Sales League Table 2020 | Banking Technology Winners

Results Announced!

IBS Intelligence launches BankTech Daily News

Subscribe today. Limited time offer.

The Black Swan Opportunity | Get your bank digital ready.

IBSI Special 5 Digital Report Package with Special Offer. Subscribe now

India FinTech Report 2020

Insights into the historical and projected market size of key FinTech categories. Subscribe now

Using simplicity to outsmart the bad guys

George Kanuck, vice president for sales and marketing at Trustonic, tells IBS Journal how the firm is one of the biggest security ventures you may never have heard of.

Tell us about your company – how was it founded?

From around 2010, increasingly valuable services began to ‘go mobile’ and, as everyone knows, fraud follows money. Using software to protect software from software attacks can only get you so far; just look at anti-virus. To combat this, device makers and service providers recognised the need for hardware security in smartphones. The leading chip architect, Arm Limited, had a technology that was of interest to banks, governments, Hollywood studios and a variety of others whose services were vulnerable to cyberattacks. These organisations thought the technology was great, but that it needed to be both accessible and in a critical mass of devices.

So, Trustonic was formed – we’re a joint venture between Arm and digital security specialists Gemalto – and, since then, we have been working to embed our security technology in as many devices as possible to enable banks and other service providers to better protect their services, data and customers. It’s gaining significant momentum, as we’ve been integrated by 17 of the top 20 Android device manufacturers, meaning that we’re in well over a billion devices worldwide.

What is your business model?

For the financial services world, we work in a few ways:

  1. The technology we embed into devices is called a Trusted Execution Environment (TEE). This offers an isolated operating system within the device to store and remotely manage sensitive data, like banking and payments apps, making them immune to all software threats.
  2. We enable the device itself to be identified and trusted, by injecting a Root of Trust. This is important for secure banking and financial services as it’s essential to authenticate both the device and the user.
  3. Our technology also opens up other device functionality to the financial services community. For example, with the TEE you can ensure both the security of biometric user authentication and that the information displayed on screen or entered by the user cannot be intercepted by fraudsters.

Service providers work with us on a license basis to provide a simpler, safer and richer customer experience. They can use our simple APIs and software development kit as part of their app development and, when their app lands on a TEE device, it is protected by government-level hardware security. If no TEE is available, they benefit from our leading software protection, which is the same if not better than what most banks are currently using.

What sets you apart from the competition?

There are essentially two other ways of delivering secure mobile payments and banking. Protecting data using secure elements (SEs), or moving the functionality to the cloud. Secure elements offer high-security, but limited processing power, and have complex business models. Cloud-based payments are more user-friendly, but significantly less secure. TEE brings the best of both worlds and can even be combined with the other technologies.

What’s more, we’re the only provider of an open TEE. This means that, while there are other TEEs out there, service providers can’t utilise them to secure their apps – they can only be used by the handset manufacturers. This makes us unique in offering simple and accessible hardware security to the market, something we see as essential for maintaining consumer trust and leading the fight against fraud.

What was your smartest move?

I’d say the relentless pursuit of simplicity, as the security industry tends to overcomplicate everything. We recognise the potential of the TEE, as there are very few technologies that can enhance security and augment and simplify the user experience. But, it needs to be simple to integrate with, and we have worked hard to take the pain away for the service providers that we work with.

For example, banks don’t want to think about different security solutions for the thousands of different smartphones that are in circulation. With us, you can develop once and benefit from the best security available on each device. Simple!

And we’re seeing the results, as some of the most innovative mobile financial services in the world use us as their foundation. We’re protecting AliPay, Samsung Pay and WeChat Pay, not to mention a range of Bitcoin implementations.

Where did things get tough?

We’re a relatively small business playing with the big boys. To get our technology into devices and recognized by the market, we needed to balance the needs of international chip and handset makers, internet giants, big consumer brands, each with their own agendas and requirements. It has therefore taken time, patience and more than a little chin stroking to get to where we are today. And now that we are approaching critical mass across devices, the challenge is to help a broad range of service providers to recognise the benefits that they can gain with just a few tweaks to their services.

While it has been tough at times, we can see the market changing as users embrace services that have been enhanced. Real adoption is happening, especially in financial services – we recently announced that KB Kookmin Bank, which has 30 million customers, is using Trustonic to secure its peer-to-peer (P2P) payment and messaging app, Liiv TalkTalk.

Where do you want to be in five years’ time?

Very short-term, say in one year, we want to be protecting hundreds of millions of users who are enjoying richer, simpler and safer services. In five years’ time, we want to see better security across all connected devices, period. Connected device manufacturers need to take responsibility for the integrity and security of their products.

More devices are being connected and, until recently, hackers and fraudsters didn’t care. But now they do. Smartphones are currently the biggest target, but as we see connected cars, appliances and infrastructure able to access your personal and financial details, the threat will grow. Security needs to be foundational, not an afterthought. This is why we are seeing so much interest in the TEE.

In essence, we want to remove security as a consideration for both service providers and consumers. With effective security at the heart of everything, people can select the services that give them the best experience, without fear that corners have been cut.

Related IBS Intelligence Research

Related Posts


NAB to recruit bankers and advisers for high net wealth clients

National Australia Bank (NAB) announced that it will recruit 50 new bankers and advisers, as part of its new strategy to provide high net wealth clients with a single point of access for their financial needs, ranging from wealth creation, business growth to retirement needs and philanthropic investment. JBWere CEO and leader for NAB Private, […]

This post is only available to members.

Read More »

EQ launches new automated complaints management product

EQ has announced that it is launching a new automated complaints management product for the financial services industry, EQ Complaints Professional. The new solution is expected to enable firms to enforce their FCA compliance immediately as well as continually as regulation changes. Andrew Edler, MD of EQ Charter, commented, “We are delighted to bring this […]

This post is only available to members.

Read More »
bank, FinTech, neobank, smartbanks, challenger banks, Asia

Australia’s big 4 banks welcome the launch of open banking

The Competition and Consumer (Consumer Data Right) Rules went live on July 1, in Australia. This has been welcomed by the big 4 banks of the country – ANZ, Westpac, Commonwealth Bank and NAB where they will be sharing their customers’ data with third parties, when requested by the customer. Angus Sullivan, CBA’s Group Executive […]

This post is only available to members.

Read More »

Lendio facilitates $8 bn in PPP loans to 100,000 small businesses

Lendio, a leading marketplace for small business (SMB) loans, announced that the company has till now facilitated $8 B in Paycheck Protection Program (PPP) loans for 100,000 small businesses. The firm’s partnership with 300 SBA-approved financial institutions and FinTech leaders has helped the company to secure COVID-19 relief funds for several underserved segments of the […]

This post is only available to members.

Read More »