by Heath Muchena

Q&A: South Africa’s Thumbzup leverages cloud for secure mobile payments

Aug 16, 2020
Cloud ComputingFinancial Services IndustrySecurity

CTO Craven Buitendach highlights how Thumbzup combines in-house developed code with Azure services and in-demand security standards to come up with payment applications for retailers.

Conceptual abstract of digital transactions / online banking / open banking / FinTech
Credit: ipopba / Getty Images

Craven Buitendach is a technology leader experienced in the delivery of applications for the payments, retail, cellular, fuel and healthcare industries. Currently he is CTO of Thumbzup, a payment platform that provides retailers with mobile payment applications. In this Q&A, Buitendach discusses how his company implements cloud and cybersecurity technology for their services, and how IT leaders in Africa can deploy emerging tech.

What have been the main IT achievements of your organisation locally in the past year? Can you give us some insight into your technology stack?

craven buitendach Thumbszup

Craven Buitendach is CTO of payments system provider Thumbzup.

It has been an exciting and busy year for us.  We are the only payment terminal manufacturer in South Africa, if not Africa—manufacturing our payment terminals from the ground up in Centurion.

We have launched the first “card present” financial switch [for in-person transactions] on Microsoft Azure in South Africa with the required PCI-DSS and PCI-PIN certifications. Our solution also received the coveted PCI-P2PE [payment card security] certification, which adds a significant saving to our customers’ compliance bills.

On the payment terminal front, we have in conjunction with our partners Absa Bank, Sunmi and Tactile Technologies, integrated and EMVco-Level-3-certified an exciting range of new Android-driven devices.

We approach our stack with a security-first mindset where we can enable Azure’s IaaS and PaaS capabilities to complement our solutions built on a low-level native approach of C, C++ and Java.

Do you have systems that you build or custom-develop in-house? What’s your approach to client and/or vendor management?

Our company has innovation in its name, and our culture projects it. When it makes sense, we build our own solutions as we did with our financial switch and terminal management system.

How do you ensure that your developers have the tools and skills to keep up with market demands?

 What makes it easy for us is that we are required, as part of our compliance audits, to have a well-defined training programme in place for our dev teams. In addition, I believe that one of the most useful things you can do as a leader is to make time for the individuals within the team. Having a relationship where you can understand and support career growth plans, or talking about the latest technology fad lends itself to a well equipped and motivated team.

Which emerging technology do you think holds the most promise once it matures?

 VR/MR/AR; it is underrated technology but is growing exponentially. The new normal of limited physical interaction and working remote is accelerating development in reality-altering technologies.

What tangible benefits (both business and IT) does your organisation associate with cloud-based infrastructure? Are these metrics quantifiable in terms of both customer experience as well as IT efficiency?

Off the bat, my biggest draw to cloud-based infrastructure is threefold: the reduction in support requirements, the significant upfront purchases of depreciating assets and the instantaneous access to the same technology as the largest organisations in the world.

In terms of it being quantifiable, it shouldn’t be measured as a 1-to-1 comparison with on-premise or hybrid since the solution set differs. At the end of the day, it comes down to the why? What is my offering or service, and what opportunity or efficiency do I create going down any of these paths?

 Who have you chosen as your preferred cloud provider. Why? Also, what would be your top tips to consider when evaluating a solution provider?

Being a financial services provider, we process all our transactions on soil in South Africa. When Microsoft announced that their South Africa West and North zones are active, the timing was coincidental with our own business strategy pivot. We approached the team at First Distribution which in turn connected us with Microsoft, from there we have and still receive fantastic support from both companies.

And that would be my top tip; if you are considering moving to a cloud provider be it Azure, AWS or GCP – it is like a marriage, make sure you and your team are comfortable with the relationship.

 What is your top cybersecurity best practice tip?

 You can probably write quite a few articles just on this topic, but for me, it is: Think.

Think about what information you are telegraphing, think about the links you click or the emails you open. Think about the feature you are adding and the attack surface it could introduce.

 What’s your advice to IT leaders trying to implement advanced technologies in developing and emerging market based companies, particularly in Africa?

I don’t believe that Africa as a location is a con. I see it as a pro. The approach of problem-solving we have as Africans is not only unique but incredibly inspiring. Continue to be different and exceed the expectation.

What are your top 3 ongoing priorities as CTO in your organisation?

COVID has ushered in an unprecedented time within the IT fraternity, with a myriad of organisations forced to speed up their digitalisation journeys while securely allowing their workforces to still be productive. My priorities have shifted, and I adopted the guidance given to pilots flying a plane in an emergency: Aviate, Navigate, Communicate.

Aviating: Ensuring the safety of our customers and solving their immediate business challenges to maintain continuity. Also renegotiating agreements and making sure I’m light and agile as possible. 

Navigating: The team and our customers need to be on board with where we are, where we are going and how we are going to get there. Having a clear and achievable, roadmap in place helps.

Communicating: We have never been as physically disconnected as we are now. Ensuring that the team has the capability to not only continue with business as usual in a secure manner while providing constant feedback on how to improve our services to customers.

What is your top tip for leading remote workforces?

Trust. As leaders, if we cannot trust our equipped team to deliver when they are remote, it’s a sign of a hiring or leadership problem.