Financial Technology, also known as FinTech, refers to the use and involvement of software and technology in the finance sector. This involvement ranges from mobile transfers, end-to-end user systems and electronic payment systems to cryptocurrency, as well as algorithmic and automated trading.
As this technological sector grows, so does the need for up-to-date cybersecurity. As the number of connected devices continues to skyrocket, financial technology becomes cheaper and easier to use, and processes and services which were once monopolized by banks are now much more accessible my companies and the wider public. This has the added boon of increasing innovation, lowering operating costs, and improving the efficiency of financial institutions. However, whether it be social security numbers, payment card numbers, PINs and passwords, financial information remains sensitive and must be protected. In 2017, PwC conducted its “Global Fintech Report”, stating that 82% of financial institutions expect to partner with FinTech firms within the next five years. With this sort of meteoric growth, we should expect to see a similarly expansive growth in the need for cybersecurity in this sector.
One of the biggest cybersecurity risks in FinTech today is due to inexperienced users. FinTech has allowed for cheap expansion of access to banking institutions in previously underserved comments worldwide. According to a report by the World Bank, the global number of adults who lacked access to a banking institution has decreased by 20 percent from 2.5 billion in 2011 to 2 billion in 2014. This decline has been due largely to this financial technological expansion, and shows no signs of slowing. As these adults begin to use previously unknown technology there is the risk of their inexperience being taken advantage of. Common forms of cyber threat in this case would include spear-phishing, or targeted attacks on individual by hackers claiming to be their bank or financial institution, tricking them into downloading malicious software, sharing sensitive information or entering passwords into an insecure, fraudulent website. It is essential for these FinTech companies, who are the mediators these people have to financial institutions, to keep these people updated on best security practices and how to avoid scams.
Another issue is the rate at which this technology advances. Older systems and newer systems are not necessarily fully compatible, and since developers in one case do not have access to the entry points, workflow, etc. of developers in another, the expansion of these systems creates the potential for weak points, where hackers and cybercriminals can infiltrate systems and access sensitive information. It is important then, for developers to thoroughly test their systems, and employ firms which actively search for weak points in a system, so they can keep up to date on where their systems are lacking, and take the necessary steps to fill in the gaps.
Furthermore, there is an issue of regulation. While FinTech firms are subject to certain regulations in the U.S., they are not necessarily subject to all the regulations that banks have to deal with. There will need to be a push for legislation, as well as company culture and company self-regulation, in order to protect the long-term interests of the public towards the security of their confidential financial information.
In the U.S. state of California, the California Privacy Act passed and went into effect at the beginning of 2020. Furthermore, the European Union passed a similar, yet even stricter set of regulations and legislation called the General Data Protection Regulation, or GDPR. It will be necessary for FinTech firms to follow these regulations in order to do business in these jurisdictions. There is a strict requirement, for example, for customers to be alerted on what data is being collected, how their data is being used, and what sorts of inferences these companies are making with their data. Companies who base their business models on tracking and analyzing people’s spending habits, for example, will need to be imaginative in order to maintain these strategies within the realm of the law. This legislation is ultimately beneficial, in that it keeps people in as much control as possible of their information. However, in order for this to work, the FinTech firms will need to invest in keeping their customers up to date on their data, and comply with any requests to keep people’s data safe. With this legislation in mind, as well as an inherent desire to carry out good business practices, it is clear these FinTech firms will need to invest in cybersecurity efforts.
Many FinTech companies, understanding the risk, already employ bank level security measures with their customers’ data. Within the industry, the standard is secure socket layer (SSL) encryption as well as Verified Site Certificates, in order to make sure data is not being intercepted and to reduce the likelihood of phishing or Man in the Middle attacks. Furthermore, firewalls are a necessity in order to defend from outside malware as well as DDoS attacks.
While the investments in cybersecurity seem costly, FinTech companies must consider the benefits. Settlements for breaches can break the bank, and the loss in public trust after a breach could irreparably ruin a country. Insurance rates for data protection go through the roof after a breach, so make this much smaller investment upfront rather than deal with the cost later in the courts, legal and of public opinion. Nick Ismail of Information Age writes, “Last year, some of the biggest US companies were hacked. Yahoo, Uber, and Equifax were separately targeted by cybercriminals in acts that exposed billions of customers’ personal information. While Uber and Equifax are stilling settling in court, Yahoo had to pay $350 million in damages for its breach.”
Financial technology firms have all the reason in the world, and none not to, to protect themselves, for theirs and for their customers’ sakes. Companies like CYBRI offer penetration testing, search for weaknesses in a systems’ security infrastructure, and more, and can ensure that financial payments, mobile transfers, and the likes go off without a hitch. Security is vital to the operation of these businesses and the quality of people’s lives, especially as our lives are more integrated with technology. Following best security practices will help us all defend from those who wish to do harm, cybercriminals and hackers alike, allowing us to benefit from this amazing technology.
As always, stay safe and stay diligent.