Checkout.com, the quiet London-based payment platform, has acquired its first startup, ProcessOut. Checkout.com surprised everyone last year when it announced a gigantic $230 million Series A round. It turns out the payment processing boom is not over yet.
Checkout.com focuses on enterprise clients with customers all around the world. It provides a full-stack payment service, from accepting transactions, processing them and detecting fraud. It helps you with reconciliation thanks to an API and a reporting hub.
The startup is particularly efficient when it comes to supporting multiple currencies and payment methods. You can accept payments in over 150 different currencies. Checkout.com supports debit and credit cards, Apple Pay, Google Pay, local payment methods, such as Klarna, iDEAL and Giropay, e-wallets, such as PayPal and Alipay.
ProcessOut is a French startup that realized e-commerce companies have been leaving money on the table by relying on a single payment provider. The company built a smart routing checkout module that works with dozens of payment providers.
When you enter your card number, ProcessOut can select the best payment provider when it comes to fees and acceptance rate. For instance, a local payment provider can be a lot cheaper than Stripe, but transactions get declined a lot more often. The startup can figure out whether a transaction will go through before selecting an obscure payment provider.
The company then shows you dashboards so that you can visualize payment data in a single location. You can generate report and match transactions on your bank account with transactions on different payment providers.
That combination of data visualization and smart routing helped them score some big clients, such as Glovo, Veepee, Rakuten.fr and Dashlane. In 2019, ProcessOut have tracked 10% of online transactions in France. Transactions representing $20 billion have been analyzed by ProcessOut over the past 12 months.
With today’s acquisition, ProcessOut’s team of 14 employees are joining Checkout.com’s team of 600 employees. Checkout.com isn’t disclosing the terms of the transaction. Checkout.com is getting a ton of insights on different payment providers. It can learn from ProcessOut’s technology to optimize its internal payment workflows as well.
If you’ve ever entered a company’s office as a visitor or contractor, you probably know the routine: check in with a receptionist, figure out who invited you, print out a badge and get on your merry way. Brussels, Belgium- and New York-based Proxyclick aims to streamline this process, while also helping businesses keep their people and assets secure. As the company announced today, it has raised a $15 million Series B round led by Five Elms Capital, together with previous investor Join Capital.
In total, Proxyclick says it’s systems have now been used to register over 30 million visitors in 7,000 locations around the world. In the UK alone, over 1,000 locations use the company’s tools. Current customers include L’Oreal, Vodafone, Revolut, PepsiCo and Airbnb, as well as a number of other Fortune 500 firms.
Gregory Blondeau, founder and CEO of Proxyclick, stresses that the company believes that paper logbooks, which are still in use in many companies, are simply not an acceptable solution anymore, not in the least because that record is often permanent and visible to other visitors.
“We all agree it is not acceptable to have those paper logbooks at the entrance where everyone can see previous visitors,” he said. “It is also not normal for companies to store visitors’ digital data indefinitely. We already propose automatic data deletion in order to respect visitor privacy. In a few weeks, we’ll enable companies to delete sensitive data such as visitor photos sooner than other data. Security should not be an excuse to exploit or hold visitor data longer than required.”
What also makes Proxyclick stand out from similar solutions is that it integrates with a lot of existing systems for access control (including C-Cure and Lenel systems). With that, users can ensure that a visitor only has access to specific parts of a building, too.
In addition, though, it also supports existing meeting rooms, calendaring and parking systems and integrates with Wi-Fi credentialing tools so your visitors don’t have to keep asking for the password to get online.
Like similar systems, Proxyclick provides businesses with a tablet-based sign-in service that also allows them to get consent and NDA signatures right during the sign-in process. If necessary, the system can also compare the photos it takes to print out badges with those on a government-issued ID to ensure your visitors are who they say they are.
Blondeau noted that the whole industry is changing, too. “Visitor management is becoming mainstream, it is transitioning from a local, office-related subject handled by facility managers to a global, security and privacy driven priority handled by Chief Information Security Officers. Scope, decision drivers and key people involved are not the same as in the early days,” he said.
It’s no surprise then that the company plans to use the new funding to accelerate its roadmap. Specifically, it’s looking to integrate its solution with more third-party systems with a focus on physical security features and facial recognition, as well as additional new enterprise features.
The UK’s data protection watchdog has today published a set of design standards for Internet services which are intended to help protect the privacy and safety of children online.
The Information Commissioner’s Office (ICO) has been working on the Age Appropriate Design Code since the 2018 update of domestic data protection law — as part of a government push to create ‘world-leading’ standards for children when they’re online.
UK lawmakers have grown increasingly concerned about the ‘datafication’ of children when they go online and may be too young to legally consent to being tracked and profiled under existing European data protection law.
