The Rise of Identity Access Management, IAM, in Fintech

This is a guest post by Devin Partida, a prolific writer about crypto, open banking and fintech for publications like Worth, Due, Yahoo! Finance and Entrepreneur.


The fintech industry is no stranger to innovation, often far outpacing other sectors in adopting new technologies. As fintech firms attempt to balance agility and security, new tech tools can be the deciding factor in whether they stay competitive in the sector. One of the most prominent of these technologies today is identity and access management (IAM).

Identity and access management is an umbrella term covering policies and technology that manage users’ access privileges. That includes everything from multifactor authentication (MFA) to network segmentation. While it’s not a banking or fintech-specific concept, the financial industry has showcased earlier and broader adoption compared to other sectors.

Today, IAM has become a leading concern for fintech companies. Here’s a look at how and why this came to be.

Stringent Industry Regulations

Banks and other financial services were some of the first organizations to adopt official IAM policies after health care. Their motivation for doing so echoed that of medical organizations, too: namely, growing regulatory pressure. While virtually every industry must abide by data security regulations, the financial sector faces more than most.

As regulatory pressure in finances increased, the segregation of duties (SoD) became increasingly crucial. SoD, which involves separating departments and networks to ensure organizational checks and balances, is the driving force behind IAM. Access permissions must vary between departments and employees, and IAM provides the means to ensure people can only access what they should.

As FinTech came to expand or replace traditional banks, it faced the same regulations. IAM controls and technologies were essential to FinTech’s success amid established, already trusted organizations. In that way, IAM was always a part of FinTech, but it has since grown all the more critical.

Growing Threats From Both Inside and Out

FinTech shifted the financial industry towards relying on digital technologies, and in so doing, introduced new risks. As with every other sector that has embraced digital transformation, cybercrime has become a more prominent threat in finance. In the past few years, these threats have grown exponentially, making IAM an essential security measure.

Cyberattacks on the financial sector increased 238% between February and April 2020. In that timeframe, more than a quarter of all attacks targeted either finance or health care organizations. In light of this massive and uneven cybercrime wave, FinTech faced skyrocketing security needs, placing IAM in the spotlight.

Cloud adoption created potential insider threats that pushed the need for IAM even higher. Many employees use the same passwords for cloud access for critical internal data, making data breaches from credential stuffing more likely. Segmentation and access restrictions within IAM help mitigate these risks.

Streamlined Solutions Require Streamlined Security

Ensuring customer and employee data is secure is not FinTech’s only concern, either. FinTech tools have become so popular because they’re more convenient and efficient than traditional financial institutions. Since customers have come to expect this agility, FinTech’s security must be similarly agile.

Traditional identity checks and authorization methods are too slow for FinTech, sometimes taking 45 minutes or more. IAM lets FinTech services balance security with efficiency, giving customers quick access to their finances while barring anyone else. As other digital technologies become increasingly agile, customers become more accustomed to speed, making these considerations more critical.

A 2018 PWC survey found that roughly 80% of American consumers say speed and convenience are the most important factors in customer experience. Considering that 32% will also leave a brand they like after one bad experience, maintaining efficiency is crucial for FinTech. The agility benefits of segmentation and digital identities make IAM the ideal solution.

The Rise of Remote Access

Finally, and perhaps most prominently today, the growing demand for remote access has emphasized IAM’s importance. Many organizations across all industries, including FinTech, now rely on an at least partially remote workforce. Consequently, company systems must have a way to ensure users are who they say without being physically present.

Cloud computing gives remote workers the access they need, but security must go beyond a simple login page. If every employee had access to all data, one breached account could spell disaster for an entire FinTech firm. As such, the segmentation and privilege restriction aspects of IAM are necessary as remote access expands.

MFA can block more than 99.9% of account compromise attacks, but IAM can still go further. By segmenting networks and restricting permissions, IAM ensures that no one worker can access everything. Therefore, a breached account would have limited destructive potential, and malicious insiders could similarly do less damage. As remote work becomes the norm, this assurance is essential.

IAM Is Inseparable From FinTech Today

It would be challenging to find a FinTech company today that doesn’t institute some level of IAM. As regulations, threats, user expectations, and remote access have grown, advanced IAM measures have become imperative.

IAM has been critical to FinTech’s success since the beginning and has only grown in importance since. Without these technologies and procedures, FinTech couldn’t survive today’s cyber threats and competitive landscape.

Latest