PAYMENT SECURITY
NEERAJ
pooja@techpulsemea.com sales@techpulsemea.com
Dear Readers,
In today’s hyperconnected financial ecosystem, trust has become the ultimate currency. The accelerating shift toward digital payments, decentralized finance, and instant transactions has unlocked unprecedented convenience and global reach — but it has also opened new gateways for cyber threats, fraud, and large-scale data breaches.
This issue of Payment Security leaders is dedicated to exploring the evolving landscape of payment security — a topic that now sits at the intersection of finance, technology, and consumer confidence. We dive into the critical questions shaping the industry: How are financial institutions and fintech disruptors balancing speed and security? What role will innovations like tokenization, AI-powered fraud detection, and blockchain play in safeguarding tomorrow’s transactions? And how can stakeholders build trust in a market where one breach can erode years of brand equity?
From in-depth features on email tokenization and digital wallet security to expert insights on fraud mitigation in real-world deployments, this edition connects the dots between innovation and resilience. You will also find interviews, Op-ed and leadership opinion on highlighting
organizations that have successfully turned payment security into a competitive advantage — not just a compliance checkbox.
The financial world is evolving at breakneck speed, and with it, the threats are becoming more sophisticated. As you turn the pages, I invite you to consider not just the technology at play, but the human responsibility behind it: safeguarding the digital economy for every user, every transaction, and every moment that matters.
Because in payments, security is not just an IT function — it is the foundation of trust.
Dolly Lakhani
Dolly Lakhani
CEO & Chief Editor
Email - editor@techpulsemea.com Mobile - 0506741731
Pooja Panjwani
Co-founder & Managing Editor
Email - pooja@techpulsemea.com Mobile - 052 564 8788
Editorial: editor@techpulsemea.com
Business & Media Relations: pooja@techpulsemea.com sales@techpulsemea.com
COVER STORY
INTERVIEW
Mitigating Risks in Mobile Payments: The Role of MPoC Standard
Ruya - Ethical Business Banking
Direct Debit System FZ - Smart, Secure, and Paperless: How the UAE’s first Central Bank–licensed platform for paperless direct debit payments is ticking all the right boxes
Leading Bank - Payments in the cloud era: Threats, trust and transformation
Digital Scene: Mobile wallets, gateways & cashless future
Tokenisation: The hidden backbone of secure digital transactions in the UAE
HSBC - On building cyber trust in Mena’s fast-moving payment ecosystem
ZOHO - Why the future of B2B payment security will be predictive and AI-led
Zand - Why Next-Gen banking needs Next-Gen cybersecurity
Nitin Bhatnagar
Regional Director India, South Asia and Middle East
Mitigating Risks in Mobile Payments: The Role of MPoC Standard
The Middle East And Africa Mobile Payments Market size is estimated at USD 7.24 billion in 2025, and is expected to reach USD 36.61 billion by 2030, at a CAGR of 38.27% during the forecast period (2025-2030).
Widespread smartphone adoption is another significant driver of the growth in real-time payments in the GCC, where smartphone penetration rate is projected to rise from 76% in 2022 to 92% by 2030. Increasing mobile adoption means digital payments are easier than ever.
Emerging Risks in Mobile Payments
However, the rapid adoption of mobile payments presents new challenges, notably the risks of fraud and data breaches. Cybercrime in the Middle East is estimated to be causing significant financial losses, with average costs of data breaches reported at $8.75 million per incident, according to a study from IBM. These concerning statistics underscore the urgency for merchants to adopt robust standards and practices to combat these vulnerabilities. In this regard, the PCI Mobile Payment on Commer-
cial-Off-The-Shelf (MPoC) standards plays a pivotal role in ensuring security and reliability in this evolving landscape.
Nitin Bhatnagar
Regional Director India, South Asia and Middle East PCI Security Standards Council
PCI
Mobile
Payments
on
COTS
(MPoC) Standard Version 1.1 Now Available
The Council has published version 1.1 of the PCI Mobile Payments on COTS (MPoC) Standard, designed to support the evolution of mobile payment acceptance solutions. The PCI MPoC Standard version 1.1 provides increased flexibility in how payments are accepted and how COTS-based payment acceptance solutions can be developed, deployed, and maintained.
The Role of the MPoC Standard
The PCI MPoC standard has
been specifically designed to tackle the risks associated with using mobile devices as payment acceptance terminals. They outline a comprehensive set of requirements that enable merchants to accept payments via commodity mobile devices, such as smartphones and COTS devices. By enhancing existing protocols, the MPoC Standard provides versatility in transaction processing and significantly elevates security standards.
Get involved with PCI Security Standards Council
Collaboration is at the heart of the Council’s mission to help secure payment data globally. Participation in the PCI Security Standards Council is open globally to those affiliated with the payment card industry, including merchants, banks, processors, hardware and software developers, and point-of-sale vendors. You are invited to join our Participating Organization program and become part of our wonderful global community and attend PCI SSC Asia Pacific Community Meeting happening on 5th and 6th November in Bangkok, Thailand.
Digital Scene: Mobile wallets, gateways & cashless future
The UAE’s digital payments boom: Mobile wallets, gateways, and a cashless future
As the UAE charges toward a cashless future, its digital payments ecosystem is undergoing a dramatic transformation. Fuelled by a tech-savvy population, supportive regulation, and a thriving e-commerce sector, mobile wallets and payment gateways are not only reshaping how consumers transact, they’re redefining how businesses operate.
We deep dive into how mobile-first consumers and gateway innovation are accelerating the UAE’s shift toward a fully digital payment ecosystem.
Mobile Wallets Hit Critical Mass
Once a novelty, mobile wallets have now become a mainstream payment method across the Emirates. Solutions like Apple Pay, Samsung Wallet, Google Pay, and local players like Emirates Digital Wallet and Payit have seen exponential growth in user adoption. According to the UAE Central Bank, over 70% of the population now uses some form of digital wallet, with usage highest among millennials and Gen Z consumers.
“Digital wallets are the name of the game right now. Superapps are emerging rapidly, and legacy systems need to adapt quickly,” Tausif Ahmed, Country Leader MEA at Worldpay told media, highlighting the surge in wallet adoption and the shift toward holistic platforms.
Retail, F&B, utilities, and transport sectors have been early adopters. Even SMEs, historically cash-heavy, are now onboarding mobile payment solutions via QR codes and wallet integrations through POS systems.
Payment Gateways Powering the Ecosystem
Behind the scenes, a robust payment gateway infrastructure is powering this digital commerce revolution. Global players like Stripe, Checkout.com, Amazon Payment Services, and Adyen, alongside regional providers like Telr, PayTabs, and Network International, are competing to offer faster, more secure, and localised transaction capabilities.
According to Khalil Alami, CEO of Telr, the true value of a payment gateway lies not just in handling payments, but in providing insights that strengthen business strategy and customer engagement
“We believe the right payment gateway doesn’t just process payments, it empowers smarter decisions, stronger relationships, and sustainable growth,” he was quoted as saying, underscoring how modern gateways deliver analytics and customer insights.
The evolution of API-based integrations, real-time settlement features, and tokenisation has also reduced friction for merchants and consumers alike, leading to higher checkout conversions and improved trust.
Consumer Habits Are Driving Change
Consumer behaviour in the UAE has matured rapidly, especially post-Covid. A Mastercard survey revealed that 90% of UAE consumers tried at least one new digital payment method in the past year, with mobile wallets, BNPL (Buy Now Pay Later), and cryptocurrency leading the charge.
Key factors influencing this shift include:
• Digital-first lifestyle: Mobile usage remains among the highest in the world, with over 99% smartphone penetration.
• Smart city initiatives: Dubai and Abu Dhabi’s digital economy strategies are promoting cashless adoption across public services.
• Financial inclusion: Wallets and fintech apps are reaching unbanked and underbanked populations, especially among blue-collar workers.
Regulatory Clarity Fuels Innovation
The Central Bank of the UAE has played a proactive role in regulating the fintech and payment sector. Initiatives like the Stored Value Facilities Regulation, Retail Payment Services and Card Schemes Regulation, and more recently, Payment Token Services Regulation (2024), have provided a clear framework for digital payment providers to operate and innovate securely.
With the launch of Aani, the UAE’s instant payment platform, real-time fund transfers between banks and wallets are now possible, a move that’s expected to deepen adoption further.
On the supportive UAE environment, Sacha Haider, Chief Strategy Officer at AstraTech, noted that FinTechs enjoy “insane access, there’s a cocreation between companies and the regulator around what the regulation should look like.”
What’s Next?
Looking ahead, experts predict strong growth in:
• Super apps that bundle payments, commerce, and banking
• AI-powered fraud prevention
• Cross-border payments integration, especially with GCC and South Asia
• Embedded finance in retail and travel ecosystems
For businesses, this means adapting quickly. Offering seamless digital
payment options is no longer a competitive edge, it’s a necessity. Payment gateways must not only integrate mobile wallets but also prepare for emerging formats like digital dirhams, blockchain-based settlements, and biometric verification.
Sidebar: 5
Key Trends Driving UAE’s Digital Payments
1. Mobile Wallet Adoption – Over 70% penetration led by youth and expats
2. Rise of Regional Gateways –Players like PayTabs and Telr scaling in GCC
3. BNPL Growth – Tabby and Tamara expanding their merchant base rapidly
4. Real-Time Payments – Aani infrastructure modernising transfers
5. Regulatory Enablement – CBUAE frameworks attracting global fintechs
As the UAE moves steadily toward a cashless society, mobile wallets and digital gateways are no longer optional, they’re central to consumer experience and business continuity. For stakeholders across retail, banking, and fintech, the message is clear: digitise or be left behind.
The bank you wish you had
YOU FOCUS ON GROWTH, WE HANDLE THE REST.
ETHICAL BUSINESS BANKING
ruya offers tailored, Shari’ah-compliant banking solutions for SMEs and startups, combining ethical values with modern technology for efficient and transparent business finance management .
WHY CHOOSE ruya?
Digital Convenience
Manage your business, Anytime, Aywhere through app and web.
Shari’ah- Compliant
Ethical, Islamic banking solutions
Community Support
BUSINESS BANKING FEATURES
No Hidden Fees
Only AED 79/Month
No Minimum Balance/ Zero balance
Easy Setup
Upload documents online
Comprehensive Services Manage your finances on our digital platform
Ruya - Ethical Business Banking
fintech innovation. Early in my career, I helped lead digital transformation in Private Banking at Emirates NBD. It taught me that innovation must always be matched with operational stability and customer trust. Later, working with the Abu Dhabi Investment Office, I learned how ecosystem collaboration can enable innovation safely and effectively.
Q1. As the CEO of ruya, how do you see the role of leadership evolving in ensuring trust and security in the digital payment ecosystem?
