payments

Gig workers need health & benefits — Catch is their safety net

Posted by | Apps, Catch, Collaborative Consumption, eCommerce, Finance, funding, Fundings & Exits, Health, Khosla Ventures, Kindred Ventures, Mobile, nyca partners, payments, Personnel, Recent Funding, Startups, Talent, TC, Y Combinator | No Comments

One of the hottest Y Combinator startups just raised a big seed round to clean up the mess created by Uber, Postmates and the gig economy. Catch sells health insurance, retirement savings plans and tax withholding directly to freelancers, contractors, or anyone uncovered. By building and curating simplified benefits services, Catch can offer a safety net for the future of work.

“In order to stay competitive as a society, we need to address inequality and volatility. We think Catch is the first step to offering alternatives to the mandate that benefits can only come from an employer or the government,” writes Catch co-founder and COO Kristen Tyrrell. Her co-founder and CEO Andrew Ambrosino, a former Kleiner Perkins design fellow, stumbled onto the problem as he struggled to juggle all the paperwork and programs companies typically hire an HR manager to handle. “Setting up a benefits plan was a pain. You had to become an expert in the space, and even once you were, executing and getting the stuff you needed was pretty difficult.” Catch does all this annoying but essential work for you.

Now Catch is getting its first press after piloting its product with tens of thousands of users. TechCrunch caught wind of its highly competitive seed round closing, and Catch confirms it has raised $5.1 million at a $20.5 million post-money valuation co-led by Khosla Ventures, Kindred Ventures, and NYCA Partners. This follow-up to its $1 million pre-seed will fuel its expansion into full heath insurance enrollment, life insurance and more. Catch is part of a growing trend that sees the best Y Combinator startup fully funded before Demo Day even arrives.

“Benefits, as a system built and provided by employers, created the mid-century middle class. In the post-war economic boom, companies offering benefits in the form of health insurance and pensions enabled familial stability that led to expansive growth and prosperity,” recalls Tyrrell, who was formerly the director of product at student debt repayment benefits startup FutureFuel.io. “Emboldened by private-sector growth (and apparent self-sufficiency), the 1970s and 80s saw a massive shift in financial risk management from the government to employers. The public safety net contracted in favor of privatized solutions. As technological advances progressed, employers and employees continued to redefine what work looked like. The bureaucratic and inflexible benefits system was unable to keep up. The private safety net crumbled.”

That problem has ballooned in recent years with the advent of the on-demand economy, where millions become Uber drivers, Instacart shoppers, DoorDash deliverers and TaskRabbits. Meanwhile, the destigmatization of remote work and digital nomadism has turned more people into permanent freelancers and contractors, or full-time employees without benefits. “A new class of worker emerged: one with volatile, complex income streams and limited access to second-order financial products like automated savings, individual retirement plans, and independent health insurance. We entered the new millennium with rot under the surface of new opportunity from the proliferation of the internet,” Tyrrell declares. “The last 15 years are borrowed time for the unconventional proletariat. It is time to come to terms and design a safety net that is personal, portable, modern and flexible. That’s why we built Catch.”

Catch co-founders Andrew Ambrosino and Kristen Tyrrell

Currently Catch offers the following services, each with their own way of earning the startup revenue:

  • Health Explorer lets users compare plans from insurers and calculate subsidies, while Catch serves as a broker collecting a fee from insurance providers
  • Retirement Savings gives users a Catch robo-advisor compatible with IRA and Roth IRA, while Catch earns the industry standard 1 basis point on saved assets
  • Tax Withholding provides an FDIC-insured Catch account that automatically saves what you’ll need to pay taxes later, while Catch earns interest on the funds
  • Time Off Savings similarly lets you automatically squirrel away money to finance “paid” time off, while Catch earns interest

These and the rest of Catch’s services are curated through its Guide. You answer a few questions about which benefits you have and need, connect your bank account, choose which programs you want and get push notifications whenever Catch needs your decisions or approvals. It’s designed to minimize busy work so if you have a child, you can add them to all your programs with a click instead of slogging through reconfiguring them all one at a time. That simplicity has ignited explosive growth for Catch, with the balances it holds for tax withholding, time off and retirement balances up 300 percent in each of the last three months.

In 2019 it plans to add Catch-branded student loan refinancing, vision and dental enrollment plus payments via existing providers, life insurance through a partner such as Ladder or Ethos and full health insurance enrollment plus subsidies and premium payments via existing insurance companies like Blue Shield and Oscar. And in 2020 it’s hoping to build out its own blended retirement savings solution and income-smoothing tools.

If any of this sounds boring, that’s kind of the point. Instead of sorting through this mind-numbing stuff unassisted, Catch holds your hand. Its benefits Guide is available on the web today and it’s beta testing iOS and Android apps that will launch soon. Catch is focused on direct-to-consumer sales because “We’ve seen too many startups waste time on channels/partnerships before they know people truly want their product and get lost along the way,” Tyrrell writes. Eventually it wants to set up integrations directly into where users get paid.

Catch’s biggest competition is people haphazardly managing benefits with Excel spreadsheets and a mishmash of healthcare.gov and solutions for specific programs. Twenty-one percent of Americans have saved $0 for retirement, which you could see as either a challenge to scaling Catch or a massive greenfield opportunity. Track.tax, one of its direct competitors, charges a subscription price that has driven users to Catch. And automated advisors like Betterment and Wealthfront accounts don’t work so well for gig workers with lots of income volatility.

So do the founders think the gig economy, with its suppression of benefits, helps or hinders our species? “We believe the story is complex, but overall, the existing state of the gig economy is hurting society. Without better systems to provide support for freelance/contract workers, we are making people more precarious and less likely to succeed financially.”

When I ask what keeps the founders up at night, Tyrrell admits “The safety net is not built for individuals. It’s built to be distributed through HR departments and employers. We are very worried that the products we offer aren’t on equal footing with group/company products.” For example, there’s a $6,000/year IRA limit for individuals while the corporate equivalent 401k limit is $19,000, and health insurance is much cheaper for groups than individuals.

To surmount those humps, Catch assembled a huge list of angel investors who’ve built a range of financial services, including NerdWallet founder Jake Gibson, Earnest founders Louis Beryl and Ben Hutchinson, ANDCO (acquired by Fiverr) founder Leif Abraham, Totem founder Neal Khosla, Commuter Club founder Petko Plachkov, Playable (acquired by Stripe) founder Tad Milbourn and Synapse founder Bruno Faviero. It also brought on a wide range of venture funds to open doors for it. Those include Urban Innovation Fund, Kleiner Perkins, Y Combinator, Tempo Ventures, Prehype, Loup Ventures, Indicator Ventures, Ground Up Ventures and Graduate Fund.

Hopefully the fact that there are three lead investors and so many more in the round won’t mean that none feel truly accountable to oversee the company. With 80 million Americans lacking employer-sponsored benefits and 27 million without health insurance and median job tenure down to 2.8 years for people ages 25 to 34 leading to more gaps between jobs, our workforce is vulnerable. Catch can’t operate like a traditional software startup with leniency for screw-ups. If it can move cautiously and fix things, it could earn labor’s trust and become a fundamental piece of the welfare stack.

Powered by WPeMatico

UK military veteran launches crowd-funding for Pixie app to revive local stores

Posted by | Apps, crowdcube, Crowdfunding, Europe, funding, iZettle, mastercard, Mobile, payments, pixie, Startups, sumup, TC, Worldpay | No Comments

What if, instead of sitting on your phone on the sofa ordering stuff from Amazon, you could buy the same things locally from local stores that ultimately enliven and enrich your local neighborhood? What if by doing that, you wouldn’t be walking through deserted main streets, past boarded-up shops, dark alleys and graffiti? What if someone created a marketplace for independent businesses, local events and experiences that kept the money in the local economy rather than being siphoned off into global giants who don’t care about human-scale communities?

That’s the idea behind Pixie, a new take on the “shop-local app” startup model which, although it’s been tried before, has never quite managed to take off. Perhaps Pixie will have more luck?

Here’s how it works: The Pixie app connects people to independent businesses through a curated marketplace, incentivizing them to pay through the app and get rewarded for being loyal customers. Integrated into the app is Pixie Pay, a bespoke payment solution which keeps money in local hands.

The startup has a fascinating background. Whilst serving in the British Special Forces, Pixie’s founder Greg Barden understood that his mission was also to ‘win hearts and minds’ with the local population. Whether by buying bread from the local baker in a village in Afghanistan, or coffee from the market in Baghdad, he and his soldiers could tear down even the most hostile barriers.

He also realized that when more money stayed inside these the local economies rather than being sucked away by organized crime or large scale, globalized businesses, the local economy might flourish and the risk of the societies there becoming yet again destabilized could potentially diminish.

“Whether it was stalls in the bazaars of Baghdad or small boutiques on Bath high-street, I realized independent shop owners are linchpins in their community. They add variety to the mundane and nurture community spirit. Even local guardians need protecting sometimes, which is why we created Pixie.”

The threat to independent stores from globalization and digitization isn’t just happening in Afghanistan. Across the western world, ‘Main Street’ stores are closing at a prodigious rate. In the UK over 1,500 local stores closed in 2018. (And that was BEFORE Brexit…)

Pixie has stress-tested its idea in mid-sized town in the UK, including Bath, Frome and Sherbourne, completing transactions across 250 businesses, ranging from cafes to fashion boutiques, and spinning up 5,000 app users. It’s now going on the fund-raising trail, aiming to raise £500,000 in funding through its ‘Equity for Explorers’ campaign on Crowdcube a UK-based crowd-equity platform. The total addressable market for independent business in the UK is estimated to be £31.5bn in gross transactional value.

Barden — who last year spoke about his startup life at the launch of the military tech non-profit TechVets — says: “There might be thousands of independent businesses across the UK, but at the rate the high-street is disappearing they are severely under threat. Pixie isn’t here to turn people away from the bigger players on the high-street, but create opportunities for enriching discovery. Needless to say, in a world with increasing nationalism, Brexit, Trump and — dare I say it — Amazon, we feel Pixie has a huge part to play in countering the worst aspects of globalization.”

Pixie’s revenue comes from transaction fees taken when people use its ‘Pixie Pay’ payment mechanism. The payment system is designed to bypass Visa/Mastercard at the point of sale, whilst the loyalty scheme unites independent businesses under one umbrella, so the users can earn and spend their loyalty points (as money) across the entire Pixie community. If a store using Pixie is in Australia, a person from Bath could also use their points there. This keeps the money circulating inside local, independent stores, wherever they are on the planet.

Pixie distributes its own payment terminal that sits next to whatever the business has in place to take normal card payments (iZettle etc). The cards are contactless but don’t utilise visa MasterCard. It’s literally their own e-money system. Think PayPal where users can either add money to their balance by debit card or bank and/or link a debit card to Pixie if they don’t have a balance.

Obviously this also creates it an alternative to competitors like iZettle, Square, SumUp and WorldPay, but this time specifically aimed at local independent stores, not huge national and international chains.

The third element of Pixie is its discovery marketplace that gives its community of explorers (users) the ability to discover local businesses across the Pixie footprint of stores.

I’ve seen several startups try and tackle this problem, but it may well be that Pixie, under its charismatic leader, finally has a shot at cracking this idea around local markets.

Powered by WPeMatico

Instagram’s fundraiser stickers could lure credit card numbers

Posted by | Apps, charity, eCommerce, instagram, Instagram Stickers, Instagram Stories, Mobile, non-profits, payments, Philanthropy, Social, TC | No Comments

Mark Zuckerberg recently revealed that commerce is a huge part of the 2019 road map for Facebook’s family of apps. But before people can easily buy things from Instagram etc., Facebook needs their credit card info on file. That’s a potentially lucrative side effect of Instagram’s plan to launch a Fundraiser sticker in 2019. Facebook’s own Donate buttons have raised $1 billion, and bringing them to Instagram’s 1 billion users could do a lot of good while furthering Facebook’s commerce strategy.

New code and imagery dug out of Instagram’s Android app reveals how the Fundraiser stickers will allow you to search for nonprofits and add a Donate button for them to your Instagram Story. After you’ve donated to something once, Instagram could offer instant checkout on stuff you want to buy using the same payment details.

Back in 2013 when Facebook launched its Donate button, I suggested that it could add a “remove credit card after checkout” option to its fundraisers if it wanted to make it clear that the feature was purely altruistic. Facebook never did that. You still need to go into your payment settings or click through the See Receipt option after donating and then edit your account settings to remove your credit card. We’ll see if Instagram is any different. We’ve also asked whether Instagrammers will be able to raise money for personal causes, which would make it more of a competitor to GoFundMe — which has sadly become the social safety net for many facing healthcare crises.

Facebook mentioned at its Communities Summit earlier this month that it’d be building Instagram Fundraiser stickers, but the announcement was largely overshadowed by the company’s reveal of new Groups features. This week, TechCrunch tipster Ishan Agarwal found code in the Instagram Android app detailing how users will be able search for nonprofits or browse collections of Suggested charities and ones they follow. They can then overlay a Donate button sticker on their Instagram Story that their followers can click through to contribute.

We then asked reverse-engineering specialist Jane Manchun Wong to take a look, and she was able to generate the screenshots seen above that show a green heart icon for the Fundraiser sticker plus the nonprofit search engine. A Facebook spokespeople tells me that “We are in early stages and working hard to bring this experience to our community . . . Instagram is all about bringing you closer to the people and things you love, and a big part of that is showing support for and bringing awareness to meaningful communities and causes. Later this year, people will be able to raise money and help support nonprofits that are important to them through a donation sticker in Instagram Stories. We’re excited to bring this experience to our community and will share more updates in the coming months.”

Zuckerberg said during the Q4 2018 earnings call last month that “In Instagram, one of the areas I’m most excited about this year is commerce and shopping . . . there’s also a very big opportunity in basically enabling the transactions and making it so that the buying experience is good.” Streamlining those transactions through saved payment details means more people will complete their purchase rather than abandoning their cart. Facebook CFO David Wehner noted on the call that “Continuing to build good advertising products for our e-commerce clients on the advertising side will be a more important contributor to revenue in the foreseeable future.” Even though Facebook isn’t charging a fee on transactions, powering higher commerce conversion rates convinces merchants to buy more ads on the platform.

