TBW ADVISORS LLC

Tag: Gitlab

  • Whisper Report: What are the best practices for enhancing cybersecurity in FinTech?

    Whisper Report: What are the best practices for enhancing cybersecurity in FinTech?

    Published to clients: June 26, 2025                            ID: TBW2067

    Published to Readers: June 27, 2025

    Email Whispers: December 9, 2025

    Public with Video Edition: December 10, 2025

    Analyst(s): Dr. Doreen Galli

    Photojournalist(s): Dr. Doreen Galli

    Abstract:

    To strengthen cybersecurity in FinTech, experts emphasize a layered approach that combines technology and human awareness. Rising threats like phishing, smishing, and fraud demand not just better tools but also vigilant, well-trained employees. Embedding security scans into software development, analyzing diverse data signals, and adopting a “defense in depth” strategy are all critical. Ultimately, staying curious, asking the right questions, and embracing evolving technologies—especially AI—can help organizations stay ahead of cyber risks.  

    Target Audience Titles:

    • Chief Technology Officer, Chief Security Officer, Chief Information and Security Officer, Chief Trust Officer, Chief Compliance Officer, Chief Risk Officer
    • Head of Product, VP of Product, Chief Marking Officer, Data Protection Officer, Director of Data Protection
    • Security Architect, Security Engineers, Penetration Testers, Incident Response & Threat Intelligence Teams

    Key Takeaways

    • Adopt a Layered Defense: Use a “defense in depth” strategy—combine multiple security measures and analyze broad data signals to stay resilient against evolving threats.
    • Train Your Team: Human error is a top vulnerability. Regular employee training helps prevent phishing, smishing, and social engineering attacks.
    • Build Security into Development: Embed security checks directly into software pipelines to catch issues early and reduce risk at every stage of development.

    What are the best practices for enhancing cybersecurity in FinTech?

    We took the most frequently asked and most urgent technology questions straight to the finance technology experts gathering at Fintech Meetup 2025. This Whisper Report addresses the question regarding what the best practices are for enhancing cybersecurity in FinTech. As SecurityMetrics’s Matt Cowart shared, there is a, “big rise that we’ve seen is fishing and smishing.” Your employees are getting targeted via email and SMS messages. But that is not the only threat. The user or customer angle also brings in cybersecurity issues. Incentiva’s Heather Alvarez shares, “fraud is something that is very big right now and (is something) that we’re trying to combat.”

    Take a layered approach to cybersecurity. image of layered soil. words in soil layers include: fraud detection, MFA, trend analysis, data signal analysis, threat detection, fraud prevention, employee training, antivirus, anti-phishing, encryption, leverage AI, security patches, blockchain technology

    A Layered Approach

    Cybersecurity frequently feels like a game of whack-a-mole. Vulnerabilities seem to pop up in every dimension you explore but there is still hope. As Socure’s Matt Thompson shared, “creating layers and looking at lots and lots of data signal is important for protecting your Enterprise.” This is also known as defense in depth.

    What might these layers include? Gitlab’s Field CTO, Joshua Carroll recommends, “making sure your code is secure and doesn’t have vulnerabilities by building the security scanners into your pipelines and do those as you build the software you can save yourself an awful lot of time.” Likewise, SecurityMetric’s Matt Cowart points out that it all, “comes down to training. The weakest link is where hackers get in. Being able to strengthen your entire area – all of your employees making sure they know what to do what not to do is going to be on of the biggest things that keeps your network safe.” Effective training can minimize phishing and smishing as well as positively impact fraud detection during customer interactions.

    Thus to enhance your cybersecurity, ensure a depth in defense security strategy and that the strategy includes both technical aspects of your enterprise as well as your humans in the loop. But most important stay curious and keep building. As Incentiva’s Heather Alvarez shared, “ask the right questions ..  continuing to push and look for new features look for to AI to help us because there are a lot of Technologies out there.”

    If you are evaluating your cybersecurity environment, be sure to book an inquiry for timely advice.

    Related playlists

    1. Conference Whispers: Fintech Meetup 2025
    2. Conference Whispers: Money 20/20 2024
    3. Conference Whispers: Identiverse 2024
    4. Conference Whispers: ISC West 2025
    5. Q1: Fintech Meetup Playlist – How can we ensure Compliance with evolving regulations?
    6. Q2: Fintech Meetup Playlist – What are the best practices for enhancing cybersecurity?

    *When vendors’ names or quotes are shared as examples in this document, it is to provide a concrete example of what was on display at the conference or what we heard doing our research, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document.  

    TBW Advisors LLC logo

    Corporate Headquarters

    2884 Grand Helios Way

    Henderson, NV 89052

    ©2019-2025 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.