In an era defined by real-time digital transactions and decentralised finance, leadership in banking must evolve beyond operational oversight. Today, it’s about setting a culture where trust and digital integrity are not just outcomes, but organisational defaults. As CEO, I view my role as the chief architect of trust - ensuring that every product we build and every interaction we enable is designed with security and ethics at its core. That means driving a “security-first” mindset across the organisation, investing in robust cybersecurity frameworks, and embedding real-time risk intelligence into the product lifecycle. It also means being
transparent with our customersexplaining clearly how we protect their data and money - and working collaboratively with regulators and fintech partners to strengthen ecosystem-wide defences. Leadership today is about leading from the front - not just approving security budgets but helping define how we build resilient infrastructure, anticipate emerging threats, and maintain customer confidence in every click and transaction.
Q2. What experiences or challenges in your career have had the biggest influence on how you approach innovation and risk in the banking and payments industry?
My perspective has been shaped by operating at the intersection of (traditional) banking, government and
But perhaps the most formative experience was launching a joint venture under G42, where speed, innovation and agility were the norm. That experience reinforced my belief that innovation must be designed with compliance, transparency and ethical resilience from the outset. These lessons now shape every initiative we launch at ruya. Whether it’s introducing cryptocurrency investments or expanding SME banking, we always ask: “How does this help our customer? And, how do we make this secure, inclusive and sustainable from day one?”
Q3. How do you balance the rapid demand for digital innovation with the need for robust payment security frameworks, especially in a highly regulated financial environment?
At ruya, our approach is simple but powerful: innovation and security are not trade-offs - they are interdependent. We embed “security by design” into every product. Our developers, technology partners, compliance officers and cybersecurity teams collaborate from the first whiteboard session to ensure innovations like digital gold, crypto access or real-time payments are fully aligned with regulatory expectations and our ethical standards.
We also adopt agile but controlled innovation practices. Limited pilots and phased rollouts help us test innovations in safe environments. Our strong relationships with UAE
Chris Headshot CEO of Ruya
regulators allow us to engage early, understand expectations and build frameworks that scale responsibly. Technologically, we explore the use of AI to detect fraud in real time and apply zero-trust security architecture across our infrastructure. And culturally, we’ve eliminated the “compliance vs. product” dynamic. Everyone - from engineers to marketers - understands that earning and maintaining our customer’s trust is what will define our long-term success.
Q4. In your opinion, what role do banks play in educating and protecting customers from emerging digital fraud tactics?
Banks are no longer just financial institutions - they’re also educators and guardians in the digital age. As threats evolve, so must our customer awareness initiatives. At ruya, we treat fraud education as a core service, not a side message.
From onboarding, we guide customers on safe digital behaviours - like never sharing OTPs or verifying communications. We run security tip campaigns, alert customers to new scam trends and use our social media to run bite-sized fraud awareness series. Beyond education, we also build in protection. Our systems use machine learning to flag suspicious transactions, we offer instant card lock features and our customer service teams are trained to act fast if something looks off.
We don’t expect customers to be cybersecurity experts - but we give them the tools, awareness and support to stay safe. Ultimately, secure customers are confident customersand that trust is what modern banking depends on.
Q5. Can you give us a brief overview of ruya and highlight how both individual consumers and businesses can benefit from banking with you?
ruya is the UAE’s digital-first Islamic community bank. We exist to provide ethical, inclusive and technology-en-
abled banking experiences that align with modern lifestyles and values. We launched in 2024 with a mobile-first approach and a commitment to fairness - no hidden fees, no minimum balances and account openings take less than five minutes using UAE PASS. For individual customers, we offer an intuitive app-based experience with features like savings pots, digital gold investment and even built-in cryptocurrency access - all developed within the framework of ethical Islamic banking. Our support model builds on real humans assisted by AI-enhanced services, ensuring that every userfrom student to senior - feels heard and supported.
For businesses, especially startups and SMEs, we’ve eliminated the pain points of traditional business banking. We offer seamless and fast account opening (including through direct partnerships with several licensing authorities and free zones), zero minimum balance, easy expense management tools and quick onboarding - even for freelancers. We’ve also built a browser-based business platform tailored for \founders who need financial services to keep up with their pace - not slow them down.
Whether you’re an entrepreneur launching a venture or a parent opening your child’s first savings account, ruya gives you modern banking with ethical roots.
Q6. Are there any specific offerings or initiatives from ruya designed to
support startups that you'd like to share with our readers?
Yes - supporting startups is core to ruya’s DNA. We’ve created a banking ecosystem that understands and removes the typical barriers that young businesses face. Through our partnerships, new companies can open business accounts instantly upon receiving their license - zero paperwork, zero delays, zero balance requirements.
We’re also the Digital Islamic Banking Partner of DIFC’s Ignyte programme. This gives startups priority onboarding, access to dedicated banking advisors and invitations to mentorship sessions where we help founders navigate everything from cash flow to compliance.
Our platform will include features that make life easier for startups: integrated invoicing, automated bookkeeping tools and tailored payment solutions for ecommerce. We’re also actively exploring ethical financing models like revenue-share and equity-based support, which align with Islamic principles and offer viable alternatives to interest-based loans.
At ruya, we see startups not just as customers but as partners in innovation. We believe that by helping new ventures launch and thrive, we’re fuelling a more dynamic, inclusive and resilient financial ecosystem across the UAE.
At ruya, my role as CEO is to ensure trust and security are at the heart of everything we do. We embed a security-first mindset into every product, combining innovation with ethical banking to give both individuals and businesses the confidence to thrive in a digital world.
Smart, Secure, and Paperless: How the UAE’s
first Central
Bank–licensed
platform for paperless direct
debit
payments is ticking all the right
boxes
Ummair Butt CEO of Direct Debit System FZ
Ummair Butt, CEO of Direct Debit System FZ LLC
In an increasingly digital world, payment systems must do more than move money, they must inspire trust, enable compliance, and offer frictionless user experiences. Few understand this challenge better than Ummair Butt, Founder and CEO of Direct Debit System FZ LLC (DDS), the UAE’s first Central Bank–licensed platform for paperless direct debit payments. From infrastructure and security to regulation and AI, Butt shares his insights on transforming the recurring payments landscape in the UAE.
Q1. What problem was DDS built to solve in the UAE’s digital payment space?
Ummair Butt: We built DDS to make recurring payments, like rent, school fees, and subscriptions, smarter, safer, and friction-free. In the UAE, these have traditionally relied on outdated systems like cheques or manual transfers. Our goal is to change that by providing a fully digital, legally compliant, and secure alternative.
Q2 Security is a major concern in
fintech. How did DDS approach infrastructure-level security differently?
Ummair: Very early on, we chose to move away from public cloud providers like AWS or Azure. Instead, we host our platform on a partially government-owned private cloud. This wasn’t the easiest or cheapest path, but it was the most secure. We’ve also outsourced cybersecurity entirely to our hosting partner, allowing us to meet stringent regulatory standards. Every transaction is processed in an isolated environment, separate from normal internet traffic. This level of infrastructure control is essential to building trust with both users and regulators.
Q3. How does DDS ensure compliance in a fast-moving regulatory environment?
Ummair: One of our most important innovations is our integration with UAEPASS, the UAE’s national digital identity system. Unlike many platforms that use UAEPASS only for login, we use it to digitally sign Direct Debit mandates. This means no paper, no couriers, and no manual signatures. The process is
legally binding and fully verifiable, aligned with the UAE’s digital transformation strategy. Compliance is built into the system, not tacked on.
Q4. AI is a buzzword in fintech. What’s DDS’s stance on using artificial intelligence in payments?
Ummair: AI has immense potential, particularly in fraud detection and transaction analysis, but it must be approached with caution. Payments are the backbone of trust in any economy. We believe AI should be the last layer integrated into core payment infrastructure, not the first. The UAE Central Bank’s involvement in shaping clear AI governance is essential. Innovation must never come at the cost of stability or public confidence.
Q5. Direct Debits have long existed in the UAE. What’s different about your approach?
Ummair: Direct Debits are legally recognised here, but underutilised. We’re changing that by making the user journey radically faster and simpler. Thanks to our UAEPASS-enabled app, users can complete the Direct Debit setup in under 60 seconds, sometimes in just 40. Once done, payments happen automatically on the due date, no reminders, no late fees, and no credit card charges. For businesses, it means predictable cash flow and reduced admin. For consumers, it’s frictionless convenience for an entire year.
DDS, led by CEO Ummair Butt, is the UAE’s first Central Bank–licensed paperless direct debit platform, making recurring payments secure, compliant, and instant.
Payments in the cloud era: Threats, trust and transformation
Harsh Daftary Head of Cloud Security at Leading Bank
From quantum threats to API explosion, leading cloud security expert Harsh Daftary explains why securing payments in the cloud is not just about technology, but about vision, vigilance and velocity.
Q1. What does cloud security mean in the context of a digital-first bank in today’s payment ecosystem? How has your role evolved with the growing reliance on digital payments and fintech integrations in the UAE?
Harsh Daftary: Cloud security in a digital-first bank is no longer just about protecting infrastructure. It’s about enabling safe innovation and improving trust at every digital touch point.
In the context of today’s payment ecosystem, where customers expect instant transactions and seamless experiences, cloud security plays a critical role in enabling speed without sacrificing control or compliance. My role has evolved significantly. A few years ago, cloud security was mostly about reviewing technical designs and ensuring alignment with policy.
Today, it’s much more integrated into the business. I work closely with product, architecture, compliance and even marketing teams to ensure that every digital initiative, from real-time payments to fintech onboarding, has security blended into it. This role has also become much more challenging due to varying interpretations of cloud compliance across jurisdictions.
The UAE’s rapid digital transformation and openness to fintech partnerships have made cloud security more dynamic and collaborative. We’re not just applying controls after the fact; we’re actively shaping how platforms are built by working as design partners with major cloud service providers, helping them build a feature roadmap more suitable for this region. This shift has also required stronger alignment with regulators, given the unique regional focus on data sovereignty and financial stability.
Q2. What are the unique cloud security challenges faced by banks operating in the GCC region compared to their global counterparts?
Harsh Daftary: Oh, plenty. For starters, Regulatory diversity and data sovereignty are two key challenges. In the GCC, there’s a strong emphasis on local data residency, and regulatory requirements can vary significantly between countries, even within the same region. A lot of cutting-edge technology from cloud service providers is not available in their local data centres in this region. Secondly, we don't have a single big cloud provider which has local data centres in all GCC countries, which results in multinational banks having to adopt different cloud providers wherever they operate.
Lastly, a major challenge is that cloud providers have their own definitions of what is risk and their share of ownership in shared responsibility models. This translates to non-uniform security controls, and juggling such a diverse range of controls becomes challenging as well as exciting, depending on how you look at it.
Q3. Let’s talk about payments in the Cloud Era. According to a 2024 IDC report, over 70% of banking infrastructure in the GCC is expected to be cloud-native by 2026. How prepared is your bank to fully migrate critical payment services to the cloud without compromising security, latency, or compliance?
