Year: 2021

Cookie pop-ups getting you down? Complaints that the web is ‘unusable’ in Europe because of frustrating and confusing ‘data choices’ notifications that get in the way of what you’re trying to do online certainly aren’t hard to find.

What is hard to find is the ‘reject all’ button that lets you opt out of non-essential cookies which power unpopular stuff like creepy ads. Yet the law says there should be an opt-out clearly offered. So people who complain that EU ‘regulatory bureaucracy’ is the problem are taking aim at the wrong target.

EU law on cookie consent is clear: Web users should be offered a simple, free choice — to accept or reject.

The problem is that most websites simply aren’t compliant. They choose to make a mockery of the law by offering a skewed choice: Typically a super simple opt-in (to hand them all your data) vs a highly confusing, frustrating, tedious opt-out (and sometimes even no reject option at all).

Make no mistake: This is ignoring the law by design. Sites are choosing to try to wear people down so they can keep grabbing their data by only offering the most cynically asymmetrical ‘choice’ possible.

However since that’s not how cookie consent is supposed to work under EU law sites that are doing this are opening themselves to large fines under the General Data Protection Regulation (GDPR) and/or ePrivacy Directive for flouting the rules.

See, for example, these two whopping fines handed to Google and Amazon in France at the back end of last year for dropping tracking cookies without consent…

While those fines were certainly head-turning, we haven’t generally seen much EU enforcement on cookie consent — yet.

This is because data protection agencies have mostly taken a softly-softly approach to bringing sites into compliance. But there are signs enforcement is going to get a lot tougher. For one thing, DPAs have published detailed guidance on what proper cookie compliance looks like — so there are zero excuses for getting it wrong.

Some agencies had also been offering compliance grace periods to allow companies time to make the necessary changes to their cookie consent flows. But it’s now a full three years since the EU’s flagship data protection regime (GDPR) came into application. So, again, there’s no valid excuse to still have a horribly cynical cookie banner. It just means a site is trying its luck by breaking the law.

There is another reason to expect cookie consent enforcement to dial up soon, too: European privacy group noyb is today kicking off a major campaign to clean up the trashfire of non-compliance — with a plan to file up to 10,000 complaints against offenders over the course of this year. And as part of this action it’s offering freebie guidance for offenders to come into compliance.

Today it’s announcing the first batch of 560 complaints already filed against sites, large and small, located all over the EU (33 countries are covered). noyb said the complaints target companies that range from large players like Google and Twitter to local pages “that have relevant visitor numbers”.

“A whole industry of consultants and designers develop crazy click labyrinths to ensure imaginary consent rates. Frustrating people into clicking ‘okay’ is a clear violation of the GDPR’s principles. Under the law, companies must facilitate users to express their choice and design systems fairly. Companies openly admit that only 3% of all users actually want to accept cookies, but more than 90% can be nudged into clicking the ‘agree’ button,” said noyb chair and long-time EU privacy campaigner, Max Schrems, in a statement.

“Instead of giving a simple yes or no option, companies use every trick in the book to manipulate users. We have identified more than fifteen common abuses. The most common issue is that there is simply no ‘reject’ button on the initial page,” he added. “We focus on popular pages in Europe. We estimate that this project can easily reach 10,000 complaints. As we are funded by donations, we provide companies a free and easy settlement option — contrary to law firms. We hope most complaints will quickly be settled and we can soon see banners become more and more privacy friendly.”

To scale its action, noyb developed a tool which automatically parses cookie consent flows to identify compliance problems (such as no opt out being offered at the top layer; or confusing button coloring; or bogus ‘legitimate interest’ opt-ins, to name a few of the many chronicled offences); and automatically create a draft report which can be emailed to the offender after it’s been reviewed by a member of the not-for-profit’s legal staff.

It’s an innovative, scalable approach to tackling systematically cynical cookie manipulation in a way that could really move the needle and clean up the trashfire of horrible cookie pop-ups.

noyb is even giving offenders a warning first — and a full month to clean up their ways — before it will file an official complaint with their relevant DPA (which could lead to an eye-watering fine).

Its first batch of complaints are focused on the OneTrust consent management platform (CMP), one of the most popular template tools used in the region — and which European privacy researchers have previously shown (cynically) provides its client base with ample options to set non-compliant choices like pre-checked boxes… Talk about taking the biscuit.

A noyb spokeswoman said it’s started with OneTrust because its tool is popular but confirmed the group will expand the action to cover other CMPs in the future.

The first batch of noyb’s cookie consent complaints reveal the rotten depth of dark patterns being deployed — with 81% of the 500+ pages not offering a reject option on the initial page (meaning users have to dig into sub-menus to try to find it); and 73% using “deceptive colors and contrasts” to try to trick users into clicking the ‘accept’ option.

noyb’s assessment of this batch also found that a full 90% did not provide a way to easily withdraw consent as the law requires.

Cookie compliance problems found in the first batch of sites facing complaints (Image credit: noyb)

It’s a snapshot of truly massive enforcement failure. But dodgy cookie consents are now operating on borrowed time.

Asked if it was able to work out how prevalent cookie abuse might be across the EU based on the sites it crawled, noyb’s spokeswoman said it was difficult to determine, owing to technical difficulties encountered through its process, but she said an initial intake of 5,000 websites was whittled down to 3,600 sites to focus on. And of those it was able to determine that 3,300 violated the GDPR.

That still left 300 — as either having technical issues or no violations — but, again, the vast majority (90%) were found to have violations. And with so much rule-breaking going on it really does require a systematic approach to fixing the ‘bogus consent’ problem — so noyb’s use of automation tech is very fitting.

More innovation is also on the way from the not-for-profit — which told us it’s working on an automated system that will allow Europeans to “signal their privacy choices in the background, without annoying cookie banners”.

At the time of writing it couldn’t provide us with more details on how that will work (presumably it will be some kind of browser plug-in) but said it will be publishing more details “in the next weeks” — so hopefully we’ll learn more soon.

A browser plug-in that can automatically detect and select the ‘reject all’ button (even if only from a subset of the most prevalent CMPs) sounds like it could revive the ‘do not track’ dream. At the very least, it would be a powerful weapon to fight back against the scourge of dark patterns in cookie banners and kick non-compliant cookies to digital dust.

Fintech in Africa is a goldmine. Investors are betting big on startups offering a plethora of services from payments and lending to neobanks, remittances and cross-border transfers, and rightfully so. Each of these services solves unique sets of challenges. For cross-border payments, it’s the outrageous rates and regulatory hassles involved with completing transactions from one African country to another.

Chipper Cash, a three-year-old startup that facilitates cross-border payment across Africa, has closed a $100 million Series C round to introduce more products and grow its team.

It hasn’t been too long ago since Chipper Cash was last in the news. In November 2020, the African cross-border fintech startup raised $30 million Series B led by Ribbit Capital and Jeff Bezos fund Bezos Expeditions. This was after closing a $13.8 million Series A round from Deciens Capital and other investors in June 2020. Hence, Chipper Cash has gone through three rounds totalling $143.8 million in a year. However, when the $8.4 million raised in two seed rounds back in 2019 is included, this number increases to $152.2 million.

SVB Capital, the investment arm of U.S. high-tech commercial bank Silicon Valley Bank led this Series C round. Others who participated in this round include existing investors — Deciens Capital, Ribbit Capital, Bezos Expeditions, One Way Ventures, 500 Startups, Tribe Capital, and Brue2 Ventures. 

Chipper Cash was launched in 2018 by Ham Serunjogi and Maijid Moujaled. The pair met in Iowa after coming to the U.S. for studies. Following their stints at big names like Facebook, Flickr and Yahoo!, the founders decided to work on their own startup.

Last year, the company which offers mobile-based, no fee, P2P payment services, was present in seven countries: Ghana, Uganda, Nigeria, Tanzania, Rwanda, South Africa and Kenya. Now, it has expanded to a new territory outside Africa. “We’ve expanded to the U.K., it’s the first market we’ve expanded to outside Africa,” CEO Serunjogi said to TechCrunch.

In addition and as a sign of growth, the company which boasts more than 200 employees plans to increase its workforce by hiring 100 staff throughout the year. The number of users on Chipper Cash has increased to 4 million, up 33% from last year. And while the company averaged 80,000 transactions daily in November 2020 and processed $100 million in payments value in June 2020, it is unclear what those figures are now as Serunjogi declined to comment on them, including its revenues.

When we reported its Series B last year, Chipper Cash wanted to offer more business payment solutions, cryptocurrency trading options, and investment services. So what has been the progress since then? “We’ve launched cards products in Nigeria and we’ve also launched our crypto product. We’re also launching our US stocks product in Uganda, Nigeria and a few other countries soon,” Serunjogi answered.

Crypto is widely adopted in Africa. African users are responsible for a sizeable chunk of transactions that take place on some global crypto-trading platforms. For instance, African users accounted for $7 billion of the $8.3 billion in Luno’s total trading volume. Binance P2P users in Africa also grew 2,000% within the past five months while their volumes increased by over 380%.

Individuals and small businesses across Nigeria, South Africa and Kenya account for most of the crypto activity on the continent. Chipper Cash is active in these countries and tapping into this opportunity is basically a no brainer. “Our approach to growing products and adding products is based on what our users find valuable. As you can imagine, crypto is one technology that has been widely adopted in Africa and many emerging markets. So we want to give them the power to access crypto and to be able to buy, hold, and sell crypto whenever,” the CEO added.

However, its crypto service isn’t available in Nigeria, the largest crypto market in Africa. The reason behind this is the Central Bank of Nigeria’s (CBN) regulation on crypto activities in the country prohibiting users from converting fiat into crypto from their bank accounts. To survive, most crypto players have adopted P2P methods but Chipper Cash isn’t offering that yet and according to Serunjogi, the company is “looking forward to any development in Nigeria that allows it to be offered freely again.”

The same goes for the investment service Chipper Cash plans to roll out in Nigeria and Uganda soon. Presently, Nigeria’s capital market regulator SEC is keeping tabs on local investment platforms and bringing their activities under its purview. Chipper Cash will not be exempt when the product is live in Nigeria and has begun engaging regulators to be ahead of the curve.

“As fintech explodes and as innovation continues to move forward, consumers have to be protected. We invest millions of dollars every year in our compliance programs, so I think working closely with the regulators directly so that these products are offered in a compliant manner is important,” Serunjogi noted. 

Six billion-dollar companies in Africa; the fifth fintech unicorn

During our call, Serunjogi made some remarks about Nigeria’s central bank which resembles comments made by Flutterwave CEO Olugbenga Agboola back in March.

While acknowledging the central banks in Kenya, Rwanda, Uganda for creating environments where innovation can thrive, he said: “Nigeria has probably the most exciting and vibrant tech ecosystem in Africa. And that’s credit directly to CBN for creating and fostering an environment that allowed multiple startups like ourselves and others like Flutterwave to blossom.”  

Most fintechs would argue that the CBN stifles innovation but comments from both CEOs seems to suggest otherwise. From all indication, Chipper Cash and Flutterwave strive to be on the right side of the country’s apex bank policies and regulations. It is why they are one of the fastest-growing fintechs in the region and also billion-dollar companies.

“Obviously, we’re not getting into our valuation, but we’re probably the most valuable private startup in Africa today after this round. So that’s a reflection of the environment that regulators like CBN have created to allowed innovation and growth, ” Serunjogi commented when asked about the company’s valuation.

