Cybersecurity: Should Fintechs Care?

As the fintech industry matures, it starts to worry about the same things as the big old banks. The focus is slowly shifting away from building the coolest customer-facing apps to address more ‘boring‘ problems. Nonetheless, crucial in financial services. Things like regulatory compliance, with or without the help of RegTech. Or cybersecurity, and notably anti-cyber-fraud. Should fintechs worry about cybersecurity? In itself, it is a massive challenge for financial services. And not only for incumbents. The scale of the challenge is getting bigger: as financial services become more digital, the need for robust cybersecurity increases. As the financial technology stacks become more complex, the need for stronger digital security solutions grow. The issue is therefore twofold: banks and fintechs alike need to protect their businesses. And they need to help their customers protect themselves.

What do we mean by cybersecurity?

As per NortonLifeLock:

Cybersecurity is the state or process of protecting and recovering networks, devices and programs from any type of cyberattack. Cyberattacks are an evolving danger to organizations, employees and consumers. They may be designed to access or destroy sensitive data or extort money. They can, in effect, destroy businesses and damage your financial and personal lives — especially if you’re the victim of identity theft.

Written by Alison Grace Johansen for NortonLifeLock

The problem is therefore a bit bigger than just having an anti-virus or anti-malware for your household computer or your company. It is about protecting your business from a range of threats. As an individual, it is about protecting every aspect of your life. It hardly gets more serious than that.

What is the issue?

Did you realise that with Covid-19, there has been a massive leap forward in terms of digitalization?

That’s great!

For instance in the UK, six million adults downloaded an online banking app for the first time during the pandemic. Digital interactions are on the rise. That brought some really positive things. Like video chat platforms that helped us cope with the pandemic and endless lockdown periods. Or the fact that we have been able to do all of our banking online and through mobile apps effortlessly. The massive digital push started by fintechs in financial services over the past few years skyrocketed during the health crisis.

Unfortunately, cyberattacks and online frauds also increased massively. There was a sharp rise in 2020, notably identity frauds. That’s from a high base already, as NortonLifeLock was already estimating that a third of consumers experienced cyber crime in 2019.

Fraudsters and bad people tend to be quite an innovative bunch. That is as old as the world. With every step forward in innovation comes new fraud techniques. That will not end tomorrow. We thought that introducing cheques with signature would end fraud. Or that credit cards with a pin would be the end of it. Or now with biometrics. And so on and so forth.

If there is money to be made, you will find people with bad intentions. Where there’s a bad will, there’s a way.

And it is a problem for companies too…

There is not one week without a hack or data breach happening at a major organisation. For instance, Fintech Global looked at 5 cyberattacks from the past year that shows that the problem is only growing. Remote working has been a great way for businesses to adapt to the new normal imposed by Covid-19. However, working from home has led to increased risks. For instance, a big jump in cybercrime gangs targeting bank accounts for small sums on a huge scale, also known as “silent stealing“.

Ransomware attacks are also increasingly popular. It is a form of malware that encrypts a person or a business file and ask for a ransom to unlock it. This type of cyberattacks surged over 150% in 2020. It can happen to any business. BancoEstado, one of Chile’s biggest banks, was forced to shut down for a few days in September 2020 following a ransomware attack.

Cybersecurity demand

The demand is huge and growing everywhere, not just in western countries. The global market for enterprise cybersecurity solutions is projected to grow to $60.9 billion by 2027 from $22.5 billion in 2020. That implies growing at a staggering CAGR of 15.3% by then, according to Research and Markets.

Even governments recognise the scale of the problem. For example, the UK government has recently set up a new independent body to boost professional standards in the country’s cybersecurity companies.

That is at a time when consumers do not really trust governments to protect their information. But expect them to bear the most responsibility for doing so. Which is kind of weird when you think about it. And that does not mean that fintech and banks should not do more when it comes to cybersecurity.

For fintechs and banks

Data breaches are nothing new. More than 5 billion records were exposed in 2018 alone. Third parties were often found to be at fault. The potential cost of a data breach is enormous for banks and large organisations. And that is even after the breach is cleaned up and the vulnerability resolved. With GDPR, there is the cherry on the cake in the form of fines, penalties and settlements which can amount to huge sums of money. Furthermore, the reputational damage can linger for years and literally destroy a company.

That is why when banks and fintechs are developing strategic partnerships, the bank is always very much focused on security issues. There is much more at stake for the bank than for the fintech if things go wrong. Moreover, the whole industry needs to pay more attention to cybersecurity planning. That has been the recurring critic of fintechs by incumbent banks. That startups are cutting corners when it comes to cybersecurity. So far, it has not been proven. Numerous tech outages at banks makes you actually wonder if incumbents invest and focus enough on it.

Time will tell who is on the right side of history. One thing is certain though: the threat is getting more serious and sophisticated. Banks and fintech will need to invest and find the right partners to toughen up their ops and IT.

For their customers

Financial education is great to help customers thrive. But this growing threat means that helping customers need to go beyond that. Cybersecurity needs to be front and centre for fintech. They need to help their customers protect themselves. This goes from identifying potential frauds to providing them with solutions as part of their offerings. Fraud is a never-ending battle. And so the financial services industry as a whole need to continue investing into its weapons’ arsenal. For the benefit of their customers. The cyberattacks are becoming more sophisticated. So telling customers to cover the point-of-sale keyboard with their hand when they type their pins is not enough any more.

A rise in phishing attempts and other techniques need to be addressed by banks and fintechs alike. Guiding and advising customers on how to protect themselves. Ultimately, that is a cost saving for the bank. Because if something wrong happens, they will be the first ones to be blamed. Particularly in cases when in spite of all the red flags, fraudulent transactions still go through…