KAREN JOY BACUDO

Finance Editor

Access PaySuite has agreed to acquire Ordo’s Open Banking infrastructure, giving the payments arm of The Access Group ownership of its Open Banking payment rail.

The acquisition adds Open Banking to Access PaySuite’s existing card and Direct Debit services and gives it direct control of the payment acceptance layer across all three methods. Open Banking will be embedded across its platforms as a native feature, rather than offered through a third-party arrangement.

The move comes as Pay by Bank use continues to grow in the UK. Open Banking Limited said the system processed 351 million payments in 2025, up 57% year on year, with more than 16.5 million active users.

Access PaySuite said owning the infrastructure will allow it to combine payment initiation with real-time account data. It is positioning that combination as a way to expand beyond transaction processing into services tied to collections, affordability checks and financial support.

Broader use

In arrears management, live financial data can help housing associations identify hardship earlier, adjust recovery approaches and offer repayment plans during contact with tenants or customers. For affordability assessments, verified account data can replace self-reported figures at the point of application.

The same framework could also support hardship planning by enabling earlier intervention before accounts worsen. In each case, the model relies on linking payment activity with account information at the point a decision is made.

The transaction also paves the way for Variable Recurring Payments (VRP), a real-time alternative to Direct Debit. Access PaySuite said the method gives payers greater control over authorisation while allowing merchants and service providers to collect funds more quickly and with more flexibility.

Control of the infrastructure is also likely to have operational effects within the payments business. The rail can reduce acceptance costs, shorten settlement times and provide more detailed reconciliation data.

These changes matter because many software providers in payments still depend on external partners for parts of Open Banking connectivity. By bringing the infrastructure in-house, Access PaySuite is seeking tighter integration between payment collection and its customers’ software systems.

Regulatory step

The acquisition also sits alongside Access PaySuite’s pursuit of Financial Conduct Authority permissions for Payment Initiation Services and Account Information Services. Those permissions would allow it to provide regulated Open Banking functions directly rather than through another licensed provider.

“This acquisition isn’t about adding a payment method. It’s about what we build with it. We’re embedding Open Banking natively across our platforms, and the bigger opportunity is blending payments with financial intelligence to tackle genuinely hard problems. That’s where payments stop being a utility and start driving real outcomes – more revenue recovered, lower cost to serve, and better financial lives for the people on the other end of every transaction,” said Giulio Montemagno, Managing Director, Access PaySuite.

“Underpinning this is Access PaySuite’s pursuit of FCA permissions for Payment Initiation and Account Information Services. These are not just regulatory milestones, but what makes the next generation of outcomes possible. Together, they open an entirely new class of solution: intelligence embedded directly at the point of need. The UK’s National Payments Vision puts Open Banking at the centre of how payments should evolve. Access PaySuite intends to be at the front of that wave.”

Access PaySuite is the payments division of The Access Group. This business software provider says it serves more than 160,000 small and mid-sized organisations across Europe, the US and Asia-Pacific. The group’s software is used in both commercial and non-profit sectors, giving the payments arm a large installed base into which Open Banking services can be introduced.

For the wider market, the deal reflects a continuing shift in Open Banking from a standalone payment option to a component within sector-specific software. Rather than competing only on checkout conversion, providers are increasingly using bank payment tools and account data to support credit decisions, debt collection and customer support processes.

The trend is particularly visible in sectors where recurring payments, arrears and affordability checks are closely linked, including housing, utilities and other service-heavy industries. Access PaySuite said the combination of payment initiation and account information can be used directly at the point where a customer needs to pay, seek support or be assessed for repayment terms.

Open Banking will sit alongside cards and Direct Debit within a single platform.

KAREN JOY BACUDO

Finance Editor

Topia has partnered with Certino to integrate expatriate payroll calculations into its Topia Horizon platform, covering payroll instruction outputs in more than 90 countries.

The partnership brings Certino’s gross-up and shadow payroll calculations into Topia’s mobility workflow, aiming to replace the spreadsheet-based processes and disconnected systems many employers still use to manage internationally mobile staff.

Many multinational employers handle cross-border compensation through a mix of internal spreadsheets, external providers and manual calculations. As international hiring grows and regulatory scrutiny increases, payroll, tax and mobility teams are left managing fragmented processes.

Under the arrangement, organisations using Topia Horizon will be able to access payroll-ready calculations within the same system they use to manage employee mobility. The integrated workflow is designed to help employers pay mobile employees accurately while managing tax and compliance obligations across jurisdictions.

Manual burden

Expatriate payroll has long been one of the most complex parts of global mobility because employees can trigger tax, social security and payroll requirements in more than one country. Gross-up calculations, which employers use to offset tax burdens for staff on assignment, and shadow payroll processes, which track tax liabilities in host locations, often require multiple handovers between HR, payroll and tax specialists.

Topia said its Horizon platform already automates risk assessments linked to tax, immigration, social security and permanent establishment before employee trips and remote work requests. The Certino integration extends that process into payroll execution by linking mobility decisions with payroll calculations.

The new service is aimed at both large employers managing cross-border workers directly and mobility service providers running international compensation programmes for clients. Payroll instruction outputs are supported across all countries covered by the arrangement.

David Walters, Chief Executive Officer, Topia, said the partnership is intended to address a longstanding operational gap.