Up until last week, the only private unicorn startup in Africa this year was Flutterwave. Then China-backed and African-focused fintech came along as the company was reported to be in the process of raising $400 million at a $1.5 billion valuation. If Serunjogi’s comment is anything to go by, Chipper Cash is currently valued between $1-2 billion thus joining the exclusive billion-dollar club.

But to be sure, I asked Serunjogi again if the company is indeed a unicorn. This time, he gave a more cryptic answer. “We’re not commenting on the size of our valuation publicly. One of the things that I’ve been quite keen on internally and externally is that the valuation of our company has not been a focus for us. It’s not a goal we’re aspiring to achieve. For us, the thing that drives us is that we have a product that is impactful to our users.”

Maijid Moujaled (CTO) and Ham Serunjogi (CEO)

Serunjogi added that this investment actualizes the importance of possessing a solid balance sheet and onboarding SVB Capital and getting existing investors to double down is a means to that end. According to him, a strong balance sheet will provide the infrastructure needed to support key long-term investments which will translate to more exciting products down the road.

“We look at our investors as key partners to the business. So having very strong partners around the table makes us a stronger company. These are partners who can put capital into our business, and we’re also able to learn from them in several other ways,” he said of the investors backing the three-year-old company.  

Just like Ribbit Capital and Bezos Expeditions in last year’s Series B, this is SVB Capital’s first foray into the African market. In an email, the managing director of SVB Capital Tilli Bannett, confirmed the fund’s investment in Chipper Cash. According to him, the VC firm invested in Chipper Cash because it has created an easy and accessible way for people living in Africa to fulfil their financial needs through enhanced products and user experiences.

“As a result, Chipper has had a phenomenal trajectory of consumer adoption and volume through the product. We are excited at the role Chipper has forged for itself in fostering financial inclusion across Africa and the vast potential that still lies ahead,” he added.

Fintech remains the bright spot in African tech investment. In 2020, the sector accounted for more than 25% of the almost $1.5 billion raised by African startups. This figure will likely increase this year as four startups have raised $100 million rounds already: TymeBank in February, Flutterwave in March, OPay and Chipper Cash this May. All except TymeBank are now valued at over $1 billion, and it becomes the first time Africa has seen two or more billion-dollar companies in a year. In addition to Jumia (e-commerce), Interswitch (fintech), and Fawry (fintech), the continent now has six billion-dollar tech companies.

Here’s another interesting piece of information. The timeframe at which startups are reaching this landmark seems to be shortening. While it took Interswitch and Fawry seventeen and thirteen years respectively, it took Flutterwave five years; Jumia, four years; then OPay and Chipper Cash three years.

Intel kicked off this year’s virtual Computex by announcing two new 11th Gen U-Series chips for use in thin, lightweight laptops. It also unveiled its first 5G M.2 module for laptops, designed in a partnership with MediaTek (Intel sold its smartphone modem business to Apple in 2019).

Both of Intel’s new chips have Intel Irix Xe graphics. The flagship model is the Core i7-1195G7, which has base clock speed is 2.9 GHz, but can reach up to 5.0 GHz on a single core using Intel’s Turbo Boost Max 3.0 tech. The other chip, called the Core i5-1155G7, has a base clock speed of 2.5GHzm and a maximum of 4.5GHz. Both chips have four cores and eight threads.

A comparison chart of Intel’s new 11th-gen chips

The 5G M.2 module, called the “5G Solution 5000,” supports 5G NR midband, sub-6GHz frequencies and eSIM tech. Intel has partnerships with telecoms in North America, EMEA, APAC, Japan and Australia. The module is expected to be in laptops produced by Acer, ASUS, HP and other manufacturers by the end of this year, and OEMs are also working on 250 designs based on 11th Gen U-Series chips, expected to hit the market by the holidays.

Specs for Intel’s new 5G M.2 module

The vast majority of people in India, the world’s second most populous nation, don’t have health insurance coverage. A significant portion of the population that does have coverage get it from their employers.

Plum, a young startup that is making it easier and more affordable for more firms in the nation to provide insurance coverage to their employees, said on Monday it has raised $15.6 million in its Series A funding to accelerate its growth. Tiger Global led the funding round.

Existing investors Sequoia Capital India’s Surge, Tanglin Venture Partners, Incubate Fund, Gemba Capital, also participated in the new round, which brings the one-a-half-year-old startup’s to-date raise to $20.6 million.

Kunal Shah (founder of Cred), Gaurav Munjal, Roman Saini and Hemesh Singh (founders of Unacademy), Lalit Keshre, Harsh Jain and Ishan Bansal (founders of Groww), Ramakant Sharma and Anuj Srivastava (founders of Livspace), and Douglas Feirstein (founder of Hired) also participated in the new round.

Plum offers health insurance coverage on a B2B2C model. The startup partners with small businesses to provide health insurance coverage to all their employees (and their family members), charging as little as $1 a month for an employee.

The startup has developed the insurance stack from scratch and partnered with insurers to include additional coverage on pre-existing conditions and dental, said Abhishek Poddar, co-founder and chief executive of Plum, in an interview with TechCrunch.

(Like fintech firms, which partner with banks and NBFCs to provide credit to customers, online insurance startups have partnerships with insurers to provide health insurance coverage. Plum maintains partnerships with ICICI Lombard, Care Health, Star Health and New India Assurance.)

Poddar, who has worked at Google and McKinsey, said Plum is making it increasingly affordable and enticing for businesses to choose the startup as their partner. Most insurance firms and online aggregators in India today currently serve consumers. There are very few players that engage with businesses. Even among those that do, they tend to be costlier and not as flexible.

