Acquisition Adds Third-Party Risk Assessment Capabilities
MasterCard is acquiring security startup RiskRecon for an undisclosed sum, the two companies announced Monday. The deal will now allow MasterCard to offer third-party risk assessment capabilities, as well as better protection for customer payment data.
While financial terms were not disclosed, the two companies are expected to close the deal in the first quarter of 2020.
RiskRecon, which is based in Salt Lake City, was founded in 2015 and has raised about $40 million in venture capital funds since it launched, according to information collected by CrunchBase. Investors include Accel, Dell Technologies Capital, General Catalyst and F-Prime Capital.
For financial services and payment companies such as MasterCard, offering more cybersecurity services to better protect consumer and business data is essential as threats, such as large-scale data breaches and ransomware attacks, continue to pose challenges for enterprises of all sizes (see: Ransomware Risk Management: 11 Essential Steps).
Through this acquisition, MasterCard will now be able to offer customers a way to assess the risks that third-parties pose by leveraging RiskRecon’s artificial intelligence and data analytics capabilities, says Ajay Bhalla, president of cyber and intelligence for Mastercard.
“Through a powerful combination of AI and data-driven advanced technology, RiskRecon offers an exciting opportunity to complement our existing strategy and technology to secure the cyber space,” Bhalla adds.
In a conversation at the 2019 RSA conference with Information Security Media Group’s Senior Vice President for Editorial Tom Field, RiskRecon CEO Kelly White explained that technologies such as cloud computing, machine learning and Internet of Things devices have expanded both the attack and risk surface, which makes assessing third-party risk more essential now than ever since these outside organizations have greater and greater access to an enterprise’s data.
RiskRecon CEO Kelly White
“The dramatic change is that organizations, while they are well-armed to protect their own internal enterprises, is that the risk surface has moved way beyond what’s happening within the walls of their own network and their org chart, [and] out to these third parties,” White told ISMG.
MasterCard’s Security Plans
The deal for RickRecon is the fourth major security acquisition that MasterCard has made over the past several years that has allowed the financial services and payment firm to expand its cybersecurity offerings.
In July 2017, MasterCard acquired software firm Brighterion to boost its AI capabilities. Earlier that same year, MasterCard also inked an agreement to buy NuData, which offers biometrics and fraud prevention tools.
In March, MasterCard announced a deal to buy Ethoca, which has been developing identity management and fraud prevention capabilities.
Taken together, these deals will now allow MasterCard to expand into other areas, such as healthcare payments, as well as provide new layers of protection and security when it comes to real-time and mobile payments, says Krista Tedder, a former MasterCard employee who is now the head of fraud management and cyber security research at analyst firm Javelin Strategy & Research.
“MasterCard’s acquisition of RiskRecon is the further continuation of the strategy to protect payments and data as the world becomes digitized,” Tedder tells ISMG. “Not only do companies have vulnerabilities which might be exploited, consumers also have multiple vulnerability points criminals can access. The need to provide a secure environment to manage digital identities, payments and other sensitive information needs to be a priority for every company.”
In the past several months, other companies have looked to expand their security capabilities through acquisitions.
In August, for instance, VMware, which is best known for its virtualization and hybrid cloud offerings, announced a deal to acquire Carbon Black in a $2.1 billion cash deal (see: VMware Acquiring Carbon Black to Boost Security Portfolio).
With the deal for Carbon Black, VMware is planning to offer its customers additional capabilities around endpoint and application protection.
On Dec. 19, F5, which offers application services and delivery, announced it would pay nearly $1 billion for Shape Security, which makes tools to detect fraud and abuse. This will allow F5 to continue to expand into new areas such as cloud, software development and machine learning, according to company blog post.