Harsh Daftary: We’re not just preparing, we’re halfway down the runway, but we’re also cautious. Payments can’t tolerate latency or downtime. Imagine someone trying to pay your credit card bill on the last day, and the payment gateway times out? That’s a crisis. So we’re modernising in layers. This includes Edge hardening, deploying multi-region, multi-cloud architectures for high availability, using strong encryption, including a bring-your-own-key approach, automating security assurance with posture management tools and trying to keep tech stack uniform across providers, which should reduce, if not eliminate, surprises.
We’re also maintaining alignment with both internal governance and external regulatory frameworks before expanding any payment workloads in the cloud.
Q4 Your thoughts on API Explosion and Open Banking? As per estimates, the value of open banking transactions worldwide will grow by more than 500% between 2023 and 2027. It is expected to rise from $57 billion to $330 billion in this period. Another recent study highlights that open banking APIs are projected to grow at a CAGR of over 23% through 2027. How are you ensuring that open APIs, especially those linked to payment gateways, are secured without stifling innovation with fintech partners?
Harsh Daftary: Open Banking offers tremendous opportunities for collaboration and new services, but it also significantly increases the attack surface. The growth in API usage, especially in payment environments, demands a robust and ongoing governance and security framework.
We’ve implemented layered controls around APIs, including authentication, reducing SMS based OTP as mandated by CBUAE, rate limiting, anomaly detection and periodic security assessment. We also maintain strict onboarding and assessment processes with fintech partners for better supplier assurance, and ensure right-to-audit clauses as part of the contract. The key is to enable innovation while ensuring every integration point meets security and privacy standards.
Real-time payments bring significant benefits to customers and businesses, but they also compress the window for detecting and responding to threats. Security controls that once operated on hourly or daily cycles now need to function within minutes.
To adapt, we’ve focused on building a cloud security architecture that is both responsive and resilient. This includes real-time threat detection, automated policy enforcement, workload protection, micro segmentation and continuous validation ofconfigurations across cloud-native services.
Operationally, we’ve embedded security into CI/CD pipelines to ensure that every deployment aligns with our baseline controls. The shrinking settlement window leaves no room for manual processes, so automation and real-time telemetry are critical to maintaining both performance and protection in today’s payment environment.
Q5 With the UAE seeing over 35% year-on-year growth in real-time
payments (as per the Central Bank’s 2023 digital payment report), how are you adapting cloud security architecture to keep pace with the shrinking transaction settlement window and growing attack vectors?
Harsh Daftary: Yes, cloud misconfigurations remain one of the most common yet preventable causes of breaches. Unpatched systems come in as a close second. In payment environments, the stakes are even higher. My personal opinion is that for the next couple of years, this won't change. Misconfiguration essentially means cloud service providers have given the required options to harden the environment, and consumers haven't fully utilised those options, so you can't blame the provider in most cases. We’ve implemented automated guardrails to detect misconfigurations and attack path analysis. Although truth be told, remediation still remains a majorly manual process due to the risk of breaking something in production, but still, there are 20-30% cases where automated remediation is possible and totally doable.
This includes continuous auditing of storage permissions, IAM policies, network settings, and encryption configurations. We also perform regular posture reviews and use policy-as-code to enforce baseline standards across environments.
Q6 What about cloudmisconfigurations? Are they still the top threat? Recent reports by the Cloud Security Alliance continue to rank misconfigured cloud storage and IAM (identity and access management) settings as the number one cause of breaches. What proactive steps have you institutionalised to audit, alert, and auto-correct misconfigurations in real time, especially in high-risk payment
environments?
Harsh Daftary: We’ve adopted a multi-cloud strategy to ensure resilience, meet local compliance requirements, and avoid vendor lock-in. This approach brings clear benefits and also increases complexi ty. Hybrid architecture comes with a lot of nuances, which, if not managed properly, can turn into a security breach very quickly. From a security perspective, we’ve focused on standardising controls across cloud providers, ensuring visibility through centralised logging, and maintaining consistent identity & privileged access management.
Q7. A Gartner analysis suggests that over 65% of large financial institu tions globally are moving toward hybrid or multi-cloud strategies to support regional data sovereignty and resilience. How is your bank approaching cloud diversity, and what are the specific security implications for your payment operations?
Harsh Daftary: We’re monitoring developments in post-quantum cryptography closely. While quantum computing isn’t an immediate threat, in my opinion, we’re taking early steps to assess our cryptographic inventory, especially where long-lived payment data, credit/debit card PINs and certificates are involved. Some regulators have started asking for a Cryptographic bill of materials for the same reason.
We’ve begun working with vendors to understand their quantum readiness roadmaps and are factoring quantum resilience into our long-term cloud security strategy. Rethinking decades-old encryption standards isn't easy, and I don't recommend deciding in haste.
From API explosion to quantum threats, Harsh Daftary explains how UAE’s digital-first banks are blending vision, vigilance, and multi-cloud resilience to secure the future of payments without slowing innovation."
HSBC’s Ali Othman on building cyber trust in Mena’s fast-moving payment ecosystem
verification tools and poses a major challenge for financial institutions expanding services quickly to meet demand.
As the region continues its digital growth, the focus must remain on strong identity verification, real-time behavioral monitoring, threat intelligence sharing, and robust cybersecurity governance— especially across the expanding network of fintechs and cross-border payment channels.
Q2. As digital wallets and real-time payments gain traction, what are a few priorities that financial institutions should consider to strengthen their cyber defenses and secure these faster, frictionless payment channels?
Ali Othman
Cyber Security Country Head – HSBC
Q1. What are the biggest payment-related cyber threats currently facing the MENA region, particularly across high-growth markets like the UAE and Qatar?
In common with many high growth markets around the world, countries like the UAE and Qatar, where digital transformation is accelerating rapidly, the biggest payment-related cyber threats we’re seeing revolve around social engineering, business email compromise, and payment fraud enabled by stolen or spoofed identities As more consumers and businesses adopt digital banking, mobile wallets, and real-time payments, the surface area for attacks has expanded. Criminals are increasingly targeting individuals and employees—not just systems—through highly convincing phishing and smishing campaigns. These attacks often lead to unauthorized transfers, especially in cases where multi-factor authentication isn’t properly implemented or can be bypassed.
Another growing concern is fraud through compromised third-party
platforms, such as payment processors or fintech partners. In a region that thrives on innovation and collaboration, ensuring the cybersecurity posture of every link in the payment ecosystem is critical. A single weak link in a vendor or API integration can expose banks and customers to significant risks.
We’re also seeing emerging threats driven by AI, including deepfake-enabled fraud where criminals mimic voices or appearances to trick employees into approving payments or disclosing credentials. This technology is becoming more accessible, and the impersonations are increasingly difficult to spot in real time. Additionally, AI is being used by attackers to automate social engineering tactics, allowing them to craft highly personalized and scalable scams—particularly in targeting executives or finance staff responsible for payments.
Lastly, synthetic identity fraud—where cybercriminals use a mix of real and fake information to create new identities—is gaining traction. It’s difficult to detect using traditional
As digital wallets and real-time payments become more embedded in everyday life, financial institutions are working hard to offer speed and convenience—without compromising on security or trust.
That said, there is no one-size-fits-all approach. Each organization has its own level of digital maturity, regulatory environment, and customer expectations. From my perspective, one of the top priorities should be building greater confidence in digital identity. When payments happen in seconds, there’s very little time to validate who is behind a transaction. Financial institutions—large or small—are increasingly looking at smarter, adaptive ways to authenticate users without disrupting the customer experience.
I’m sharing here reflects my own perspective, but ultimately, every institution needs to assess its cybersecurity priorities in alignment with its business model, risk appetite, and operational structure.
With that in mind, here are a few areas that I believe are gaining importance:
1. Digital Identity Confidence
As payments become faster, identity becomes the frontline of defense. The fraud we’re seeing today is increasingly cyber-enabled—using stolen credentials, AI-generated deepfakes, or synthetic IDs. Institutions are now exploring smarter, layered ways to verify users that adapt in real time, helping distinguish genuine customers from sophisticated attackers.
2. Real-Time Fraud Awareness
The nature of fraud has shifted. It’s no longer just transactional—it’s behavioral. Institutions are investing in tools that can spot unusual activity or deviations from typical customer behavior and act before money leaves the system. The goal is to stop fraud in motion, without adding friction to every legitimate transaction.
3. Third-Party and Ecosystem Risk
Real-time payments often depend on a wider network of fintechs, payment gateways, and API integrations. A weakness in one part of the chain— whether technical or procedural—can be exploited by attackers to launch highly targeted fraud. More institutions are beginning to treat ecosystem security as a shared responsibility, with better oversight and clearer expectations from partners.
4. Cyber-Aware Customer Education
Cybercriminals increasingly rely on human error—tricking individuals into authorizing payments themselves through convincing messages, phone calls, or fake interfaces. More institutions are treating cyber awareness not just as an internal issue but as part of the customer experience—empowering users to spot fraud before it happens.
5. Balancing Innovation with Resilience
The push toward speed must be matched by resilience. This means ensuring the underlying infrastructure is secure, scalable, and ready to respond to both system faults and malicious activity. Fraudsters move fast—but recovery and customer trust can take much longer if things go wrong.
6. Preparing for Emerging Threats
We’re also seeing the early signs of how emerging technologies are being used to enable new types of fraud. AI is making social engineering more scalable and personalized—fraudsters can now craft convincing emails, voice messages, or even deepfake videos that mimic real individuals to deceive both customers and staff. These tactics are increasingly being used to target payment approvals, customer service channels, and internal operations.
On the horizon, quantum computing poses a longer-term challenge. While still in its early stages, it has the potential to eventually break current encryption standards, which could fundamentally change how we think about data protection and transaction
security. Institutions are starting to explore post-quantum cryptography and how to future-proof their infrastructure—especially those investing heavily in digital identity and secure payment platforms.
These threats may not be mainstream yet, but preparing for them early—through innovation labs, simulation exercises, and industry collaboration—is becoming a strategic priority for forward-looking financial institutions.
Again, these are areas I believe are becoming increasingly relevant, especially as fraud tactics become more digital and more deceptive. Each institution, though, will need to weigh these against its unique business and operational context. The goal isn’t just secure transactions—it’s secure relationships built on trust and resilience in a real-time world.
Q3. You head cyber security in five countries including UAE and Algeria. Help us understand how payment security vary across these countries?
The diversity across these markets is actually one of the most rewarding parts of the role. While countries like the UAE are at the forefront of digital finance—with real-time payments, digital wallets, and open banking already well-established—others, like Algeria, are still in earlier stages of digital adoption and are building solid foundations for secure financial inclusion.