Plum offers its partnered client’s employees the option to top up their health insurance coverage or extend it to additional members of the family. Unlike its competitors that require all the premium to be paid annually, Plum gives its clients the ability to pay each month. And signing up an entire firm for Plum takes less than an hour. (The speed is a key differentiator for Plum. Small businesses have to typically spend months in negotiating with other insurers. Bangalore-based Razorpay has also partnered with Plum to give the fintech startup’s clients a three-click, one-minute option to sign up for insurance coverage.)

The startup plans to deploy the fresh capital to further expand its offerings, making its platform open to smaller businesses with teams as small as seven employees to sign up, said Poddar. The startup plans to cover 10 million people in India with insurance by 2025, and eventually expand to international markets, he said.

India has an under-penetrated insurance market. Within the under-penetrated landscape, digital distribution through web-aggregators today accounts for just 1% of the industry, analysts at Bernstein wrote in a recent report.

“As India’s healthcare insurance industry rapidly expands and transforms, Plum is well positioned to make comprehensive health insurance accessible to millions of Indians. We are excited to partner with Abhishek, Saurabh and the Plum team as they scale their leading tech-enabled platform to employers across the country,” said Scott Shleifer, Partner at Tiger Global, in a statement.

Jai Kisan, an Indian startup that is attempting to bring financial services to rural India, where commercial banks have a single-digit penetration, said on Monday it has raised $30 million in a new financing round as it looks to scale its business.

Hundreds of millions of people in India today live in rural areas. Most of them don’t have a credit score. The professions they work on — largely farming — isn’t considered a business by most lenders in India. These farmers and other professionals also don’t have a documented credit history, which puts them in a risky category for banks to grant them a loan.

Much of the credit these people do raise ends up getting invested in unproductive usage, which leads to higher interest and default rates.

Three-year-old Mumbai-headquartered Jai Kisan is attempting to address this by treating farmers and other similar professionals as businesses instead of consumers.

The startup has developed its own system — which it calls Bharat Khata — that is helping individuals and businesses access cheaper financing and ensures that the money they raise is being used for agri-inputs and equipment and other income generating purposes and enablement of rural commerce transactions.

Arjun Ahluwalia, co-founder and chief executive of Jai Kisan, said financial services is crucial for these individuals as their entire economy runs on it. “The ability to buy now and pay later is how most people shop for things in India. Credit is an expectation by the Indian customer — it’s not a value added service,” he told TechCrunch in an interview.

“If there is availability of formal financing to customers, it’s not just customer who does well. The entire ecosystem that revolves around that customer benefits,” he said, pointing to the rise of Bajaj Finance, which has helped several businesses flourish in India by giving credit to customers, and Xiaomi, India’s largest smartphone vendor, which moves a significant portion of its inventories on monthly instalment plans.

Bharat Khata service, which was launched in April last year, had captured more than $380 million of annualized GTV run-rate across over 25,000 storefronts by March of 2021, the startup said.

“Jai Kisan has financed over 15% of the transactions which portrays the monetizability and quality of commerce being captured. The ability to have visibility and virality of high-quality transactions has enabled Jai Kisan to scale business by over 50% in 3 months. The unprecedented growth trajectory stands testament to Jai Kisan’s capabilities to deploy capital efficiently by focusing on core customer credit needs,” the startup said.

The startup, which operates in eight Indian states in South India, is now looking to scale its presence across the country and also increase the headcount. On Monday, it said it had raised $30 million in a Series A round led by Mirae Asset, Syngenta Ventures, and existing investors Blume, Arkam Ventures, NABVENTURES, Prophetic Ventures and Better Capital. An unspecified amount of the financing was raised as debt from Blacksoil, Stride Ventures, and Trifecta Capital.

“Jai Kisan is at the cusp of disrupting the rural financing industry and we’re glad to be a part of their growth story. Jai Kisan’s stellar growth, excellent asset quality and expanding footprint make them a highly differentiated player in the segment,” said Ashish Dave, chief executive of the India Venture Investments for the South Korean firm Mirae Asset.

“Mirae Asset has always believed in backing companies which aim to become category leaders which is evident from our other investments and we believe Jai Kisan is on the journey of doing so for rural finance,” he added.

As part of the new investment, Jai Kisan will also be providing financing through its own books. (Like most fintech startups, Jai Kisan has so far relied on its banking and other financial institutions to finance credit to businesses. Which is why it is also raising some money in debt in the new round.)

Delhivery, India’s largest independent e-commerce logistics startup, has raised $277 million in what is expected to be the final funding round before the firm files for an IPO later this year.

In a regulatory filing, the Gurgaon-headquartered startup disclosed it had raised $277 million in a round led by Boston-headquartered investment firm Fidelity. Singapore’s sovereign wealth fund GIC, Abu Dhabi’s Chimera, and UK’s Baillie Gifford also participated in the new round, a name of which the startup didn’t specify.

The new round valued the 10-year-old startup at about $3 billion. Delhivery — which also counts SoftBank Vision Fund, Tiger Global Management, Times Internet, The Carlyle Group, and Steadview Capital among its investors — has raised about $1.23 billion to date. The startup didn’t comment on Sunday.

Delhivery began its life as a food delivery firm, but has since shifted to a full suite of logistics services in over 2,300 Indian cities and more than 17,500 zip codes.

It is among a handful of startups attempting to digitize the demand and supply system of the logistics market through a freight exchange platform.

Research and image: Bernstein

Its platform connects consigners, agents and truckers offering road transport solutions. The startup says the platform reduces the role of brokers, makes some of its assets such as trucking — the most popular transportation mode for Delhivery — more efficient, and ensures round the clock operations.

This digitization is crucial to address the inefficiencies in the Indian logistics industry that has long stunted the national economy. Poor planning and forecasting of demand and supply increases the carrying costs, theft, damages, and delays, analysts at Bernstein wrote in a report last month about India’s logistics market.

