Security challenges within the FinTech sector

By Explorer -

Financial technology or “FinTech” has been the biggest, most recent disruptor of the financial services industry, encompassing banking, insurance, payments and funds management. Whereas it was once seen as a complex way of managing finance, it is now used by millions of people globally, due to the rise of online banking and mobile-first platforms.

This is borne out by the numbers - 96 percent of the 27,000 consumers surveyed in a recent report (across 27 global markets) reported they were at least aware of a FinTech transfer or payments service – and 75 percent had used one. The survey also identified growth in the SME market across the key categories of banking and payments, financial management, financing, and insurance. Additional research has found that 46 percent of people now exclusively use digital channels for their financial needs, which is set to exponentially increase in the coming years as more and more communities come online. 

However, given the amount of sensitive and high-value information contained within the financial services market, the growth of fintech poses a much higher security risk to the industry. The influx of users has caught hackers’ attention and these criminals are on the hunt for anything, from personal finance details numbers to credit card details, which they then sell on the dark web or leverage themselves. 

Hackers and cybercriminals have also become more advanced and are able to carry out increasingly sophisticated cyberattacks, including ransomware and Distributed Denial of Service (DDoS) to gain access to confidential data. They are constantly looking for human error and the use of outdated and vulnerable technologies to find loopholes and carry out an attack.

Therefore, security is a critical aspect of fintech, with firms having their own unique set of security needs. Below, we’ve outlined some of the key challenges, as well as examined the emerging technology set to transform Fintech security. 

Key challenges 

To understand the most effective security practices, key challenges must first be established. After healthcare, fintech is the second most frequently attacked industry by cybercriminals. Security of digital IDs is a constant concern for both customers and service providers to prevent unauthorized access. The selection of the appropriate digital identity verification mechanisms is therefore critical.

Similarly, data security is one of the top concerns for financial service providers since they have access to high volumes of personally identifiable information (PII) such as full names, phone numbers, email addresses, birth dates, home addresses, and tax ID information. 

Regional security requirements also need to be taken into consideration. KYC (Know Your Customer) and data protection regulations differ between regions and even use cases. For example, General Data Protection Regulation (GDPR) and the revised Payment Services Directive (PSD2) apply for European Union citizens, whereas Payment Card Industry – Data Security Standard (PCI-DSS) is to be adhered to by entities that gather and process credit card information.

In addition, integrating third party components like payment gateways, payment solution providers, aggregators and more, that cannot be developed in-house needs reliable vendors and constant monitoring.  Third-party vendors may have vulnerabilities in their systems that may not be immediately visible, so monitoring of leaks or vulnerabilities from the institution’s side is good practice.

Aspects of data protection

Some of the best practices for secure FinTech solutions have now become table stakes. Advanced Encryption Standard (AES), Rivest-Shamir-Adleman (RSA) and Triple Data Encryption Standard (3DES) are some of the most powerful encryption algorithms that every Fintech platform worth its salt must employ. All of these protect classified information by encrypting sensitive data.

A well-designed architecture is needed for reliability, scalability as well as security. APIs must also be secured using methodologies such as authentication, authorization, encryption and more to prevent attacks. Various authentication methods should also be employed, often in combination, including

  • Multi-factor authentication like One-Time Password (OTP), transaction PINs, IVR PINs leverage knowledge, possession or inherence of additional information to authenticate users thus reducing risk of passwords or PINs being compromised 
  • Periodic password expiry which further diminishes the risk of passwords being compromised both at the individual level and for the whole user base as well 
  • Limited logged-in session lifetimes are handy to prevent misuse and monitoring and tracking goes a long way to detect and prevent instances of unauthorized access 
  • Role Based Access Control (RBAC) is an often overlooked identification and authentication mechanism that follows the principle of least privilege where users and roles are granted access to only the features and processes that they need. 

By combining the secure application access methods above, the risk of unauthorized access is greatly mitigated.

Additional measures include replacing sensitive data using generated tokens that are created for temporary use to prevent tracking of information through transactions. Also, thorough testing for any potential leaks or breaches is essential. Breach scenario testing, penetration testing and security audits should always be combined with standard software testing.

