Uphold: Facilitating a Future of Financial Inclusion

Uphold: Facilitating a Future of Financial Inclusion

Christopher Adjei-Ampofo, CIO & CISO at Uphold, Details how the Firm is Keeping Customers Safe While Offering an ‘Anything-to-Anything’ Trading Experience

Launched in 2015, Uphold offers financial services to the global market and has grown to become a world-renowned force, serving 140 countries and offering more than 280  assets on its Web 3 platform.

It would not be an exaggeration to say Uphold is one of the very first to offer a true ‘anything-to-anything’ trading experience, enabling customers to trade directly between asset classes and facilitating a future of financial inclusion. 

Ultimately, the firm is providing the infrastructure – licensing, control framework and information security compliance – for anybody building on a blockchain to access the wide range of digital assets being made available.

But in an increasingly saturated market, what exactly makes Uphold unique and able to stay ahead of the competition?

“We have a high-frequency trading engine that sits on top of the connectivity that we have with the 30 underlying exchanges we operate with,” explains Christopher Adjei-Ampofo, who works in a dual role as CIO and CISO at Uphold.

“This allows us to poll the market for the best prices, and institutional customers can move their positions in and out of the market with minimal price slippage. And, because we’re able to source from the cheapest venues, we can offer that to our customers and give them the best price on the retail side.”

Uphold: Meeting its customers’ needs

Like all competently-run organisations, Uphold can boast a portfolio of key aims, strategies and capabilities stretching right across the business. 

On the retail side of the operation, the priority is to provide a crypto-enable bank account that anticipates the wants and needs of Gen Z and alike, such as the transfer of ownership of assets using NFTs, or instant access to decentralised apps (DApps) on the blockchain, offering yields and borrowing capabilities. 

Uphold’s enterprise app, meanwhile, allows companies building on blockchains to plug into its bank connectivity, thus enabling them to move fiat currency. Customers are given instant ability to buy crypto assets using a credit or debit card, as well as take part in projects on the blockchain in a non-custodial manner.

“What we also have is our vault non-custodial product,” Adjei-Ampofo continues, “which offers the best of both worlds. 

“So, you can have your non-custodial, but, in the event of you losing your private keys, we can help you restore that in a safe way without compromising any security concerns.”

What’s more, Uphold’s institutional app is allowing the very largest of institutions to purchase significant quantities of crypto assets, Bitcoin or Ethereum, without impacting the market price. 

Adjei-Ampofo adds: “We do that by distributing the order across 30 different fs, providing the best-possible price.”

Also of note is Uphold’s white label service, giving traditional banks or fintechs the means to use its crypto services without having to worry about using its wallet or KYC requirements, instead plugging in their own interface. 

Staying ahead of cyber challenges

Keeping abreast of the cybersecurity landscape is, comfortably, one of the biggest challenges facing Adjei-Ampofo in his role as CISO. 

The rapid, and some may say astonishing, rise of generative AI over the past year or so has only served to exacerbate the situation, leaving leadership teams facing an uphill struggle to stay at least one step ahead of cyber criminals and modern-day threats.

“We've already seen forces using AI and deepfake to fight against us, to try and compromise our systems – and the technology can only get better,” says Adjei-Ampofo. 

“Making sure we’re prepared and getting better at protecting ourselves is what’s keeping me awake at night.”

Ultimately, social engineering – which Gen AI is contributing to and, in many cases, enhancing – perhaps remains the biggest cyber threat facing Uphold.

The business and its experts can work round the clock to protect customers within its ecosystem but, ultimately, the prospect of account takeover (ATO) can never be fully eradicated. 

“Once malicious forces socially engineer our customers and they become very trustworthy, our customers may hand over the keys to their accounts – in other words, account takeover,” outlines Adjei-Ampofo.

“There is this term ‘pig butchering’, where cyber criminals are constantly feeding the customer information to build that trust to the point where they hand over those assets.

“It’s very difficult to monitor, but we’ve done a good job to bring it down with the tools we have. So, when you log into our platform we know where you’re coming from and who you are from slight changes in the way our system is being used.”

Then there is the prospect of managing insider threats. 

Adjei-Ampofo goes on to explain that Uphold’s front door is “pretty much secure” from a security perspective, without ever being able to truly guarantee 100% security. 

The people with the “golden keys” in this scenario are Uphold’s own employees, which presents the firm’s cyber experts with a delicate balancing act. 

Adjei-Ampofo adds: “The balance of making sure you allow employees to freely operate and do their jobs, while protecting the company, is a challenge, because one careless mistake could really have detrimental effects and compromise all your front-door controls.”

