Connecting Fintech Security Perceptions to Reality
The fintech industry is changing due to both internal forces and external demands. Both financial institutions and their customers are wary of changes that can affect security and, therefore, the state of their money. Financial industry chief information security officers (CISOs) need to be aware of these key trends and understand how they affect their business.
Current Trends in Fintech Security
New ventures in the fintech space have slowed considerably since their high in late 2015, according to KPMG’s “The Pulse of Fintech Q1 2017,” but new players are pursuing relationships with existing financial institutions and their fellow fledglings. As these companies explore fresh partnerships, they are experimenting with new market offerings and sometimes bringing untested technologies into play.
Companies working to develop competitive edges are liable for the same kinds of missteps encountered by startups in other industries. The difference is that hidden security flaws can also affect the institutions with which they form digital partnerships. The need to quickly deploy and develop a market presence needs to be tempered by caution. Fintech CISOs must take responsibility for the security of not only their own institution, but also those with whom they partner.
Technology Versus Regulation
As entrants to the fintech arena bring new technological products and processes to market, they are likely to push boundaries and make assumptions that contradict existing regulations. Certainly, any foray into technology that appears to violate current laws should be evaluated with an eye toward revising regulations to allow for significant advances. Making hasty changes to regulations based on unproven future benefits may lead to unexpected consequences that ripple across the financial industry.
It’s inevitable that both technology and financial regulations need to change with each other, but dialogue about advances and restrictions needs to be ongoing. That permits many constituents and stakeholders to weigh considerations beyond short-term gains and develop rational changes based on experience and expectation.
The Benefits of Blockchain
Alternate financial institutions based on blockchain technologies are finding their way to mainstream banking as supplements or even replacements for some transaction needs. The theories behind distributed financial systems seem solid enough but are largely untested since they have not yet experienced documented cyberbreaches.
Questions surrounding blockchain-based systems are bound to arise regarding methods to store, document and recover credentials. A bigger question may be how to deal with potential losses when mixed banking environments are attacked. Fintech CISOs should devote time and effort to understanding blockchain-based solutions, as well as the opportunities and potential liabilities they pose.
Machine Learning and Money Management
Digital transactions are the underpinnings of today’s financial world, and the data they create is fodder for analytics and machine learning. Fintech companies are capitalizing on their ability to derive insights and predict trends while cybersecurity experts are employing artificial intelligence (AI) to harden their security against intrusions and breaches. But those same technologies are being used by cybercriminals to counter modern safeguards.
CISOs should take advantage of machine learning to improve their defenses, but they should not abandon traditional methodologies altogether. AI tools will evolve, with attackers and defenders each taking an advantage at alternate times. Financial institutions need to employ a multilayered approach to security without shifting their strategies completely to new technologies.
Fintech a Top Target for Cybercrime
Most cyberattacks are perpetrated for monetary reasons, so it’s no surprise that financial intuitions are prime targets. The increase in activity in the fintech sector that brings new technologies to an already complex environment calls for more attention to new entries and their possible effects on the money at the center. CISOs need to increase their understanding of new technologies and intrusion possibilities to protect their own institutions and assets.