If there ever was a tech revolution that is impacting every corner of the world, it is fintech. Traditional financial institutions are being forced to re-think their products and services. Previously unbanked individuals are now getting banked through mobile providers. Personal finance management is largely shifting online – you can get insured, invest in stocks or pay your bills through an app.
There is one big issue, however. As financial services and technology increasingly merge, threats from hackers also increase. Cybercrime in the area of financial services is highly attractive to hackers. In fact, the financial sector already has a larger amount of cybercrime than other industries, including governments.
The other issue, of course, is that governments are taking far more interest in privacy, security and consumer protection when it comes to fintech companies, and regulations are piling up. Here are the six areas fintech companies will need to address this year.
Closing the Gap Between Tech and Regulations
Currently, fintech cybersecurity is evolving rapidly, far faster than the regulatory climate is changing. Regulators and fintech innovators will begin to have far more communication. This will help prevent rapidly-composed regulation and, instead, promote that which protects consumers and includes safeguards that reduce risk and minimize damage if a breach occurs. Fintech entrepreneurs would do well to actively participate in conversations with regulators at both the federal and state levels.
Greater Interfacing With Traditional Institutions Means Vulnerabilities
As fintech scale and develop their reputations, they will continue to establish connections with traditional financial services providers. The interfaces that are established between them create greater vulnerabilities for cybersecurity. Stringent testing during development phases of these interfaces will be critical. Google has already started addressing this issue with their recent security update, which will mark all HTTP connections on websites requesting payment data as not-secure, and thus encourage service providers to switch to HTTPS connections.
Delineation of Legal Liabilities
Recent class action suits over data breaches should alert all fintech enterprises to the levels of their liability when cybersecurity is not of prime concern. Encryption, data retention, and data disposal are now regulated by both state and FTC laws, and fintech enterprises need to not only conform to these regs but, as well, be prepared for audits and fines when gaps are discovered.
Another aspect of liability relates to informing consumers when data breaches have occurred. Fintech enterprises are obligated to inform according to state and federal guidelines. There will be greater scrutiny of processes for both detecting breaches and informing/warning customers and government agencies when they occur. The smart Fintech officers will also realize that breaches can be internal as well as external. And any U.S. fintech company doing business in the EU will have additional regulations regarding storage of personal data.
Best practices in maintaining cybersecurity and in conforming to all relevant regulations/laws mean that fintech companies should have a single executive officer dedicated to data security.
Caution With The Cloud
Fintech is ripe for cloud computing, but public clouds are now the target of data hackers. No fintech enterprise should consider public cloud services.
Machine Learning Will Play a Larger Role
Machine learning holds great promise for fintech enterprises, especially in the area of cybersecurity. But entrepreneurs are warned that total reliance on machine learning may cause a company to let down its guard and humans may have a difficult time identifying and understanding security weaknesses. The other threat is that hackers are also coming to rely on machine learning, creating somewhat of an arms race.
Unbanked People Still Provide Risk
Fintech is allowing people who have never banked before to have access to products and services without a physical facility to which they must travel. This is a good thing and an area of huge potential for fintech enterprises. The other side of the coin, however, is this. Newly banked people are not necessarily aware of the potential for security breaches and may be especially vulnerable to hackers. The need to educate this demographic is real and critical.
Fintech shows no sign of slowing down – it is just making a huge variety of financial products and services available to consumers who want convenience, speed and who have become dis-trustful of the traditional “big boys” and want to skip the middlemen and their fees. This is one sector, however, that cyber criminals have set their sights on, considering the huge amounts of financial gain. Cybersecurity for fintech will have to evolve and evolve rather quickly in order to win this “arms race.”
