Alexandre Pinto, VP of Banking Products, and Leonardo Carmona, Head of Information Security (CISO) at Pismo, were special guests in a video series from Sumsub, one of our global partners for E-KYC.
During a visit to our headquarters in São Paulo, Brazil, Tony Petrov, Sumsub’s Chief Legal Officer, interviewed our experts and discussed the fintech market, data protection strategies, regulatory interactions, and upcoming technologies companies like Pismo provide to transform the financial services industry.
When technology meets regulation
As a technology provider for payment processing, card issuing, and core banking, Pismo supplies cloud-based SaaS (Software as a Service) to banks and fintech companies. Alexandre says that besides developing an infrastructure that allows customers to innovate, we need to be aware of our limits in terms of regulation.
“We need to follow some guard rails and find the balance between following the rules and allowing our customers to innovate and differentiate themselves in the market,” he explains.
The same happens when we consider certifications and cybersecurity. Besides following regulations and having local certifications wherever Pismo operates, the privacy policy is something Pismo prioritises.
Leonardo Carmona says committing to privacy when dealing with customers’ data is vital. In Brazil, Pismo follows LGPD (the same as GDPR in the UK). In each country the company starts to operate, our teams apply local rules regarding data protection.
“We need to understand what the regulators expect and compare each local framework with our global one. So we can see gaps and overlaps and add this information to our strategy,” Carmona explains.
Zero trust and zero privilege
Operating in a cloud-native environment may sound “risky” for some conservative business leaders when it comes to data management. To ensure data protection, Carmona explains that his security teams follow two important directions: “zero trust” and “zero privilege operation”.
“Zero trust means you should not trust any connection, anyone, all the time. Zero privilege operation means we are moving our platform in a direction where we’ll have no humans touching the platform,” he says.
Automation creates a more secure environment since it enables the teams to manage processes without direct access to any piece of the platform. According to Carmona, extensive use of encryption is another crucial security measure.
“You must encrypt everything you can to guarantee no one will be able to touch the data. If something fails, your data is safe, and no one can use it in the wrong way”, he explains.
Real-time data, fast processing
With an event-oriented infrastructure, the Pismo platform provides real-time information so financial institutions can quickly release new products and effectively deal with customers. A good example is the KYC (know your customer) process employed for customer onboarding in digital banks. For each step of the KYC process, like ID checking, photos and so on, Pismo has an event-driven approach.
“We know when the customer fills out the form and when the KYC solution approves his request. Of course, the bank can communicate with the client if something goes wrong or they need further information. This communication is fast because the bank has all the information in real-time from the platform,” Alexandre explains.
Ecosystem connection
As an infrastructure provider, Pismo is part of the financial services ecosystem. Although the SaaS provider might not be ‘visible’ to the end user, it is vital for the digital transformation of the payments and banking industry.
According to Alexandre, transforming the financial services ecosystem requires interacting with all the players involved. “We need to interact with partners, clients, and regulators. The way to do this is by sharing information and knowledge. No company can be innovative without being connected to the ecosystem,” he concludes.
Watch the video below.
