Snappy 2.0 by Appy Pie. Create faster, more reliable and user-friendly apps!

The newest update from Appy Pie, the no code app builder, Snappy 2.0. Right now in closed beta, Snappy 2.0 outdoes its predecessor by having client’s apps run faster, perform better, and offer higher security.

The platform, known for its proprietary DIY app building capability allows users to create apps without the slightest requirement of coding.

With Snappy 2.0, apps made on the platform will be able to avail real-time updation, offline access and sync. In addition, the apps on the platform will be blindingly fast raising performance and speeds.

The founder, Abhinav Girdhar says,” Appy Pie wants to make sure that the technology being offered by us is state-of-the-art, user-friendly and pocket friendly. Our codeless app builder always strives to help people with small budgets and business to take their businesses in the realm of smartphones and reach new heights. With 2.0, all of that just becomes faster.”

Mobile applications now get updated as soon as changes are made. Had an app change idea while vacationing? Offline access lets you make changes to your app whenever you want. Sync ensures that all these changes are applied as soon as the slightest of internet connectivity is restored.

Snappy 2.0 also focuses on protecting your apps from security threats. 2.0’s evolved security system provides data security through advanced data encryption, a strict adherence to the Content Security Policy(CSP) and secure storage guidelines, and selective access to authenticated third-party token-based APIs.

Appy Pie CTO, AV further states, “We incorporate GraphQL to give clients the power to ask exactly what they need to empower us to bring their data to them through a single request.”

Appy Pie is the perfect app building software for people asking how to create an appwithout coding. With a firm goal to make technology accessible and available to all, it also provides workflow automation platform Appy Pie Connect and a PWA store where you can download Android and IOS apps.

About Appy Pie

Appy Pie, a Trademark of Appy Pie LLP, is an unrivalled leader in the mobile app bandwagon that allows anyone to transform their app ideas to reality, without any technical knowledge. Simply drag and drop the features and create an advanced Android or iOS application for mobiles and smartphones, as easy as pie. You can also install Appy Pie’s Android and iOS App and start creating your app on the fly. You can also download the PWA version of your app through PWA Store.

4 transaction safety precautions every business should follow

Every business tries to safeguard the transactions of its customers.

Whether you are using net banking or their credit card, it is your responsibility to make sure that customers feel safe whenever they share their account details.

With hackers trying to sneak through the security barriers, you need to be on your toes to keep them from stealing business and financial data. So, here are some of the payment security strategies you can employ in your business:

1) EVM compliance

Most debit and credit cards these days come with an EMV chip. This microchip technology, developed by MasterCard, Visa, and Europay provides secure payment transactions. Compared to the security of the magnetic stripe debit and credit cards, EVM cards are safer because they have cryptographic processing enabled.

Cryptographic processing helps to keep your card details safe from some of the talented identity thieves. Your company should migrate to accepting EVM cards as most banks are now stopping magnetic stripe cards. Most importantly, customers prefer to purchase from brands and stores that accept EVM cards because they feel that their transaction is more secure than before.

2) Get an LEI code

If your business trades in stocks, forex, bonds, etc. it is essential to have a legal entity identifier code. This unique identification code will connect your company’s transactions with its counterpart. It is almost like an end-to-end encryption system. Companies involved in the financial markets will connect all their transactions using this code so that no one can break into their accounts and tweak their passwords or account details. Many trading platforms are making LEI compulsory for companies. They won’t let you trade if you don’t have an LEI code.

3) Tokenization

Many customers prefer not to share any sensitive information like account details with anyone. Thanks to tokenization, you can comply with what they want. This security feature doesn’t require you to store confidential information on your operating system. In fact, it sends minimal information like transaction IDs or authorization codes in the form of a randomly generated string of numbers and characters. You can link them back to their original data only when the customer authorizes it.

For example, when a customer wants to pay for a product online, he/she gets a one-time password. This is usually a string of characters they need to type in the payment box to confirm the purchase. Unless they authorize the payment, you can’t complete the transaction. 