Delhivery, which says it has delivered over 1 billion orders, works with “all of India’s largest e-commerce companies and leading enterprises,” according to its website, where it also says the startup has worked with over 10,000 customers. For the last leg of the delivery, its couriers are assigned an area that never exceeds 2 sq km, allowing them to make several delivery runs a day to save time.

Indian logistics market’s TAM (total addressable market) is over $200 billion, Bernstein analysts said.

The startup said late last year that it was planning to invest over $40 million within two years to expand and increase its fleet size to meet the growing demand of orders as more people shop online amid the pandemic.

When it comes to meeting compliance standards, many startups are dominating the alphabet. From GDPR and CCPA to SOC 2, ISO27001, PCI DSS and HIPAA, companies have been charging toward meeting the compliance standards required to operate their businesses.

Today, every healthcare founder knows their product must meet HIPAA compliance, and any company working in the consumer space would be well aware of GDPR, for example.

But a mistake many high-growth companies make is that they treat compliance as a catchall phrase that includes security. Thinking this could be an expensive and painful error. In reality, compliance means that a company meets a minimum set of controls. Security, on the other hand, encompasses a broad range of best practices and software that help address risks associated with the company’s operations.

It makes sense that startups want to tackle compliance first. Being compliant plays a big role in any company’s geographical expansion to regulated markets and in its penetration to new industries like finance or healthcare. So in many ways, achieving compliance is a part of a startup’s go-to-market kit. And indeed, enterprise buyers expect startups to check the compliance box before signing on as their customer, so startups are rightfully aligning around their buyers’ expectations.

With all of this in mind, it’s not surprising that we’ve witnessed a trend where startups achieve compliance from the very early days and often prioritize this motion over developing an exciting feature or launching a new campaign to bring in leads, for instance.

Compliance is an important milestone for a young company and one that moves the cybersecurity industry forward. It forces startup founders to put security hats on and think about protecting their company, as well as their customers. At the same time, compliance provides comfort to the enterprise buyer’s legal and security teams when engaging with emerging vendors. So why is compliance alone not enough?

First, compliance doesn’t mean security (although it is a step in the right direction). It is more often than not that young companies are compliant while being vulnerable in their security posture.

What does it look like? For example, a software company may have met SOC 2 standards that require all employees to install endpoint protection on their devices, but it may not have a way to enforce employees to actually activate and update the software. Furthermore, the company may lack a centrally managed tool for monitoring and reporting to see if any endpoint breaches have occurred, where, to whom and why. And, finally, the company may not have the expertise to quickly respond to and fix a data breach or attack.

Therefore, although compliance standards are met, several security flaws remain. The end result is that startups can suffer security breaches that end up costing them a bundle. For companies with under 500 employees, the average security breach costs an estimated $7.7 million, according to a study by IBM, not to mention the brand damage and lost trust from existing and potential customers.

Second, an unforeseen danger for startups is that compliance can create a false sense of safety. Receiving a compliance certificate from objective auditors and renowned organizations could give the impression that the security front is covered.

Once startups start gaining traction and signing upmarket customers, that sense of security grows, because if the startup managed to acquire security-minded customers from the F-500, being compliant must be enough for now and the startup is probably secure by association. When charging after enterprise deals, it’s the buyer’s expectations that push startups to achieve SOC 2 or ISO27001 compliance to satisfy the enterprise security threshold. But in many cases, enterprise buyers don’t ask sophisticated questions or go deeper into understanding the risk a vendor brings, so startups are never really called to task on their security systems.

Third, compliance only deals with a defined set of knowns. It doesn’t cover anything that is unknown and new since the last version of the regulatory requirements were written.

For example, APIs are growing in use, but regulations and compliance standards have yet to catch up with the trend. So an e-commerce company must be PCI-DSS compliant to accept credit card payments, but it may also leverage multiple APIs that have weak authentication or business logic flaws. When the PCI standard was written, APIs weren’t common, so they aren’t included in the regulations, yet now most fintech companies rely heavily on them. So a merchant may be PCI-DSS compliant, but use nonsecure APIs, potentially exposing customers to credit card breaches.

Startups are not to blame for the mix-up between compliance and security. It is difficult for any company to be both compliant and secure, and for startups with limited budget, time or security know-how, it’s especially challenging. In a perfect world, startups would be both compliant and secure from the get-go; it’s not realistic to expect early-stage companies to spend millions of dollars on bulletproofing their security infrastructure. But there are some things startups can do to become more secure.

One of the best ways startups can begin tackling security is with an early security hire. This team member might seem like a “nice to have” that you could put off until the company reaches a major headcount or revenue milestone, but I would argue that a head of security is a key early hire because this person’s job will be to focus entirely on analyzing threats and identifying, deploying and monitoring security practices. Additionally, startups would benefit from ensuring their technical teams are security-savvy and keep security top of mind when designing products and offerings.

Another tactic startups can take to bolster their security is to deploy the right tools. The good news is that startups can do so without breaking the bank; there are many security companies offering open-source, free or relatively affordable versions of their solutions for emerging companies to use, including Snyk, Auth0, HashiCorp, CrowdStrike and Cloudflare.

A full security rollout would include software and best practices for identity and access management, infrastructure, application development, resiliency and governance, but most startups are unlikely to have the time and budget necessary to deploy all pillars of a robust security infrastructure.

Luckily, there are resources like Security 4 Startups that offer a free, open-source framework for startups to figure out what to do first. The guide helps founders identify and solve the most common and important security challenges at every stage, providing a list of entry-level solutions as a solid start to building a long-term security program. In addition, compliance automation tools can help with continuous monitoring to ensure these controls stay in place.

For startups, compliance is critical for establishing trust with partners and customers. But if this trust is eroded after a security incident, it will be nearly impossible to regain it. Being secure, not only compliant, will help startups take trust to a whole other level and not only boost market momentum, but also make sure their products are here to stay.

