumia.com.

Flutterwave has processed 100 million transactions worth $2.6 billion since inception, according to company data.

The company has raised $20 million from investors including Greycroft, Green Visor Capital, Mastercard, and Visa.

In 2018, Flutterwave was one of several African fintech companies to announce significant VC investment and cross-border expansion—see Paga, Yoco, Cellulant, Mines.ie, and  Jumo.

Flutterwave added operations in Uganda in June and raised a $10 million Series A round in October that saw former Visa CEO Joe Saunders join its board of directors.

The company also plugged into ledger activity in 2018, becoming a payment processing partner to the Ripple and Stellar blockchain networks.

Flutterwave hasn’t yet released revenue or profitability info, according to CEO Olugbenga Agboola.

Headquartered in San Francisco, with its largest operations center in Nigeria, the startup plans to add operations centers to South Africa and Cameroon, which will also become new markets for GetBarter.

Source link

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Biz & IT

Verizon will use Amazon’s low Earth orbit satellites to extend 4G and 5G

Published

on

Enlarge / A Verizon booth at Mobile World Congress Americas in Los Angeles in September 2018.

Verizon has made a deal to use Amazon’s low Earth orbit (LEO) satellites to add capacity to the Verizon cellular network and provide fixed-wireless Internet service in rural parts of the US. Verizon said it will use Amazon satellite connectivity for both consumers and large businesses.

There won’t be any immediate change to Verizon’s services because Amazon has said its Project Kuiper division won’t launch any satellites until at least 2023. The companies yesterday announced a “strategic collaboration” in which they “have begun to develop technical specifications and define preliminary commercial models for a range of connectivity services for US consumers and global enterprise customers operating in rural and remote locations around the world.”

Verizon already provides LTE home-Internet service in rural areas and 5G home-Internet service in urban areas. But availability is limited, and Verizon plans to use Amazon Kuiper to expand its fixed-wireless offerings.

“To begin, Amazon and Verizon will focus on expanding Verizon data networks using cellular backhaul solutions from Project Kuiper,” the Verizon announcement said. “The integration will leverage antenna development already in progress from the Project Kuiper team, and both engineering teams are now working together to define technical requirements to help extend fixed wireless coverage to rural and remote communities across the United States.” Using Kuiper for cellular backhaul will “extend Verizon’s 4G/LTE and 5G data networks” in those rural and remote communities, Verizon said.

Service a “few years away”

Verizon told CNET that Kuiper-powered service for customers is a “few years away” and that the deal is nonexclusive for both Verizon and Amazon. Verizon could thus partner with additional satellite companies, and Amazon could offer its satellite connectivity to other cellular carriers. Verizon also said it intends to use Amazon Kuiper “to make the entire map of the US red”—in other words, to fill in coverage gaps where Verizon’s wireless connectivity is weak or nonexistent.

While the Verizon/Amazon plans are vague now since they’re still in an early stage, the companies said they will “explore joint connectivity solutions for domestic and global enterprises across agriculture, energy, manufacturing, education, emergency response, transportation and other industries.”

Amazon plans to use Kuiper to “serve individual households, as well as schools, hospitals, businesses and other organizations operating in places where Internet access is limited or unavailable,” the announcement noted. Amazon has US approval to launch 3,236 low-Earth-orbit satellites and says it plans to invest more than $10 billion in the project. By contrast, SpaceX Starlink has been providing LEO satellite Internet service in beta for about a year, and SpaceX CEO Elon Musk said the service will come out of beta this month.

Continue Reading

Biz & IT

Securing your digital life, part two: The bigger picture—and special circumstances

Published

on

ANDRZEJ WOJCICKI / SCIENCE PHOTO LIBRARY / Getty Images

In the first half of this guide to personal digital security, I covered the basics of assessing digital risks and protecting what you can control: your devices. But the physical devices you use represent only a fraction of your overall digital exposure.

