John Cragg, CEO at MYHSM a global provider of payment hardware-security module-as-a-Service, breaks down what Payment HSMs are, why they are important, alongwith potential drawbacks, and what the future holds for them.
Can you tell us a little about yourself John, what a typical day at work is like for you, and what your SaaS-Sales/ Fintech journey has been like so far.
I have been working in the IT space for over 30 years, starting in engineering, moving to sales and finally business development and strategy. I believe strongly in learning lessons from the past and trust in my colleagues. Most days here at MYHSM are long, varied and very rewarding. Working alongside some of the most experienced people in the business makes my job a real pleasure, teamwork and great staff is invaluable. The journey from start up just over a year ago has been a whirlwind and has progressed much faster than we predicted but again that is due to the great staff here at MYHSM and the obvious demand for our service and partnerships with the leading vendors in our industry.
Given the constant innovation and changes in the Fintech segment, as a technology CEO, what are some of the biggest challenges you see sales teams in this space face when they prospect/pitch new fintech innovations and products?
The first challenge is managing to have the right conversation with the right contact. We operate in a highly regulated, mission critical and therefore security conscious industry. As you would expect our first challenge is overcoming the initial reticence to move away from the “In House is best” mentality and convincing organisations that in fact what we do and how we manage the systems is at least as secure as an inhouse solution. For me, I see this with so many evolutions in technology and systems where at first, they are mistrusted but within a short time they become the norm. When we meet with C Level executives who are looking to remove infrastructure and embrace a more flexible, elastic and OPEX based service, our discussions, while still addressing security and resilience, revolve more around the future proofing and flexibility provided by the MYHSM solutions.
We’d love to know your thoughts on how you see the Payment HSMs niche shape up in the coming years, what will drive demand for these solutions, what evolving demands will drive the need for new features in the payments space?
The sale of payment HSMs I believe will move from being an item sale to an element of a solution sale. What I mean by this is Payment HSMs only exist to service payment applications, these applications are moving to SaaS solutions and as such it would be strange to think that a financial organisation wouldn’t merely purchase a service from the SaaS provider that included all the required elements. This is where I believe all back-office services are heading. When I was working at Thales eSecurity the message received from the vast majority of Tier One Banks was that they didn’t want to be IT organisations, they wanted to focus on Banking. Many have migrated a good deal of their systems to the Cloud and MYHSM provides an opportunity to remove more of that IT infrastructure. Moving the Application systems and associated Payment HSMs to a simple OPEX solution without degradation in either service or security.
The demand for Payment HSMs is predicted to triple over the next 7 years. This is based around the growth of online and mobile payments and the move away from cash. Each transaction can traverse up to 4 separate payment HSMs. Simply put the more we move away from cash to other payment methods combined with more people having access to cashless payment solutions the more HSMs are required. A great example of this trend is MYPINPAD and their revolutionary SPoC solutions using any smart phone to allow pin entry and secure payments.
What are some of the other ways for global companies to better protect their payments data? Could you talk about some other industry innovations/solutions that are considered a game-changer in this niche?
Well, I’m going to answer this for the area that I’m familiar with – protecting transactions and keys rather than stored cardholder data.
Actually, the record of financial organisations is pretty good in this area – you don’t hear about HSM security being breached or encryption being broken, at least outside of the research lab. But there are regulatory and industry initiatives under way that will have a major impact in protecting this type of data in the evolving threat landscape. I am thinking here of the new 3-D Secure and PSD2’s Strong Customer Authentication requirements. The goals of PSD2 to make payments safer and to open up participation in the payments industry to non-bank organisations are perfectly supported by technology from our sister company, MYPINPAD. Traditionally the face-to-face payment environment has been reliant on expensive, single-use point of sale hardware, leading to complexity and the need to continually replace equipment to meet evolving PCI standards. MYPINPAD’s revolutionary solution is PIN on Mobile, enabling everyday smartphones and tablets to replace traditional POS and mPOS terminals while meeting the latest PCI security requirements. This not only reduces cost but also allows the ever-tightening PCI security standards to be met just by software updates, so that cardholders and merchants continue to enjoy the latest and greatest security technology.
Payment HSMs continue to be at the heart of payments security. And their security certifications are continually getting tougher, better preparing users for emerging threat. For example, the payShield 10K HSMs that we offer meet the requirements of the latest PCI HSM v3 certification, which is a significant enhancement of the v1 certification of the payShield 9000 which most on-premise installations are still using. And soon the third iteration of FIPS-140 will come into play, so we will see new HSMs being certified against this standard. The problem users have is in the investment and effort needed to continually deploy the latest, most highly certified HSMs. If only there was a service in the cloud that gave users access to the latest HSMs without needing to buy them!
We’d love to know what some of your top FinTech predictions for 2020 are?
- Rapid adoption of SPoC and CPoC technology
- Exponential growth to mobile payments
- Increased integration between payments and personal data
- Further growth in online retail at the cost of the high street
- Growth in payments through phones, wearables and transport (vehicles)
- Decline in the use of plastic
- Open Banking & PCP apps
All of these changes will drive up card and mobile transaction volumes, and bring new fintech companies into the market. This is great news for us because more transactions means more demand for payment HSMs, and new fintech entrants will be enthusiastic about using cloud-based services like MYHSM’s.
Tag (mention/write about) the one person in the fintech industry whose answers to these questions you would love to read!
If I could go back in time and discuss with Albert Einstein that would be wonderful.
Your favorite FinanceTech quote and biggest fintech learning so far.
My favorite quote is “Innovation distinguishes between a leader and a follower” by Steve Jobs.
I would say rather than a lesson, my answer would be around the iteration that it’s the obvious inventions and developments that are the most successful ones.
Like Payment HSM as a Service being an obvious path to adopt in the financial payment industry especially when everything is moving to the cloud.
Another great example is the evolution of cash to digital payments which is now wildly accepted and has become the norm.
Could you share a few tips for technology sales people belonging to the FinTech space to help them sell better.
As I guess I am old school my first message is to identify the requirement and listen more than you speak. In our business where everything we do is interconnected the second key bit of advice is teamwork, we all need great Sales Engineers and Partners to be successful. The other thing is that the payments space is going through more rapid and fundamental change than any other industry I can think of, and so it’s crucial that sales professionals use appropriate social media to keep up with what is going on around them so that they are equipped to handle the wide spectrum of questions, interests, and concerns articulated by their customers.
MYHSM, the global provider of Payment Hardware Security Modules (PHSM) as-a-Service, provides secure, versatile, and scalable hosted solutions in the cloud. Utilising Thales payShield, the world’s most widely deployed PHSM, MYHSM alleviates the need for investment in hardware, secure facilities, management, and ongoing PCI compliance, audit and support.
John Cragg is the CEO at global provider of payment hardware-security module-as-a-Service – MYHSM.