As we continue our series of cybersecurity awareness articles, today we focus on the intersection of FinTech and Cybersecurity.
With 98% of startups vulnerable to cyberattacks, the FinTech sector must get serious about the rising cybersecurity threat.
Fortunately for consumers, financial technology (“FinTech”) has opened a world of access and possibilities where money, banking, trading, lending, and fundraising are conveniently available on a mobile application. This new world of mobile access to money and the ability to share, pay, borrow and fundraise seems utopian. In many ways it is, but as with most 21st century technological developments, it comes at a price. Start-ups can rise to the challenge of providing more security for themselves and for their customers.
What is Fintech anyway? FinTech is a new technology that seeks to improve and automate the delivery and use of financial services. FinTech solutions and products are usually delivered via a mobile application. On the consumer side, this can include banking, peer-to-peer lending, peer-to-peer payments, investing, stock and commodities trading, mortgage products and fundraising.
Thousands of FinTech companies have rushed into the market to develop and provide financial services to the 3.1 billion smartphone users around the world. In their race to bring new FinTech products to the market, many times cybersecurity has fallen by the wayside. This seems to happen often with digital technology, where developments outpace the security capabilities necessary to protect IT networks and consumer data. Many times, cybersecurity is an afterthought. These IT security gaps have resulted in a number of challenges for these Fintech companies.
One of the biggest issues that FinTechs face is a lack of established IT and data security protocols. This leaves consumer data exposed and vulnerable to attack. Cybersecurity is a critical pillar on which any successful FinTech must be established. Robust IT and data security protocols should be established upfront, before the back-end and front-end app development gets underway.
Many early-stage FinTechs are so focused on product development, they fail to consider the vast array of compliance regulations related to IT and data security. Financial regulators have strict requirements related to Cybersecurity and the protection of consumer data. Compliance is another foundational pillar for any successful FinTech. Compliance programs need to be established in parallel to the development of the mobile application and implemented well in advance of commercial launch.
The emerging mobile Neobank sector is especially vulnerable to cyber-attacks. A Neobank is a type of direct bank that is 100% digital and reaches customers on mobile applications and personal computer platforms. Neobanks do not operate traditional physical branch networks but are still subject to federal and state banking licensure and regulations.
An increasing number of Neobanks are releasing mobile apps and delivering greater access and convenience for mobile consumers. In the US alone 45 Neobanks have already been established. However, the proliferation of mobile Neobanking brings with it an increased security threat. Neobanking apps must be designed with security in mind, in order for developers to avoid serious cybersecurity flaws.
Neobank apps must have robust protection against cybersecurity vulnerabilities. A growing number of world-wide cybercriminals constantly looks for vulnerabilities in order to launch a cyber attack. One common method of attack is phishing. It is common for attackers to take advantage of users’ weak passwords. A Neobank’s app or network may have inadequate data storage security. Cybersecurity vulnerabilities leave customers and the Neobanks they do business with open to attack.
Cybersecurity is not only about protecting sensitive customer data, although that’s a serious concern. Neobanks and other FinTechs are at risk of significant financial loss. Consider the February 2016 Bangladesh Bank cyber-heist. In this cyber attack, 35 illegal wire transfer instructions were sent to the Federal Reserve Bank of New York, via the Society for Worldwide Interbank Financial Telecommunication (SWIFT). The total of these illegal wire transfer instructions was approximately $1 Billion. The cyber attackers succeeded in clearing 5 of the illegal transfers before the remaining transfers were blocked. The result was a loss of $101 Million.
The Federal Reserve Bank of New York did not have a system in place to check for fraud in real-time. Instead, they relied on random checks after the fact that only detected US sanctions violations. This led to SWIFT calling for tighter anti-fraud controls from its 11,000 members.
Cybercriminals are constantly searching for gaps and weaknesses in IT security systems. The Bangladesh Bank heist is a wake-up call for all FinTechs. Developers must always work toward eliminating cybersecurity gaps and remain, vigilante, responding to threats in real-time.
At Hash Labs, cybersecurity is job #1. We are very serious about IT and data security. Our Coro mobile payment technology and DLT network have been developed on a solid foundation of cybersecurity and regulatory compliance. Our IT infrastructure, network security, and compliance protocols were established during the design and architecture of our Coro mobile payment app. As evidence of this commitment, Hash Labs is among the very first FinTechs to obtain a SOC 2 Type 1 Certification, prior to product and network launch. SOC 2 is the most coveted and hardest to obtain IT security certifications.
Stay tuned for our next week’s Hash Labs news alert. Our upcoming article will focus on the cybersecurity impact of quantum computing.