The ICO’s code is comprised of 15 standards of what it calls “age appropriate design” — which the regulator says reflects a “risk-based approach”, including stipulating that setting should be set by default to ‘high privacy’; that only the minimum amount of data needed to provide the service should be collected and retained; and that children’s data should not be shared unless there’s a reason to do so that’s in their best interests.
Profiling should also be off by default. While the code also takes aim at dark pattern UI designs that seek to manipulate user actions against their own interests, saying “nudge techniques” should not be used to “lead or encourage children to provide unnecessary personal data or weaken or turn off their privacy protections”.
“The focus is on providing default settings which ensures that children have the best possible access to online services whilst minimising data collection and use, by default,” the regulator writes in an executive summary.
While the age appropriate design code is focused on protecting children it is applies to a very broad range of online services — with the regulator noting that “the majority of online services that children use are covered” and also stipulating “this code applies if children are likely to use your service” [emphasis ours].
This means it could be applied to anything from games, to social media platforms to fitness apps to educational websites and on-demand streaming services — if they’re available to UK users.
“We consider that for a service to be ‘likely’ to be accessed [by children], the possibility of this happening needs to be more probable than not. This recognises the intention of Parliament to cover services that children use in reality, but does not extend the definition to cover all services that children could possibly access,” the ICO adds.
Here are the 15 standards in full as the regulator describes them:
The Age Appropriate Design Code also defines children as under the age of 18 — which offers a higher bar than current UK data protection law which, for example, puts only a 13-year-age limit for children to be legally able to give their consent to being tracked online.
So — assuming (very wildly) — that Internet services were to suddenly decide to follow the code to the letter, setting trackers off by default and not nudging users to weaken privacy-protecting defaults by manipulating them to give up more data, the code could — in theory — raise the level of privacy both children and adults typically get online.
However it’s not legally binding — so there’s a pretty fat chance of that.
Although the regulator does make a point of noting that the standards in the code are backed by existing data protection laws, which it does regulate and can legally enforceable (and which include clear principles like ‘privacy by design and default’) — pointing out it has powers to take action against law breakers, including “tough sanctions” such as orders to stop processing data and fines of up to 4% of a company’s global turnover.
So, in a way, the regulator appears to be saying: ‘Are you feeling lucky data punk?’
The code also still has to be laid before parliament for approval for a period of 40 sitting days — with the ICO saying it will come into force 21 days after that, assuming no objections. Then there’s a further 12 month transition period after it comes into force — to “give online services time to conform”. So there’s a fair bit of slack built in before any action may be taken to tackle flagrant nose-thumbers.
Last April the UK government published a white paper setting out its proposals for regulating a range of online harms — including seeking to address concern about inappropriate material that’s available on the Internet being accessed by children.
The ICO’s Age Appropriate Design Code is intended to support that effort. So there’s also a chance that some of the same sorts of stipulations could be baked into the planned online harms bill.
“This is not, and will not be, ‘law’. It is just a code of practice,” said Neil Brown, an Internet, telecoms and tech lawyer at Decoded Legal, discussing the likely impact of the suggested standards. “It shows the direction of the ICO’s thinking, and its expectations, and the ICO has to have regard to it when it takes enforcement action but it’s not something with which an organisation needs to comply as such. They need to comply with the law, which is the GDPR [General Data Protection Regulation] and the DPA [Data Protection Act] 2018.
“The code of practice sits under the DPA 2018, so companies which are within the scope of that are likely to want to understand what it says. The DPA 2018 and the UK GDPR (the version of the GDPR which will be in place after Brexit) covers controllers established in the UK, as well as overseas controllers which target services to people in the UK or monitor the behaviour of people in the UK. Merely making a service available to people in the UK should not be sufficient.”
“Overall, this is consistent with the general direction of travel for online services, and the perception that more needs to be done to protect children online,” Brown also told us.
“Right now, online services should be working out how to comply with the GDPR, the ePrivacy rules, and any other applicable laws. The obligation to comply with those laws does not change because of today’s code of practice. Rather, the code of practice shows the ICO’s thinking on what compliance might look like (and, possibly, goldplates some of the requirements of the law too).”
Organizations that choose to take note of the code — and are in a position to be able to demonstrate they’ve followed its standards — stand a better chance of persuading the regulator they’ve complied with relevant privacy laws, per Brown.
“Conversely, if they want to say that they comply with the law but not with the code, that is (legally) possible, but might be more of a struggle in terms of engagement with the ICO,” he added.
Zooming back out, the government said last fall that it’s committed to publishing draft online harms legislation for pre-legislative scrutiny “at pace”.
But at the same time it dropped a controversial plan included in a 2017 piece of digital legislation which would have made age checks for accessing online pornography mandatory — saying it wanted to focus on a developing “the most comprehensive approach possible to protecting children”, i.e. via the online harms bill.
