“Our former CEO was a hobbyist boxer,” recalls Trevor Cushen, head of Security, IT Risk, and Governance at BPAY Group. “He used the analogy that you could train your heart out and think you’re a great boxer, then get knocked out in the first round. You’ll realize you aren’t as good as you thought, but at least you know what your problems are—we’ve adopted a similar mindset with our cybersecurity.”
That uncompromising approach has served the company well. Based in Sydney, Australia, BPAY Group has been one of the leading payment scheme providers in the country for nearly three decades. It works with over 45,000 businesses, including the majority of telecommunications providers, utilities providers, and credit card agencies. Previously owned jointly by Australia’s top four banks, and recently consolidated with Eftpos and NPPA to form Australian Payments Plus, it provides unified bill payments, bill tracking, payment scheduling, and electronic transfers.
“Outside of Australia, BPAY is often confused for solutions like PayPal,” Cushen explains. “We’re a scheme around paying infrastructure, more of a backend than a frontend."
“What that means is that you can go onto our website, search up the Biller Code for any company that’s a registered member, then set up billing,” he continues. “The company will automatically generate a Customer Reference Number which you can transmit to your bank alongside the Biller Code and payment amount. The bank then sends those details to our system, which processes electronic data files between financial institutions.”
Because it works with so many different organizations in so many different sectors, BPAY is one of Australia’s most recognized brands. People see it as a company that they can trust with their hard-earned dollars—and their data. That trust is something Cushen and his colleagues take extremely seriously.
“Even though most of the data we store isn’t personally identifiable or financially sensitive, all of our storage systems are fully compliant with PCI-DSS and ISO-27001-2013,” says Cushen. “We encourage companies to get independent external assessments, and also dig deep with our own assessments to find out what we could do better. We never simply assume we’re doing things right—we want to verify that we are.”
It was this mindset that led BPAY Group to replace its signature-based endpoint protection software with BlackBerry’s AI-driven CylancePROTECT® solution. The legacy system it replaced had required BPAY Group to constantly connect to the internet to download new definitions to each endpoint, yet it still lacked protection against emerging and zero-day threats. This represented a significant security loophole, while the daily definition downloads significantly impacted system performance.
With a light footprint and no need for an internet connection to provide superior protection against new and emerging threats, CylancePROTECT proved to be precisely what BPAY was looking for—so much so that after deployment, the company also chose to install the CylanceOPTICS® endpoint detection and response solution on its new fleet of laptops.
“The tools combined have been fantastic, and we’ve even got a few people using the home edition of CylancePROTECT because they enjoyed it so much on their work devices,” Cushen says. “I’m one of them. I got the bundle of ten licenses to push out to my kids, my parents, and my brother and sister, none of whom are tech savvy—it keeps them safe and gives us all the comfort of not having to worry about security.”
BPAY Group is also evaluating a possible deployment of CylancePERSONA™ for seamless, AI-driven authentication and policy management.
“We’re working with BlackBerry to get the full suite of Cylance products into our environment,” Cushen concludes. “We’re very confident about the level of visibility, security, and control their solutions provide.”
Read the full case study.