Here are a few representative examples of the high-trust platforms around the world that we've played a key role in building and securing:

 

GLOBAL payment card SCHEME—singapore

Guided client through a ground-up rewrite of its international prepaid card issuing platform. Authored business and technical architecture, product requirements and software specifications to support the full prepaid card issuing lifecycle: issuer implementation and platform management, prepaid product management, customer onboarding and account management, customer UX, transaction processes (authorizations, clearing & settlement, exceptions), activity monitoring and reporting, accounting and currency exchange, as well as nonfunctional aspects such as ecosystem partner APIs, IT infrastructure, information security, business continuity, customer service, report generation, and others. Managed input from stakeholder groups, including: internal product management office and executive sponsors; internal business owners representing sales and marketing for issuer and acquirer services, payment operations, chargeback and dispute management,  operating rules, customer service, risk management and security, regulatory compliance, and legal counsel; and outsourced development team.

 

MOBILE PAYMENT NETWORK—DOMINICAN REPUBLIC

Assessed, designed, developed and launched ground-up risk management and security program, plus a regional platform expansion plan, for the Dominican Republic's national mobile payments network. Risk management and security elements included: fraud/AML systems and cybersecurity for entire payments ecosystem (client's mobile transaction platform plus consumer mobile wallet, banks, mobile networks, card acquirers, billers, merchants, outsourced call center, and outsourced development facility. Functionality covered included the entire customer lifecycle (onboarding, transactions, account management), as well as all back-office functions and interfaces. Led client through external security audits by major bank partners, as well as PCI DSS certification. Platform expansion plan included market entry analysis, strategy, business/technical architecture, and product requirements for three new Latin America and Caribbean markets.

 

online payroll provider—USA

Provided stand-in CISO services for subsidiary of a Fortune 1000 financial software company—a cloud payroll service with over a million small business customers. Assessed risk and designed, developed and implemented full cybersecurity program for client's customer-facing and internal environments. Program elements included: security strategy and architecture, security governance, incident management, application security, physical security, internal audit program, staff training & awareness program. Evaluated and recommended vendor solutions for multifactor authentication and other security products. Led client through security audits by major bank partners, as well as SSAE 16 (SAS 70) and PCI DSS certification.

 

global 500 luxury brand—switzerland

Conducted market analysis, business plan, and product/technology requirements to commercialize client's proprietary website-to-user authentication technology—designed to counter phishing, misrepresentation by retail outlets, and online sales of counterfeit and grey market products in the high-end luxury goods industry.

 

mobile payment network—bangladesh

Assessed, designed, and developed risk management and security program for national mobile payment network in Bangladesh. Program elements included: information security (payment platform, banks, mobile networks, agent network, mobile devices), fraud mitigation, and AML-CTF compliance. Functionality covered included the entire customer lifecycle (onboarding, transactions, account management), as well as all back-office functions and interfaces.

 

top-5 merchant acquirer—USA

Assessed and analyzed client's POS terminal portfolio; developed terminal consolidation and product evolution strategy.

 

authentication startup—australia

Guided client's strategy and plan for startup operations, funding, global market entry, channel development, and other success factors for its proprietary, passwordless mobile authentication technology.

 

FEDERAL GOVERNMENT—USA

Developed security strategy, architecture, and requirements for an end-to-end supply chain visibility platform as part of Operation Safe Commerce—a joint US DHS-DOT proof of concept initiative to protect supply chains against criminal and terrorist threats using real-time geolocation and tracking technology, in combination with security best practices. Pilot involved securing and tracking containers and their contents from end to end across three separate global supply chains. Also completed security assessments and recommended remedial programs for key seaports in Hong Kong, the United Kingdom, and the United States.

 

command & control (C4ISR) Integrator—USA

Established local presence and developed key strategic partnerships in GCC and North African markets for a US provider of security technology, command & control networks, systems integration, and related construction services. Performed cyber/physical security assessments on critical infrastructure facilities, designed SOC (security operations center) platforms for regional law enforcement agencies and government ministries, and advanced command centers for regional seaports, airports, and tourist sites.