With all the talk of envy spiraling, phone addiction, bullying and political propaganda, enabling donations is at least one way Instagram can prove it’s beneficial to the world. Snapchat lacks formal charity features, and Twitter appears to have ended its experiment allowing nonprofits to tweet donate buttons. Despite all the flack Facebook rightfully takes, the company has shown a strong track record with philanthropy that mirrors Zuckerberg’s own $47 billion commitment through the Chan Zuckerberg Initiative. And if having some relatively benign secondary business benefit speeds companies toward assisting nonprofits, that’s a trade-off we should be willing to embrace.

Powered by WPeMatico

Amazon, Western Union debut PayCode to sell goods in emerging markets and let shoppers pay in cash

Posted by | alibaba, Amazon, Asia, developing markets, eCommerce, emerging markets, Finance, Mobile, payments, qr code, TC, western union | No Comments

While Amazon has been methodical (read: a little slow) in launching local versions of its site for various global markets, it has now embarked on a secondary track to snag more business outside the 14 countries where it has built out full operations.

Amazon has partnered with Western Union to set up a service called PayCode, which lets people shop and pay for Amazon items using local currencies that would not have been accepted on the site before, starting with services in 10 countries: Chile, Columbia, Hong Kong, Indonesia, Kenya, Malaysia, Peru, Philippines, Taiwan and Thailand.

Specifically, shoppers in these markets will now be able to go into Western Union outposts and pay for their Amazon purchases in cash, which also means that payment cards or other virtual payment methods will also not be required to buy from Amazon — one of the barriers to expanding the service up to now into more emerging economies, where card and bank account penetration is much lower than in developed markets like the U.S. and Europe.

“Amazon is committed to enabling customers anywhere in the world to shop on Amazon.com, and a big part of that is to allow customers to pay for their cross-border online purchases in a way that is most convenient for them,” said Ben Volk, director, Payment Acceptance and Experience at Amazon, in a statement. “Amazon PayCode leverages the reach of Western Union to make cross-border online shopping a reliable and convenient experience for customers who do not have access to international credit cards, or prefer to pay in cash.”

In terms of what they will be able to buy, people can shop across the breadth of the Amazon marketplace, but Amazon notes that they will only be able to use PayCode if it’s offered as an option at checkout (which will only happen in the markets where PayCode is supported); if the item that is chosen is “export eligible,” and if the item’s value “exceeds the maximum value allowed for use on this payment type” — although Amazon doesn’t appear to specify what that maximum value is. Once you complete the purchase online (or possibly more likely, on mobile), you get a “PayCode” QR code that you will have 48 hours to take to a Western Union to pay for the goods; otherwise your order gets cancelled.

The deal between Amazon and Western Union was initially announced last October, with very little detail and fanfare. The PayCode name then appeared to leak out a month later around what appeared to be a test in India (where it has not launched… yet). Today was the first time that the companies unveiled the first launch countries.

PayCode is a significant advance for Amazon as it seeks to step up to the next level of being a global e-commerce powerhouse to compete against the likes of Alibaba.

The latter company has made a lot of inroads to work in a wider array of markets beyond its home base of China, specifically tapping into a long tail of supply from its home market and demand for those goods abroad. Alibaba is also taking care of business when it comes to making more seamless transactions related to those trades. Just today, its financial services affiliate Ant Financial announced that it would acquire U.K.’s WorldFirst, which provides foreign money transfer for businesses and individuals, for a price that we heard from sources was in the region of $700 million.

Amazon currently operates 15 Amazon websites globally: in the U.S., U.K., Australia, Brazil, Canada, China, France, Germany, India, Italy, Japan, Mexico, Netherlands, Spain and Turkey. (It appears also to have a Prime-only site in Singapore.) Up to now, these would have been the only countries where Amazon would offer goods in local currencies.

Adding a new tranche of countries using PayCode will potentially massively expand how many people can shop on Amazon without Amazon going through the steps of setting up full-fledged operations in those countries to serve those consumers and sellers. (Or, this being Amazon, this would be a key way for the company to start testing the waters to figure out which market might do best with a full-fledged store.) Over time, you might imagine that Amazon might extend PayCode to markets where it has sites, too, to give shoppers more flexibility in how they pay for goods for themselves or that they are buying for others.

It’s a big market opportunity. Amazon cites estimates from Forrester Research that say cross-border shopping will represent 20 percent of e-commerce by 2022, accounting for $630 billion.

For Western Union, this is a potentially big partnership, too.

Today, PayCode allows people to use Western Union to act as a physical pay station for their Amazon goods, giving Western Union a small cut on those transactions. But you might imagine how this could evolve over time, where remittances sent from family members abroad via Western Union — a very common use of remittance networks — might immediately get redeemed to cover purchases on Amazon.

Similarly, Western Union is working closer with MPesa, the African mobile wallet service that lets people essentially use their phone top-up account as a payment account, and you could imagine how this too could get incorporated into the PayCode experience to facilitate buying and paying on devices, without having to go into Western Union shops and use actual cash.

