Can Software Trump Hardware In Securing Payments?

When talking payments, there’s one topic of conversation that comes hand in hand: security. And, of course, the players who are bringing innovations into the market to secure data and transactions between devices — and on the cloud.

And that’s exactly MagicCube’s mission — a mission that will be highlighted by Founder and CTO Nancy Zayed, who will be joining PYMNTS on the Protecting Payments At The Edge panel at Innovation Project, where she’ll join other security experts to dig into the challenges in payments security today.

MagicCube was cofounded by Zayed and CEO Sam Shawki and is a platform for securing data exchange between devices and the cloud. Its patented software-only technology serves its role in the financial ecosystem by stopping digital transaction fraud where, according to MagicCube, most vulnerabilities can be found today: at the endpoint.

And it does so with software solutions that eliminate the need for costly hardware deployments.

To better understand what challenges payments innovators face when it comes to security risks, PYMNTS spoke with Shawki and Zayed about what their solution brings to the table and what others in the industry should know.


PYMNTS: Tell us a little bit about what’s new with MagicCube’s platform.

SHAWKI: We’re presenting, for the first time, a software alternative to a technology that has always been rooted in hardware, which is required to protect financial transactions. We have built a unique platform, where they’ve created the same security features of hardware but entirely emulated in software. Which means stability, control, ability to upgrade and freedom for the issuers to launch their own branded and secure mobile applications.


PYMNTS: What are the biggest challenges you are seeing in the industry that you feel your solution is helping solve?

ZAYED: The solutions out there are cumbersome. They are hard to adopt. There is an unmet need of security that is easy to use. There is an abundance of security protocols, technologies, etc. But, nevertheless, you see security vulnerabilities. That’s because it’s intricate and very, very accurate software knowledge that needs to be implemented. What we are seeing is that if you have a turnkey solution for providing high-level security software, the business focuses on the innovation and the value proposition, while using high-level security that has become very compelling, especially since it is across all devices.


PYMNTS: What are the biggest threats that payments innovators are facing when bringing new solutions into the market?

SHAWKI: A specific innovation challenge is bringing something new, which, in MagicCube’s case, doesn’t come from the payments world. It comes from devices, operating systems and virtualization experience, which is really not your typical financial services technology skill. When you bring something innovative like we do, you expect what happens when you bring innovative products to the field. You either have to get better at explaining why you were able to do it or you have to actually go and conquer the status quo … I think the challenge is to be able to use our credibility, our experience and our collective backgrounds to convince the market to look seriously at our solutions.


PYMNTS: Why is it so important to be able to store data on the cloud versus the device?

SHAWKI: I think we take a different approach to this. Our platform consists of two pieces. One piece we call the Cube. the other piece we call the Mini Cloud. The Cube is our ability to build an Emulated Secure Element inside the memory of a single app. That means we’re not trying to protect the whole phone or the whole application. We just live in the memory of the app. The Mini Cloud is a component that gets installed at the back end of the same app.

Between the two, we defend and protect based on the use case. So, if it makes sense to trust the cloud and do a transaction, we would do that. If you are offline, we are probably the only player who could do the same with the same level of security offline when you don’t have visibility to your cloud. A lot of cloud solutions cannot do that.


PYMNTS: Where do you feel MagicCube fits into the payments innovation ecosystem?

ZAYED: Let’s talk about wallets. Any mobile wallet for a bank, this is where we would fit in. We would be the engine that secures sensitive data of the users as it gets transacted or as transactions occur.

SHAWKI: The underlining factor is: Are the banks and issuers going to actually outsource their bread and butter, their livelihood, their brands, their interchange to Apple and Samsung? Or do they want the alternative for the issuers and the credit card companies to be able to have an alternative to Apple Pay, Samsung Pay, etc.?


PYMNTS: What perspective do you think you’ll want to bring to the Innovation Project panel?

ZAYED: It’s really about devices, security on devices and how we need to have software security on devices that a particular organization won’t have any control over. The owner of the device is the user, and at one point, a device can be in a good state, and, at another, the same device can be in not a good state.

What I would really like us to focus on is software security, enabling the ecosystem on devices in a ubiquitous manner. The fact that business should be able to go to any device and not worry about the level of security and not have to be under the mercy of hardware vendors — that’s what I hope to bring to the panel.


PYMNTS: How long do you think it is until we hit that vision of ubiquity? Do you have a timeframe in mind that you think is achievable as an industry?

ZAYED: I’d say in a couple of years it should be there. It is intricate and difficult, but it is not impossible.

It’s good design, good architecture and interfamiliarity with what is an embedded device and what is a mobile device. And the different factors around it. It is possible. We wouldn’t be doing it if it wasn’t possible. Understanding of software operating systems and knowing when to depend and when to not depend on hardware minimizing — or pinning to a hardware solution — is key, because then you will have full control. Once you have full control, you will own your destiny, and you can do whatever you want and address your users’ needs without having to negotiate it with other parties.

Nancy Zayed will be among the guest panelists participating at this year’s Innovation Project, taking place March 16–17 at Harvard University, where she’ll share more about securing payments transactions and data using software-based technology.