According to a report by Aite Group, nearly half of US consumers experienced some form of identity theft over the last two years. Losses from these thefts are expected to reach $721.3 billion for 2021—and that’s only counting cases where criminals take over and abuse online accounts. Other valuable parts of your digital life may not carry specific monetary risks to you but could still have a tangible impact on your privacy, safety, and overall financial health.

Case in point: last September, my Twitter account was targeted for takeover by an unidentified attacker. Even though I had taken multiple measures to prevent the theft of my account (including two-factor authentication), the attacker made it impossible for me to log in (though they were locked out of the account as well). It took several weeks and some high-level communication with Twitter to restore my account. As someone whose livelihood is tied to getting the word out about things with a verified Twitter account, this went beyond inconvenience and was really screwing with my job.

The attacker found the email address associated with my Twitter account through a breach at a data aggregator—information probably gleaned from other applications that I had linked to my Twitter account at some point. No financial damage was done, but it made me take a long, hard look at how I protect online accounts.

Oh hey, it's this guy again. (Maybe this is the guy who tried to get into my Twitter account?)
Enlarge / Oh hey, it’s this guy again. (Maybe this is the guy who tried to get into my Twitter account?)

Aitor Diago / Getty Images

Some of the risk tied to your digital life is taken on by service providers who are more directly impacted by fraud than you. Credit card companies, for example, have invested heavily in fraud detection because their business is built on mitigating the risk of financial transactions. But other organizations that handle your personal identifying information—information that proves you are you to the rest of the digitally connected world—are just as big a target for cyber crime but may not be as good at preventing fraud.

Everything counts in multiple accounts

You can do a number of things to reduce the risks posed by data breaches and identity fraud. The first is to avoid accidentally exposing the credentials you use with accounts. A data breach of one service provider is especially dangerous if you haven’t followed best practices in how you set up credentials. These are some best practices to consider:

  • Use a password manager that generates strong passwords you don’t have to remember. This can be the manager built into your browser of choice, or it can be a standalone app. Using a password manager ensures that you have a different password for every account, so a breach of one account won’t spill over into others. (Sorry to again call out the person reusing letmein123! for everything, but it’s time to face the music.)
  • When possible, use two-factor or multi-factor authentication (“2FA” or “MFA”). This combines a password with a second, temporary code or acknowledgment from someplace other than your web browser or app session. Two-factor authentication ensures that someone who steals your password can’t use it to log in. If at all possible, don’t use SMS-based 2FA, because this is more prone to interception (more on this in a minute). Applications like Authy, Duo, Google Authenticator, or Microsoft Authenticator can be paired with a wide variety of services to generate 2FA temporary passwords or to send “push” notifications to your device so that you can approve a login. You can also use a hardware key, such as a Yubico YubiKey, to further segment authentication from your devices.
Artist's impression of how to troll your IT department.
Enlarge / Artist’s impression of how to troll your IT department.

vinnstock / Getty Images

  • Set up a separate email address or email alias for your high-value web accounts so that all email regarding them is segmented off from your usual email address. This way, if your primary email address is caught up in a data leak, attackers won’t be able to use that address to try to log in to accounts you care about. Using separate addresses for each service also has the side benefit of letting you know if any of those services are selling your personal information—just look at where and when spam starts showing up.
  • If you’re a US resident, make sure to claim an account for your Social Security number from the IRS for tax information access and other purposes. Much of the refund and stimulus fraud over the past few years has been related to scammers “claiming” accounts for SSNs that were unregistered with the IRS, and untangling that sort of thing can be painful.
  • Register for account breach checkups, either through the service provided through your browser (Firefox or Chrome) or through Troy Hunt’s haveIbeenpwned.com (or both!). The browser services will check stored passwords against breach lists using a secure protocol, and they can also point out risky reused credentials.
  • Consider locking your credit reports to reduce identity theft risks. Equifax provides an app called Lock & Alert that allows you to lock your credit report from all but existing creditors, then unlock it from the app before you apply for new credit. TransUnion has a similar free app called TrueIdentity. Experian charges $24.99 a month to lock your credit checks, and TransUnion has a “premium” version of its service that locks both TransUnion and Equifax reports on demand for $24.95 a month. In other words, if you want to have tight control over all your credit reports, you can do it for $300 a year. (You can, with some searching, find the free versions of those credit freeze services—here’s Experian’s and here’s TransUnion’s—but man, those companies really, really want to lift a giant pile of money out of your wallet in exchange for a bunch of highly dubious “value-adds.”)