In the UAE, the security conversation is very forward-looking. The focus is on proactive threat detection, safeguarding API ecosystems, and preparing for emerging risks like AI-enabled fraud. The regulatory environment is mature, and institutions are generally fast to adopt advanced tools and practices.
In Algeria, the momentum is different— but equally important. The shift toward digital payments is creating an opportunity to build cybersecurity in from the start, rather than layering it on
later. There’s strong government interest in modernizing the financial sector, and a growing appetite for secure, user-friendly digital services—particularly through mobile platforms.
From a cybersecurity leadership standpoint, the key is finding the right balance: keeping a unified vision and set of security principles across all countries, while adapting to each market’s local needs, regulatory context, and digital maturity. That means enabling innovation where it’s advanced, and supporting safe growth where it’s just taking off.
What unites all of these markets is a shared commitment to earning and maintaining customer trust—and cybersecurity plays a central role in that, regardless of where each country is on its digital journey.
Q4 How is HSBC approaching quantum-resilience planning or zero-trust architecture in the context of future-proofing payment infrastructure?
We at HSBC are embracing disruptive technologies to enhance our services, protect the bank and our customers, and unlock future innovation.
Quantum computing could revolutionise financial services in areas like portfolio optimisation, fraud detection and cybersecurity. HSBC has joined forces with leading technology providers and research laboratories to investigate the potential of applying quantum technologies to real world problems across the bank.
Quantum computers promise to deliver a step-change in computational power, with the potential to tackle highly complex tasks far beyond the capabilities of today’s machines. It is estimated that this cutting-edge technology could reach USD1.3 trillion in value by 20351, with two-thirds of these gains to come from financial services.
Ali Othman
shares how HSBC is tackling fraud, securing digital identities, adapting to MENA markets, and building quantum-resilient, zero-trust payment systems for the future.
Why the future of B2B payment security will be predictive and AI-led
Prashant Ganti, Vice President – Global Product Strategy, Development and Alliances, Finance and Operations BU at Zoho
Q1 What are the most common vulnerabilities you’ve observed in today’s payment gateway systems, especially in B2B settings?
Prashant Ganti: In the UAE, we’re witnessing the rapid adoption of digital payments due to the convenience they offer. However, in B2B environments, there are specific vulnerabilities businesses need to watch for, chiefly API exposure, weak authentication protocols, and insecure system integrations. Many companies still use static credentials or shared keys, which are highly prone to misuse and theft. What’s more, B2B transactions are generally higher in value and complexity, making them a lucrative target for fraudsters.
Q2. Which types of payment fraud are growing fastest in the B2B space right now?
Invoice fraud is quite prevalent; fraudsters create fake invoices with falsified payment details. Business Email Compromise (BEC) is another
major threat, where attackers hack into email accounts and send out seemingly legitimate payment requests. There’s also chargeback fraud, where bad actors falsely dispute legitimate transactions to reclaim funds. In the UAE, high volumes of cross-border payments further complicate things, making it harder to detect these incidents in real time.
Q3. What are the unique challenges of securing cross-border B2B payments in the MEA region?
Payment infrastructure varies widely across the MEA region. A business operating in the UAE might deal with customers or vendors in countries where identity verification tools or real-time fraud detection are not as robust. Add to that the complexities of regulatory mismatches and inconsistent banking standards, and you have slower settlements and increased fraud risk, especially for companies heavily reliant on international partnerships.
Q4. Is blockchain solving problems in B2B payments, or is it still mostly hype?
Blockchain holds real promise, especially for cross-border B2B transactions. Its ability to ensure traceability, security, and near real-time settlement is valuable for reducing fraud and third-party reliance. However, widespread adoption is still a few years away. For blockchain to scale in the B2B segment, we need strong regulatory oversight and clear data governance frameworks. Businesses want clarity on how to stay compliant before they commit fully to blockchain-based systems.
Q5. What do you see as the future of secure B2B payments over the next three years?
We’re already moving toward less reliance on manual controls. Payment systems are increasingly embedding security at every layer, using AI, tokenisation, and contextual fraud detection. Over the next few years, we’ll see predictive analytics and continuous authentication becoming standard. Businesses will start to adopt more adaptive and intelligent systems that assess risk in real time and offer proactive fraud prevention.
Insights on B2B payment vulnerabilities, growing fraud risks, cross-border security challenges, blockchain potential, and the AI-driven future of secure transactions.
Zand’s CISO Hussain AlKhalsan shares why Next-Gen banking needs Next-Gen cybersecurity
areas that directly benefit customers and internal productivity.
We emphasize that every AI deployment at Zand is governed by robust cybersecurity and ethical reviews. We don’t just plug in an AI and let it run unchecked. Data and access to and from AI models are carefully controlled, serving the use case.
Q4. How do you envision cybersecurity evolving in the next 3-5 years, particularly in response to developments in payment processes, the introduction of stablecoins, advancements in remittances, and the growing adoption of crypto payments?
Hussain AlKhalsan Chief Information Security Officer (CISO) at Zand
Q1. Can you share a brief overview of your professional journey and how your experience shaped your approach to cybersecurity at Zand?
My professional journey in cybersecurity has been shaped by technical expertise, strategic leadership, and a deep understanding of the evolving challenges in the financial sector.
founding Chief Information Security Officer (CISO). Stepping into a leadership role at a new, fully digital bank allowed me to apply lessons learned from traditional banking and “greenfield” innovations alike.
Q2. How does Zand differentiate itself from other players in the UAE and regional Fintech ecosystem?
Looking ahead 3 to 5 years, I anticipate seismic shifts in the financial industry’s technology, and cybersecurity will have to evolve in lockstep to address emerging trends.
The threats and technologies are evolving so fast that what kept you safe last year might not be enough next year. We anticipate, we simulate, and we prioritize resilience.
Zand’s strategy is to stay ahead of the curve, and investing in the right technology and talent are key to ensure we are prepared for what’s next.
I began my career in the mid-2000s in IT and security roles and rose through the ranks from IT field engineering to information security and governance. I progressed through multiple roles, to Head of Technology Risk by 2018, where I managed cybersecurity and technology risk during a period of rapid digital transformation. This experience provided me with a holistic view of the security challenges, blending hands-on technical expertise with high-level strategic oversight.
In June 2019, I joined Zand as its
Zand sets itself apart through innovation, speed, and a digital-first philosophy. The agility of a startup is baked into Zand’s culture. In essence, Zand is a Fintech with a full banking license: we experiment, learn, and adapt faster, giving us a first-mover advantage in bringing new ideas and innovations to the market.
Q3. How does Zand balance between leveraging AI to enhance operational efficiency and ensuring robust cybersecurity measures?
With great power comes great responsibility. Zand leverages AI in
From pioneering digital banking at Zand to navigating AI, crypto, and evolving payment security, this interview explores innovation, resilience, and the future of cybersecurity.
Tokenisation: The hidden backbone of secure digital transactions in the UAE
Tokenisation: The hidden backbone of secure digital transactions in the UAE
As the UAE pushes forward with its digital transformation agenda, one technology has quietly emerged as a critical enabler of safe, seamless, and scalable financial experiences: Tokenisation. In an era where payments are increasingly instant, mobile-led, and API-connected, tokenisation provides the invisible infrastructure that makes it all possible, replacing sensitive customer data with secure, irreversible tokens that can move across systems without exposing vulnerabilities.
While the concept has been around for some time, its adoption across the UAE’s banking and fintech landscape is accelerating, particularly as institutions and regulators align on open finance, cross-border payments, and real-world asset tokenisation.
Mark Nelsen, Visa’s Senior Vice President of Digital Payments, describes tokenisation as “a critical layer that protects businesses and builds consumer trust in an increasingly connected ecosystem.” This is more than a security tool, it’s the engine behind everything from mobile wallets and tap-to-pay services to stablecoins and blockchain-anchored real estate transfers.
Reducing fraud payments
Tokenised payments offer not just security but performance: Visa reports tokenised transactions reduce fraud by up to 30% and improve authorisation rates by 4 to 6%, especially in e-commerce and subscription services. What’s more, tokenisation enables consistent payments across devices, meaning a consumer can begin a transaction on
their phone and complete it on a wearable or voice assistant without disruption, something increasingly important in mobile-first markets like the UAE.
One of the most ambitious real-world applications of tokenisation can be seen in the UAE’s own instant payment platform, Aani. Developed by Al Etihad Payments and implemented with technology partner Accenture, Aani facilitates 24/7 QR and mobile number-based payments between individuals and businesses without the need for IBANs or traditional card networks. As of 2025, it has been adopted by 57 banks and fintechs and now serves over 1.5 million users.
“We designed Aani to power the UAE’s digital economy, fast, inclusive, and secure,” says Jan Pilbauer, CEO of Al Etihad Payments. Tokenisation is deeply embedded in Aani’s infrastructure, protecting both consumers and merchants while enabling scalable, real-time innovation across the financial system.
The UAE – a leader in tokenisation
But the technology’s potential doesn’t end with payments. The UAE is quickly becoming a leader in the tokenisation of real-world assets, everything from real estate to commodities to stablecoins. The Dubai Land Department, in collaboration with VARA and blockchain infrastructure providers, has launched initiatives to issue real estate title deeds and fractional property investments on-chain.
Meanwhile, financial heavyweights like FAB, IHC, and ADQ have introduced AE Coin, a dirham-pegged stablecoin designed for B2B and institutional settlements, a move that lays the groundwork for programmable
finance and blockchain-native capital markets. These tokenised assets are not simply secure — they’re interoperable, automatable, and transparent by design, aligning perfectly with the UAE’s ambition to be a global leader in digital asset regulation and infrastructure.
At the consumer level, UAE-based fintech Ziina offers another compelling case study. The peer-to-peer payments platform, now licensed as a Stored Value Facility (SVF) provider by the UAE Central Bank, relies heavily on tokenised rails to secure transactions and user data. Ziina allows users to send money using just a phone number and recently rolled out QR code payments for freelancers, SMEs, and event vendors. With over 50,000 users and backing from top-tier VCs, Ziina has integrated tokenisation to build not only trust but operational efficiency, cutting fraud risk, simplifying credential management, and ensuring the business is audit-ready as it scales.
Enabling business models
As tokenisation moves deeper into the financial stack, its role is shifting from a fraud-prevention tool to a strategic enabler of business models. UAE regulators have anticipated this. The Central Bank’s Payment Token Services Regulation (PTSR), issued in 2024, now governs the issuance and acceptance of tokenised digital assets, aligning the market with international security frameworks while creating pathways for asset-backed token products to go mainstream.
Similarly, the introduction of Visa’s Tokenised Asset Platform (VTAP) into MENA opens the door to minting bank-grade tokens that can plug into real-world payments, loyalty
programs, and even blockchainbased lending.
For B2B leaders and fintech innovators, the implications are clear. Tokenisation must now be designed into every stage of the transaction journey, from the point of initiation on a smartphone or API call, through routing via gateways or rails, to final settlement in fiat or tokens.