4) PCI standards

The Data Security Standard introduced the Payment Card Industry to make sure businesses and customers follow a regulatory framework when it comes to handling debit and credit cards. Data breaches became a massive concern in many countries, and this widespread problem helped bring strict PCI standards. Non-compliance will only invite significant fines from MasterCard and Visa, the top members of the credit card association. So, you are not just helping your business but also your customers from fraudulent transactions.

A combination of the above-mentioned safety precautions will make sure that your business is in good hands when it comes to the safety and security of transactions.

MPs attack government over lack of post-Brexit investment policy

MPs have strongly criticised the government for failing to prepare a policy on international investment agreements ready for Brexit, which the new administration has pledged will happen “come what may” on 31 October.

The International Trade Committee (ITC) said it was “alarmed” that ministers have not set out “even basic lines of policy” on issues such as the degree of regulation there should be on investment from firms that might pose a security risk.

Britain will have to negotiate all of its trade and investment agreements for itself once it leaves the European Union. International investment agreements are treaties that set out the rights of investors and responsibilities of governments.

They have been highly controversial in recent years due to rules on protecting and liberalising investment. For example, the US-EU TTIP deal, which has been put on hold, drew fire for proposing that companies could sue governments for lost profits.

The ITC, which scrutinises the Department for International Trade (DIT), said in a report today that the UK must work out its position on foreign investment “so it is ready to strike deals in the event of a no-deal Brexit”.

A spokesperson for investment managers body the Investment Association said: “The report makes important recommendations on investment protections and we know that it is an issue the government are looking at closely.”

DIT has said it cannot establish a policy on international investment until it has left the EU due to the bloc’s rules. But the report said there is “no credible legal basis for this argument”.

A DIT spokesperson said: “The UK is an incredibly attractive destination for foreign direct investment, as shown by a range of analysis by independent experts.

“As the Prime Minister has said, we are ready for no deal. We are building on the 90 bilateral investment agreements we have already secured with countries across the world.”

The report also argued for a degree of regulation concerning inward investment that risks economic harm or damage to national security, as is alleged by some in the case of Huawei’s potential involvement in the UK’s 5G network.

The Committee’s report says it is important to “balance promotion of inward investment with safeguarding national security”. It recommends the government sets out an “investment screening regime” and picks a minister who will take “the ultimate decision on whether to block an investment”.

The ICO fines British Airways & Marriott should businesses be worried?

Earlier this month the UK’s data protection regulator – the Information Commissioner’s Office (ICO) – hit the headlines by announcing its intention to impose £283m in total in fines in quick succession.

First, British Airways (£183.39m) then Marriott International (£99.2m) – both due to cyber/IT security incidents where customer personal data was compromised.

Since 25 May 2018 when the General Data Protection Regulation (GDPR) came into effect data protection experts have been anxiously waiting to see what fines the ICO would levy under the GDPR . The ICO now has the power to potentially levy fines of the greater of Euro 20m or 4% of group worldwide turnover – far above the previous cap of £500,000.  And now we have two whopping intended fines.  Yet a sense of perspective is needed.

Firstly, such fines are only “intended” fines at this stage – the ICO may reduce them after hearing representations from the companies concerned.

Secondly, whilst we don’t yet have the full rationale for the fines it seems reasonable to assume that the fines will be higher than the fines the ICO itself would impose just in the UK.  This is because in these two cases the ICO is acting as the “lead supervisory authority” under the GDPR and so is representing the interests of other EU/EEA data protection authorities as well.

Thirdly, these appear to be very serious incidents at large corporates involving significant numbers of customers and taking place over an extended period of time with the risk of serious prejudice to those affected – so the fines were always going to be significant.

In Marriott International’s case the problem arose due to IT systems that were originally part of the Starwood hotels group acquired by Marriott in 2016.  It took Marriott until 2018 to discover the incident (which had its origins in a 2014 compromise of Starwood’s systems) and the ICO found that Marriott failed to undertake sufficient due diligence when it bought Starwood and should also have done more to secure its systems.

