Robin de Vries
So Jordan Lawrence, welcome to All Things Cyber.
Robin de Vries
So maybe for our guests and our viewers, a little introduction of yourself.
Jordan Lawrence
I'm currently Chief Executive Officer of Damisa. We do B2B cross-border payments using stablecoin infrastructure. I've been in the FinTech space for almost 20 years.
Robin de Vries
Yeah, thanks. And how have you seen the payment industry evolving? Going against all beasts and dinosaurs into fast-moving cross-border payments.
Jordan Lawrence
I think the whole payment industry has changed. When someone says I've been in payments for 20 years, it doesn't really mean anything, because last year was different, right? So yeah, I think the whole thing has changed massively. I think it's going to change even more as everything shifts to stablecoin infrastructure, from what I can see at the moment. A few regulatory headwinds blowing at the moment, where some of the legacy players, let's say, got the upper hand at the moment. But yeah, it seems like momentum is shifting towards the stablecoin space.
Robin de Vries
Do you see that those organizations are resilient and able to make that shift too?
Jordan Lawrence
I think there is a big battle internally from these enormous businesses that have had the run of everything so long. Now they have to make a change into some new technology. It's like moving a slow-moving oil tanker basically. So some of the large businesses, the large old-school banks, are really struggling, I think, which moves us on to the cybersecurity part, right? Obviously you'll see you're making an enormous impact on, as some of these legacy infrastructure businesses don't really know who they plugged in, don't know what endpoints they have. And I think it's a big, from your point of view, I think it's an enormous opportunity to help on the cyber side.
Robin de Vries
Yeah, so what we see is that all those banks, they are even with old systems somewhere, hidden in the basement, still connected to new infrastructure. To understand that whole ecosystem, to whom they are connected, and also with regulatory pressure, is enormous. It's interesting, if you build this fresh from the start,
Robin de Vries
I can assume it's a big advantage for you and Damisa to get into new markets with completely new infrastructure and without any legacy.
Jordan Lawrence
Yeah, I think regulation is a legacy, right? And this is what we're seeing at the moment. So unifying the old regulation as it pertains to the fiat currencies to now the new legislation as it goes into stablecoins, somehow you need to unify them, right? Otherwise, what we see at the moment is capital controls in Africa, for example, have been completely bypassed by stablecoins. Brazil has just changed its regulations because people were avoiding IOF tax by sending stablecoins out of the country instead of fiat. So all this is changing really fast, which is great because of the unification of old fiat rails, regulation onto the new stablecoin infrastructure, it makes sense because then everyone will adopt it, it's regulated, and everyone uses it properly, basically.
Robin de Vries
Who are the heavy users of stablecoins at the moment? And do you see this growing also to consumers?
Jordan Lawrence
Absolutely. So I spend a lot of time in Africa. I'm off to Africa again on Monday.
And you see there, stablecoins are a lifeline because the currency fluctuates so much against, let's say, the G3 currencies and they need to do import-export into those African countries. Nobody really wants to hold the domestic currency. It fluctuates too much. So everybody's holding, businesses are holding mostly USDT, the Tether stablecoin backed to the US dollar. And actually, when I was in Nigeria last time, I paid for three or four different things using Tether, using USDT. So everybody's really into them at the moment.
So I think it depends which market you're in. But you see consumers are really using stablecoins already, not to mention agentic e-commerce, which is just coming round the corner. Everybody's talking about it. It's the new thing.
What is this? Agentic e-commerce. So basically, you're an agent which goes online and does your shopping for you. It knows what you want. It has your data. It has your bank account or your credit card. In this case, it should be what I think makes to a stablecoin with the speed and the smart contracts and the rest of it. And it's basically making buying decisions for you.
Robin de Vries
But is there any consumer protection or else? Do you see a platform like OpenClaw, people giving their credit cards, they actually have no control of what's happening?
In the end, there will be governments wanting control of that transaction.
Jordan Lawrence
Damisa has actually built for the B2B space an escrow service on the stablecoin infrastructure. So basically, somebody, let's say, the buyer puts the money into an escrow account. You can't really call it escrow because you need a different license for that. But it is an escrow service. Basically, we hold the funds on behalf of the buyer. The seller sends the goods.
