Tales of computer hacking and stolen identities are never far from the headlines these days, but one Scots firm has embarked on trials of what it believes are “breakthrough solutions” for online protection and data privacy.
Payfont, which is headquartered in Edinburgh, is tipped as one of the UK’s next high-growth stars, highlighting the value of its “people-centric” protection and data privacy technologies to a global cybersecurity market worth an estimated $1 trillion (£820 billion) in sales.
The firm has attracted significant private investment from leaders in the UK business community, including Martin Gilbert, chief executive of Aberdeen Asset Management, and Dame Alison Carnwath, chair of Land Securities, while the company’s advisers and non-executive directors include Jim Cummings, former boss of Pilgrim Systems – a legal software business sold to Thomson Reuters – and Colin Grannell, former managing director of Visa UK.
The investment has allowed Payfont to make high-calibre appointments to its international team, including Dr Lu Fan, who has joined as chief science officer, and Martin Nolan, as general counsel.
David Lanc, Payfont’s founder and chief executive, says: “The problem we have in society – and within organisations that have embraced the online world – is the principle that everything is not secure enough. Therefore, to make digital safer, we have to embrace ‘multi-factor’ security. But multi-factor is about encumbering the citizen with even more to do and think about.
The world of data compromise and data theft has escalatedDavid Lanc
“We are forcing a multi-factor solution on people. A citizen now has up to 40 or 50 different online passwords, perhaps a couple of digital card-readers from the bank and other security measures. Yet, nobody has asked the citizen about all of this… it has simply been thrown down their throats.”
In 2003, Lanc, who hails from the Borders, was a senior banking technology figure and instrumental in the roll-out of chip-and-pin in the UK.
“I was one of the leaders in that and sat on the UK steering committee,” he recounts. “I was, in effect, the guy who pushed the button. I was instrumental in what we now call ‘3D Secure’, which is the internet security for card payments. I was the first retail client and merchant online for retail customers through RBS.”
Lanc – former executive director of RBS Cards – returned to university and finished a PhD in information system strategies at Edinburgh Napier University, where he encountered Bill Buchanan, professor of computing, and now one of Payfont’s staunchest supporters.
“The world of data compromise and data theft has escalated,” adds Lanc. “It has always been there but it has been more prevalent in the past four or five years.”
Cybercrime was generally accepted as a price to pay, until that price became astronomical. New regulations, especially EU legislation that comes into effect in May 2018, means that companies will be forced to do much more to protect information. If they have a breach they must make a timely public announcement about this or face far tougher sanctions.
Payfont has two complementary technologies under trial, IOMI (I Own My Identity) and ADeCA (Anonymised Distributed e-Cloud Architecture).
“Our IOMI application simplifies today’s complex and expensive multi-factor identity security,” explains Lanc. “IOMI makes it easier for people to care for their personal identity in the way they want. For the first time, people who prefer words, pictures or text messages rather than biometrics won’t be disadvantaged because words, visual images and memories make more sense than technology. This is what we mean by ‘people-centric’.
“Our data privacy technology, ADeCA, completely redefines how we make data secure. ADeCA brings unique advances in data privacy and resilience. It is designed to withstand future threats such as quantum computing, and overcomes the limitations of Blockchain.”
The case for Payfont’s products are compelling. JP Morgan Chase has reportedly doubled its annual cybersecurity budget to $500m. Bank of America has publicly stated it has an unlimited budget when it comes to combating cybercrime. The US government has increased its annual cybersecurity budget by 35 per cent, going from $14 billion budgeted in 2016 to some $19bn in 2017.