“We’re helping to unlock access to Amazon.com for customers who need and want items that can only be found online in many parts of the world,” said Khalid Fellahi, SVP and General Manager of Western Union Digital, in a statement. “This is a great example of two global brands innovating and collaborating to bring customers more convenience and choice. In a world where cross-border buyers and sellers are often located on different continents and in completely different financial ecosystems, our platform is ideally suited to solving the complexity of collecting local currency and converting it into whatever currency merchants need on the other end.”

Powered by WPeMatico

Apple fails to block porn & gambling ‘Enterprise’ apps

Posted by | Apple, Apps, Developer, Entertainment, Gambling, Gaming, Mobile, payments, Policy, pornography, TC, WTF | No Comments

Facebook and Google were far from the only developers openly abusing Apple’s Enterprise Certificate program meant for companies offering employee-only apps. A TechCrunch investigation uncovered a dozen hardcore pornography apps and a dozen real-money gambling apps that escaped Apple’s oversight. The developers passed Apple’s weak Enterprise Certificate screening process or piggybacked on a legitimate approval, allowing them to sidestep the App Store and Cupertino’s traditional safeguards designed to keep iOS family-friendly. Without proper oversight, they were able to operate these vice apps that blatantly flaunt Apple’s content policies.

The situation shows further evidence that Apple has been neglecting its responsibility to police the Enterprise Certificate program, leading to its exploitation to circumvent App Store rules and forbidden categories. For a company whose CEO Tim Cook frequently criticizes its competitors for data misuse and policy fiascos like Facebook’s Cambridge Analytica, Apple’s failure to catch and block these porn and gambling demonstrates it has work to do itself.

Porn apps PPAV and iPorn (iP) continue to abuse Apple’s Enterprise Certificate program to sidestep the App Store’s ban on pornography. Nudity censored by TechCrunch

 

TechCrunch broke the news last week that Facebook and Google had broken the rules of Apple’s Enterprise Certificate program to distribute apps that installed VPNs or demanded root network access to collect all of a user’s traffic and phone activity for competitive intelligence. That led Apple to briefly revoke Facebook and Google’s Certificates, thereby disabling the companies’ legitimate employee-only apps, which caused office chaos.

Apple issued a fiery statement that “Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.” Meanwhile, dozens of prohibited apps were available for download from shady developers’ websites.

Apple offers a lookup tool for finding any business’ D-U-N-S number, allowing shady developers to forge their Enterprise Certificate application

The problem starts with Apple’s lax standards for accepting businesses to the enterprise program. The program is for companies to distribute apps only to their employees, and its policy explicitly states “You may not use, distribute or otherwise make Your Internal Use Applications available to Your Customers.” Yet Apple doesn’t adequately enforce these policies.

Developers simply have to fill out an online form and pay $299 to Apple, as detailed in this guide from Calvium. The form merely asks developers to pledge they’re building an Enterprise Certificate app for internal employee-only use, that they have the legal authority to register the business, provide a D-U-N-S business ID number and have an up to date Mac. You can easily Google a business’ address details and look up their D-U-N-S ID number with a tool Apple provides. After setting up an Apple ID and agreeing to its terms of service, businesses wait one to four weeks for a phone call from Apple asking them to reconfirm they’ll only distribute apps internally and are authorized to represent their business.

With just a few lies on the phone and web plus some Googleable public information, sketchy developers can get approved for an Apple Enterprise Certificate.

Real-money gambling apps openly advertise that they have iOS versions available that abuse the Enterprise Certificate program

Given the number of policy-violating apps that are being distributed to non-employees using registrations for businesses unrelated to their apps, it’s clear that Apple needs to tighten the oversight on the Enterprise Certificate program. TechCrunch found thousands of sites offering downloads of “sideloaded” Enterprise apps, and investigating just a sample uncovered numerous abuses. Using a standard un-jailbroken iPhone. TechCrunch was able to download and verify 12 pornography and 12 real-money gambling apps over the past week that were abusing Apple’s Enterprise Certificate system to offer apps prohibited from the App Store. These apps either offered streaming or pay-per-view hardcore pornography, or allowed users to deposit, win and withdraw real money — all of which would be prohibited if the apps were distributed through the App Store.

A whole screen of prohibited sideloaded porn and gambling apps TechCrunch was able to download through the Enterprise Certificate system

In an apparent effort to step up policy enforcement in the wake of TechCrunch’s investigation into Facebook and Google’s Enterprise Certificate violations, Apple appears to have disabled some of these apps in the past few days, but many remain operational. The porn apps that we discovered which are currently functional include Swag, PPAV, Banana Video, iPorn (iP), Pear, Poshow and AVBobo, while the currently functional gambling apps include RD Poker and RiverPoker.

