Truecaller makes first acquisition to build out payment and financial services in India

Sweden’s Truecaller started out life as a service that screens calls and messages to weed out spammers. In recent times the company has switched its focus to India, its largest market based on users, adding services that include payments to make it more useful. Now Truecaller is putting even more weight behind its India push after it announced its first acquisition, mobile payment service Chillr.

The vision is to go deeper into mobile payments and associated services to turn Truecaller into a utility that goes beyond just handling messages and calls, particularly payments — a space which WhatsApp is preparing to enter in India.

Truecaller doesn’t have WhatsApp -like scale — few companies can match 200 million active users in Indua, but it did recently disclose that it has 100 million daily active users worldwide, while India is its largest country with 150 million registered users.

Truecaller has raised over $90 million from investors to date, according to Crunchbase. TechCrunch reported in 2015 that it was in talks to raise $100 million at a valuation of around $1 billion, but a deal never happened. Truecaller has instead raised capital from Swedish investment firm Zenith. Chillr, which offer payment services between over 50 banks, had raised $7.5 million from the likes of Blume Ventures and Sequoia Capital.

Truecaller isn’t disclosing how much it has paid for the deal, but it said that Chillr’s entire team of 45 people will move over and the Chillr service will be phased out. In addition, Chillr CEO Sony Joy will become vice president of Truecaller Pay, running that India-based payment business which will inherit Chillr’s core features.

“We’ve acquire a company that is known for innovation and leading this space in terms of building a fantastic product,” Truecaller co-founder and CSO Nami Zarringhalam told TechCrunch in an interview.

Zarringhalam said the Truecaller team met with Chillr as part of an effort to reach out to partners to build out an ecosystem of third-party services, but quickly realized there was potential to come together.

“We realized we shared synergies in thought processes for caring for the customer and user experience,” he added, explaining that Joy and his Chillr team will “take over the vision of execution of Truecaller Pay.”

Truecaller added payments in India last year

Joy told TechCrunch that he envisages developing Truecaller Pay into one of India’s top three payment apps over the next two years.

Already, the service supports peer-to-peer payments following a partnership with ICICI Bank, but there are plans to layer on additional services from third parties. That could include integrations to provide services such as loans, financing, micro-insurance and more.

Joy pointed out that India’s banking push has seen many people in the country sign up for at least one account, so now the challenge is not necessarily getting banked but instead getting access to the right services. Thanks to gathering information through payments and other customer data, Truecaller could, with permission from users, share data with financial services companies to give users access to services that wouldn’t be able to access otherwise.

“Most citizens have a bank account (in each household), now being underserved is more to do with access to other services,” he explained.

Joy added that Truecaller is aiming to layer in value added services over its SMS capabilities, digging into the fact that SMS remains a key communication and information channel in India. For example, helping users pay for items confirmed via SMS, or pay for an order which is tracked via SMS.

The development of the service in India has made it look from the outside that the company is splitting into two, a product localized for India and another for the rest of the world. However, Zarringhalam said that the company plans to replicate its approach — payments and more — in other markets.

“It could be based on acquisitions or partners, time will tell,” he said. “But our plan is to develop this for all markers where our market penetration is high and the market dynamics are right.”

Truecaller has raised over $90 million from investors to date, according to Crunchbase. TechCrunch reported in 2015 that it was in talks to raise $100 million at a valuation of around $1 billion, but a deal never happened. Truecaller has instead raised capital from Swedish investment firm Zenith.

US startups off to a strong M&A run in 2018

With Microsoft’s $7.5 billion acquisition of GitHub this week, we can now decisively declare a trend: 2018 is shaping up as a darn good year for U.S. venture-backed M&A.

So far this year, acquirers have spent just over $20 billion in disclosed-price purchases of U.S. VC-funded companies, according to Crunchbase data. That’s about 80 percent of the 2017 full-year total, which is pretty impressive, considering we’re barely five months into 2018.