“International talent mobility has become a strategic priority but the operational processes underpinning it have not kept pace. Too many organisations are still managing critical payroll and tax calculations through manual processes that create unnecessary risk and cost. Topia Horizon’s intelligence closes that gap, surfaces risk, generates policy-linked cost simulations, and now connects directly to payroll-ready calculations through Certino. Partnering with Certino means organisations can run a more accurate, connected and scalable global compensation operation,” Walters said.

Compliance focus

The announcement reflects wider pressure on employers to tighten oversight of international employment arrangements. As companies hire across borders and allow more staff to work remotely or travel for work, payroll teams increasingly need to track where income is earned, where tax is due and how local payroll reporting should be handled.

Errors in those calculations can create financial and compliance risks for both employers and employees. As a result, expatriate payroll remains a persistent challenge for companies with international workforces, particularly when payroll data is kept separate from mobility and tax systems.

Certino focuses on tax calculation and shadow payroll for global mobility programmes. Its systems are used by multinational employers as well as by accountancy, payroll, and relocation partners that handle assignment-related compensation.

Tom Lockyer, Chief Executive Officer at Certino, said the work has traditionally required significant manual input.

“Gross-up calculations and shadow payroll obligations have always required significant manual effort and multiple handoffs. The consequences of getting them wrong are serious. Certino was built to standardise and automate these calculations, delivering consistent, payroll-ready outcomes at scale. Embedding that capability inside Topia Horizon brings specialist expatriate tax calculation directly into the operational workflow, enabling global mobility teams to execute with greater control, transparency and confidence,” Lockyer said.

Chainguard has launched a source code scanner that blocks open source packages it classifies as malware and “greyware”. It says the tool is already screening more than 100,000 packages a day.

The scanner is available for npm packages requested through Chainguard Libraries for JavaScript and has already blocked more than 52,000 packages identified as malware or greyware.

Chainguard uses the term greyware for open source packages that disclose their intended behaviour but still pose security risks many organisations would reject in a formal review. These can include tools for credential harvesting, command interception, persistent remote access and account fraud automation.

The launch reflects broader concern in software security over the growth of risky dependencies in public registries. Security teams have long focused on malware hidden inside code packages, but Chainguard argues that another category is slipping through because the software openly states what it does and can avoid conventional malware detection.

In its current setup, the scanner reviews packages before they are added to the Chainguard Libraries catalogue rather than waiting until a customer requests them. It examines maintainer behaviour, package contents, publishing signals and the behaviour of installation scripts in a sandboxed environment.

That includes unusual account activity, changes in release history, obfuscated code, suspicious domains, differences between source code and published packages, and scripts that try to contact external servers or access local files. Packages are then marked as malicious, escalated for review by a security engineer, or cleared for use.

Chainguard says the volume of software being generated and adopted through AI-assisted development is making manual dependency checks less realistic. It argues that developers often rely on indicators such as download numbers, repository activity or autocomplete suggestions rather than reading package documentation or reviewing source code in detail.

The company also pointed to a wider industry backdrop in which supply chain attacks remain a significant issue, citing figures showing that 65% of organisations said they experienced a supply chain attack in the past year.

Examples found

Among the examples identified on npm was leobot-cli, which Chainguard described as an account fraud automation tool. The package advertises itself as a command-line bot for registering Canva and Leonardo accounts and includes a command to generate fake accounts and inject a Chrome extension for session injection and token monitoring.

Another package, @robinpath/cloud-cli, was described as software that creates a permanent backdoor from a machine to a third-party server and waits for commands to run. It is presented as a command-line tool for an AI assistant that reads code, creates files, executes commands and builds scripts.

Chainguard also highlighted noesis-miner, which it said reads Solana keypairs from disk and runs persistent mining loops. The package is presented as an AI-agent-mined token protocol for Solana.

It identified drogonclaw as a hacking toolkit that includes open source intelligence functions, network scanning, exploit execution and remote mobile control. The package advertises itself as an autonomous AI pentest framework.

A fifth example, chrome-tool, was described as a Chrome credential-harvesting extension. According to Chainguard, the package exports modules designed to extract passwords, cookies, credit card information and autofill data.

Several of these packages remain available for download on npm and have each recorded thousands of downloads, Chainguard said. Some had also passed what it described as a typical seven-day cooldown period, a delay often used by software security products before treating a package as established.

Scanner design

The scanner sits inside Chainguard Repository and is intended to add another layer of review on top of existing checks such as building from source and cooldown periods. The aim is to reduce the risk of malicious or risky software being cached inside internal systems before it is flagged.

Ross Gordon, Staff Product Marketing Manager, and Evan Gibler, Staff Security Engineer at Chainguard, described the rationale for the product in a joint comment: “Malware has become a serious industry problem: 65% of organizations said they experienced a supply chain attack last year, let alone in 2026. However, there hasn’t been much emphasis on packages that do exactly what their README says, pass malware scans, but act in ways no CISO would ever approve. We call those packages greyware.”

Protection is currently in place for npm packages requested through Chainguard’s JavaScript library service, with additional language ecosystems due to be added later. Chainguard says the scanner is already protecting all packages served through its upstream fallback to npm and has blocked more than 52,000 malware and greyware packages.