Snoop is a fintech start-up, set up in spring of 2019 by former senior managers at Virgin Money. Taking the opportunities fostered by Open Banking, the co-founders wanted to create an application which would deliver personalised advice to users across all of their spending – including direct debits and payment accounts.
Snoop enables users to connect all of their bank accounts, credit cards and payment cards to a single cloud-based platform, and then uses artificial intelligence to analyse their spending and transaction patterns. The application then identifies ways for users to ‘spend smarter, save smarter, live smarter’, using hyper-personalisation to provide them with a feed of ‘snoops’. These could include advice that a particular recurring payment is fluctuating, suggestions for recommended product switching, or tips to make a consumer’s money go further.
While Snoop is not a bank, it does interface with systems that handle customers’ financial information and is regulated by the FCA (Financial Conduct Authority) and Open Banking regimes. As such, enterprise-grade cybersecurity services and an approach to identifying and managing cyber risk and compliance were required from the outset; by partnering with outside specialists. SureCloud have provided risk advisory and CREST and CHECK accredited penetration testing services.
SureCloud partnered with Snoop in autumn 2019 and began with a holistic assessment of the cyber risk posture of Snoop that resulted in a roadmap of risk-based mitigation priorities. This was complemented by traditional pen-testing across all of Snoop’s website and mobile app. The aim; a secure and compliant application from the outset, with risks prioritised and mitigated in a logical way. SureCloud is also supporting Snoop to understand how it needs to develop internally to support these activities as the business grows.
Jem Walters, co-founder and CTO at Snoop said: “Building a start-up is different in almost every way from managing projects at an international organisation, and SureCloud understood that from the beginning. SureCloud’s services have helped us to build the most secure, robust and compliant app possible from day one, and are also helping us to develop our internal capability in line with our ongoing needs. SureCloud is more than a third-party supplier, it’s an integral partner for our team. Their expertise, responsiveness and flexibility enable us to meet our business and delivery objectives.”
Results
The Snoop app beta was launched in February 2020 and SureCloud supports Snoop with regular cyber risk advisory and penetration testing services to ensure enterprise-grade security and peace of mind as the business grows rapidly.
Walters said: “When processing users’ financial information, top-level security is absolutely critical. SureCloud has not only ensured that we have built the most robust application from day one, its ongoing penetration testing and risk assurance means that we are generating ongoing intelligence as to our security status and risk profile. As you’d expect, we take security just as seriously as a bank, and SureCloud understands that perfectly.”
Walters said: “SureCloud has been great at understanding the journey we are on as a start-up. The team knew that we needed a really comprehensive cyber risk assessment, imagining multiple different future possibilities, but also that this would need to evolve and adapt as we built the platform. We have received expert advice from SureCloud throughout, both on our key cyber risks and how to best mitigate them.”
“In just a few months of being active, we have already processed over 12 million bank transactions and made over ten million personalised recommendations, and this is before we’ve gone live to the general public. This is hugely exciting, but also an enormous challenge in terms of maintaining security and compliance as we start to scale rapidly. Both Snoop’s, and SureCloud’s cloud-based technology, means that we are building a platform with security and compliance at its heart.”
And Ben Jepson, VP of Risk Advisory at SureCloud said: “We are proud to be working with Snoop. The pedigree of the team is so strong and the app can make a really tangible difference to people’s lives. Working with a start-up brings very different challenges to working with an established business. You have to set out a comprehensive risk advisory roadmap, but also be ready for things to change very quickly. We’re very glad that our agile and adaptive philosophy has worked so well for Snoop.”