So instead of equating compliance with security, I suggest expanding the equation to consider that compliance and security equal trust. And trust equals business success and longevity.

A venture capitalist once told me candidly that whenever you see the phrase “democratization” in tech marketing material, think of it as a red flag. Democracy, generally speaking, often comes with an ironic caveat: It disproportionately benefits white and male participants. Now, you know me well enough to know that I wouldn’t start off your Saturday with this dreary of an introduction normally, but I think that that reality is why a new tool, championed by tech entrepreneurs Lolita and Josh Taub, could be on to something actually innovative.

The Taubs have launched a GP-LP, or general partner and limited partner, matching tool to help underrepresented fund managers get access to the capital they need to start their fund. The match-making tool connects those looking to raise funds (GPs!) with check-writers (LPs!). The move comes on the heels of their founder-investor matching tool, which to date has generated over 1,000 introductions that they say have led to 27 checks totaling nearly $4 million in total capital.

Yes, matching LPs to GPs is a relatively simple tech and concept. And this is a relatively simple experiment. But, it couldn’t have existed five, and definitely 10, years ago. Zoom investing has changed the way that people meet and vet, and I think the GP-LP tool is a key data point in how emerging fund managers can bring optionality to their fundraising process.

Speaking of fundraising:

• Dismantling the myths around raising your first check 
• Vise CEO Samir Vasavada and Sequoia’s Shaun Maguire break down the art of the pitch 
• When to walk away from a VC who wants to invest in your startup

The tool’s explicit focus on only helping underrepresented folks — which it defines as anyone who doesn’t fit the classic Silicon Valley mold like women, LGBTQ+ folks, non-Ivy grads (or people from non-elite employers) and non-wealthy individuals — is a layer of differentiation from many other tools out there. Products like the AngelList rolling fund are great, but public, ongoing fundraising still largely benefits those who have networks to tap into in the first place — just take a quick scroll to see who has one so far.

Let me put it like this: We’ve gotten to a point in venture where there are an ample number of tools out there that help founders and investors leverage their community into checks. What’s missing, though, are the tools that help the community-less, undernetworked and underestimated access those opportunities. While there still is LP hesitancy as emerging managers raise their second and third funds, this effort is a good step in the right direction. And I’ll be tracking it to see how successfully it works.

It’s been a big week for Black and other underrepresented founders: 

• This $250M growth fund will divert half its profits to historically Black colleges and universities
• Collab Capital closes $50 million debut fund to back Black founders

Moving on, the rest of this newsletter will focus on disaster tech, Airbnb and a healthcare communications S-1 filing. You can always find me on Twitter @nmasc_.

Disaster tech is at an inflection point

Image Credits: Hiroshi Watanabe (opens in a new window) / Getty Images

Disaster tech, such as startups that use data to fight wildfires or analyze brainwaves to analyze PTSD after a traumatic event, is having a moment. Are you surprised? COVID-19 and the ongoing climate crisis have energized entrepreneurs to build proactive solutions that fight literal disaster. Our own Danny Crichton spent 12,000 words mapping out the landscape so you don’t have to.

Here’s what to know: The Equity team boiled down those 12,000 words on disaster into a 20-minute episode focused on top takeaways and highlights. As Danny explains in the show: “Cataclysms are a growth industry.”

If you’re more of a reader than a listener …

• The most disastrous sales cycle in the world
• Data was the new oil, until the oil caught fire
• When the Earth is gone, at least the internet will still be working
• The human-focused startups of the hellfire

Airbnb’s next trip

Image Credits: Getty Images

Since travel first shut down last March, all eyes have been on Airbnb, the travel and short-term rental company with global name recognition. Nearly a year ago, the company cited revenue declines and cut 1,900 jobs, roughly 25% of its workforce. Now, as digital nomadic lifestyles and long-term travel come back, it has a growth story worth sharing, too.

Here’s what to know: Airbnb CEO Brian Chesky sat down with our own Jordan Crook to talk about how his company is preparing for a faster, nimbler post-pandemic reality. Time will tell if Airbnb’s stance pans out, but getting into the head of one of the co-founders of a business pummeled, then resurrected, by this pandemic can give founders some tactical tips on how to frame conflict and what’s next.

Brian Chesky: Little did I know that a travel company in a pandemic might even be crazier than starting a company based on strangers living together. I kind of feel like I’m now 39 going on 49. It was definitely the craziest year ever.

Our business initially dropped 80% in eight weeks. I say it’s like driving a car. You can’t go 80 miles an hour, slam on the brakes, and expect nothing really bad to happen. Now imagine you’re going 80 miles an hour, slam on the brakes, then rebuild the car kind of while still moving, and then try to accelerate into an IPO, all on Zoom.

When the future of living melds with future of work:

• Airbnb doubles down on flexible search, improves the host flow in preparation for summer 2021
• Startup founders set up hacker homes to recreate Silicon Valley Energy 
• Dear Startups: Don’t repaint, reinvent

Around TC

If you haven’t heard, TC Sessions: Mobility 2021 is coming up June 9. The one-day virtual event is packed with the best and brightest minds working on — or investing in — the future of transportation. The docket is jammed with founders, investors and experts in micromobility, autonomous vehicles, electrification and air taxis.

Among the growing list of speakers are Motional President Karl Iagnemma and Aurora co-founder and CEO Chris Urmson, who will team up to talk about technical problems that remain to be solved, the war over talent and the best business models and applications of autonomous vehicles. Other guests include Zoox co-founder and CTO Jesse Levinson, community organizer, transportation consultant and lawyer Tamika L. Butler, Remix co-founder and CEO Tiffany Chu and Revel co-founder and CEO Frank Reig. There’s also Joby Aviation founder and CEO JoeBen Bevirt, investor and LinkedIn founder Reid Hoffman (whose special purpose acquisition company just merged with Joby) will talk about the future of flight — and SPACs.