When 2FA is not enough

Security measures vary. I discovered after my Twitter experience that setting up 2FA wasn’t enough to protect my account—there’s another setting called “password protection” that prevents password change requests without authentication through email. Sending a request to reset my password and change the email account associated with it disabled my 2FA and reset the password. Fortunately, the account was frozen after multiple reset requests, and the attacker couldn’t gain control.

Artist's impression of two-factor authentication. In this example, you can't log in without both a password <em>and</em> a code generated by your phone.
Enlarge / Artist’s impression of two-factor authentication. In this example, you can’t log in without both a password and a code generated by your phone.

dcdp / Getty Images

This is an example of a situation where “normal” risk mitigation measures don’t stack up. In this case, I was targeted because I had a verified account. You don’t necessarily have to be a celebrity to be targeted by an attacker (I certainly don’t think of myself as one)—you just need to have some information leaked that makes you a tempting target.

For example, earlier I mentioned that 2FA based on text messages is easier to bypass than app-based 2FA. One targeted scam we see frequently in the security world is SIM cloning—where an attacker convinces a mobile provider to send a new SIM card for an existing phone number and uses the new SIM to hijack the number. If you’re using SMS-based 2FA, a quick clone of your mobile number means that an attacker now receives all your two-factor codes.

Additionally, weaknesses in the way SMS messages are routed have been used in the past to send them to places they shouldn’t go. Until earlier this year, some services could hijack text messages, and all that was required was the destination phone number and $16. And there are still flaws in Signaling System 7 (SS7), a key telephone network protocol, that can result in text message rerouting if abused.

Continue Reading

Biz & IT

Securing your digital life, part one: The basics

Published

on

Enlarge / Artist’s impression of how to keep your digital stuff safe from all kinds of threats.

Aurich Lawson | Getty Images

I spend most of my time these days investigating the uglier side of digital life—examining the techniques, tools, and practices of cyber criminals to help people better defend against them. It’s not entirely different from my days at Ars Technica, but it has given me a greater appreciation for just how hard it is for normal folks to stay “safe” digitally.

Even those who consider themselves well educated about cyber crime and security threats—and who do everything they’ve been taught to do—can (and do!) still end up as victims. The truth is that, with enough time, resources, and skill, everything can be hacked.

The key to protecting your digital life is to make it as expensive and impractical as possible for someone bent on mischief to steal the things most important to your safety, financial security, and privacy. If attackers find it too difficult or expensive to get your stuff, there’s a good chance they’ll simply move on to an easier target. For that reason, it’s important to assess the ways that vital information can be stolen or leaked—and understand the limits to protecting that information.

Did you really think we were going to be able to get through a cybersecurity article without at least one guy-in-a-ski-mask-with-a-laptop stock photo?
Enlarge / Did you really think we were going to be able to get through a cybersecurity article without at least one guy-in-a-ski-mask-with-a-laptop stock photo?

Pinopic / Getty Images

In part one of our guide to securing your digital life, we’ll talk briefly about that process and about basic measures anyone can take to reduce risks to their devices. In part two, coming in a few days, we’ll address wider digital identity protection measures, along with some special measures for people who may face elevated risks. But if you’re looking for tips about peanut butter sandwich dead drops to anonymously transfer data cards in exchange for cryptocurrency payments… we can’t help you, sorry.

You are not Batman

A while back, we covered threat modeling—a practice that encompasses some of what is described above. One of the most important aspects of threat modeling is defining your acceptable level of risk.

We make risk-level assessments all the time, perhaps unconsciously—like judging whether it’s safe to cross the street. To totally remove the threat of being hit by a car, you’d either have to build a tunnel under or a bridge over the street, or you could completely ban cars. Such measures are overkill for a single person crossing the street when traffic is light, but they might be an appropriate risk mitigation when lots of people need to cross a street—or if the street is essentially a pedestrian mall.