If one included unreported purchase prices, the totals would be quite a bit higher. Fewer than 20 percent of acquisitions in our data set came with reported prices.1 Undisclosed prices are mostly for smaller deals, but not always. We put together a list of a dozen undisclosed price M&A transactions this year involving companies snapped up by large-cap acquirers after raising more than $20 million in venture funding.

The big deals

The deals that everyone talks about, however, are the ones with the big and disclosed price tags. And we’ve seen quite a few of those lately.

As we approach the half-year mark, nothing comes close to topping the GitHub deal, which ranks as one of the biggest acquisitions of a private, U.S. venture-backed company ever. The last deal to top it was Facebook’s $19 billion purchase of WhatsApp in 2014, according to Crunchbase.

Of course, GitHub is a unique story with an astounding growth trajectory. Its platform for code development, most popular among programmers, has drawn 28 million users. For context, that’s more than the entire population of Australia.

Still, let’s not forget about the other big deals announced in 2018. We list the top six below:

Flatiron Health, a provider of software used by cancer care providers and researchers, ranks as the second-biggest VC-backed acquisition of 2018. Its purchaser, Roche, was an existing stakeholder who apparently liked what it saw enough to buy up all remaining shares.

Next up is job and employer review site Glassdoor, a company familiar to many of those who’ve looked for a new post or handled hiring in the past decade. The 11-year-old company found a fan in Tokyo-based Recruit Holdings, a provider of recruitment and human resources services that also owns leading job site Indeed.com.

Meanwhile, Impact Biomedicines, a cancer therapy developer that sold to Celgene for $1.1 billion, could end up delivering an even larger exit. The acquisition deal includes potential milestone payments approaching nearly $6 billion.

Deal counts look flat

Not all metrics are trending up, however. While acquirers are doing bigger deals, they don’t appear to be buying a larger number of startups.

Crunchbase shows 216 startups in our data set that sold this year. That’s roughly on par with the pace of dealmaking in the year-ago period, which had 222 M&A exits using similar parameters. (For all of 2017, there were 508 startup acquisitions that met our parameters.2)

Below, we look at M&A counts for the past five calendar years:

Looking at prior years for comparison, the takeaway seems to be that M&A deal counts for 2018 look just fine, but we’re not seeing a big spike.

What’s changed?

The more notable shift from 2017 seems to be buyers’ bigger appetite for unicorn-scale deals. Last year, we saw just one acquisition of a software company for more than a billion dollars — Cisco’s $3.7 billion purchase of AppDynamics — and that was only after the performance management software provider filed to go public. The only other billion-plus deal was PetSmart’s $3.4 billion acquisition of pet food delivery service Chewy, which previously raised early venture funding and later private equity backing.

There are plenty of reasons why acquirers could be spending more freely this year. Some that come to mind: Stock indexes are chugging along, and U.S. legislators have slashed corporate tax rates. U.S. companies with large cash hordes held overseas, like Apple and Microsoft, also received new financial incentives to repatriate that money.

That’s not to say companies are doing acquisitions for these reasons. There’s no obligation to spend repatriated cash in any particular way. Many prefer share buybacks or sitting on piles of money. Nonetheless, the combination of these two things — more money and less uncertainty around tax reform — are certainly not a bad thing for M&A.

High public valuations, particularly for tech, also help. Microsoft shares, for instance, have risen by more than 44 percent in the past year. That means that it took about a third fewer shares to buy GitHub this month than it would have a year ago. (Of course, GitHub’s valuation probably rose as well, but we’ll ignore that for now.)

Paying retail

Overall, this is not looking like an M&A market for bargain hunters.

Large-cap acquirers seem willing to pay retail price for startups they like, given the competitive environment. After all, the IPO window is wide open. Plus, fast-growing unicorns have the option of staying private and raising money from SoftBank or a panoply of other highly capitalized investors.

Meanwhile, acquirers themselves are competing for desirable startups. Microsoft’s winning bid for GitHub reportedly followed overtures by Google, Atlassian and a host of other would-be buyers.

But even in the most buoyant climate, one rule of acquiring remains true: It’s hard to turn down $7.5 billion.