And to answer your next question, yes, you can still buy your tickets here. 

Across the week

Seen on TechCrunch

• Poparazzi hypes itself to the top of the App Store
• Apple just dropped a whole bunch of OS updates and WWDC info
• Microsoft uses GPT-3 to let you code in natural language
• Nigeria’s Mono raises millions to power the internet economy in Africa

Seen on Extra Crunch 

• Doximity’s S-1 may explain why healthcare exits are heating up
• How Expensify shed Silicon Valley arrogance to realize its global ambitions
• SaaS needs to take a page out of the crypto playbook
• Develop a buyer’s guide to educate your startup’s sales team and customers
• Zeta Global’s IPO filing uncovers modest growth, strong adjusted profitability

Ok, bet,

N

Welcome back to The TechCrunch Exchange, a weekly startups-and-markets newsletter. It’s broadly based on the daily column that appears on Extra Crunch, but free, and made for your weekend reading. Want it in your inbox every Saturday? Sign up here.

Ready? Let’s talk money, startups and spicy IPO rumors.

Hello from Friday, I presume that you are currently enjoying the long weekend. In celebration for this week’s Exchange letter we’ll try something new by being brief. 

If you are tired of hearing about cryptocurrencies, I have bad news. They are not only not going away, but it appears that the financial cannon that have helped clear the fields for their general advance are reloading with even more financial ammunition.

At least that’s what Eric Newcomer is reporting in a post out this week aptly titled “a16z Crypto Fund Balloons to $2 Billion.”

This raises a few points. First! That there is enough LP demand to fund a crypto vehicle to the tune of $2 billion. Second! That there are enough hot crypto ideas out there worth sticking $2 billion into.

I can entirely believe the former, but the latter stretches my brain a little. Not that there aren’t great companies being built in the blockchain space; Coinbase’s Q1 earnings indicate that you can make money with crypto. But it seems that the firms that have proven the most successful thus far are more a hybrid of the traditional banking world and the crypto space than entirely inhabitants of the latter.

But as those ideas have been mined to increasing perfection, we should anticipate seeing money chase the more experimental crypto ideas. As I noted in the Daily Crunch yesterday, there’s a lot of money already going into those markets:

[Y]ou’ve heard of non-fungible tokens, or NFTs. If you have already digested the NBA TopShot hype wave, buckle in, because a lot of folks are still building in the NFT world. That includes Anima, which is bringing AR to NFTs and just raised new capital from Coinbase, and Infinite Objects, which just raised $6 million to help folks bring their NFTs IRL.

This is where venture investing in crypto — and that mammoth a16z fund — gets interesting.

Sure, crypto exchanges can make money. But what about the further reaches of the crypto economy? Can they build material revenues that the fiat world can understand and go public? (Do they even want to go public?)

It’s a pleasure to watch other people wager other people’s money on ideas that may fail. Heads they lose, tails we win. Not bad!

Twitter’s subscription (and media?) moment

Twitter’s “Blue” subscription product is slowly dripping its way into the market. I’m going to buy it, whatever it is.

But what I can’t get out of my head is that Twitter is very well positioned to build a sort of creator nirvana. After all, Twitter is already where many writers, journalists and artists hang out. Where we already have a following. Why not help us weirdos leverage all the time we’ve spent on the platform?

You can see how this could scale. Now that Twitter has bought startups Revue and Scroll, it could build a newsletter platform where Blue subscriber money is divvied up amongst writers for its platform. Or Twitter could buy Medium, as a friend suggested to me the other day. Medium has a huge subscriber base, which Twitter could merge into Blue and provide a sort of extra-social-network-network for writers and other creatives. Right?

If I had a few billion dollars, a few thousand engineers and a dictate from shareholders to grow, I’d go hog-wild and do some crazy shit. Let’s see what Twitter comes up with, but let’s hope that they aren’t making small plans.

Closing, you can catch up on all we wrote on The Exchange during the week here. Have a truly lovely break, we all need one.

Alex

For many VCs, the exit is the endgame; you cash in and move on. But as we know, the startup world is evolving, and that means the impact of investment is no longer limited to how much money is made.

As investors, we’re looking further into what each investment means to human beings, at interlinking our mission with our money. And yet, one of the events that generates the most momentum for long-term impact — the successful exit of a portfolio company — is not being harnessed.

When leveraged properly, an exit can be the beginning of a firm’s true impact, especially when we’re talking about giving all founders equal opportunities and empowering the best ideas. The investment sphere is slowly shaking off its “America first” approach as foreign products take the world by storm and international businesses become the norm.

Investors will be driving forces in enabling the highest-potential companies to build products that countries everywhere will benefit from — no matter where they were conceived. The way they play the game can transform the industry into one in which a founder from across the ocean has as much of a chance to change the world as one from next door.

We know the basics of how to do this with cash: Investing in underrepresented founders is a necessary first step. But who’s talking about the power of exits to change the playing field for diverse founders? We must consider the psychological motivation of seeing a huge buyout on other entrepreneurs, what that startup’s ex-team members go on to build, and what the achievements of one citizen does for that nation’s reputation.

Last year, 41 venture-backed companies saw a billion-dollar exit, totaling over $100 billion, the highest numbers in a decade. We have an unprecedented amount of clout to do something with those power moves and four ways to turn them into a domino effect.

1. Competitor effect

When a foreign entrepreneur raises money from U.S. firms and sells to a U.S. company, other immigrants see that. Regardless of how groundbreaking their product idea might be, immigrant Americans will always be more wary of putting their eggs into the entrepreneurship basket, at least as long as 93% of all VC money continues to be controlled by white men.