Organisations that integrate token lifecycle management, token vault architecture, and multi-device mapping today will be better positioned to enable the next wave of programmable finance tomorrow. Whether you're operating a payment gateway, launching a digital wallet, or enabling real estate on-chain, tokenisation is the layer that turns trust into traction.
In a financial landscape where speed, security, and scale are all critical, tokenisation is emerging not just as the best practice, but as the backbone. And in the UAE, a country
that’s building for a digital-first, cross-border future, it may well be the single most important pillar supporting the next decade of fintech innovation.
Sidebars for the story:
What is Tokenisation?
A security process that replaces sensitive data (like credit card numbers or account details) with non-sensitive tokens that are useless if breached but functionally equivalent in payment flows.
Why It Matters
• 26–30% lower fraud rates vs. traditional card data
• 4–6% increase in payment approval rates
• Up to 80% reduction in PCI-DSS compliance scope (Sources: Visa, Mastercard, Tokeny)
UAE Tokenisation in Action
• Aani: Real-time, tokenised payments across 57+ banks
• Ziina: Peer-to-peer app using tokenisation for secure, card-free transfers
• AE Coin (FAB/IHC/ADQ): Stablecoin infrastructure for tokenised B2B settlement
• Dubai Land Department: Real estate title deeds going on-chain using tokenised assets
For B2B Leaders
• Integrate tokenisation across mobile, web, and backend APIs
• Adopt token lifecycle management tools (e.g., auto card-updater)
• Prepare for token-based asset issuance (real estate, loyalty, etc.)
• Align with UAE’s CBUAE and VARA tokenisation frameworks
Pioneering the Future of Web3: An Interview with Gabriel Medig, Visionary Behind Web3 Expo Dubai
Q1. Pioneering the Future of Web3: An Interview with Gabriel Medig, Visionary Behind Web3 Expo Dubai
As Dubai cements its place as a global hub for innovation and digital assets, one event is fast becoming the epicenter for Web3, blockchain, AI, and tokenization: Web3 Expo 2025. At the heart of this movement is Gabriel Medig, an entrepreneur whose personal reputation, work ethic, and deep-rooted belief in meaningful innovation are driving a world-class event designed to leave a lasting legacy in the Web3 space.
We sat down with Gabriel to discuss his journey, his commitment to building something greater than himself, and what attendees can expect at this year’s edition of the Web3 Expo.
Q2. Gabriel, you’ve worked across multiple industries, but now you’re focused on Web3. What inspired this shift?
Gabriel: For me, Web3 isn’t just another trend — it represents a fundamental shift in how we interact with technology, ownership, and value. I’ve always believed in building things that matter, and after years of working in emerging industries, I saw in Web3 the potential to reshape finance, data ownership, and digital identity. This is not just innovation — it's evolution. My decision to put my name, time, and credibility behind this movement is based on a deep conviction that the world is changing, and I want to help shape that change.
Q3. The Web3 Expo has already gained attention globally. What makes the 2025 edition different?
Gabriel: Web3 Expo 2025 isn’t about buzzwords. It’s about execution. We're curating a platform that brings together real builders, regulators, VCs, governments, and visionaries — not just to talk, but to build the future together. We're highlighting the tokenization of real estate, on-chain finance, AI integration, and more.
This year, we’ve taken it to a whole new level: more stages, more curated panels, a strong presence of regulators
like VARA and DLD, and a commitment to inclusivity, including a dedicated segment spotlighting Women in Web3.
Q4. You’ve mentioned putting your reputation on the line for this event. What drives that level of commitment?
Gabriel: Legacy. A lot of people talk, few take real risks. For me, I’m not here to run another tech event. I’m building something that represents trust, integrity, and vision — and that requires putting everything on the table, including my reputation. If I believe in something, I give it my all. I want people to look back in five years and say, “Web3 Expo Dubai changed everything.”
Q5. Let’s talk about your personal journey. How have your past experiences shaped your approach to building this event?
Gabriel: I’ve always been independent, always believed in facing life’s challenges head-on. I left home early, built businesses from scratch, made mistakes, learned fast, and evolved. Every decision I make today comes from a place of strategy, values, and understanding people. That’s why I treat this Expo as more than a business — it’s a reflection of my discipline, my analytical approach, and my belief in creating impact over hype.
Q6. What kind of community are you hoping to build around the Web3 Expo?
Gabriel:One that’s driven by action. I want to empower the real builders — the ones staying up at night writing code, solving regulatory problems, designing token economies, or raising capital for real use cases. I want this to be a place where deals are made, ideas come to life, and leaders emerge.
It’s also about values — loyalty, respect, and purpose. Web3 without values is just noise. I want to set a new standard for what community can mean in this space.
Q7. What would your message be to someone thinking of attending or supporting the Web3 Expo?
Gabriel: Don’t just watch history happen — be part of it. Whether you’re an investor, a founder, a developer, or someone who wants to be on the right side of technological progress, Web3 Expo 2025 is where you need to be. It’s not just about exposure — it’s about connection, execution, and legacy.
Closing Statement:
As the Web3 world watches Dubai with growing anticipation, Gabriel Medig is proving that real leadership is about action, not promises. With Web3 Expo 2025, he’s not just building an event — he’s shaping a future grounded in trust, innovation, and long-term impact.
At Web3 Expo 2025, our mission is to lead with trust, security, and innovation — empowering individuals and businesses through tokenisation and ethical digital solutions that shape a smarter financial future.
Securing the Future of ePayments
Anchal Choubey Head of GRC and IT
In today’s fast-paced digital world, electronic payments have become more than just a convenience; they’re the lifeline of modern business. Whether it’s a quick tap of a card or an international transfer powered by blockchain, the way we move money is being reshaped like never before. But with this rapid growth comes a new wave of challenges.
Why Payment Security Matters More Than Ever
A recent 2025 report by the GCC Financial Technology Council revealed a worrying trend: cyberattacks on payment systems rose by 28% in just one year. The most common issues? Phishing scams, identity theft, and fraud targeting payment gateways. In this high-speed digital environment, keeping payment systems secure isn’t just an IT problem anymore, it’s a top priority for leadership teams.
A New Approach to Keeping Payments Safe
Gone are the days when simple firewalls and password protection were enough. Today’s security efforts are smarter, faster, and built to stay one step ahead of criminals. Some key developments include:
• Smarter Fraud Detection: Modern systems now use artificial intelligence to spot unusual patterns and stop suspicious transactions as they happen.
• Biometric Security: Face recognition, fingerprint scanning, and even voice ID are making it harder for fraudsters to imper sonate users.
• Zero Trust Thinking: Instead of assuming trusted users are always safe, banks and fintechs are verifying every transaction and access point, every time.
Fintechs Leading the Charge
New age fintech companies in the region are designing their systems with security at the core. UAE-based players like Tabby, Tamara, and Telr are building strong protection into
their platforms from the start, using smart authentication methods and encrypted data to keep users safe.
At the same time, cybersecurity firms like DarkMatter, Group-IB, and Paladion are stepping in as trusted partners, offering advanced tools to detect threats early and respond quickly.
One standout example: Dubai’s PaySafe Gulf successfully blocked a major cyberattack in early 2025. The attack aimed to test thousands of stolen cards, but thanks to their AI-assisted monitoring system, it was stopped within minutes, without any customer impact.
Challenges That Still Remain
Even with all the progress, there are still some real-world issues that need attention:
• Complex Rules Across Borders: Companies dealing with international payments face a maze of different regulations, which can slow things down or increase risk.
• Open Banking Risks: As systems become more connected through APIs (the digital pipelines between services), hackers have more ways to sneak in.
• Human Mistakes: Weak passwords and falling for phishing emails remain common problems, even in 2025.
What the Future Holds
Looking ahead, the payments industry is preparing for even bigger changes:
• Quantum-Proof Encryption: As quantum computers become more powerful, there’s a push to future-proof encryption methods.
• Smarter Compliance Tools (RegTech): Automating how companies follow rules will make compliance easier and more accurate.
• Decentralised Digital ID: Giving users more control over their identity information, so it’s secure
and shared only when necessary.
In the UAE, the Central Bank’s Financial Infrastructure Transformation (FIT) Programme is already laying the foundation. New initiatives like instant payments, national digital IDs, and real-time fraud detection are helping the country as a digital payments leader in the region.
Security as a Competitive Advantage
In today’s digital marketplace, security isn’t just something that runs in the background, it’s a key factor that influences customer trust and business growth. Companies that can prove they’re serious about protecting their users will stand out from the crowd. As digital wallets, ‘Buy Now, Pay Later’ services, and AI-powered banking become everyday tools, one thing is clear: Innovation must go hand-in-hand with strong, smart security.
Because in the world of ePayments, trust is everything, and security is what builds it.
How next-gen payment systems are reshaping trust and transactions in hospitality
Konstantin Vladimirovich Tserazov
Strategic Business Consultant and former Senior Vice President at Otkritie Bank
In today's experience-driven economy, seamless payments have become as vital as service quality, especially in sectors like hospitality, where customer trust, speed, and data security define success.
Having served as Chief of the Board at Otkritie Broker and as Senior Vice President at Otkritie Bank, I’ve seen firsthand how the right payment infrastructure can directly impact both guest satisfaction and business performance. A simple tap-to-pay transaction at a Dubai hotel, for instance, can determine whether an international guest returns – or not. In a market where nearly 48% of hotel bookings are from overseas guests, real-time multi-currency support isn’t a bonu, it’s a necessity.
In Q1 2025, platforms like Adyen reported a 22% surge in multicurrency transaction volumes for the hospitality sector. This is largely driven by automated currency conversion that minimises fees and errors, while enhancing convenience for global travellers. Conversion fees have dropped by up to 15%, thanks to the integration of real-time exchange rate engines into payment gateways.
Artificial Intelligence (AI) is now playing a deeper role, moving beyond fraud detection to dynamic forecasting. It helps predict foreign currency demand, enabling a Parisian bistro or a Dubai lounge to offer frictionless payment options for guests from New York or Tokyo, all while reducing backend reconciliation costs.
Blockchain, meanwhile, is transitioning from buzzword to backend
enabler. TUI Group, for example, has rolled out blockchain-based booking and payment systems that eliminate intermediaries and enhance transparency. The result? Lower costs, increased transaction integrity, and improved consumer confidence.
But as payment ecosystems evolve, so do cyber threats. In 2024 alone, hospitality businesses experienced a 12% increase in cyber breaches, with each incident costing an average of $3.82 million. This has led to rapid adoption of AI-powered fraud detection systems and blockchain’s decentralised architecture to encrypt sensitive financial data.