The buyer says, "Yes, I've got everything I need. Thanks very much." And then the money is released with a bit of yield. Now, I can see that happening the same for a consumer situation with agentic e-commerce. So the agent basically buys the goods. The stablecoin goes into a sort of escrow account. The goods get delivered, get ticked off, and then you've got 24 hours to tick off the goods, for example. And then the money gets released to the merchant.
Robin de Vries
If you look to current, let's say, the old fiat platforms, it takes days to move money from Africa to the US, and with stablecoins it's seconds.
How important is it to follow, you know, there's a whole supply chain for payments and also making connections to cybersecurity?
Jordan Lawrence
I think it's a bit of a myth that payment gets settled in seconds. And I was on The Payments Shed podcast a couple of weeks ago, where we talked about the same thing, because many people think, OK, you make a payment with stablecoin, you're going to get your money instantly. Not really the case, right? I think the settlement finality of when the money comes into your stablecoin account in stablecoins, that is it.
But obviously, getting it out of that stablecoin environment into fiat rails, there can be compliance hurdles. There can be bank checks for all the rest of it, which can take time. So it's definitely a lot faster. And either the money is sitting in a stablecoin account, let's say the Damisa environment, or it's sitting in your bank account. There can be no—it can't be anywhere else, not like before, where you send a SWIFT payment out of Africa and it goes through four different correspondent banks. Money goes missing for up to three months, right, which happened to me before. So that is true. That can be a lot faster.
When it comes to cybersecurity, again, I think the old fiat rails had issues because the correspondent banks, you don't know who's plugged into those. There could be three or four of them involved in the transaction. You don't know who's plugged into the bank where the money is going. You don't know who’s plugged into the bank where the money’s come from. So I think that was a lot more intense, let's say, from a cybersecurity perspective. Now you've got different problems because the stablecoins are sitting in, let's say, a third party wallet, a non-custodial wallet, or a custodial wallet.
Robin de Vries
So we see that with stablecoins, the new technologies, everything is linked to each other.
What we see is that we can help companies really track those connections and make sure that they’re visible, that it's transparent to really explore the whole supply chain and to make this visible. I think visibility is a key driver of everything when we want to connect and make it as convenient as possible.
Jordan Lawrence
Exactly. So I know some of the customers you've got probably can't mention them given the nature of the business, but there's some of the very, very large ones. When we discussed it before, I think the main opportunity for ThingsRecon in the FinTech space is some of these legacy businesses that have been around for a very long time.
In their sort of speed of growth, they plugged in so many different partners, so many different endpoints, let's say. They've forgotten who's they plugged in, let alone maybe they're not using them. And every single one of those endpoints, of course, is a threat to the business.
Robin de Vries
Now, 64% of the breaches in FinTech are through third parties. And even this week, there was Fiserv from the US. They had a breach, old technology, and so connected. And it already takes three, four days for them to investigate what the source of that breach is. And 40,000 employees of big company in your space and to track that breach is going to be a lot of work for them. And then you have the whole knock on effect, what happens if they get breached and your whole digital ecosystem is impacted by that?
Jordan Lawrence
I mean, obviously they'll recover, thanks to people like you, right? But I imagine the stock took a bit of a hit. The same thing happened to Equifax a few years ago. I think you bring up a good point because Fiserv is one of those businesses in the FinTech space that have been on a buying spree over the years. You have Shift 4, buying your old stuff at the moment. Fiserv, to borrow a lot of things. Obviously, global payments just bought Worldpay.
Global payments is another classic example. It's a business that's been around for a long time. They're buying a lot of things. Of course, they know what they're buying from a due diligence perspective, but they don't know what they're buying from a cybersecurity perspective. Never, right? And that's probably what's happening there. They buy a company. It's a risk from a cyber perspective, and someone gets in through the back door.
Robin de Vries
Yeah, it's third parties who you contract mostly for convenience. And because you want to grow your business, you want to make it more scalable.
But the due diligence done on those companies is often very, very shallow. They scratch the surface, but to really understand the ecosystem to who that third party is connected to, that's why often they don't spend the time to really understand that. And that's also what you see currently in the Iranian conflict, for example. People suddenly start to realize that they can't host in a single data center. An Amazon data center was hit in this conflict in the UAE. And suddenly you see that whole supply chain effect of being only in one data center. And they need to spread their wings and understand what is also the fourth party for example.
And it will slow down your business if you don't understand that.
Jordan Lawrence
Not many people know much about cybersecurity in the FinTech space. Hence, some of the CISOs I've worked for the past, amazing people, really focused on that cybersecurity space within the FinTech world. But it's not really a common thing that people are talking about on a daily basis.
