Joan Larroumec, Evina: “cybersecurity is about business growth, not only about protecting oneself from risks”

The post-pandemic world experienced a rise in various cybercrimes, including fraud, and businesses are in need of better protection.

Article published on cybernews.com.

The post-pandemic world experienced a rise in various cybercrimes, including fraud, and businesses are in need of better protection.

Since more companies started to move their operations online over the last couple of years, it didn’t take long for issues like fraud and fake users placing orders to start to arise. While some implement stronger authentication measures to distinguish real customers from bots, the slower and more complex payment process also tends to drive off genuine buyers.


To talk about how the balance between strong security and user-friendliness can make or break a business, Cybernews caught up with Joan Larroumec, the CSO and CMO at Evina – a company combating fraud in the mobile payment landscape.


Let’s go back to the very beginning of Evina. What was your journey like throughout the years?


In 2013, massive fraud patterns began to appear on the market, and at the time, David Lotfi was the CTO of a company in the direct carrier billing services field. Direct carrier billing (DCB) is a payment method that allows users to pay for any digital goods, with one click, and be charged on their monthly phone subscription bill.


To respond to the rise of fraud, which was causing increasing concern due to its severe damage to businesses, including compromising potential new business opportunities, David developed a highly sophisticated anti-fraud solution.


The success was unprecedented: the anti-fraud solution dramatically reduced fraud on DCB of the merchant who had implemented the solution, and all mobile network operators (MNOs) desired to work with this merchant.


Five years later, David bought full ownership of his cybersecurity solution. Then, with the help of his former colleagues and the determination to combat this otherwise infertile environment for mobile players, Evina was founded.

Can you tell us a little bit about what you do? What are the main issues you help solve?

Evina offers the most advanced cybersecurity for mobile payments operated by mobile operators, and all mobile players who use these payment services, to help fend off fraud and conquer new markets.


The mobile payments landscape is changing: mobile operators are in the process of becoming fintechs and thus major players in this industry. Mobile payment solutions offered by operators, such as direct carrier billing (DCB), are currently in full growth, with 20% of all digital goods in the world paid for via carrier billing today.


In addition, the DCB market is worth more than $40 billion, growing at double-digit rates annually, and is clearly one of the payment services that holds the most promising opportunities for market players with its fast payment options and easy integration.


Now, the biggest risk to the development of DCB is fraud. Fraud attempts on mobile are rapidly growing and because of its efficiency and popularity, DCB is also under attack.


Evina can attest that fraud-free DCB is an extremely powerful solution for business growth, and so it’s only by learning how to manage fraud that carrier billing can fulfill its true potential.


Evina’s anti-fraud solutions secure over +20 million transactions on carrier billing in more than 80 countries each day. Our solutions decrease complaint rates, maximize the number of legitimate transactions, and increase revenues. We have helped numerous major mobile operators decrease their fraud rate on carrier billing by up to 92%, decrease the related complaint rate by up to 80%, and increase revenues by up to 115%.


What technology do you use to secure payments without compromising the user experience?


The best user experience is super fast, extremely secure, easy to use, and always works. That’s why we operate in less than 100ms to validate a transaction (super fast), we block 99.96% of all fraud attempts (extremely secure), we bring a level of security sufficient to allow MNO to enable one click payment with super high conversion rates (easy to use), we have very low false positives (always works).


Our 15+ years of R&D have without a doubt helped us to achieve these levels of frictionless security and user experience. We don’t just use basic self-learning AI models as most cybersecurity companies do, but we rely on extremely advanced research and development to learn about all types of malware. Evina’s malware hunters scour the dark web to get to know how malware functions through reverse engineering methods. The firm’s focus is on understanding the diverse behaviors of malware, which along with the levels of precision of our tech, enable us to distinguish a transaction initiated by a human from that initiated from a bot.


Because we know exactly what we are looking for, we are able to block them quickly and with precision. Global mobile operators that have implemented our solutions have experienced a 5 time increase in transaction volume by restoring trust and allowing for more efficient payment flows and a 75% decrease in complaint rates. Thus, generating happier clients.


Did you notice threat actors using any new techniques during the pandemic?


These last two years, the market has witnessed an increasing number of advanced malware that can bypass two-factor authentication. This means these types of malware are, for example, able to read confirmation SMS and perform a transaction without the mobile user’s knowledge. In fact, we at Evina have always seen first hand that two-factor authentication is not an effective solution to block fraudulent transactions.


One of the latest discoveries has been a new Android banking Trojan dubbed Xenomorph, hidden in apps, that has in fact been doing just that: easily stealing from users by bypassing SMS authentication and other forms of 2FA. The pandemic saw a general increase in online activity and purchases, and naturally, criminal activity also resorted to the online world to steal and invest in, creating proper cybercriminal organizations.


What cybersecurity risks do you think new business owners often fail to take into account?


The first risk is to believe cybersecurity is only about protecting oneself from risks. Cybersecurity is about growth. If you are well protected, you can reach levels of growth you wouldn’t believe.


When faced with fraudulent traffic, businesses tend to implement the wrong kind of cybersecurity actions, such as the One Time Password (OTP), which is a unique password sent by text message to validate a transaction. Yet, they don’t realize that by doing so, they lose real users that desire a simple purchasing experience, while cybercriminals aren’t intimidated by OTP.


Generally, business owners think that cybersecurity is only a security expense, but they don’t realize that it can be, and is a business development asset. With the right protection, businesses can activate one-click payments, which multiplies conversion rates, enables them to buy traffic outside the big tech platforms, and allows for a better return on investment.


In your opinion, which organizations are attractive targets for fraudsters and should implement proper security measures as soon as possible?

Any business that operates on mobile or has anything to do with mobile payments is a potential target. The more efficient and popular a mobile payment solution is, the more likely it is to be attacked. The goal is never to stifle the most efficient and popular payment methods in an effort to prevent fraud, but to embrace their growth by using the latest technology to make them secure.


And finally, what’s next for Evina?

Evina is rapidly growing and protecting new players in the MNO payments ecosystem every day, and signing large international groups such as Orange that currently serves 253 million subscribers. These partnerships allow Evina’s cybersecurity solutions to be easily activated and deployed across the group’s
international subsidiaries.


Evina continuously strives to perfect its technology to remain at the forefront of cybersecurity solutions. Malware will continue to appear in all forms, becoming increasingly sophisticated and capable of bypassing all kinds of security protection (e.g. SMS authentication, facial recognition, etc.).


Although direct carrier billing is Evina’s long-standing expertise it has developed cybersecurity solutions tailored to mobile money that have been extremely well received by mobile operators. Mobile money is a financial transaction conducted using a mobile phone and associated with a SIM card, widely used in underbanked regions. Today, mobile money users number nearly a billion and continue to grow in places, such as Africa, the Middle East, South and Southeast Asia, signaling the need to secure this widespread mobile payment method. Mobile money is a particularly promising payment channel for mobile operators, whose future as a financial player will also depend on its successful deployment. Evina is stepping in to ensure that the growth of mobile operators is not hindered by fraud.

The Fraud Observer

Do you like this article ?

Articles, interviews, analyzes, debates ... Once a month, the most valuable insights and news to fight fraud and grow your business.