Float launches Trust Centre for security and compliance

What does banking-grade security actually mean? We asked Craig Lusher, Product Principal at Continent 8 Technologies. In this conversation, Craig breaks down how security assessments work, why they matter in iGaming, and what Alea's partnership with Continent 8 delivers for operators: infrastructure you can trust, built to handle scale without exposing risk. As Craig points out, when our systems are strong, our partners, and the industry as a whole, thrive. Because security done right means one less thing to worry about as you grow. Watch the full interview below:

Cybersecurity maturity is more than just ticking boxes. ✅    Our Product Principal Craig Lusher features in this Alea video, unpacking what it takes to build a truly resilient iGaming platform. From vulnerability assessments to full-spectrum audits, Craig shares how our partnership has evolved to help Alea proactively identify risks, validate their security posture, and strengthen trust with operators, suppliers and players alike. 🔎 Watch below! ⬇️ #Cybersecurity #iGaming #Continent8 #C8Secure #CyberResilience #TechLeadership #CyberAwarenessMonth 

In the recent FundFire article, "SEC Gets Ready to Scrutinize Compliance with Data Protection Rule", the SEC’s renewed focus on Regulation S-P was front and center, with an emphasis on stricter breach notification requirements and oversight of third-party vendors. Lori Weston, Head of Compliance, shared her perspective on the challenge of vendor accountability: “While firms can amend their contracts to include the new reporting timelines, a main concern among firms is how they can ensure that their service providers are aware of the obligation to notify them within 72 hours... The SEC suggested obtaining certifications from service providers, but this may be viewed as insufficient assurance.” Read the article in full in FundFire: https://lnkd.in/e9n-bQVi

🔐 Trust starts with knowledge. In a world where processes are accelerating and decisions are multiplying, security should never take a back seat. A falsified bank account detail. A modified supporting document. An altered contract…These are real risks. 1 in 5 European employees has already encountered a fraudulent digital document. [Ipsos x Yousign Study, 2025] At Yousign, we believe that fluidity should never come at the expense of reliability. Yousign Verify already helps many companies verify — in just a few seconds — an IBAN, an ID, or a business, directly at the source, with no manual document checks required. 💡 A simple way to secure your critical workflows… without slowing down your business. To learn more, visit our website: https://lnkd.in/eYMX8vET

CUEC’s deserve more attention. Most vendor oversight conversations focus on SOC reports, service levels, or breach histories. But one area that consistently surprises institutions during exams? Complementary User Entity Controls (CUECs). Vendors outline them, but they’re not responsible for implementing them—you are. Security leaders at banks or credit unions who treat CUECs as an afterthought often discover the oversight gap only when it shows up in an examiner’s findings. The reality is simple: strong vendor governance isn’t just about reviewing what your providers do—it’s about proving what you do to support their controls. Documenting and operationalizing CUECs is one of the clearest signals of diligence you can send to regulators. Discover how our AI-powered vendor reviews verify control implementation—so you don’t waste time duplicating the work. Try it for free https://hubs.ly/Q03LmXG30

Which PCI DSS path is right for you — ROC or SAQ? 🤔 Most fintech teams waste weeks (and $$$) doing the wrong type of audit. In this quick guide, I break down the difference between ROC (full audit) and SAQ (self-assessment) - and show how choosing the right one can cut your scope from 300+ controls to just 20–40. 🧩 Simple, visual, and easy to follow — perfect if you’re preparing for PCI DSS v4.0.1 👉 Swipe through the carousel to see which SAQ type fits your setup. 💬 Not sure which one applies? DM me — I’ll help map your PCI path in 15 minutes.

Put together a simple guide to SOC2 - after a lot of discussion about automation at the PCI community meeting, the overlap with the SOC2 Trust Principles and where to begin. I've seen a lot of organisations taken either framework first and then add the other. Whilst PCI is a great door opener into the payments space, SOC2 overlays quite nicely for a lot of other regulated markets and can really help capitalise on the investment made in a lot of technical security controls. https://lnkd.in/e2wiivZQ Still find it interesting that personally I came full circle, I remember using the Trust Principles with the Webtrust for CAs in the early part of my career certifying SSL/TLS Certificate Authorities around the world. Now they're almost the de-facto expectation in a lot of regulated markets.

📊 Is Your Financial System Ready for PCI DSS Compliance? For finance professionals, safeguarding payment data isn’t optional, it’s a necessity. Failure to comply with PCI DSS requirements can expose your organization to costly breaches and lost trust. Our newest article explores how to design and implement cash handling software that meets PCI DSS standards. Discover practical steps to enhance security, streamline processes, and protect sensitive data across all operations. 👉 Check out the full article in the first comment.

Protecting Financial Data with DevSecOps Precision In finance, trust is everything — and security breaches can destroy it in seconds. At LegitBytes, we embed DevSecOps and CloudSecOps practices to ensure every transaction, API, and system runs on a secure, compliant foundation. Our financial security frameworks align with SOC 2, PCI-DSS, and ISO 27001 standards, giving institutions the confidence to innovate safely. Build faster. Stay compliant. Protect every byte. #FinTech #DevSecOps #FinancialSecurity #Compliance #LegitBytes

Most fintechs think they’re “almost compliant” with PCI DSS 4.0.1. Spoiler: they’re not - until the audit starts. PCI DSS 4.0.1 isn’t just an update - it’s a paradigm shift. In this quick carousel, I unpack 8 hidden risks that quietly derail even experienced teams. You’ll see what most miss - and how to fix it before your next QSA review. If PCI compliance feels like a maze - this one’s your map. 👇 Swipe through and check where your weak spots might be.