Tokenisation, a security measure that replaces card details with encrypted tokens, is now used by roughly 80% of major hotel chains, reducing the risk of fraud by up to 33%. When combined with PCI DSS compliance and smart consent practices under frameworks like the GDPR and UAE’s Personal Data Protection Law (PDPL), these measures provide the transparency modern guests expect.
Regulatory alignment is no longer optional. GDPR-related fines topped €20 million in 2025, making compliance a core component of any payment strategy. Increasingly, hospitality
brands are using user-friendly interfaces at digital check-ins to secure guest consent for data storage and processing, ensuring legal and reputational safety.
In the end, payments are no longer a backend process, they’re part of the guest experience. For global hospitality players, investing in resilient, intelligent, and compliant payment systems is not just about staying competitive. It's about staying trustworthy.
You May Take My Money, But Not My Data!” – A Guide to Payment Security in the Retail Jungle
Vishal Vaghela CISO, Americana Restaurants
Note to Readers: “Working in the restaurants industry, I couldn’t resist seasoning this article on payment security with a few culinary references — bon appétit!”
Fortifying the Checkout:
In the dynamic world of retail, where transactions are the heartbeat of business, payment security isn't just a technical requirement—it's the bedrock of customer trust and a non-negotiable strategic imperative. Think of it this way: The modern digital retail ecosystem has turned into a bustling food court of threats, where cybercriminals loiter like freeloaders looking for a free lunch—your data. Securing payments in retail is like trying to keep a flock of highly motivated, digital magpies from pilfering shiny data points, all while ensuring your customers can still pay with the ease of a tap. It’s a delicate balance, to say the least!
In nearly two decades of navigating complex environments from banking vaults to government clouds, I’ve seen payment security go from “lock the vault” to “encrypt the pixels.” What once involved hiding PIN pads behind the cashier is now about taming APIs, firewalls, and blockchain algorithms—without losing your CEO and CFO’s patience or the customer’s trust. I've witnessed firsthand the dramatic evolution of payment security. From the early days of basic encryption to today's multi-layered defenses, the journey has been one of constant adaptation. This evolution, driven by increasingly sophisticated cyber threats and stringent regulatory demands, has laid crucial groundwork that the retail sector can, and must, leverage.
Let’s plate this up in three generous servings:
1. Major Challenges – Too Many Cooks in the Payment Kitchen
Operating across multiple geographies with ever expanding digital eco-system for food ordering for millions of customers, means juggling compliance, customer experience, and cybersecurity with the grace of a head chef flipping a Burger.
• Challenge 1: Fragmentation. Multiple Brands, Multiple Geographies, Multiple Channels (not to forget POS) – resulting in different payment methods, compliance regimes and consumer expectations. What’s kosher in Dubai may not be GDPR-compliant in Europe.
• Challenge 2: Shadow IT and Third Parties. With multiple vendors handling various services, mobile app integration, and fraud detection, it often feels like everyone brought their own knife to the kitchen—and no one washed it. This leads directly to the critical concern of vendor and third-party management in payment security.
• Challenge 3: Misalignment. Aligning an enterprise-wide cybersecurity strategy with board-level directives and overarching business goals, especially in fast-paced sectors like fintech and digital retail, is akin to conducting an orchestra where half the musicians are improvising. Boardroom KPIs focus on cost and speed, while security teams mumble about tokenization and risk scoring. Aligning both? That’s the real
soufflé—tricky to rise, easy to collapse. . The board wants growth; CISO’s need to show them how security enables it, rather than hinders it.
2. Key Risks – Things That Go ‘Phish’ in the Night
• Phishing & Account Takeovers. In a world where consumers reuse “password123” like it’s a family heirloom, account hijacks are inevitable. My favorite quote in cyber security is that “Hackers don’t break in but Login”. For that very reason, phishing is continue to be one of the widely used methods by attackers to not only deploy malware but for credentials theft mainly.
• Skimming & Man-in-theMiddle Attacks. Especially on mobile apps and web-based platforms, insecure integrations can leak payment data faster than soda from a shaken can.
• Third-party providers. I’ve seen businesses hand over payment operations to MSSPs like they’re outsourcing their karma. But unmanaged vendors can become the weakest links. Always remember, just because it’s cloud-based doesn’t mean it’s heaven-sent.
• Compliance blind spots. With regulations varying across North America, the Middle East, and Asia, regional compliance must be cooked into your security recipe from day one—not as a side dish.
3. Best Mitigation Strategies –Because Hope Is Not a Strategy
After years of securing payment systems across multimillion-dollar tech initiatives, I always start with residual risk—what’s left after controls. Help the business see that risk. Paint a picture, tell a story. Numbers alone won’t cut it. My strongest recommendation remains surprisingly simple: prioritize the foundational security controls. These are like comfort food—familiar, reliable, and nourishing. Yet, technical teams often chase the allure of complex, 'Michelin-star' solutions, overlooking the basics that truly sustain a secure environment, so Here’s my not-so-secret sauce for securing large-scale digital payment environments:
• Data tokenization and encryption - If the data isn't there to steal, or is unreadable if stolen, the battle is half won.
• Zero Trust & Microsegmentation – The foundational step in securing payment environments is to segregate systems that handle sensitive data. Under a Zero Trust model, never assume implicit trust—even between internal systems. For example, a server initiating communication with another at 3 a.m. or routing traffic through an unverified IP range should immediately raise red flags. Every connection must be explicitly verified, continuously monitored, and contextually validated.
• Robust fraud detection and prevention systems - often powered by AI and machine learning, are essential to identify anomalous transactions in real-time.
• Continuous vulnerability management and penetration testing - to ensure that any cracks in the armor are found and patched before malicious actors exploit them.
• Strong access controls and multi-factor authentication (MFA) - are non-negotiable to protect administrative
interfaces and sensitive data.
Final Bites – Chef’s Advice to Fellow CISOs
Having led payment security initiatives across North America, Asia, and the Middle East, one thing is clear: regional compliance regulations deeply shape how payment security strategies are designed and executed. For global retail organizations, success lies in adopting a flexible security framework—one that respects regional nuances without compromising global standards. Think of it as a universal security playbook, spoken in regional dialects.
In the ever-evolving buffet of payment technologies, resist the urge to try every new shiny tool (dish). Instead, focus on these three essentials:
1. Build security-first teams that speak business. - Train your team to say “risk to revenue” instead of “threat vector.” It changes the conversation—and the outcome.
2. Treat compliance as an outcome, not a checklist. When security is embedded by design, compliance follows naturally.
3. And finally, laugh oftenBecause if you can’t crack a joke about a DDoS attack during a board meeting, are you really wired for the breach-and-banter lifestyle?
In closing: Payment security isn’t just about stopping cybercriminals—it’s about building trust into every tap, click, and swipe. And trust, unlike card numbers, can’t be tokenized. Bon Appétit. Or should I say… Pay Appétit?
Carrier billing fraud: A silent digital threat to consumer trust
Sabu Thomas, Vice President, DVCOM Technology LLC
In the age of smartphones and seamless digital payments, convenience often comes at a hidden cost. One such cost is carrier billing fraud, a growing yet often overlooked threat that undermines consumer trust, disrupts digital commerce, and damages the reputation of mobile operators, brands, and even public figures. This is where Intact steps in. As a homegrown brand under DVCOM, Intact delivers advanced payment security solutions designed to protect the integrity of mobile transactions and restore confidence across the ecosystem.
What is carrier billing?
Carrier billing is an alternative payment channel that lets users make purchases by adding charges to their mobile phone bills. Designed to be a secure and seamless way to access digital content, from streaming services to gaming credits, it eliminates the need for credit cards or bank details. However, its simplicity and limited oversight have made it an attractive target for fraudsters looking to exploit unsuspecting users.
With a single, often accidental tap on a misleading advertisement (brand passing off, impersonation, malware, etc.), users are subscribed to paid services they never consented to. Some never receive a service at all, just recurring, unexplained charges on their monthly bill. In many cases, the victims have no idea how the charges got there, and worse, there’s no easy way to reverse it.
This fraud is often subtle but widespread, affecting consumers in large numbers. The culprits may be shady content providers, ad networks/ affiliates, or even bad actors hiding behind legitimate mobile apps. These digital tricksters operate in the grey areas of user consent, deploying tactics like auto-subscription banners,
hidden terms and conditions, and deceptive ‘one-click’ subscription mechanisms. Even Telco inventory like SMS and USSD push are being misused to acquire customers fraudulently.
The damage is more than financial. When trust in mobile billing erodes, the entire ecosystem suffers. Consumers become wary of legitimate services. Mobile operators, already under regulatory scrutiny, face reputational harm and pressure to process mass refunds and suffer churn. Meanwhile, brands caught in the crossfire, whether knowingly or not, see their credibility challenged.
In the digital world, trust is currency. And in the case of carrier billing, that trust is running dangerously low.
Intact’s Anti-Fraud Solutions for Carrier Billing
To protect this fragile ecosystem, Intact provides a comprehensive suite of tools designed to safeguard telcos, merchants, and consumers:
FraudScan: A powerful marketing monitoring tool that uncovers digital marketing campaigns violating Telco and regulatory guidelines. It offers telcos complete visibility into fraudulent promotions by their merchants/vendors, enabling quick corrective action and alignment with compliance standards.
FraudStop: A proactive anti-fraud engine that blocks backend fraud in carrier billing. It detects and prevents unauthorised activities like malware-driven auto-subscriptions, spoofing, and injection attacks, before consumers are affected.
CertifyEye: A smart proof-of-purchase system that captures the actual user journey leading to a carrier billing transaction. In case of customer complaints or regulatory investigations, CertifyEye provides irrefutable evidence of how the charge occurred, ensuring transparency and protection for all stakeholders.
Advertising Fr aud Erodes Br and Equit y
info@datavoiz com +971 4 887 3370 www dvcom ae
Demand For Transparency
It’s time for action. Mobile operators must enforce stricter guidelines. Regulatory authorities must demand greater transparency on actual recorded customer journeys than getting misled by generic and expected user journeys, which mostly is not the case in reality. Service providers, especially those advertising through third-party networks or affiliates, must take full responsibility for the placement and execution of their campaigns. It is
imperative that they actively ensure compliance and transparency to protect consumers and uphold the long-term sustainability of the Direct Carrier Billing (DCB) ecosystem.
Most importantly, consumers must be informed and empowered. They need clear visibility into how these scams operate, along with accessible self-care tools to view their transaction journeys and report fraudulent activity. Leaving users unaware and unprotected is no longer acceptable in a secure digital ecosystem.
– Sabu Thomas is the Vice President of DVCOM Technology LLC, a leading UAE-based tech distributor. He spearheads the company’s efforts to build secure and intelligent digital ecosystems across the Middle East and Africa. Under his leadership, DVCOM’s homegrown brand Intact has become a trusted provider of payment security solutions, helping telecom operators and service providers combat carrier billing fraud and strengthen consumer trust in mobile transactions.