This, despite research suggesting that immigrants contribute 40% more to innovation than local inventors.

What these foreign entrepreneurs most need is confidence, role models and success stories proving other people who look like them have made it, especially when those founders are making waves in the same industry as them.

So a big, well-publicized exit will create momentum in the industry for other foreign founders to give fuel to their venture and seek to take it to the next stage. Not only that, it will instill more self-assurance when it comes to fundraising, and investors will value that.

I was inspired to write this column after Returnly, a fintech founded by a fellow immigrant from Spain based in San Francisco — which, for full transparency, I invested in as an angel investor, and then for Series B and C via my fund — was acquired for $300 million by Affirm.

While there was undoubtedly a personal financial gain worth celebrating, the success of a foreign founder who persevered against the odds in such a competitive ecosystem as Silicon Valley, raised large rounds from U.S.-based investors, and was finally acquired by a U.S. company served as a moment of inspiration for other diverse founders around the world. We saw this in the amount of media attention it received in both business and mainstream press in Spain and the floods of connect requests and congratulations that followed on LinkedIn.

The impact of an exit is greater when it shows foreign entrepreneurs that there are globally minded organizations helping startups like theirs get equal access to funding. That means having VC firms that spotlight international entrepreneurship and foster global expert networks.

As investors, we can maximize the impact of our exits in the industry by highlighting the foreign origins of our founders in a big way when it comes to promoting the exit, including narrating the challenges and opportunities they encountered on their journey. We can use the victory to drive the point home to our fellow investors that diverse and international entrepreneurship is an undervalued gem. We can personally take the win to boost our brand as one that empowers foreign entrepreneurs in that niche, attracting more to seek funding with us in a positive reinforcement cycle.

2. Wealth effect

The windfall from a big exit puts all previous investors in a privileged position, and it’s unlikely that money will sit around for long. They’ll look to reinvest in other high-potential companies — probably ones that look a lot like the one that was just sold.

But in addition to those investors multiplying the positive impact in their own portfolio, they will rally other investors to behave in a similar way.

Each exit — good or bad — sets a precedent for that niche and that type of company. Other investors will follow suit if they sense that one of their peers is onto a cash cow. Because foreign and ethnic minority founders are still underrepresented in startup funding, it makes this field less competitive while harboring huge potential. VCs who have an eye out for unique opportunities will spot when an investor has made a hefty profit from an unconventional startup, especially if they continue to invest in others in that same field.

To help this along, angels and VCs who’ve been behind a recent exit and are reinvesting in similar founders should publicize those knock-on investments, explaining how their previous success motivated them to support similar ventures. They can also be vocal within their network about their decision to raise up certain entrepreneurs because they’ve seen it works.

Returnly’s founder recently offered to put some of his earnings back into our fund, enabling more foreign entrepreneurs like himself to access capital. If as investors we foster meaningful relationships with our funders and truly care about empowering diverse entrepreneurs, we’ll see more of that wealth circle back into our mission.

3. Team effect

The PayPal Mafia is a set of former PayPal executives and employees — such as Elon Musk, a South African, and Peter Thiel, a German American — who have gone on to seriously disrupt not one but multiple industries across tech. Among the companies they’ve founded are YouTube, LinkedIn, Yelp and Tesla, and they’ve even been named U.S. ambassadors. That’s just one company. Imagine what other diverse and driven teams can do with the influx of cash and inspiration that comes with a big exit. There will be a ripple effect of team members eager to start out on their own who feel empowered by the success of someone who believed in them.

Their ventures will be more likely to “pass it on” when it comes to giving equal opportunities to people regardless of origin and will generate more jobs for people with their mission. Take Thiel, who has to date backed over 40 companies in Europe alone.

As VCs, we can capitalize on this team effect by keeping our eye on any spinoff ventures that arise and supporting them when possible (with experience and contacts, if not with capital). But beyond this, you can also consider encouraging these people to join the investment sphere, maybe even within your firm. Many successful startup founders and executives go on to become investors — the PayPal Mafia has contributed to some of the most notorious funds out there today. The origin story of these former team members will make them more prone to supporting underrepresented founders they can get behind. In turn, new entrepreneurs will draw more value from their personal experiences.

4. Reputation effect

Although Returnly is headquartered in San Francisco, its founder is Spanish and many of its employees were based in Spain.

That means that the impact of Returnly’s exit will be felt on the other side of the Atlantic as well as among co-nationals in the United States. The same is true of other notable sales, like AlienVault, which was founded in Spain and had multiple offices there. AlienVault was acquired by U.S. telecommunications giant AT&T for $900 million. Or IPOs — earlier this month, the Spanish-origin payments company Flywire filed for an IPO that could value the company at $3 billion. One startup’s success boosts the reputation of its entire team, and with it other founders and talent with their same country of origin, background, education and drive.

It follows that investors and other stakeholders will be more inclined to back opportunities among founders from the same home country if it says something about the mission, expertise and culture they bring to their startup.

At the same time, growing startups will be more interested in hiring the talent of evidently successful teams. That doesn’t just mean hiring more foreign experts in the United States, but seeking to outsource farther afield. We’re already becoming far more comfortable with remote teams, and it’s more capital-efficient for one half of the team to be working while the other half sleeps. But founders will always gravitate more to countries where local talent and innovation is already seen to be thriving. Open up that conversation with your portfolio companies.

VCs have the power to change an industry forever, to connect startup ecosystems across continents and to see startups expand worldwide. But this is about staying relevant as an investor as much as it’s about ensuring this next stage in the startup world is a positive one.

Investors who don’t recognize that the future of startups is global and diverse in nature won’t be in sync with the best opportunities — and won’t be selected by the best founders. Rather than trying to play catchup, help build that ecosystem.