Consumer financial data is critical for digital-first experiences, but sharing also increases risk. The best defense fintechs and financial organizations have is understanding financial data.
October 14, 2021
October 14, 2021 | TechCrunch | SAN FRANCISCO — MagicCube, a mobile security startup, has raised $15 million in a round led by Mosaik Partners.
Bold Capital, Epic Ventures, card-reader/POS hardware maker ID Tech and unnamed individual investors in the fintech space also participated in the financing, which brings the Santa Clara-based startup’s total funding raised to $30 million since its 2014 inception.
Put simply, MagicCube’s software-based security technology is aimed at replacing all security chips, which have historically been the standard for safely storing sensitive data and authenticating whoever needs access to it. And it’s starting with financial services. The company’s technology lets merchants transform mobile devices into payment terminals. Or in other words, it gives merchants a way to accept card payments on any consumer device with no reader or extra hardware required.
“We are on the verge of a huge paradigm shift when it comes to how we secure data on all kinds of devices, especially the ones used for financial transactions,” said MagicCube CEO Sam Shawki. “The chip shortage that is halting entire industries and hiking device prices has exposed how antiquated the current approach is and how valuable MagicCube’s solution is to tackle this issue — this round reflects that.”
Shawki, who previously served as head of Visa’s global remote payments business unit, co-founded MagicCube with his wife Nancy Zayed, who spent years working on the OS group at Apple. The pair, who are of Egyptian descent, started the company in an effort to develop technology that would eliminate the need for hardware when it comes to mobile security.
Visa is actually an investor in MagicCube, having backed the company in August of 2020 and another time before that. Other backers in the company include Azure Capital Partners, Epic Ventures, NTT Data, Silicon Valley Bank and the Sony Innovation Fund, among others. (Sony’s VC fund invested an undisclosed amount in MagicCube in late May 2020).
That August 2020 investment came on the heels of Apple’s $100 million acquisition of MagicCube competitor Mobeewave, a Montreal startup whose software turns iPhones into mobile payment terminals. MagicCube’s technology was reportedly expected to complement Visa’s tap-to-phone initiative. The Apple/Mobeewave deal did not deter Shawki, who believes that his startup “will be the dominant party on the Android side, which is 85% of the universe.”
MagicCube’s first application centers on software POS, or softPOS for short. Using a smartphone or other mobile device, a merchant can take softPOS payments without the need for extra hardware, such as a traditional POS terminal. Payments via contactless cards and digital wallets can be accepted from an array of financial services providers through an array of mobile devices with the same level of security as a chip, according to the company.
MagicCube also claims that its software-based Trusted Execution Environment (sTEE) “is the first and only software solution” to be recognized by EMVCo, the consortium that oversees the global infrastructure for chip-based payment cards and acceptance devices — to deliver a level of protection that is comparable to hardware-based approaches.
“What we can do with our technology is to simplify,” Shawki said. “On your credit card, there’s a SIM card that is essentially a metal safe. What MagicCube has is this technology that is a virtual safe that is pure software that can hide secrets and code, serving a similar purpose to a physical safe. And this is huge because unlike competitors, we can hide information in that virtual safe… And yes this is proven, patented and a big deal.”
MagicCube says that its sTEE is versatile and can be applied across a variety of use cases to replace hardware-secure elements such as SIM cards, chips used on Internet of Things (IoT) devices like cars and smart home appliances, and even bank-grade Hardware Security Modules (HSM). The company’s first product, i-Accept, was designed in an effort to disrupt the more than the $70 billion per year spent by banks and merchants everywhere on point-of-sale card readers.
Through i-Accept, acquiring banks and other financial services institutions give merchants and retailers a way to accept payment cards, contactless transactions and mobile wallets such as Apple Pay, Google Pay and Samsung Pay — all at “card present” rates for merchants and without limits on transaction amounts for consumers. MagicCube says that its i-Accept product can also capture financial PINs and other verification methods on any mobile device, including phones, tablets and large smart screens — without the need for dedicated hardware or terminals.
The company plans to use the capital used in its latest funding round to accelerate deployment of its software-based security products. MagicCube also plans to expand its sales and customer delivery teams as well as speed up development of products aimed at serving some of the industries most affected by the chip shortage, such as crypto wallets, cloud and in-car security, among others.
Howard Mergelkamp, partner at Mosaik Partners, believes MagicCube’s technology is “truly unique” and one that the financial services industry in particular has “reached the tipping point of both desire and need for adoption.”
“This tech can support mobile and IoT devices with a platform that is easy to integrate and not bound by device makers or specific use cases,” he said. “This is unheard of on the current landscape.”
MagicCube’s technology is the “killer app” precisely because it is not an “app,” he added.
“It is tethered to neither a hardware platform or ecosystem (à la Apple), nor a particular security specification or protocol, nor a specific software solution,” Mergelkamp continued. “MagicCube can deliver its ironclad security to any software-enabled device, comply with the security specifications of any industry (such as payments or healthcare) today or tomorrow, and integrate into any company’s current systems to allow that company to maintain full ownership and control of its data.”