The Enterprise Certificates for these apps were rarely registered to company names related to their true purpose. The only example was Lucky8 for gambling. Many of the apps used innocuous names like Interprener, Mohajer International Communications, Sungate and AsianLiveTech. Yet others seemed to have forged or stolen credentials to sign up under the names of completely unrelated but legitimate businesses. Dragon Gaming was registered to U.S. gravel supplier CSL-LOMA. As for porn apps, PPAV’s certificate is assigned to the Nanjing Jianye District Information Center, Douyin Didi was licensed under Moscow motorcycle company Akura OOO, Chinese app Pear is registered to Grupo Arcavi Sociedad Anonima in Costa Rica and AVBobo covers its tracks with the name of a Fresno-based company called Chaney Cabinet & Furniture Co.

You can see a full list of the policy-violating apps we found:

Apple refused to explain how these apps slipped into the Enterprise Certificate app program. It declined to say if it does any follow-up compliance audits on developers in the program or if it plans to change admission process. An Apple spokesperson did provide this statement, though, indicating it will work to shut down these apps and potentially ban the developers from building iOS products entirely:

“Developers that abuse our enterprise certificates are in violation of the Apple Developer Enterprise Program Agreement and will have their certificates terminated, and if appropriate, they will be removed from our Developer Program completely. We are continuously evaluating the cases of misuse and are prepared to take immediate action.”

TechCrunch asked Guardian Mobile Firewall’s security expert Will Strafach to look at the apps we found and their Certificates. Strafach’s initial analysis of the apps didn’t find any glaring evidence that the apps misappropriate data, but they all do violate Apple’s Certificate policies and provide content banned from the App Store. “At the moment, I have noticed that action is slower regarding apps available from an independent website and not these easy-to-scrape app directories” that occasionally crop up offering centralized access to a plethora of sideloaded apps.

Porn app AVBobo uses an Enterprise Certificate registered to Fresno’s Chaney Cabinet & Furniture Co

Strafach explained how “A significant number of the Enterprise Certificates used to sign publicly available apps are referred to informally as ‘rogue certificates’ as they are often not associated with the named company. There are no hard facts to confirm the manner in which these certificates originate, but the result of the initial step is that individuals will gain control of an Enterprise Certificate attributable to a corporation, usually China/HK-based. Code services are then sold quietly on Chinese language marketplaces, resulting in sometimes 5 to 10 (or more) distinct apps being signed with the same Enterprise Certificate.” We found Sungate and Mohajer Certificates were farmed out for use by multiple apps in this way.

“In my experience, Enterprise Certificate signed apps available on independent websites have not been harmful to users in a malicious sense, only in the sense that they have broken the rules,” Strafach notes. “Enterprise Certificate signed apps from these Chinese ‘helper’ tools, however, have been a mixed bag. Zoe example, in multiple cases, we have noticed such apps with additional tracking and adware code injected into the original now-repackaged app being offered.”

Porn apps like Swag openly advertise their availability on iOS

Interestingly, none of the off-limits apps we discovered asked users to install a VPN like Google Screenwise, let alone root network access like Facebook Research. TechCrunch reported this month that both apps had been paying users to snoop on their private data. But the iOS versions were banned by Apple after we exposed their policy violations, and Apple also caused chaos at Facebook and Google’s offices by temporarily shutting down their employee-only iOS apps too. The fact that these two U.S. tech giants were more aggressive about collecting user data than shady Chinese porn and gambling apps is telling. “This is a cat-and-mouse game,” Strafach concluded regarding Apple’s struggle to keep out these apps. But given the rampant abuse, it seems Apple could easily add stronger verification processes and more check-ups to the Enterprise Certificate program. Developers should have to do more to prove their apps’ connection with the Certificate holder, and Apple should regularly audit certificates to see what kind of apps they’re powering.

Back when Facebook missed Cambridge Analytica’s abuse of its app platform, Cook was asked what he’d do in Mark Zuckerberg’s shoes. “I wouldn’t be in this situation” Cook frankly replied. But if Apple can’t keep porn and casinos off iOS, perhaps Cook shouldn’t be lecturing anyone else.

Powered by WPeMatico

Lydia launches shared accounts for its mobile payment app

Posted by | Europe, France Newsletter, Lydia, Mobile, payments, Startups | No Comments

French startup Lydia now lets you share your Lydia sub-accounts with other people. The company wants to make it easier to manage money when you’re traveling with friends, sharing an apartment with someone and more.

When Lydia introduced its premium offering back in March 2018, the company completely rethought the way Lydia accounts worked. Users had a single Lydia account and were basically limited to sending, receiving and withdrawing money — it was all about peer-to-peer payments. Now, you can create as many Lydia accounts as you want, move money around, set money aside and top up each account separately.

That was just the first step as you can now share those accounts with other people. This way, you don’t have to create a Splitwise group and track who owes what to whom. Instead of getting your money back after a while, people chip in and top up the shared account directly. Anybody can then safely spend that money.