  • Conference Whispers: Fintech MeetUp 2025

    Conference Whispers: Fintech MeetUp 2025

    Las Vegas, NV March 10-13

    Published: March 17, 2025              ID: 2065

    Published to Readers: March 18, 2025

    Published to Email Whispers: June 25, 2025

    Analyst(s): Doreen Galli

    Photojournalist(s): Doreen Galli

    ABSTRACT:

    The 2024 Fintech Meetup experienced a 25% increase in size, featuring over 50,000 one-on-one meetings. Key areas of interest included development environments, product connectors, customer engagement solutions, and ACH payment simplification. Risk management and compliance were significant themes, with solutions for identifying threats, ensuring regulatory adherence, and verifying new clients. Identity verification and fraud prevention were also highlighted. Global risk decisioning platforms and extensive marketplaces were showcased, along with solutions for digital payouts, gift cards, and depositor retention.

    The Conference

    • Fintech MeetUp 2025 was held in Las Vegas, Nevada and had just over 5,000 registered attendees including over 1000 CEOs, with diverse collection of exhibiting companies. Over 50,000 one-on-one meetings were also scheduled.

    Cautions

    • It is critical you keep up to date with the deadlines as the MeetUp approaches to get the maximum networking from the MeetUp. If you registered in the last month before the event, you are already too late to participate in the meetups.  
    • The event explicitly did not want any of the sponsored keynotes to be recorded or amplified. Sponsors should keep this in mind if they want any attention outside of those able to make it in-person those exact days.

    Conference Vibe

    Having covered Fintech Meetup in 2024, we knew what to expect from the meetups. As you can feel in the energy of the event, it was about 25% larger than last year. This year featured over 50,000 of their infamous one-on-ones – just be sure you register and get your information in early if you want to participate. Our coverage this time focused on the expo hall. In addition, we were able to conduct research for three forthcoming Whisper Reports for our clients. The playlists are unlisted but available and will eventually fill in with the video version of the report so you may wish to bookmark these playlists.

    1. Whisper Report: How can we ensure compliance with evolving regulations?
    2. Whisper Report: What are the best practices for enhancing cybersecurity?
    3. Whisper Report: How can we build and maintain consumer trust in fintech solutions?

    Enjoy the entire playlist for Conference Whispers: Fintech Meetup 20205 to more fully experience the event.

    Plethora of FinTech!

    Regardless of your role or fintech need, there was likely a vendor in that specific fintech space. Developers had Gitlab providing  an environment to develop solutions from ideas, through the entire software development lifecycle to production. Creating a solution that requires that is required to connect to various products in the fintech space? Merge shared their vast collection of product connectors regardless of development or integration technique. Perhaps you are specifically focused on improving your customer engagement. Interface.ai provides an agentic AI solution designed exclusively for credit unions and community banks to engage with their customers. If the interface you are most concerned with is ACH payments, Trustly can simplify ACH payments and comes with a side of risk management.

    Money makes the world go around so risk management will always be a significant area of focus within Fintech. A cognitive AI solution to identify missing threats, Thetaray seeks to find troubling patterns before an organization is compromised. More concerned with compliance? Security Metrics shared their capabilities for ensuring compliance not only with FinTech but also Healthcare and other regulated industries. Focused on compliance, and fraud and perhaps but also must increase your customer conversion rate? OnFido shared their combination solution that enables organizations to quickly and correctly verify potential new clients. The risk profile is configurable depending on the specific needs of a given organization at a given time.

    If identity is an area of interest in your organization, TBW Advisor’s research, Conference Whispers: Identiverse is a must read. The identity space also featured quite a few vendors in the identity space. During an exclusive interview, Intellicheck told us about their exclusive access to the data required to strongly identify drivers’ licenses from USA or Canada. If you prefer to leverage phone intelligence, Prove previously covered at Money 20/20, shared an update to their solution that now goes beyond leveraging the chip in the phones. For Fraud, prevention is always better than detection, Aries Fraud Solutions is all about prevention achieved by leveraging different numbers on the card versus the strip. In the area of risk decision and fraud detection, it is also worth to evaluate the extensive offering by Socure with an active customer base across 20 different verticals.

    For various solutions, it is frequently not only about what it can do, but how extensive globally is their coverage? Provenir informed TBW Advisors that their global risk decisioning platform is available in 60 countries serving anything from Tier 1 providers all the way to SMBs. It is a multi-component platform offering a marketplace in 120 categories. On the topic of marketplaces, MoneyLion shared their extensive offering with over 800 3rd party products serving 20+ million consumers and as well as the engine behind the largest enterprise fintech customers.

    The B2C dimension is always a challenging dimension for payouts. Whether it is payouts for the workforce, or refunds, Onbe’s solution is bringing clients into the digital age. If you are focused more on gift cards, Incentive.AI can create customer solutions to fit your needs. Finally, an interesting solution to help retain depositors was shared by Wysh. Wysh enables financial institutions to offer free life insurance to customers based on deposit values.

    Next Year’s Conference 

    While this year’s event was held at the Sands Convention Center of the Venetian, next year’s event will be at Mandalay Bay. The event will be held March 30-April 1, 2026.

    ©2019-2025 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.