In BA’s case the cyber incident was notified to the ICO by BA in September 2018. Personal data of approximately 500,000 customers were compromised in this incident, which is believed to have begun in June 2018.  The ICO’s investigation found that a variety of information was compromised by poor security arrangements at the company, including log in, payment card, and travel booking details as well as name and address information.

Nevertheless, the days of a £500,000 cap on data protection fines are now well and truly over.  Also it’s not just fines that should concentrate the mind – there’s the reputational damage, the legal and administrative costs in dealing with the matter and perhaps most ominously the threat of class action data breach lawsuits on behalf of affected data subjects.  If significant numbers of data subjects are affected the claims here can easily outstrip the level of any fines.

Implications for business

As we await to see how these two cases proceed some initial conclusions can be drawn.

Don’t assume you can pass the blame onto others: the fact you’ve suffered a cyber/IT security incident caused by the criminal behaviour of others (as it appears Marriott and BA did) doesn’t necessarily get you off the hook – did you put in place appropriate procedures to help prevent, detect and then swiftly respond to and contain such an attack? – if you failed in your duty of care you will have to face the consequences.  Businesses need to take IT security very seriously and to embed this into how employees behave as well – frequently human error or worse will be responsible, not necessarily just a technical failure.

Respond immediately: If you are affected by a cyber or other “personal data breach” contact the ICO immediately where the law requires this (any breach of any substance will inevitably require this). Ensure you promptly assess the risk to those individuals affected and notify them as well where the law requires this or where it is sensible to do so (e.g. to mitigate damage to those involved) and provide full cooperation to the ICO throughout. Take immediate steps to contain and then stop the incident.  This will also help in mitigation of any fine.

Buyer beware: If you acquire another business you need to carry out robust GDPR and IT security due diligence to ensure you do not inherit a problem.

Don’t neglect compliance: take GDPR compliance seriously, be prepared for the worst and ensure you have appropriate technical and organisational security measures in place to ensure a level of security appropriate to the risk, and regularly test the measures in place.

Review or take out appropriate insurance cover: this is not a panacea but there are an increasing number of products available.

Learn from your mistakes:it is likely most businesses will suffer some sort of personal data breach or cyber/IT security incident at some point – not necessarily major. It is imperative to learn from the experience and prevent a repeat.

Equifax to $700m in data breach fine in US

Equifax has agreed to pay up to $700 million to settle American investigations into a huge data breach two years ago, an amount that dwarfs the £500,000 fine imposed by Britain’s data protection watchdog.

Federal and state agencies said that Equifax “engaged in unfair and deceptive practices” in connection with the breach, which affected about 147 million people. It is one of the largest known breaches in terms of people affected.

Equifax, one of the “big three” credit reporting agencies alongside Experian and Trans Union, collects credit data on about 800 million people. The company revealed in September 2017 that its computer network had been hacked and information including names, addresses, dates of birth and social security numbers had been stolen. About 15 million accounts linked to UK residents were affected by the hack. In September last year, the UK Information Commissioner’s Office fined Equifax £500,000, the largest penalty it was allowed to impose. The agency is now able to impose larger penalties after a change in the law.

The US settlement was agreed with the Consumer Financial Protection Bureau, the Federal Trade Commission, 48 states, the District of Columbia and Puerto Rico. They accused Equifax of “failing to provide reasonable security for the massive quantities of sensitive personal information stored within its computer network, causing substantial injury to consumers whose data was stolen” and “deceiving consumers about the strength of its data security programme”.

Letitia James, the New York attorney-general, said: “Equifax put profits over privacy and greed over people, and must be held accountable to the millions of people they put at risk. This company’s ineptitude, negligence and lax security standards endangered the identities of half the US population.”

Joe Simons, chairman of the Federal Trade Commission, said: “Companies that profit from personal information have an extra responsibility to protect and secure that data. Equifax failed to take basic steps that may have prevented the breach.”

Mark Begor, chief executive of Equifax, said that the settlement was a “positive step”. In its last quarterly report, Equifax said that it had set aside $690 million to cover the penalties.

Equifax shares, down 2 per cent since the breach emerged, rose $0.74, or 0.6 per cent, at $138.04 by midday in New York, valuing the company at $16.7 billion.