[BreachExchange] 6 Security Areas Fintech Needs To Patch This Year

Audrey McNeil audrey at riskbasedsecurity.com
Wed Mar 1 20:19:55 EST 2017


http://tech.co/6-security-areas-fintech-needs-to-patch-this-year-2017-03

If there ever was a tech revolution that is impacting every corner of the
world, it is fintech. Traditional financial institutions are being forced
to re-think their products and services. Previously unbanked individuals
are now getting banked through mobile providers. Personal finance
management is largely shifting online – you can get insured, invest in
stocks or pay your bills through an app.

There is one big issue, however. As financial services and technology
increasingly merge, threats from hackers also increase. Cybercrime in the
area of financial services is highly attractive to hackers. In fact, the
financial sector already has a larger amount of cybercrime than other
industries, including governments.

The other issue, of course, is that governments are taking far more
interest in privacy, security and consumer protection when it comes to
fintech companies, and regulations are piling up. Here are the six areas
fintech companies will need to address this year.

Closing the Gap Between Tech and Regulations

Currently, fintech cybersecurity is evolving rapidly, far faster than the
regulatory climate is changing. Regulators and fintech innovators will
begin to have far more communication. This will help prevent
rapidly-composed regulation and, instead, promote that which protects
consumers and includes safeguards that reduce risk and minimize damage if a
breach occurs. Fintech entrepreneurs would do well to actively participate
in conversations with regulators at both the federal and state levels.

Greater Interfacing With Traditional Institutions Means Vulnerabilities

As fintech scale and develop their reputations, they will continue to
establish connections with traditional financial services providers. The
interfaces that are established between them create greater vulnerabilities
for cybersecurity. Stringent testing during development phases of these
interfaces will be critical. Google has already started addressing this
issue with their recent security update, which will mark all HTTP
connections on websites requesting payment data as not-secure, and thus
encourage service providers to switch to HTTPS connections.

Delineation of Legal Liabilities

Recent class action suits over data breaches should alert all fintech
enterprises to the levels of their liability when cybersecurity is not of
prime concern. Encryption, data retention, and data disposal are now
regulated by both state and FTC laws, and fintech enterprises need to not
only conform to these regs but, as well, be prepared for audits and fines
when gaps are discovered.

Another aspect of liability relates to informing consumers when data
breaches have occurred. Fintech enterprises are obligated to inform
according to state and federal guidelines. There will be greater scrutiny
of processes for both detecting breaches and informing/warning customers
and government agencies when they occur. The smart Fintech officers will
also realize that breaches can be internal as well as external. And any
U.S. fintech company doing business in the EU will have additional
regulations regarding storage of personal data.

Best practices in maintaining cybersecurity and in conforming to all
relevant regulations/laws mean that fintech companies should have a single
executive officer dedicated to data security.

Caution With The Cloud

Fintech is ripe for cloud computing, but public clouds are now the target
of data hackers. No fintech enterprise should consider public cloud
services.

Machine Learning Will Play a Larger Role

Machine learning holds great promise for fintech enterprises, especially in
the area of cybersecurity. But entrepreneurs are warned that total reliance
on machine learning may cause a company to let down its guard and humans
may have a difficult time identifying and understanding security
weaknesses. The other threat is that hackers are also coming to rely on
machine learning, creating somewhat of an arms race.

Unbanked People Still Provide Risk

Fintech is allowing people who have never banked before to have access to
products and services without a physical facility to which they must
travel. This is a good thing and an area of huge potential for fintech
enterprises. The other side of the coin, however, is this. Newly banked
people are not necessarily aware of the potential for security breaches and
may be especially vulnerable to hackers. The need to educate this
demographic is real and critical.

Fintech shows no sign of slowing down – it is just making a huge variety of
financial products and services available to consumers who want
convenience, speed and who have become dis-trustful of the traditional “big
boys” and want to skip the middlemen and their fees. This is one sector,
however, that cyber criminals have set their sights on, considering the
huge amounts of financial gain. Cybersecurity for fintech will have to
evolve and evolve rather quickly in order to win this “arms race.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170301/58cb2745/attachment.html>


More information about the BreachExchange mailing list