As always, Lydia is all about getting money in the app and out of the app as seamlessly as possible. When you create a shared account, each user can top up the account using other Lydia sub-accounts, a traditional bank account that you have already connected to the app or a debit card if it’s a small amount.

If your bank account isn’t compatible with Lydia, you also get an IBAN number for this sub-account in particular. So you can initiate a traditional bank transfer from your bank account as well.

Once the account is up and running, anybody can spend money. You can generate a virtual card, add it to Apple Pay, Google Pay or Samsung Pay, and associate it with the shared account. If you’re on a ski trip and buying raclette cheese for your group of friends, you can then pay with your phone and debit the shared account.

If you’re a premium user and have a good old plastic Lydia card, you can also use it in any card reader and associate transactions with your shared account. Some websites already let you pay with your Lydia account directly as well. You can select your sub-account when confirming the transaction on your phone.

You can imagine multiple different use cases for such a feature. This is a good way to share an account with your significant other without switching to the same bank. This could be a way to pay for utility bills with your roommates.

“I use it with my son for instance. I created a shared account, I set up a virtual card and he added it to his Google Pay,” co-founder and CEO Cyril Chiche told me. He can then send him money that he can use instantly whenever he needs to.

This feature will become more valuable over time, when you can pay with your Lydia account in more places. Mobile payment systems, such as Apple Pay and Google Pay, are slowly becoming more widespread. And Lydia has also been working with popular payment service providers to add support for more e-commerce websites.

It’s a radical way of sharing expenses with friends and family members, but it could become the obvious way if Lydia becomes ubiquitous.

Powered by WPeMatico

Apple Pay is coming to Target, Taco Bell, Speedway and two other US chains

Posted by | 7-eleven, Apple, apple inc, Apple Pay, costco, cvs, Germany, jack in the box, Mobile, mobile payments, payments, privacy, Security, taco bell, Target | No Comments

A little more retail momentum for Apple Pay: Apple has announced another clutch of U.S. retailers will soon support its eponymous mobile payment tech — most notably discount retailer Target.

Apple Pay is rolling out to Target stores now, according to Apple, which says it will be available in all 1,850 of its U.S. retail locations “in the coming weeks.”

Also signing up to Apple Pay are fast food chains Taco Bell and Jack in the Box; Speedway convenience stores; and Hy-Vee supermarkets in the Midwest.

“With the addition of these national retailers, 74 of the top 100 merchants in the US and 65 per cent of all retail locations across the country will support Apple Pay,” notes Apple in a press release.

Speedway customers can use Apple Pay at all of its approximately 3,000 locations across the Midwest, East Coast and Southeast from today, according to Apple, as well as at Hy-Vee stores’ more than 245 outlets in the Midwest.

It says the payment tech is also rolling out to more than 7,000 Taco Bell and 2,200 Jack in the Box locations “in the next few months.”

Back in the summer Apple announced it had signed up longtime holdout CVS, with the pharmacy introducing Apple Pay across its ~8,400 standalone locations last year.

Also signing up then: 7-Eleven, which Apple says has now launched support for Apple Pay in 95 percent of its U.S. convenience stores in 2018.

Last year retail giant Costco also completed the rollout of Apple Pay to its more than 500 U.S. warehouses.

While, in December, Apple Pay also finally launched in Germany — where Apple slated it would be accepted at a range of “supermarkets, boutiques, restaurants and hotels and many other places” at launch, albeit “cash only” remains a common demand from the country’s small businesses.

Update: In a blog post about the Apple Pay launch, Target confirmed that users of its Target REDcard credit or debit cards cannot use the store payment card with Apple Pay.

The retail giant also said it will soon support contactless mobile payment technologies on the Android smartphone platform, naming Google Pay and Samsung Pay specifically, as well as supporting contactless payment cards from Mastercard, Visa, American Express and Discover.

“Offering guests more ways to conveniently and quickly pay is just another way we’re making it easier than ever to shop Target,” said Target’s chief information officer, Mike McNamara, in a statement.

Powered by WPeMatico

Daily Crunch: How the government shutdown is damaging cybersecurity and future IPOs

Posted by | Apps, Enterprise, Finance, Fundings & Exits, Gadgets, Government, hardware, payments, Policy, Startups, Venture Capital | No Comments

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here:

1. How Trump’s government shutdown is harming cyber and national security
The government has been shut down for nearly three weeks, and there’s no end in sight. While most of the core government departments — State, Treasury, Justice and Defense — are still operational, others like Homeland Security, which takes the bulk of the government’s cybersecurity responsibilities, are suffering the most.

2. With SEC workers offline, the government shutdown could screw IPO-ready companies
The SEC has been shut down since December 27 and only has 285 of its 4,436 employees on the clock for emergency situations. While tech’s most buzz-worthy unicorns like Uber and Lyft won’t suffer too much from the shutdown, smaller businesses, particularly those in need of an infusion of capital to continue operating, will bear the brunt of any IPO delays.

3. The state of seed 

In 2018, seed activity as a percentage of all deals shrank from 31 percent to 25 percent — a decade low — while the share and size of late-stage deals swelled to record highs.

4. Banking startup N26 raises $300 million at $2.7 billion valuation

N26 is building a retail bank from scratch. The company prides itself on the speed and simplicity of setting up an account and managing assets. In the past year, N26’s valuation has exploded as its user base has tripled, with nearly a third of customers paying for a premium account.

5. E-scooter startup Bird is raising another $300M 

Bird is reportedly nearing a deal to extend its Series C round with a $300 million infusion led by Fidelity. The funding, however, comes at a time when scooter companies are losing steam and struggling to prove that its product is the clear solution to last-mile transportation.

6. AWS gives open source the middle finger 

It’s no secret that AWS has long been accused of taking the best open-source projects and re-using and re-branding them without always giving back to those communities.

7. The Galaxy S10 is coming on February 20 

Looks like Samsung is giving Mobile World Congress the cold shoulder and has decided to announce its latest flagship phone a week earlier in San Francisco.

Powered by WPeMatico

Square launches its in-app payments SDK

Posted by | Developer, developers, in-app payments, Mobile, payments, sdk, Square | No Comments

Square today announced the launch of its in-app payments SDK that allows developers to build Square-powered payments right into their mobile apps. While Square remains best known for its offline payments solutions that grace virtually ever independent coffee shop and quirky corner store, the company has long offered APIs for taking online payments on the web and for working with its reader hardware.

Today’s launch expands the company’s reach into mobile apps, an area where it faces stiff competition from the likes of Stripe, Adyen and others. Square, however, argues that this launch puts it ahead of the competition, given that it now offers a complete online and offline payments solution.“With the introduction of in-app mobile payments to the Square platform, developers now have a complete, omnichannel payments solution for all their payment needs,” said Square developer lead Carl Perry in today’s announcement. “From software to hardware to services, Square offers a complete payments experience all in one cohesive open platform. Even better, developers and sellers can manage all their payments across in-store, mobile and online all in one place.”

The SDK is available for Android, iOS and Flutter, Google’s toolkit for building cross-platform applications. For now, only developers in the United States, Canada, U.K., Australia and Japan will be able to use it, though. The app provides a default payments flow, but developers can also customize it to match their apps and needs. Using this service, mobile app developers will be able to take payments through the usual credit and debit cards, as well as Apple Pay and Google Pay.

Powered by WPeMatico

Apple Pay finally launches in Germany

Posted by | apple inc, Apple Pay, cash, contactless payments, Europe, Germany, iPhone, mastercard, Mobile, mobile payments, payments, privacy | No Comments

Apple’s mobile payment technology has finally launched in Germany, some four years after it debuted in the U.S.

On its newly launched Apple Pay website for Germany, Apple lists partner banks and credit card companies at launch, with customers from the likes of Deutsche Bank, O2 Banking, N26, Comdirect, HypoVerensbank, Bunq and Boon able to tap up the payment method directly.

Some fifteen banks and services are supported at launch. A further nine banks are slated as adding support in 2019, including DKB, INK and Revolut.

iOS users in the country can now add supported debit or credit cards to Apple Pay to make contactless payments with their device, rather than having to carry cash. Apple’s Face ID and Touch ID biometrics are used to a security layer to the payment system.

The local Apple Pay site also lists a selection of retailers, with Apple writing: “Apple Pay works in supermarkets, boutiques, restaurants, hotels and many other places. You can also use Apple Pay in many apps — and on participating websites with Safari on your Mac, iPhone or iPad.”

Aside from convenience, the other consumer advantage Apple touts for the system is privacy, with Apple Pay using a device-specific number and unique transaction code — and the user’s actual card numbers never stored on their device or on Apple’s servers — which means trackable card numbers aren’t shared with merchants, so purchases can’t be tied back to the individual.

While that might sound like an abstract concern, a Bloomberg report this summer revealed details of a multi-million deal in which Google pays for transaction data from Mastercard — in order to try to link online ad views with offline purchases in the US.

Facebook has also long been known to buy offline data to supplement the interest signals it collects on users from inside (and outside) its social network — further fleshing out ad-targeting profiles.

So escaping the surveillance net of one flavor of big tech can require buying into another. Or else going low tech and paying in cash.

Apple does not say what took it so long to add Germany to its now pretty long list of Apple Pay countries but Apple Insider suggests the relatively late adoption was down to pushback from local banks over fees, noting that it’s four months after the official announcement of a German launch.

It’s also true that paying by plastic isn’t always an option in Germany, as cash remains the dominant payment method of choice — also, seemingly, for privacy purposes. So Apple Pay is at least aligned with those concerns.

Powered by WPeMatico