  1. The data set included companies that have raised $1 million or more in venture or seed funding, with their most recent round closing within the past five years.
  2. For the prior year comparisons, including the chart, the data set consisted of companies acquired in a specified year that raised $1 million or more in venture or seed funding, with their most recent round closing no more than five years before the middle of that year.

A friendly reminder: Don’t put passwords in Trello

A new bit of research from David Shear at security firm Flashpoint found that there are hundreds if not thousands of open Trello boards containing passwords, login credentials, and other potentially sensitive stuff including employee on-boarding documents. He and Brian Krebs reported the boards to Trello although some folks have already been notified by well-meaning hackers who wrote “Change your password” on some of these public boards.

“One particularly jarring misstep came from someone working for Seceon, a Westford, Mass. cybersecurity firm that touts the ability to detect and stop data breaches in real time,” wrote Krebs. “But until a few weeks ago the Trello page for Seceon featured multiple usernames and passwords, including credentials to log in to the company’s WordPress blog and iPage domain hosting.”

Another Trello board made at Red Hat in 2017 offered passwords to a pair of online test servers.

Trello worked with the pair to take down the public boards they found and is working with Google to remove the cached sites.

“We have put many safeguards in place to make sure that public boards are being created intentionally and have clear language around each privacy setting, as well as persistent visibility settings at the top of each board,” said a Trello spokesperson.

Missteps like these are sadly common. Another rich trove of user data, Github, has been used to find private passwords for years. Anecdotally, a project I was working on suffered a breach when the CTO put a Bitcoin private key into some public Github code. Yeah. Exactly.

So, again, keep your Trello boards private, don’t paste passwords willy-nilly, and maintain at least a basic level of operational security by not pasting passwords into any site that could make it public. It’s hard but definitely worth the effort.

Microsoft has discussed buying code giant GitHub

GitHub is practically a household name among developers looking to store, share and discuss code, but it's not in a great position when it's floundering in a bid to replace its outgoing CEO. And it appears that Microsoft might seize this opportunity…

macOS leak hints at dark mode and desktop News app

Apple has inadvertently spoiled some of WWDC 2018's mysteries in advance. Well-known developer Steve Troughton-Smith has spotted a hidden video on the Mac App Store showing off what looks like a new version of macOS with a system-wide dark mode — n…

To truly protect citizens, lawmakers need to restructure their regulatory oversight of big tech

If members of the European Parliament thought they could bring Mark Zuckerberg to heel with his recent appearance, they underestimated the enormous gulf between 21st century companies and their last-century regulators.

Zuckerberg himself reiterated that regulation is necessary, provided it is the “right regulation.”

But anyone who thinks that our existing regulatory tools can reign in our digital behemoths is engaging in magical thinking. Getting to “right regulation” will require us to think very differently.

The challenge goes far beyond Facebook and other social media: the use and abuse of data is going to be the defining feature of just about every company on the planet as we enter the age of machine learning and autonomous systems.

So far, Europe has taken a much more aggressive regulatory approach than anything the US was contemplating before or since Zuckerberg’s testimony.

The European Parliament’s Global Data Protection Regulation (GDPR) is now in force, which extends data privacy rights to all European citizens regardless of whether their data is processed by companies within the EU or beyond.

But I’m not holding my breath that the GDPR will get us very far on the massive regulatory challenge we face. It is just more of the same when it comes to regulation in the modern economy: a lot of ambiguous costly-to-interpret words and procedures on paper that are outmatched by rapidly evolving digital global technologies.

Crucially, the GDPR still relies heavily on the outmoded technology of user choice and consent, the main result of which has seen almost everyone in Europe (and beyond) inundated with emails asking them to reconfirm permission to keep their data. But this is an illusion of choice, just as it is when we are ostensibly given the option to decide whether to agree to terms set by large corporations in standardized take-it-or-leave-it click-to-agree documents.  

There’s also the problem of actually tracking whether companies are complying. It is likely that the regulation of online activity requires yet more technology, such as blockchain and AI-powered monitoring systems, to track data usage and implement smart contract terms.