Emerging practices 

There are significant emerging practices that help deal with security concerns. One of the main use case of artificial intelligence (AI) and machine learning (ML) is automating processes in the backend systems. They can also serve more advanced use cases such as risk profiling, credit estimation and fraud detection.

AI can extend its use into the front end for advanced identity management as well. AI can secure use cases like access control via computer vision-powered facial recognition, and multi-factor authentication using voice recognition powered authorization, adaptive authentication and behavioral biometrics.

Blockchain is another emerging technology that is fast becoming very useful in fintech. While it may have become famous for cryptocurrency and the execution of transactions, it is well suited for a variety of use cases outside these. It can provide secure digital identity by allowing users to create their own digital personas. Moreover, in the infrastructure layer it can be used in audit trails, access logs and so on thanks to its decentralization and immutability.

Conclusion 

While there exist many methods to safeguard financial transactions, security is, however, not a one-off exercise. It must become a continuous process in the business, starting from analyzing requirements through deployment and beyond into operations. When a holistic approach is considered that includes not only technology but also product design and operations, the financial service provider can confidently play their part in the digital economy. 

Source: https://www.itproportal.com/features/security-challenges-within-the-fintech-sector/

Comments

Post a Comment

Popular posts from this blog

How a cyber attack hampered Hong Kong protesters

By Explorer -
Image
Massive public protests taking place in Hong Kong over the past week are aimed at a new extradition law, known as the Fugitive Offenders Ordinance , that would see accused criminals extradited to mainland China to face prosecution. Hongkongers feel the law could be used to legalise the kidnapping of people who express views, and act in ways, that are not popular with the Chinese government . The same law could also be used to extradite tourists and visitors to China who are arrested on suspicion of having committed these crimes. Protesters want the bill scrapped. For now, debate of the legislation has been postponed . Organisers say one million people turned out for the protests, while police estimate the number was around 240,000. Either way, it was a significant number of Hong Kong’s 7.5 million population. Commentators on Twitter remarked on how well organised the protesters were. So, how did they do it? Protesters across the world are using n
Read more

‘Not Hospital, Al-Shifa is Hamas Hideout & HQ in Gaza’: Israel Releases ‘Terrorists’ Confessions’ | Exclusive

By Explorer -
 According to a video of interrogation of "Hamas terrorists" released by Israel Security Agency Shin Bet, accessed exclusively by News18, "The Shifa hospital has been made with many considerations as Hamas knew that medical places won’t be attacked by the enemy. Equipment, explosives and other material has been kept there." Hamas is using hospitals in Gaza as covers and have turned them into ammunition depots, according to a video of interrogation of “Hamas terrorists" released by  Israel Security Agency  Shin Bet, accessed exclusively by News18. ALSO READ | Israel-Hamas War LIVE Updates  HERE The Israeli military has claimed that those featuring in the video released on Saturday are Hamas terrorists, who participated in the  October 7 attack  on Israel. “Most of the tunnels are hidden in hospitals. There are multiple underground levels. Al-Shifa Hospital is not small, it is a big place that can be used to hide things," a man is seen saying. “The Al-Shifa
Read more

Islam Has Massacred Over 669+ Million Non-Muslims Since 622AD

By Explorer -
Image
In fact, no ideology has been as genocidal as Islam… Islam has killed more than 5 times the number of people killed by communism. In the total numbers we have updated over 80 million Christians killed by Muslims in 500 years in the Balkan states, Hungary, Ukraine, Russia. Then we have India. The official estimate number of Muslim slaughters of Hindus is 80 million. However, Muslim historian Firistha (b. 1570) wrote (in either Tarikh-i Firishta or  the Gulshan-i Ibrahim) that Muslims slaughtered over 400 million Hindus up to the peak of Islamic rule of India, bringing the Hindu population down from 600 mil to 200 million at the time. With these new additions the Muslim genocide of non-Muslims since the birth of Mohammed would be  over 669 million murders. Islam: The Religion of Genocide Perspective:   Think the Spanish inquisition was bad? More people are killed by Islamists each year than in all 350 years of the Spanish Inquisition* combined. The Spanish inquisition ( Tribunal del Sant
Read more