PayPal — soon to be spinning off from parent company eBay — today confirmed its latest acquisition and move to build out its payment technology as a standalone business, and provide better protection in the growing problem of security breaches in e-commerce. It is buying CyActive, a specialist in predictive malware detection based out of Israel. And it will use the company’s operations to kickstart a larger security hub in the country, including potentially more acquisitions.
Terms of the CyActive deal are not being reported but local press reports last week leaked out and put the price at $60 million. Specifically, PayPal’s CTO and SVP of payment services James Barrese told TechCrunch that price was “speculative.”
The security center meanwhile will tap into the country’s bigger pool of online security expertise, PayPal’s existing operations in the country and other potential acquisitions.
“The creation of the security center is an extension of the capabilities we have already developed through the success of our Fraud and Risk Detection Center in Tel Aviv, Barrese writes in a blog post.
In an interview with TechCrunch he also pointed to more possible deals in the pipeline. “We’ll continue to make significant investments,” he said.
Barrese added the acquisition is more “about improving PayPal’s security capabilities” and not PayPal’s spinoff from eBay, but it’s notable that this happens to be the second acquisition in a week for the company, after last week acquiring mobile wallet company Paydiant — the tech provider behind merchant collective CurrentC — in a deal worth nearly $300 million.
Barrese also would not comment on what will happen with CyActive’s existing business or how it will be integrated with PayPal’s existing operations. It sounds in any case like CyActive had not developed much in terms of commercial products. “They’re still early in the product lifecycle,” he said.
It’s interesting to consider how PayPal may use the assets. On one hand, CyActive’s technology would prove useful for PayPal’s wider network protection, but there is also a case to be made for PayPal potentially developing aspects of it as a product for its online sales customers, selling online security protection as a service alongside payment processing and other merchant services.
“Paypal has always had security for customers, and this is about improving those capabilities,” Barrese told TechCrunch.
As with many other security specialists in Israel, CyActive’s co-founders Liran Tancman (CEO) and Shlomi Boutnaru (CTO) have roots in Israel’s military intelligence.
CyActive’s specific area of expertise is in predicting malware before it hits a network, and then helping businesses better prepare for it, with the premise being that malware behaves like a virus: it mutates as it spreads. CyActive describes the current market as being focused too much on reactive online security, while its technology is a more proactive antidote:
“The current cyber security paradigm is a reactive cycle: if and when a threat is exposed, it is analyzed and a counter-solution is designed,” CyActive writes. “Response times vary from weeks to years. Even if a solution is made available, attackers can easily modify the original code, evade the updated security measures, and once again a new threat is born.”
A recent report from FireEye noted that e-commerce and retail businesses had the most security breaches in 2014, with the growth of making transactions online, and storing data in cloud-based services, a magnet to malicious hackers who “follow the money.”
For a company like PayPal, it’s important to continue investing in security technology not only to prevent these kinds of attacks, but also to demonstrate to its current and potential customers (and investors) that it is taking the issue seriously in a proactive way.
It also seems like a timely announcement, coming in the wake of allegations that Apple Pay — a rival system to PayPal’s from the iPhone maker — is susceptible to fraud.