informa
/
4 MIN READ
Commentary

Hackers and Phishing, Oh My! Easing Fintech Security Concerns

Securing fintech organizations and their customer data requires ongoing efforts on the technical front, but those companies also must be conscientious about maintaining an atmosphere of trust.

As technology becomes more prominent in business operations and procedures, data has emerged as perhaps one of a company’s greatest assets. With data’s growing importance, protecting information from hackers and breaches that could reap devastating effects is top of mind for many organizations. As such, ensuring best in class security protocols is critical.

In fact, according to a recent report from Flashpoint there were around 1,980 breaches in the first half of 2022. While down about 15% from the first half of 2021, experts still anticipate the number of breaches this year to match or exceed 2021.

Fortunately, many financial technology companies are hyper aware of today’s primary security concerns and offer outstanding solutions and educational measures to ensure a client’s information is protected.

Today’s Top Security Concerns

With more companies investing in technology, many business leaders share growing concerns about two security aspects in particular, cloud security and cyberattacks.

Cloud security, a set of procedures and technology designed to address external and internal threats to the cloud and overall business security, is important for companies who are incorporating cloud-based tools and services as part of their tech stack and infrastructure.

A recent Forrester study found that almost 50% of companies believe overlooking cloud security will lead to increased vulnerability and delayed response to breaches. Further, despite the prevalence of the cloud, 75% of respondents consider creating secure cloud environments challenging. Only 39% of respondents have a clear and periodically updated cloud security strategy, with 56% lacking a holistic approach.

Since cloud software as we know it today only gained popularity within the past two decades, there is still much to learn and be developed, leading many consumers to be weary of security measures around the technology.

In addition to cloud security, cyberattacks -- including phishing, ransomware, malware, and more -- have become a larger concern for individuals implementing new tech stacks, and for good reason. Some of the most serious threats to tech security in recent years include ransomware attacks, the growth of contactless payments, mobile malware attacks and even data breaches of major finance apps.

In fact, according to the latest Banking Priorities Survey, cyberattacks are considered one of the biggest threats in 2022. The survey also showed that 24% of financial experts cited data theft as their security priority, followed by compromised devices (21%), synthetic identity fraud (17%), endpoint security (10%), and denial of service (7%).

How Fintech Companies are Fighting the Security Battle

In the face of these security threats, many fintech companies are equipping themselves and their clients with the tools needed to protect them and their clients' data.

While cloud security and cyberattacks are two valid areas of concern, many fintech companies are addressing these concerns in four ways: identity verification, screening approaches, awareness campaigns, and providing consistently good service.

Identity verification is one area that has excelled in counteracting the problem. Including advancements like multi-factor authentication (MFA), one-time authenticators and email authentication, identity verification is a powerful tool. Microsoft estimates that MFA alone can prevent at least 99.9% of attacks and Okta noted in their 2022 Business at Work Report that one-time authenticators are a consistently stable method of security with tools like Google Authenticator remaining quite popular and email verification growing -- jumping to 12% of customers from 7% in 2020.

Another way fintech companies are addressing these concerns is through screening approaches. Screening approaches continue to evolve to support end-to-end visibility of potential red flags and to combat financial crime. While compliance is standard, many companies are implementing specific screenings in recruitment that check candidates for involvement in specific issues like money laundering, and terrorist financing. These specific screenings ensure new hires are relevant and secure.

Additionally, fintech companies are working to persuade users by boosting awareness about security measures. While tools like MFA and improved screening approaches are a great start, the tech can’t work alone. It’s important that people, whether in the fintech companies themselves or in the user-communities, are aware and cautious of cyberattacks alongside any tech approaches.

Lastly, client’s fears are assuaged by taking perhaps the simplest approach: delivering consistently good service. With so many security risks at play, fintech organizations must work hard to deliver a trustworthy proposition and brand. Consistently good service helps build brand loyalty and demonstrates to users that the measures in place are working. Additionally, while the security-first mindset is critical to building out a solid product, it’s also encouraging CTOs and their teams to acknowledge that there likely will be breaches. So, it is important to create secure platforms, and to have teams in place to test and shore up potential breach-points and spring in to actions if breaches arise.

The Future of Security in Fintech

Fintech organizations, and CTOs in particular, carry great responsibility for engineering products with top security protocols built into their solutions and organizing teams that are reliable and ready to act. However, as fintech companies boost their security solutions, it’s clear that these teams are eager and prepared to overcome the security concerns of consumers while also ensuring the solutions fit the needs and expectations of customers.

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing