When digital transformation drives M&A activity: Taking the pulse of the 2021 fraud prevention and cybersecurity space

The emergence of COVID-19 since early-2020 not only resulted in restrictions and a tremendous wave of changes, but the ecommerce penetration and digital transformation have increased dramatically. Instantly, ecommerce became a critical sales channel for merchants worldwide. Vesta reported that in Q1 2021, this never-before-seen surge in ecommerce sales reached USD 196.6 billion in the US alone, representing a 39% growth over the prior year. Even though we are slowly going back to the ‘normal’ before the lockdown, with restrictions being lifted, it is now more important than ever for the players in the payments industry to stay vigilant to the numerous challenges (e.g. more online transactions allowed new fraud actors to emerge, change in consumer behaviour, increase in the use of digital channels etc.) coming towards their way. 

One solution for businesses to up their game in today’s digital world and stay ahead of fraudsters is to enhance their capabilities by joining forces with other players in the industry. In this overview, we will break down some of the most important deals signed during 2021 and the businesses’ decisions regarding their acquisition plan to create better defences to secure digital transactions. 

Leaving no stone unturned: the state of affairs in the market 

Cybercriminals are no strangers to the markets and verticals they target – they manage to avoid security tactics to obtain access to valuable data. Therefore, it is no surprise that fraud thrives in business’ blind spots. Since H2 of 2020, the volume of human-assisted attacks has increased over 77%, although fraudsters are still in favour of automation to deploy attacks cheaply. 

The change in the fraud ecosystem and the emerging types of fraud have had a massive impact on merchants and marketplaces. Since the beginning of the economic downfall, successful fraud attacks rose 61.5% in retail and 83.1% in ecommerce, for example. Apart from professional fraudsters who are always at play, the economic uncertainty allowed other bad actors to enter the fraud stage. As such, we can see: a 48% increase in mobile devices fraud attacks, 38% growth in the volume of bot attacks targeting financial services organisations, a hacker attack occurrence at every 39 seconds, and 72% accounts taken over year over year. 

Fraudsters are blending in with ‘normal’ consumer behaviours, which creates a true battlefield among merchants. Also, the change in consumer behaviour, the demand for an excellent experience and seamless payment processes have made businesses understand the importance of both customer-centricity to retain clients, as well as the necessity to have a proper fraud solution to help manage and prevent fraud attacks. 

So, on the one hand, there is the need to offer customer satisfaction and to keep up with the industry changes, and on the other hand, there is the necessity to stay ahead of fraudsters. For these reasons, solution providers have to constantly innovate their offering and their protection packages. On top of this, the ecommerce landscape is increasingly competitive.

The good news is that the rapid transition to digital transactions enforced the industry players to exploit new capabilities for their existing suite of tools and to adopt cutting-edge technology. To achieve this goal, some industry players have either merged with or acquired other businesses. Having this in mind, let’s further dive deep into the most important mergers and acquisitions (M&As) happening since the beginning of this year, classified by key challenges in the cybersecurity and fraud prevention space. 

Building defences to secure digital transactions 

In 2021, the average cost of a data breach has reached USD 4.24 million , being the highest in the past 17 years. The threats imposed by cybercriminals and their improvements in sophisticated attacks played a key role in organisations’ decisions to be more aware of the importance of cybersecurity, and to drive immediate attention to the creation of new suits of better protection capabilities, while spreading their position around the globe. Besides the increasing level of fraudsters’ attacks, another factor that has led to the need for effective cybersecurity is the digital transformation that picked up speed worldwide. To keep the pace, companies must develop new technologies, as these play a core importance in defining a company’s competitiveness and operational efficiency in the market, as well as they create the ground for the business’ future development. This is why cybersecurity must be built into a company’s organisational structure. 

Stronger tools and robust cybersecurity 

As such, in January, Entrust, a global provider of trusted identity, payments, and data protection acquired multi-cloud data encryption, key management, and cloud security posture management solutions company, HyTrust. Although the terms of this deal remained undisclosed, the acquisition aims to add to Entrust’s existing digital security solutions an extra management layer for encryption, cryptographic keys, and cloud security policy. By doing so, the company offers the data protection and compliance needed by organisations accelerating their digital transformations. 

Imperva, a cybersecurity company focused on API security and data protection, agreed to acquire CloudVector, a company that allows customers to discover, monitor, and protect all API traffic. The advantage of this union is that both allow the automatic discovery of all APIs based on actual traffic, classification of data with machine learning, identification of sensitive data exposure, and detection of anomalous user and data activity. The move is quite strategic because as Imperva and CloudVector combine their complementary capabilities, businesses are offered advanced protection at all times. 

Another provider of cloud-based software and technology solutions built specifically for managed service providers (MSPs), Datto, unveiled the acquisition of Israel-based cyberthreat detection company BitDam. As resilience in front of cyberattacks stands at Datto’s core, with this investment, the company strengthens their ‘ambitious security roadmap’ for their partners. 

In April, StrikeForce Technologies, a cybertech company that aims to reduce the risk of identity theft and data breaches, announced the acquisition of Cybersecurity Risk Solutions (CRS), a provider of cyber, privacy, and data protection solutions. Although CRS continues to operate under the same name, while becoming a subsidiary of StrikeForce Technologies, the deal aims to grow StrikeForce’s channel distribution strategies, create cost-effective risk mitigation solutions, and drive new revenue opportunities. 

The pandemic forced people to shift towards teleworking, which accelerated the necessity to have robust cybersecurity systems. At the same time, the introduction of new regulations, such as GDPR, imposed companies not only to do that, but also to adjust or maintain their security processes within regulatory limits. Therefore, to offer their clients a 360-degree cybersecurity strategy that tends to their individual needs, Logicalis, an international IT solutions and managed services provider, revealed in April the acquisition of a majority stake in Áudea, a forefront runner of the Spanish market, specialising in IT cybersecurity and regulatory compliance.

Conquering the world 

At the beginning of the year, IT infrastructure management company Sysnet Global Solutions acquired NuArx, a provider of PCI compliance, managed security, and digital transformation solutions for the restaurant, convenience, grocery, and retail industries throughout North America to further enhance its tech platform and accelerate its market expansion. We can conclude from this that when analysing new opportunities, cybersecurity companies are very much aware of the fact that expansion into strategic markets and staying ahead of competition is equally important as creating new tools. 

In May, Sectigo, a provider of automated digital certificate management and web security solutions, announced the acquisition of SiteLock, a provider of website security protection and monitoring. SiteLock’s acquisition helps Sectigo expand its product capabilities, partner network, and reach to more than 16 million websites already protected by Sitelock. 

Information technology service Atos took over Germany-based cryptography provider and secure digital identity solutions cryptovision. The merger’s goal is to strengthen Atos’s cybersecurity offering, as well as to accelerate its business in the European public and defence sectors. If we consider the company’s relationships with European government customers and its ability to deliver end-to-end solutions on a national and international scale, there are high chances for Atos to propel its cybersecurity presence, expertise, and portfolio worldwide. 

Staying solid within the market 

It is no wonder that customers’ demands and fraud threats drove businesses to massively focus on consolidating their position as leaders in the industry, and triggered their need to strengthen their existing capabilities. 

And this is exactly what Atos did, as its goal was to expand the company’s global client portfolio, to reinforce its position as a cybersecurity services company, as well as to further invest in Canadian businesses and digital workforce. Besides acquiring the earlier mentioned cryptovision, Atos’ growth strategy also propelled with the acquisition of In Fidem, the specialist in cloud security, digital identity, risk management, security operations, digital forensics, and cyberbreach response – the deal being closed in Q1 2021. For Atos, this acquisition joins other deals signed with Paladion, digital security, and SEC Consult. 

Sysnet acquired Viking Cloud in a bid to further enhance its tech platform and accelerate its market expansion plans. It also signed a deal to take over the Managed Compliance Solutions (MCS) division of ControlScan, a US-based company specialising in compliance, detection, and response. With this move, the company aimed to strengthen its position as a provider of compliance and security management services to SMBs and payment processing organisations worldwide. The union of the three – Sysnet, Viking Cloud, and ControlScan – proved beneficial, as it created an entity that will provide organisations of all sizes with security and compliance services. 

Cybersecurity and compliance company Proofpoint signed an agreement to acquire InteliSecure, an innovator in data loss protection managed services. Via this deal, which totals USD 62.5 million in cash, Proofpoint’s aim is to boost its enterprise data loss prevention (DLP) effectiveness, as well as to strengthen its cloud-based people-centric security platform. 

In the hospitality industry, there are numerous opportunities to exploit flawed anti-fraud controls, and the inevitable result is losses to fraud each year, which leaves companies in need of gaining a greater understanding of the fraud risks that can affect their objectives. For this, data protection and compliance company VENZA acquired privately-owned CyberTek Engineering, a managed service provider. What VENZA gains from this deal is enhancement of its position as an MSSP (managed security services provider) and growth in its technical talent and existing security solutions. Unrivalled end-to-end cybersecurity and IT services are a must in the hospitality space, and maybe adding next-level tools in-house is a step for any company to be self-reliant and spot any security breach or ransomware attacks at a moment when they occur.

###

In the fraud prevention space, payment fraud still constitutes a big issue for which merchants need to provide complete protection. As ecommerce has surged, payment fraud has accelerated as well, and the fraud economy has expanded via sophisticated fraud methods and new interconnected networks of criminals. Businesses are more vulnerable to online attacks, but one way to stay protected is through cooperation. 

Combined capabilities and collaboration result in new fraud platforms and tools 

Trust and safety company Sift signed an agreement to acquire Chargeback, a company specialising in real-time dispute management for merchants. Chargeback will enable merchants to have access to a solution that addresses risk before, during, and after user transactions. Effective full fraud coverage is very important and having Sift as the central system for fighting fraud will probably allow the opportunity for the joint companies to retain revenue with higher acceptance rates, and lower dispute rates. By combining their capabilities, Sift and Chargeback may also offer unified solutions to defend against the emerging types of fraud. 

In April, Cofense, the provider of phishing detection and response (PDR) solutions, acquired Cyberfish. As an already provider of next-generation phishing protection powered by Computer Vision and advanced ML technology, Cyberfish’s algorithms will be trained to block malicious emails in real-time. When integrating machine learning detection tech, the result can only be a holistic automation solution for email protection, detection, and response, which will most probably benefit thousands of enterprises around the world where Cofense’s phishing intelligence is already deployed. 

Consolidating secure markets is vital for powerful economies 

In February, technology company Nasdaq completed the acquisition of the anti-financial crime management solutions provider Verafin – an agreement that initially began on 19 November 2020 for USD 2.75 billion in cash. Let’s only consider that Verafin has over 2,000 clients including leading banks and credit unions, and we can conclude that this acquisition will consolidate Nasdaq’s existing regulatory and anti-crime solutions, as well as it will impact its organic revenue growth and global reach. Looking ahead, if the two companies will indeed create a next-generation suite of solutions to fight fraud and detect market manipulation, it will serve a global ecosystem of Tier-1 and Tier-2 banks and broker-dealers that currently leverage Nasdaq’s tech. 

This article outlines the M&As signed in the fraud prevention and cybersecurity space, whereas the second part will focus on identity verification, authentication tools, (behavioural) biometrics, customer onboarding/KYC, and compliance solutions. Stay tuned for more details coming soon.

This editorial is part of the The Fraud Prevention in Ecommerce Report 2021/2022, the ultimate source of knowledge that delves into the evolutionary trail of the payments fraud ecosystem, revealing the most effective security methods for businesses to win the battle against bad actors.

About Simona Negru

A graduate of English Language and Literature studies, with an MA in American Studies, Simona isalways on the lookout for the best and new stories to capture. A passionate senior editor, Simona is keen on discovering and sharing all the relevant topics on payments and commerce, as well as online security and digital identity, all while finding the hottest trends in the industry for The Paypers’ readers.