July 18, 2017 By Scott Koegler 3 min read

The fintech industry is changing due to both internal forces and external demands. Both financial institutions and their customers are wary of changes that can affect security and, therefore, the state of their money. Financial industry chief information security officers (CISOs) need to be aware of these key trends and understand how they affect their business.

Current Trends in Fintech Security

New ventures in the fintech space have slowed considerably since their high in late 2015, according to KPMG’s “The Pulse of Fintech Q1 2017,” but new players are pursuing relationships with existing financial institutions and their fellow fledglings. As these companies explore fresh partnerships, they are experimenting with new market offerings and sometimes bringing untested technologies into play.

Companies working to develop competitive edges are liable for the same kinds of missteps encountered by startups in other industries. The difference is that hidden security flaws can also affect the institutions with which they form digital partnerships. The need to quickly deploy and develop a market presence needs to be tempered by caution. Fintech CISOs must take responsibility for the security of not only their own institution, but also those with whom they partner.

Technology Versus Regulation

As entrants to the fintech arena bring new technological products and processes to market, they are likely to push boundaries and make assumptions that contradict existing regulations. Certainly, any foray into technology that appears to violate current laws should be evaluated with an eye toward revising regulations to allow for significant advances. Making hasty changes to regulations based on unproven future benefits may lead to unexpected consequences that ripple across the financial industry.

It’s inevitable that both technology and financial regulations need to change with each other, but dialogue about advances and restrictions needs to be ongoing. That permits many constituents and stakeholders to weigh considerations beyond short-term gains and develop rational changes based on experience and expectation.

The Benefits of Blockchain

Alternate financial institutions based on blockchain technologies are finding their way to mainstream banking as supplements or even replacements for some transaction needs. The theories behind distributed financial systems seem solid enough but are largely untested since they have not yet experienced documented cyberbreaches.

Questions surrounding blockchain-based systems are bound to arise regarding methods to store, document and recover credentials. A bigger question may be how to deal with potential losses when mixed banking environments are attacked. Fintech CISOs should devote time and effort to understanding blockchain-based solutions, as well as the opportunities and potential liabilities they pose.

Machine Learning and Money Management

Digital transactions are the underpinnings of today’s financial world, and the data they create is fodder for analytics and machine learning. Fintech companies are capitalizing on their ability to derive insights and predict trends while cybersecurity experts are employing artificial intelligence (AI) to harden their security against intrusions and breaches. But those same technologies are being used by cybercriminals to counter modern safeguards.

CISOs should take advantage of machine learning to improve their defenses, but they should not abandon traditional methodologies altogether. AI tools will evolve, with attackers and defenders each taking an advantage at alternate times. Financial institutions need to employ a multilayered approach to security without shifting their strategies completely to new technologies.

Fintech a Top Target for Cybercrime

Most cyberattacks are perpetrated for monetary reasons, so it’s no surprise that financial intuitions are prime targets. The increase in activity in the fintech sector that brings new technologies to an already complex environment calls for more attention to new entries and their possible effects on the money at the center. CISOs need to increase their understanding of new technologies and intrusion possibilities to protect their own institutions and assets.

Read the IBM X-Force Research Report: Security trends in the financial industry

More from Banking & Finance

Unveiling the latest banking trojan threats in LATAM

9 min read - This post was made possible through the research contributions of Amir Gendler.In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions.In this blog post, we’ll shed light on the group responsible for disseminating this campaign. We’ll delve into the method of web injects and Man in the Browser, and…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today