How comprehensive the touted ‘child protections’ will end up being remains to be seen.
Brown suggests age verification could come through as a “general requirement”, given the age verification component of the Digital Economy Act 2017 was dropped — and “the government has said that these will be swept up in the broader online harms piece”.
The government has also been consulting with tech companies on possible ways to implement age verification online.
However the difficulties of regulating perpetually iterating Internet services — many of which are also operated by companies based outside the UK — have been writ large for years. (And are now mired in geopolitics.)
While the enforcement of existing European digital privacy laws remains, to put it politely, a work in progress…
With the funding, Flutterwave will invest in technology and business development to grow market share in existing operating countries, CEO Olugbenga Agboola — aka GB — told TechCrunch.
The company will also expand capabilities to offer more services around its payment products.
“We don’t just want to be a payment technology company, we have sector expertise around education, travel, gaming, e-commerce, fintech companies. They all use our expertise,” said GB.
That means Flutterwave will provide more solutions around the broader needs of its clients.
The Nigerian-founded startup’s main business is providing B2B payments services for companies operating in Africa to pay other companies on the continent and abroad.
Launched in 2016, Flutterwave allows clients to tap its APIs and work with Flutterwave developers to customize payments applications. Existing customers include Uber, Booking.com and e-commerce company Jumia.
In 2019, Flutterwave processed 107 million transactions worth $5.4 billion, according to company data.
Flutterwave did the payment integration for U.S. pop-star Cardi B’s 2019 performances in Nigeria and Ghana. Those are two of the countries in which the startup operates, in addition to South Africa, Uganda, Kenya, Tanzania, Zambia, the U.K. and Rwanda.
“We want to scale in all those markets and be the payment processor of choice,” GB said.
The company will hire more business development staff and expand its developer team to create more sector expertise, according to GB.
“Our business goes beyond payments. People don’t want to just make payments, they want to do something,” he said. And Fluterwave aims to offer more capabilities toward what those clients want to do in Africa.
Olugbenga Agboola, aka GB
“If you are a charity that wants to raise money for cancer research in Ghana, or you want to sell online, or you’re Cardi B…who wants to do concerts in Africa…we want to be able to set up payments, write the code and create the platform for those needs,” GB explained.
That also means Flutterwave, which built its early client base across global companies, aims to serve smaller African businesses, including startups. Current customers include African-founded tech companies, such as moto ride-hail venture Max.ng.
The new round makes Flutterwave the payment provider for Worldpay in Africa.
In 2019, Worldpay was acquired for a reported $35 billion by FIS, a U.S. financial services provider. At the time of the purchase, it was projected the two companies would generate revenues of $12 billion annually, yet neither has notable presence in Africa.
Therein lies the benefit of collaborating with Flutterwave.
FIS’s Head of Ventures Joon Cho confirmed the partnership with TechCrunch. FIS also backed Flutterwave’s $35 million Series B. US VC firms Greycroft and eVentures led the round, with participation of Visa, Green Visor and African fund CRE Venture Capital.
Flutterwave’s latest funding brings the company’s total investment to $55 million and follows a year in which the fintech venture announced a series of weighty partnerships.
In July 2019, the startup joined forces with Chinese e-commerce company Alibaba’s Alipay to offer digital payments between Africa and China.
Flutterwave’s $35 million round and latest partnership are among the reasons the startup has become a standout in Africa’s digital-finance landscape.
As a sector, fintech gains the bulk of dealflow and the majority of startup capital flowing to African startups annually. VC to Africa totaled $1.35 billion in 2019, according to WeeTracker’s latest stats.
While a number of payment startups and products have scaled — see Paga in Nigeria and M-Pesa in Kenya — the majority of the continent’s fintech companies are P2P in focus and segregated to one or two markets.
Flutterwave’s platform has served the increased B2B business payment needs spurred by the decade of growth and reform that has occurred in Africa’s core economies.
The value the startup has created is underscored not just by transactional volume the company generates, but the partnerships it has attracted.
A growing list of the masters of the payment universe — Visa, Alipay, Worldpay — have shown they need Flutterwave to do finance in Africa.
In films, TV shows and books — and even in video games where characters are designed to respond to user behavior — we don’t perceive characters as beings with whom we can establish two-way relationships. But that’s poised to change, at least in some use cases.
Interactive characters — fictional, virtual personas capable of personalized interactions — are defining new territory in entertainment. In my guide to the concept of “virtual beings,” I outlined two categories of these characters:
In a series of three interviews, I’m exploring the startup opportunities in both of these spaces in greater depth. First, Michael Dempsey, a partner at VC firm Compound who has blogged extensively about digital characters, avatars and animation, offers his perspective as an investor hunting for startup opportunities within these spaces.