Securing trust in a digital-first insurance marketplace
Neeraj Gupta CEO, Policybazaar.ae
In a region rapidly embracing a digital-first financial ecosystem, Policybazaar.ae is emerging as a model for how fintech-driven platforms can balance seamless user experiences with uncompromising security.
As digital payments become integral to everything from micro transactions to full-scale insurance policies, the company recognises that payment security is no longer a backend process; it is a strategic imperative.
The post-pandemic surge in digital adoption across the insurance landscape has unlocked new growth, but it has also opened the door to increasingly sophisticated cyber threats. Phishing, identity theft, bot-driven fraud, and ransomware now target platforms operating at the intersection of personal data and financial transactions. For Policybazaar.ae, which processes high volumes of real-time insurance purchases, renewals, and premium collections, security is not a checkbox. It’s mission-critical.
Operating in the UAE, an environment known for its tech-savvy consumers and robust regulatory oversight, Policybazaar.ae understands that any lapse in payment integrity or data protection can erode hard-earned consumer trust. The company's philosophy goes beyond digital convenience; it aims to offer what it calls "secure confidence.”
To that end, Policybazaar.ae has embedded security into the DNA of its platform. The architecture is built on PCI-DSS compliant payment gateways and enhanced through advanced tokenisation protocols that shield sensitive customer information. Their zero-trust framework replaces traditional perimeter-based security with a dynamic, identity-centric
approach that enables continuous authentication and real-time anomaly detection. Security at Policybazaar.ae is predictive, not reactive.
The company leverages real-time fraud analytics and AI-driven risk engines to monitor behavioural patterns across regions, devices, and user profiles. This proactive intelligence helps intercept threats before they escalate, ensuring that fraud attempts are neutralised without disrupting the user experience.
But the company’s approach doesn’t stop at technology. Policybazaar.ae sees cybersecurity as a shared cultural responsibility. Employees are trained extensively in data privacy and cyber hygiene. The platform collaborates closely with insurers, banks, and payment partners to maintain a unified front on compliance, fraud prevention, and operational resilience.
On the regulatory front, Policybazaar.ae engages actively with government bodies and industry forums, aligning its protocols with the Central Bank of the UAE, ESRB directives, and broader fintech governance across the region. This forward-looking alignment ensures that the platform not only meets today’s standards but also helps shape tomorrow’s best practices.
Looking ahead, the company is investing in next-gen security technologies, from behavioural biometrics and device fingerprinting to encrypted API ecosystems and blockchainbased smart contracts. These innovations aim to enhance transactional transparency, reduce claims fraud, and make payment
security both seamless for the user and invisible to bad actors.
At its core, Policybazaar.ae believes that today’s insurance customers seek more than digital efficiency; they demand digital assurance. And in this new era of real-time transactions and frictionless financial experiences, the company is committed to building not just an insurance marketplace but a fortress of trust.
Because in tomorrow’s fintech world, security isn’t just an enabler of growth, it’s the bedrock of customer loyalty and market leadership.
The Future of Digital Payments: Security, Speed and the Role of Smart Gateways Vinay Kuruvilla
Payment gateway expert
Industry leader Vinay Kuruvilla unpacks security, localisation, and what’s next for digital payments.”
Q1. What exactly is a payment gateway — and why does it matter to everyday users or small businesses today?
Think of payment gateways as the behind-the-scenes engine that powers your online transactions. In the past, they were invisible and purely functional. But today, especially in places like the UAE, where over 70% of people use digital wallets, gateways are the backbone of digital trust. They do a lot more than just process payments. They handle fraud protection, support local payment methods, manage subscriptions, and ensure your transaction goes through smoothly — all in a matter of milliseconds.
Q2. What’s the difference between traditional payment gateways and newer API-first ones?
Traditional gateways were built for an older world, mostly for card payments, with limited flexibility. Today’s API-first platforms are faster, smarter, and easier to integrate, especially for small businesses with lean tech teams. They give you more control, work seamlessly with other systems like ERPs and loyalty platforms, and make it easier to scale your business. In fast-moving markets like the Middle East, this flexibility is key.
Q3. How are real-time payments (RTP) changing the way we pay and get paid?
Real-time payments are speeding up how money moves, we’re talking instant transactions, not just for shopping, but for things like refunds, gig worker payouts, or SME disbursements.
But it’s not just about speed. Payment providers now have to manage fraud, compliance, and accurate settlement all in real time. Those who get this right will become critical infrastructure for the digital economy.
Q4. Why is integrating a payment
gateway sometimes harder than it looks?
On paper, it looks simple. But many businesses struggle with fragmented APIs, poor documentation, and local quirks in regulations or customer behaviour. What helps? Gateways that offer clear tools, localised support, and easy onboarding. Also, real human support when something breaks. At the end of the day, trust is what keeps users coming back.
Q5. Why does localisation matter when choosing a payment gateway?
Because no two markets are the same. A user in Dubai paying via STC Pay in Arabic expects a different experience than someone using GrabPay in Singapore. Gateways that support local currencies, languages, and preferred payment methods see higher conversion rates. Localisation is no longer a bonus; it’s a necessity for success in emerging markets.
Q6. What security features should consumers and businesses expect from payment processors in the UAE today?
Fraud has evolved; it’s no longer just about stolen cards. We’re talking deepfakes, social engineering, and fake identities. That’s why top processors in the UAE now use machine learning, tokenisation, behavioural biometrics, and device fingerprinting. The goal is to create invisible security: tough on fraud, easy on genuine users.
Q7. How do payment companies handle complex global regulations like GDPR or PCI DSS?
Compliance today is about building trust across different
countries with different laws. Smart processors build security and compliance into their architecture, from data encryption and tokenisation to privacy-by-design APIs. It’s not about checking boxes. It’s about being ready for what’s next, like open banking and Central Bank Digital Currencies (CBDCs).
Q8. What’s the difference between encryption and tokenisation in payment security?
Great question! Encryption protects your data while it’s moving. Tokenisation replaces sensitive data (like your card number) with a “token” that’s useless if stolen. For online shopping, subscriptions, or wallets, tokenisation keeps your data safe and makes compliance easier. It’s like sending an empty box that looks valuable to a thief; they get nothing.
Emirates and Crypto partner to explore digital payments in aviation
In a move that reflects both shifting customer preferences and the UAE’s broader fintech ambitions, Emirates
Airline has signed a Memorandum of Understanding (MoU) with leading global cryptocurrency platform Crypto.com to explore the integration of Crypto.com Pay into its digital payment infrastructure.
The partnership underscores Emirates' commitment to delivering flexible, tech-forward services while aligning with Dubai’s strategy to position itself as a global hub for cryptocurrency and blockchain innovation. The integration is expected to roll out next year, pending further development and compliance alignment.
The MoU was signed in the presence of Sheikh Ahmed bin Saeed Al Maktoum, Chairman and Chief Executive of Emirates Airline & Group, and Michael Doersam, Emirates’ Chief Financial & Group Services Officer. The agreement was formalised by Adnan Kazim, Emirates’ Deputy President and Chief Commercial Officer, and Mohammed Al Hakim, President of Crypto.com’s UAE operations.
“Partnering with Crypto.com to integrate cryptocurrency into our digital payments system reflects Emirates’ commitment to meeting evolving customer preferences,” said Adnan Kazim.
“It also enables us to connect with younger, tech-savvy travellers who increasingly prefer to transact in
digital currencies. This aligns with Dubai’s vision to lead in financial innovation, while enhancing customer choice and flexibility.”
Crypto.com Pay is a widely adopted crypto payment solution that allows users to settle purchases using major cryptocurrencies with real-time conversions. Through the partnership, Emirates will explore not only technical integration but also co-branded marketing campaigns to drive awareness and adoption of crypto payment options among global travellers.
“As we continue to expand real-world use cases for crypto, working with an iconic brand like Emirates brings significant momentum to the industry,” said Eric Anziani, President and COO of Crypto.com. “Together, we aim to offer innovative financial solutions while contributing to the region’s growing digital asset ecosystem.”
A Strategic Move in a Crypto-Friendly Ecosystem
This collaboration comes as Dubai cements its reputation as one of the most crypto-friendly cities in the world, backed by a progressive regulatory framework, strong public-private partnerships, and a rising number of businesses accepting digital assets. From luxury real estate developers to major telecom providers, cryptocurrency is becoming a legitimate payment option across
sectors.
For Emirates, the integration represents more than a payment alternative; it’s part of a wider digital transformation strategy that includes biometrics, self-service innovations, and contactless travel. The airline is looking to future-proof its customer experience by adopting technologies that enhance both convenience and trust.
While the crypto payment landscape remains subject to regulatory evolution, both Emirates and Crypto.com emphasise that the partnership will adhere to the highest standards of security, compliance, and user transparency.
DDF looking into digital payments
Dubai Duty Free, meanwhile, is exploring crypto payment options both in-store and online.
Managing Director Ramesh Cidambi highlighted the initiative as a forward-looking step to enhance convenience and choice for millions of global travellers.
The partnership also includes plans for joint marketing campaigns and customer engagement programmes.
Crypto.com’s President and COO, Eric Anziani, welcomed both agreements, calling them milestones in expanding real-world use cases for digital currencies in the region.
– By Michael Gomes
AMBIPAR and Ajman Bank Forge Strategic Partnership Toward a Joint Sustainability Journey
Ambipar Ajman Bank Partnership marks a major step in advancing the UAE’s sustainability agenda. This collaboration blends Ambipar’s carbon solutions with Ajman Bank’s sustainable finance strategy, aiming to accelerate the nation’s journey toward net zero while fostering green innovation in the banking sector.
This alliance represents much more than a collaboration: it is a shared commitment to the planet, uniting innovation, technology, and purpose around a clear mission: to accelerate the journey towards carbon neutrality, strengthening the role of the financial and environmental sectors in building a lasting green legacy. Together, Ambipar and Ajman Bank will seek areas of collaboration to integrate environmental services, carbon solutions, and innovative financial products, delivering tangible climate impact and market differentiation.
Key Pillars of the Partnership
Net Zero Strategy & Carbon Management: Ajman Bank and Ambipar will co-create a robust strategy and roadmap to mitigate and offset Scope 1, 2, and 3 emissions, supported by Ambipar’s expertise in carbon accounting, reduction planning, and blockchain-based traceability technologies, ensuring full transparency and international credibility.
Sustainable Finance & Green Products: The partnership will explore the launch of new green banking solutions, unprecedented in the regional market, including carbon-neutral credit cards, and green savings accounts, and areas in which customers will have the ability to offset their emissions in real-time via tokenized, high integrity, verified carbon credits generated through forest conservation projects.
Environmental Services for Operations: With a focus on tangible results, Ambipar and Ajman Bank will explore ways to improve waste management, zero-waste certification, environmental compliance, and emergency response services across its 12 branches.