Increasing cybersecurity awareness

Adjei-Ampofo and his team spent much of last year focused on protecting Uphold’s external perimeter, before shifting their attention to these aforementioned insider threats. 

It is paramount, from their perspective, to ensure cybersecurity awareness stays top of mind for every member of the workforce, regardless of their department.

The CISO considers this to be an ongoing campaign and believes it is beginning to bear fruit. 

“Now, when they receive that fake email, immediately they question it,” says Adjei-Ampofo, with discernible pride in his voice. “That's as a result of a really robust security awareness training programme.

“We’ll give you training that’s relevant and make it fun, rather than just seeming like noise. It’s not a case of security being burdensome, but instead part of your daily routine. And that’s the message that resonates across the whole company.”

When it comes to measuring progress in this space, the numbers cited by Adjei-Ampofo do most of the talking. 

Prior to the recent period of dedicated cybersecurity education, Uphold was dealing with more than 30 cases of employees clicking on malicious links. Now, that figure has been reduced to just a handful. 

“One person can still cause problems,” highlights Adjei-Ampofo. “So, although you might have protections in place, education should be top of mind.”

Addressing the skills shortage

The digital skills gap has been well documented over the past couple of years, with companies big and small clamouring for talent and bemoaning their inability to fill crucial positions. 

Uphold is among those to fall victim to this crisis – which is far from an exaggeration because, to many organisations, not having the people required to function effectively does indeed represent a crisis.

Shedding light on these struggles, Adjei-Ampofo says: “We’ve been trying to find people in various specific roles for quite a while. 

“A good example: we found someone, gave them an offer and, five days before they were supposed to start, they got poached by a competitor. It’s something we see all the time.”

As a consequence, Uphold approaches recruitment differently, emphasising its core values, long-term strategy and the prospect of becoming part of a family. 

“That goes a long way because, when you need us or have personal issues, we're there to support you,” adds Adjei-Ampofo.

“This has been our focus and it’s starting to work.”

Partnerships critical to success

No high-performing company – regardless of its capabilities – can function to its full potential without forming fruitful partnerships. 

The success of a fast growing company is only possible with a strong ecosystem of critical partners to deliver core services, protect customers, and support growth.

CloudZone is Uphold’s authorised AWS partner providing outsourced managed services to complement Uphold’s internal infrastructure team responsible for the infrastructure environment hosting critical assets and services. 

CloudZone also provides FinOps services continuously identifying areas of potential savings by highlighting incorrectly configured resources, unused assets and eliminating wastefulness. 

“Regular checkin’s with CloudZone ensures we stay abreast of technological changes, and it’s great how they've integrated themselves into the fabric of the company,” Adjei-Ampofo explains. “They've become an extension of our infrastructure team.”

Uphold’s collaboration with Plaid, an ACH banking rails provider, allows US customers to seamlessly deposit money via ACH to buy crypto assets. 

Uphold implemented Signal, an ACH risk assessment and scoring service to reduce first-party ACH fraud, where customers would abuse the consumer protections offered by the ACH framework to commit first-party fraud also known as buyer’s remorse, claim chargeback and deny authorisation of the transfer of money to purchase the crypto assets. 

Signal has been instrumental in the reduction of ACH fraud by providing a detailed analysis of customers financial profile to allow us to confidently manage risk, improve transaction success, and reduce fraud

It would be remiss of Adjei-Ampofo not to mention Sift Science, a Machine Learning (ML) fraud detection and prevention tool which sits at Uphold’s front door of the online platform and helps the firm to protect customers from Account Take Over (ATO) and payment protection. 

He continues: “Using a whole raft of attributes about the customer's transaction and  behavioural analytics,  we're able to determine if the transaction is legitimate or suspicious and take action immediately.

“That’s been transformational in the way we manage fraud, and protect our customers and assets.”

Finally, there’s EDB, Uphold’s critical database provider of critical high availability database service and 24x7x365 remote DBA support. 

“The services offered by EDB removes the burdensome tasks of continuous critical patch and capacity management,  ensuring our resources can scale as the business grows, protecting our critical assets  from vulnerabilities and threats, and the comfort of knowing we have experienced DBA’s readily available.” Adjei-Ampofo concludes. “They’re another great partner within our ecosystem supporting our growth and services we provide.”

Make sure you check out the latest edition of FinTech Magazine and also sign up to our global conference series - FinTech LIVE 2024


FinTech Magazine is a BizClik brand ​​​​​​​

Our Partners