Fintechs at their early stages are able to innovate at a rapid pace, as they do not have too complicated IT infrastructure or governance yet. This enables Fintechs to create new products and solutions at a high speed. However, as the organization grows and becomes more integrated with their consumers, processing and holding more personal data, and assets, the more likely it is to catch the attention of cyber criminals (Black hats).
The latest survey done by the Bank of Lithuania in May 2019 shows that Cyber Attacks pose one of the biggest threats to financial institutions in the second part of the year.
We observe similar vulnerability and threat confirmation on a global scale from IBM Security 2019 year report. As shown in this report, the average global average cost of a data breach in financial sector is 4.9 M Eur per cyber security incident.
Fintech companies, especially startups, quite often have lower human and capital resources to cover arising cyber security challenges. As a result, Fintechs, because of insufficient / improper cyber security resources, are at risk of their data to be accessed and breached to malicious use by Black Hats. This leads to financial, reputation and customers loss or even collapse of Fintech companies. Protection of data and assets, ensuring cyber security to their customers and related stakeholders becomes a challenge for Fintechs.
Main cyber security challenges for Fintechs
1. Application related cyber security vulnerabilities
Fintechs strongly depend on their applications that can access user’s profiles and data to realize various real-time transactions. Applications are one of the main attack vectors, as vulnerable code can be exploited as an entry point into Fintech’s infrastructure and network.
2. System complexity
The more systems run by third-parties become interconnected, the more risks of cyber vulnerabilities potentially arise. Different systems that are not designed at the same time by the same developers often create compatibility issues and challenges in cyber security, making it harder to identify all potential sources of vulnerability carefully.
3. Extensive cloud migration
Many Fintechs use cloud services to provide regular, scalable performance at a lower cost. However the cloud must be secured differently than a traditional network or data center. The use of different solutions on the cloud often increases data movement while reducing visibility across these distributed environments.
4.Third party involvement
Fintechs frequently use not only their own applications, but third party services and solutions too. One of the easy ways for Black Hats to enter Fintech companies, without any suspicion are through third parties access, masked as a legitimate user.
5. Compliance failures
Depending on the type of activity and appropriate license (Electronic Money Institution, Specialized Bank, Payment Institution) required, Fintechs have to meet compliance and regulatory requirements accordingly, including GDPR, PSD2 compliance too. Ignoring to meet these requirements can lead to a notable data breach or regulatory fines.
6. Extensive use of mobile platforms and IoT devices
This new, rapidly growing field opens new sources of vulnerabilities, which has to be met and secured differently than traditional, web based applications.
7. Commonly Black Hats gain access to application and accounts caused by human error,
especially through intended phishing attacks. Human error is the main reason of a breach that includes “inadvertent insiders” who may be compromised by phishing attacks or have their devices infected, or lost/stolen.
8. Managing Digital Identities
Fintech companies provide a variety of services, which the customers can access using mobile device authentication and authorization. This provides a gateway for malicious attackers to access Customers assets and data by cloning these identities.
9. Data privacy
One of the top challenges is to seek consumer consent for data sharing among providers in which Fintechs could overcome the risks of litigation (over leaking or misusing data) through a combination of technical and legal measures.
10. Convenience at the cost of Security
Customers prefer easy and convenient ways to make use of Fintech Services. The challenge for Fintechs is to find the best merged solution of convenience and security.
As the Fintech Industry keeps evolving at a rapid pace, together with regulations, and institutions – cybersecurity, and compliance as well as data privacy will be a key for winning customer confidence, and the adoptions of the Fintech.