Sustainability Centre of Excellence: Ajman Bank’s Sustainability Centre of
Excellence (SCoE) will pursue partnership with Ambipar to improve its capacity to to empower corporate clients to align their businesses with global sustainability and governance demands, offering decarbonization, ESG reporting, and regulatory compliance solutions.
Community Engagement: Ajman Bank with the support of Ambipar will consider adopting the “Green Path” initiative which will enable its clients to contribute to local tree planting, receive environmental certifications, and actively participate in building a regenerative future in the UAE.
“This collaboration with Ambipar represents a significant milestone for Ajman Bank as it strengthens its commitment to sustainability by actively engaging with global leaders in the field. Through this partnership, the bank reaffirms its dedication to responsible forward-thinking practices and also sets a clear path toward adopting and promoting leading sustainability standards. It underscores our continuous efforts to innovate, lead by example, and contribute to UAE’s global sustainability agenda” – Mustafa Khalfawi, CEO, Ajman Bank
“This partnership with Ajman Bank represents a powerful step forward in our mission to support the UAE’s journey toward net zero. We are honored to be chosen by Ajman Bank as their strategic sustainability partner and bring Ambipar’s global expertise to help advance environmental performance across the country’s financial and business sectors.
Together, we aim to make sustainability not just a goal, but a shared value embedded in everyday operations and decisions.” – Rafael Tello, President, Ambipar Middle East
“Ambipar’s mission is to support the construction of a world with net-zero emissions. Being alongside Ajman Bank on this journey is an honor and a responsibility we proudly embrace. Our commitment is clear: to transform intentions into concrete actions that make a difference for the climate, for business, and for future generations.”
A Regional First in Green Innovation
This visionary partnership positions Ajman Bank as a first-mover in joining hands with Ambipar in the region, reinforcing its leadership position within the UAE Banking sector. By aligning with Ambipar’s verified carbon and environmental services platform, Ajman Bank clients and stakeholders will benefit from world-class tools and transparent, traceable and auditable impact aligned with international climate goals.
The signing of a Memorandum of Understanding (MoU) took place on the 4th of August 2025, during a joint event at Ajman Bank’s headquarters, symbolizing a shared commitment to sustainable development in the UAE and beyond.
Through the Ambipar Ajman Bank Partnership, both companies reaffirm their dedication to providing significant carbon solutions and advancing UAE’s sustainable banking future.
EdfaPay cements position as MENA fintech leader with unprecedented triple PCI security certification
Riyadh, Saudi Arabia – EdfaPay, a pioneering digital payment solutions provider, today proudly announced a landmark achievement: securing the coveted "PCI Mobile Payments on COTS (MPoC) Solutions," "PCI MPoC Software," and "PCI MPoC Services" certifications from the esteemed PCI Security Standards Council (PCI SSC).
This monumental accomplishment positions EdfaPay as the first company in Saudi Arabia and the Middle East and North Africa (MENA) region to earn this prestigious triple recognition, firmly cementing its leadership and unwavering commitment to the highest standards of security and innovation in the rapidly evolving payments landscape.
The PCI MPoC Solutions certification establishes a global benchmark for the security of payment solutions operating on commercial off-the-shelf (COTS) devices. It assures that merchants can confidently and securely accept both contactless and PIN-based transactions. Complementing this, the PCI MPoC Software certification affirms EdfaPay's dedication to developing robust and secure foundational software in accordance with stringent PCI MPoC standards, thereby reinforcing confidence in the core technology underpinning its payment solutions. Furthermore, the PCI MPoC Services certification ensures that all supporting services—encompassing deployment, management, and maintenance—are conducted with the highest levels of security and compliance.
These triple certifications represent a strategic leap forward for EdfaPay, solidifying its role as a driving force for innovation and security within the MENA payments industry. This achievement will significantly contribute to the accelerated adoption of modern financial
technologies, paving the way for seamless, reliable, and secure payment experiences across the region.
"We are incredibly proud to be the first company in the Middle East and North Africa to achieve these pivotal PCI MPoC certifications," stated Ghormallah Al-Ghamdi, CEO and Co-Founder of EdfaPay. "This milestone is a testament to our relentless pursuit of excellence and our steadfast commitment to delivering cutting-edge digital payment solutions that are not only
for business growth and fostering unwavering trust within the payment ecosystem."
Since its inception, EdfaPay has been committed to empowering businesses with innovative payment solutions built around trust, transparency, and security. This significant milestone further consolidates its leadership position, setting the standard for fintech innovation and secure digital payments across the Middle East and North Africa.
About EdfaPay:
F5 Application Delivery and Security Platform Introduces Data Leakage Detection and Prevention for Securing AI Workloads
• New AI-powered data leakage detection and prevention functionality enables real-time protection of sensitive data to block unauthorized exposure and ensure compliance.
• F5 Application Delivery and Security Platform (ADSP) to introduce advanced visibility into encrypted traffic to enable defense against Shadow AI.
• Enhanced F5 AI Gateway delivers inline data classification, policy enforcement, and protection against emerging large language model (LLM) threats.
DUBAI, UAE – F5 (NASDAQ: FFIV), the global leader in delivering and securing every app and API, has announced new AI-driven capabilities for the F5 Application Delivery and Security Platform (ADSP). These updates provide organizations with advanced tools to secure sensitive data and manage AI-powered applications, including expanded capabilities in F5 AI Gateway to prevent data leaks and deliver cutting-edge AI data protection. Additionally, new functionality for F5 BIG-IP SSL Orchestrator is being introduced to classify and defend encrypted data in motion and block unapproved AI use.
The F5 ADSP is the industry’s most advanced solution to help organizations secure and deliver all applications, including those powered by AI, and address the complexities of hybrid multicloud infrastructures and their ever-evolving security and performance challenges. These enhancements reaffirm F5’s commitment to protecting modern, AI-driven infrastructures by enabling organizations to securely optimize, scale, and orchestrate AI applications.
Meeting Modern Data Protection Challenges
As businesses adopt AI and hybrid cloud technologies, sensitive data often moves across encrypted traffic and unapproved AI tools, creating security blind spots. Traditional
security methods struggle to detect or prevent data leaks from these complex environments. F5 answers this challenge with tools that allow organizations of all sizes to achieve key compliance and security outcomes, such as:
• Detect, classify, and stop data leaks in encrypted and AI-driven traffic in real time.
• Prevent risks from unauthorized AI use (Shadow AI) and sensitive data exposure.
• Apply consistent policies across applications, APIs, and AI services to maintain security and compliance.
“The core tension in every boardroom today is the race to adopt AI versus the mandate to protect the firm's data,” said Kunal Anand, Chief Innovation Officer at F5. “Forcing a choice between the two is a losing strategy. We're eliminating that choice. By providing deep visibility into encrypted AI conversations, we're giving leaders the controls to stop data leakage and govern AI use, effectively turning the CISO from a gatekeeper into the primary enabler of secure innovation.”
New Features and Capabilities in F5 AI Gateway
Data leakage detection and prevention capabilities are coming to F5 AI Gateway, planned for later this quarter, powered by technology F5 recently acquired from LeakSignal. This new functionality examines AI prompts and responses to spot sensitive data such as personal information and applies customerdefined policies to redact, block, or log it.
With the integration and ongoing development of this AI data protection technology, F5 expands its ability to inspect in-transit data, applying policies to secure sensitive information before it leaves the network. This addition simplifies compliance and reduces risk across hybrid and multicloud deployments.
Key new features include:
• Real-time detection of sensitive data during AI interactions.
• Policy enforcement to protect and redact sensitive data as it enters AI environments as well as protect data before it leaves approved environments.
• Detailed reports and audit logs integrated with SIEM tools. These updates directly address risks,
eToro Leverages AI to Redefine Social Investing
• AI-powered tools and APIs, enabling users to create AI powered strategies and dashboards.
• Open-garden marketplace will allow users to build, publish and access customized tools.
• AI Companion, Tori, answering questions, surfacing personalized insights and guiding users.
• Alpha portfolios tapping into eToro’s proprietary retail trading data.
• Community-powered innovation exemplified by acquisition of BullAware.
Dubai, United Arab Emirates eToro Group Ltd. (“eToro”, or the “Company”) (NASDAQ: ETOR), the trading and investing platform, announced today how the company is harnessing artificial intelligence to redefine social investing.
Yoni Assia, eToro’s Co-founder and CEO, commented: “There’s been a lot of talk about how AI will reshape investing. It’s not just speculation—it’s already happening. At eToro, we’re not waiting for the future to arrive. We’re building it.
“Market data in the palm of your hand and AI-agents that enlighten you with the most relevant and accurate insights tailored to your portfolio and needs. The ability to build tools that help you outperform the markets and invite others to use them.”
API Tools Powering the Creation of a Marketplace
eToro is launching a suite of AI-tools that will transform social investing by creating a community-built marketplace for investing built on top of eToro’s new public API. This marks a significant leap forward in the democratization of investing, arming retail traders and investors with sophisticated, AI powered capabilities previously only accessible to quantitative hedge funds.
The suite of AI-tools will initially be available to eToro’s Popular Investors, a subset of users who are a vetted group of top traders and investors who meet specific criteria and whose investment strategies can be copied by other users via eToro’s patented CopyTrader technology.
“This is about more than just AIgenerated insights,” continued Yoni Assia. “With these tools we’re not just democratizing access to markets and data, we’re democratizing innovation itself. Our community is at the heart of everything we do and we are proud to enable them to build AI-powered tools that combine social trading features with advanced charting and execution capabilities, offering an AI powered experience. We’re enabling our Popular Investors to innovate like top quantitative hedge funds and scale their impact within the eToro ecosystem.”
Popular Investors will have access to a range of AI-powered tools including an eToro MCP (Model Context Protocol), agent-based services and customizable apps and dashboards. These tools offer seamless access to eToro’s trading infrastructure and data, allowing Popular Investors to build tools for themselves and the eToro community. These tools can combine social trading features with advanced charting and execution capabilities.
The key capabilities which will be deployed include the ability to:
• Develop bespoke trading algorithms and automate strategies.
• Automate trade execution: AI-driven algorithms to execute trades with precision, minimizing latency and maximizing efficiency.
• Integrate real-time market data and third-party tools, including backtesting and advanced analytics, to identify trends and opportunities across stocks, crypto, and ETFs, in order to build investment strategies.
• Personalize portfolio optimization: Tailored recommendations based on risk profiles, market conditions, and user behavior.
• Create personalized dashboards for monitoring portfolios and market activity including sophisticated risk management tools, powered by AI including Value-at-Risk (VaR) analysis and portfolio stress testing.
• Interact with eToro’s social feed via customizable boiler plates e.g. rich media posts.
“We are unleashing the true potential of social investing. eToro becomes an open-garden marketplace built on top of eToro’s new public API enabling users to build, publish and access customized tools.” comments Yoni Assia.