What makes ThingsRecon super special for the industry in general?
Robin de Vries
What we do in the first stage of an engagement is we help with visibility. Because visibility is a good starting point to understand to who you're connected, how you're connected, not only as the vendors you're working with, but also your customers. KYC, TPRM, is generally a big topic for all the CISOs. So we always start with that visibility layer to help them understand, okay, to who am I connected and where do I have concentration risk?
And then we go to the cybersecurity layer. We look to who you are connected and how you are connected to those third parties. And we're looking to layer deeper to the fourth party if there might be any concentration risk there. And then from cyber, we also go to open source intelligence, because you can't do one point in time every 12 months assessment on a vendor where you're working with on a daily basis. So we really do continuous monitoring of all that whole digital ecosystem.
And all the vendors looking for signals like a breach or like a big layoff or anything which might impact your business, which you need to know now. And the biggest question we get from our customers, many of the C-suite, is when something happens, we always get a phone call or an email, am I impacted by it? And to understand that ecosystem and that visibility is the first layer where the CISOs are, which keep them awake and which is important for them to have the continuous visibility.
Jordan Lawrence
And I know you guys have been involved at sort of governmental level, right? Countries, obviously, you cannot name the countries, but tell us how that works. One thing is a big enterprise business, but the second thing is a country.
Robin de Vries
Yeah, a country is, of course, if you look at your government, there's the critical national infrastructure. Mainly the industry like oil and gas or ports, energy.
So we help organizations within those governments to understand the threat landscape and to understand what might be a knock-on effect. In one of our previous podcasts we spoke about that. There might be a breach on a school or a bank, but if the school can’t pay the energy bills, especially in a warm climate, they can't operate. So it's a direct impact on our society. So if you look, for example, to those CNIs and the role they have on society, the impact on societies is often much larger than people expect.
They're little economies by themselves. The Jaguar Land Rover breach last year was not about Jaguar Land Rover. That was especially around that whole knock-on effect that there were so many suppliers relying on that little economy around Jaguar Land Rover. So the impact is much bigger than a silo, it is really our society.
Jordan Lawrence
Of course, yeah, wow. And where is ThingsRecon going? Obviously you guys have been around for a while. There's the big contracts. Where's the future of your business? And I guess the industry itself, cybersecurity.
Robin de Vries
One of the big topic for us is obviously AI and new models like Mythos, which can’t be released to the public because of the offensive of the hackers, they don't want to get that in the wrong hands. So where we are heading is that we help companies understand their offensive and their defensive attack surface. And our vision is to reshape that whole third-party risk ecosystem and supply chain. And because everything is so connected, we took on the role to help companies really reshape their third-party risk programs to move it not away, but to add not only compliance, but add risk to it because you can have, I always say, you can have insurance and have all the documents, you know, I am compliant, but if they're somewhere, repository open or there's a misconfiguration and client data is leaked...
Jordan Lawrence
What's a repository?
Robin de Vries
It could be a code repository. A code repository like GitLab or GitHub where you host client data or codes for customers or for payments. Something is leaking. It's better to prevent it than afterwards to say that I'm compliant. Compliance helps a lot of companies to give guidance. This compliance doesn't take away the risk.
That's the role we took on to help companies, where they move away from compliance only to compliance and risk.
Jordan Lawrence
Got you. Okay, now I see. And what’s your view, so we talked about the war just a second ago, but obviously one of the key things that happened is suddenly Iran, you know, obviously started blowing the data infrastructure and the data warehouse of OpenAI and things like that that were around the area, let's say.
But from a cybersecurity perspective, right, you have suddenly what is a land-based data center and there can be breaches, physical breaches, there can be breaches of the data as it comes in and out via whatever method.
Robin de Vries
That's also what you see with AI. AI is definitely there, but it’s taken such an important role that Cloudflare, if it's gone, nobody has access to ChatGPT and everybody's panicking and goes out for coffee because we can't work in it anymore.
So the human species have been extremely resilient to a lot of changes and also inventive in certain aspects. Protecting that is a key role for companies who work in the space.
Jordan Lawrence
I would really agree. All right. So further on ThingsRecon, if somebody wants to reach out and get in touch with you and then obviously the sales team, how does one get a hold with you?
Robin de Vries
Of course, through our channels. What we are trying to do as a company, so please feel free to reach out at www.thingsrecon.com. We're building an AI company in cyber, which is super interesting, but the human aspect is still key, especially in human business, being an entrepreneur, working with people together, sitting here in a podcast studio. The human aspect is still a key driver for any business.
For Damisa, where do you see stablecoin? The end of the game, or do you already see new developments after stablecoin?
Jordan Lawrence
I think the industries we're going after and into with Damisa are going to keep us busy for the very long term. These are the B2B payments for the commodities industry, let's say. It's a massive industry which has been really underserved over the years. As people think of business moving sugar around the world, foundational elements of our everyday lives, sugar, coffee, beans, rice. These are huge companies shipping billions of dollars in these commodities around the world every year, still paying for escrow, still paying for bank guarantees and letters of credit and bills of lading, things like this which have been around since the 1800s. So our goal is to get even more into these kind of industries.
PSPs, payment service providers, can use us for stablecoin infrastructure. There's the treasury element of Damisa. Imagine you're a business in Brazil that doesn't want to hold all in railhouse because your actual head office is in the UK or the US. Getting the money from rails back into the mothership, let's say, is super important from treasury perspective so we don't take the risk on the currencies in order to pay everybody else locally.
So these kind of treasury services, any idle cash, like if you get to get them, let's say you are those businesses and normally you're moving money between Latin America and Europe or Latin America and the US and it's taking three or four days to get the money across, that money is just sat there doing nothing. Whereas, again, with stablecoins, it's sitting in a Damisa environment or another wallet generating yield. So it doesn't matter what you say, there's tens of millions of dollars being moved, four days can actually make you a fair bit of yield, which every penny helps in modern business, right? So we're focusing on these things and this is enough to keep us busy the next few years.
Robin de Vries
But for those old companies like Maersk, for example, moving ships in containers around the world, to trust a startup like Damisa or to go with fiat banking... Is there a movement going? How do you secure that Damisa is a platform for them to adopt next to their fiat platform where they're used to have that delay but there's obviously governmental backing?
Jordan Lawrence
Interesting, right? It's a governmental backing and yeah, it's been flaky in some countries around the world, right? To be honest. And the whole banking environment, even the enormous banks like what's happened in Switzerland, you know, banks can just go under.
Stablecoins, especially in USD, so USDT and USDC, are mainly issued by the likes of J.P. Morgan, Blackrock, State Street, Jane Street. These are very large institutional banks, which yeah, at the end of the day, if Blackrock goes down, generally there's a problem all over the world, not just locally, right? So the question comes on a trust. Do you trust Blackrock more than you trust your local bank? And most people actually do, especially if it's around, back somewhere in the world. Aside from that, you know, you don't just trust me and trust Damisa, we're a year and a half old business, to move your tens of millions around the world.
You trust in the licenses, right? So we've gone through the licensing process in Australia to attain the ASIC AFSL license, it's the Australian Financial Services License, comes with a digital currency exchange.
We have a virtual asset service provider license in Poland, which we're upgrading to the crypto asset service provider license in Malta and in Greece. We have a guy from Maersk, at Damisa, one of our product guys, and she's one of the co-founders based in Greece, which is one of the biggest shipping hubs in the world. So I think the trust, you trust the issue of the stablecoin, which again, is one of the biggest institutional banks in the world, and you trust the licenses, and the same licenses which are given to the crypto guys are given to banks as well.
Robin de Vries
So same question to you about that, for our customers who are also moving money around the world, how can they be in touch with Damisa, and how can you help enterprises moving money around the world?
Jordan Lawrence
We will for sure, if you have a big enterprise who needs money moving and you're not using stablecoin infrastructure at the moment, Damisa will be able to ensure your payments are cheaper, faster and more secure than they ever were. We'll be able to generate yield from either funds from a treasury perspective. So in that case, you'll be making money out of your payment provider.
So yeah, we'll definitely be able to help. You can reach out to me, Jordan at Damisa, follow me on LinkedIn or check out the website, damisa.xyz.
Robin de Vries
Thanks, Jordan. I think it was very insightful. Thanks for sharing what Damisa is doing and sharing your view also on cyber. And I hope to have you another time.
Jordan Lawrence
And thanks, thanks, Robin, as well. It's been great, great chatting. Good to learn more about ThingsRecon. And, you know, I think the FinTech industry could really kind of fit through a conversation with you guys.