As the EU has already discovered with the right to be forgotten, however, governments lack the technological resources needed to enforce these rights. Search engines are required to serve as their own judge and jury in the first instance; Google at last count was doing 500 a day.  

The fundamental challenge we face, here and throughout the modern economy, is not: “what should the rules for Facebook be?” but rather, “how can we can innovate new ways to regulate effectively in the global digital age?”

The answer is that we need to find ways to harness the same ingenuity and drive that built Facebook to build the regulatory systems of the digital age. One way to do this is with what I call “super-regulation” which involves developing a market for licensed private regulators that serve two masters: achieving regulatory targets set by governments but also facing the market incentive to compete for business by innovating more cost-effective ways to do that.  

Imagine, for example, if instead of drafting a detailed 261-page law like the EU did, a government instead settled on the principles of data protection, based on core values, such as privacy and user control.

Private entities, profit and non-profit, could apply to a government oversight agency for a license to provide data regulatory services to companies like Facebook, showing that their regulatory approach is effective in achieving these legislative principles.  

These private regulators might use technology, big-data analysis, and machine learning to do that. They might also figure out how to communicate simple options to people, in the same way that the developers of our smartphone figured that out. They might develop effective schemes to audit and test whether their systems are working—on pain of losing their license to regulate.

There could be many such regulators among which both consumers and Facebook could choose: some could even specialize in offering packages of data management attributes that would appeal to certain demographics – from the people who want to be invisible online, to those who want their every move documented on social media.

The key here is competition: for-profit and non-profit private regulators compete to attract money and brains the problem of how to regulate complex systems like data creation and processing.

Zuckerberg thinks there’s some kind of “right” regulation possible for the digital world. I believe him; I just don’t think governments alone can invent it. Ideally, some next generation college kid would be staying up late trying to invent it in his or her dorm room.

The challenge we face is not how to get governments to write better laws; it’s how to get them to create the right conditions for the continued innovation necessary for new and effective regulatory systems.

Music payments startup Exactuals debuts r.ai, a “Palantir for music royalties”

Exactuals, a software service offering payments management for the music industry, is debuting r.ai, a new tool that it’s dubbed the “Palantir for music”. It’s a service that can track songwriting information and rights across different platforms to ensure attribution for music distributors.

As companies like Apple and Spotify demand better information from labels about the songs they’re pushing to streaming services, companies are scrambling to clean up their data and provide proper attribution.

According to Exactuals, that’s where the r.ai service comes in.

The company is tracking 59 million songs for their “Interested Party Identifiers” (IPIs), International Standard Work Codes (ISWCs), and International Standard Recording Codes (ISRCs) — all of which are vital to ensuring that songwriters and musicians are properly paid for their work every time a song is streamed, downloaded, covered, or viewed on a distribution platform.

Chris McMurtry, the head of music product at Exactuals explained it like this. In the music business, songwriters have the equivalent of a social security number which is attached to any song they write so they can receive credit and payment. That’s the ISI. Performers of songs have their own identifier, which is the ISWC. Then the song itself gets its own code, called the ISRC which is used to track a song as it’s performed by other artists through various covers, samples and remixes.

“There’s only one ISWC, but there might be 300 ISRCs,” says Exactuals chief executive, Mike Hurst.

Publishing technology companies will pay writers and performers based on these identifiers, but they’re struggling to identify and track all of the 700,000 disparate places where the data could be, says McMurtry. Hence the need for r.ai.

 

The technology is “an open api based on machine learning that matches disparate data sources to clean and enhance it so rights holders can get paid and attribution happens,” says McMurtry.

For publishers, Exactuals argues that r.ai is the best way to track rights across a huge catalog of music and for labels it’s an easy way to provide services like Apple and Spotify with the information they’re now demanding, Hurst said.

There’s an access code for Visible in its online ad

Sometimes it pays to click on the ads.

Verizon’s poorly kept startup secret, Visible, the new app-based phone service that provides all-in voice, data and text for $40 does have an access code for the hoi polloi.

It’s in the online ads for the company’s service and it’s: 0abfa

You’re welcome.