This guy isn't actually Batman, either, but he's a lot closer to being Batman than we are. (This is cosplayer Auri Aminpour next to his Batmobile. Wicked!)
Enlarge / This guy isn’t actually Batman, either, but he’s a lot closer to being Batman than we are. (This is cosplayer Auri Aminpour next to his Batmobile. Wicked!)

The same goes for modeling the threats in your digital life. Unless you are Batman—with vast reserves of resources, a secret identity to protect from criminals and all but a select few members of law enforcement, and life-or-death consequences if your information gets exposed—you do not need Batman-esque security measures. (There are certainly times when you need additional security even if you’re not Batman, however; we’ll go into those special circumstances in the second half of this guide.)

For those who want to lock things down without going offline and moving to a bunker in New Zealand, the first step is to assess the following things:

  • What in my digital life can give away critical information tied to my finances, privacy, and safety?
  • What can I do to minimize those risks?
  • How much risk reduction effort is proportional to the risks I face?
  • How much effort can I actually afford?

Reducing your personal attack surface

The first question above is all about taking inventory of the bits of your digital life that could be exploited by a criminal (or an unscrupulous company, employer, or the like) for profit at your expense or could put you in a vulnerable position. A sample list might include your phone and other mobile devices, personal computer, home network, social media accounts, online banking and financial accounts, and your physical identification and credit cards. We’re going to cover the first few here; more will be covered in part two.

Each of these items offers an “attack surface”—an opportunity for someone to exploit that component to get to your personal data. Just how much of an attack surface you present depends on many factors, but you can significantly reduce opportunities for malicious exploitation of these things with some basic countermeasures.

Physical mobile threats

Smart phones and tablets carry a significant portion of our digital identities. They also have a habit of falling out of our direct physical control by being lost, stolen, or idly picked up by others while we’re not attending to them.

Defending against casual attempts to get at personal data on a smart phone (as opposed to attempts by law enforcement, sophisticated criminals, or state actors) is fairly straightforward.

First, if you’re not at home, you should always lock your device before you put it down, no exceptions. Your phone should be locked with the most secure method you’re comfortable with—as long as it’s not a 4-digit PIN, which isn’t exactly useless but is definitely adjacent to uselessness. For better security, use a password or a passcode that’s at least six characters long—and preferably longer. If you’re using facial recognition or a fingerprint unlock on your phone, this shouldn’t be too inconvenient.

Artist's impression of a person who has hacked a mobile phone. (In reality, phones don't actually say "HACKED!" to alert you that you've been hacked. Things would be a lot easier if they did.)
Enlarge / Artist’s impression of a person who has hacked a mobile phone. (In reality, phones don’t actually say “HACKED!” to alert you that you’ve been hacked. Things would be a lot easier if they did.)

D-Keine / Getty Images

Second, set your device to require a password immediately after it’s been locked. Delays mean someone who snatches your phone can get to your data if they bring up the screen in time. Additionally, make sure your device is set to erase its contents after 10 bad password attempts at maximum. This is especially important if you haven’t set a longer passcode.

Also, regularly back up your phone. The safest way to back up data if you’re concerned about privacy is an encrypted backup to your personal computer; however, most iOS device owners can back up their data to iCloud with confidence that it is end-to-end encrypted (as long as they have iOS 13 or later). Your mileage will vary with different Android implementations and backup apps.

Along the same lines, make sure you have installed the most recent version of the phone OS available to prevent someone from taking advantage of known security bypasses. For iOS, this is generally simple—when your device prompts you to upgrade, do it. The upgrade situation on Android is somewhat more complicated, but the same general advice holds true: upgrade ASAP, every time. (There is a school of thought that says you should hold off on the latest upgrades in order for bugs to be worked out, but adhering to that advice will put you in a position where your device might have exploitable vulnerabilities. You can mitigate those vulnerabilities by upgrading.)

Continue Reading

Trending