Fintech has taken the financial world by storm with its disruptive approach to transactions and cash. However, fintech suffers from the same problem as other cyber-enhanced systems: security. In a recent survey on cybersecurity, Hiscox noted that 72 percent of large United States businesses reported attacks in the past year. It has been estimated that cybercrime cost companies about $450 billion a year. While large business problems are splashed across the front page, a more sinister problem exists: the myriad smaller operators that aggregate and provide transaction space for consumers' personal and financial data. Most of these businesses are not prepared for a cyberattack. Are you?
Grappling with reality and security
TransUnion noted that a key problem for many fintech startups is resource limitations. While many companies are under fire from investors to quickly produce a viable product or service, this pressure can result in a faulty approach to development that leaves your customers – and your data – at risk. Smaller companies simply have fewer resources than larger ones, making them less likely to address a range of security needs. However, businesses can follow a simple approach to help manage cyber risk.
Security from the ground up
In a perfect world, your fintech product would have been created with security in mind. Your team would have incorporated their ideas from research and brainstorming sessions into the program from the first line of code. Testing would have occurred regularly, even after the product launch. Your team would then work with an outside contractor to test and make the product secure in light of newer technologies.
However, if your business is like many others, security may have kept you up a few nights but the clamoring of investors forced you into action. There is still time to include implement security features that protect your customers and business from prying eyes.
Identify and organize
The first step in creating a more secure fintech product is to identify the security flaws. The best place to start is with your development team since they are in the strongest position to locate critical security issues. Your list of problems may include data encryption, authentication, or real-time monitoring. After meeting with your team, you may also consider hiring an outside contractor to help with the security evaluation. White hat hackers can work with your team to find loopholes and areas of potential trouble.
Next, sort your security problems according to impact. For example, if your app does not send data securely, you are definitely creating a threatening arena for your customer's personal information. Identity theft traced back to your product can cause serious damage to your corporate brand image and will certainly impact your business's bottom line. The Federal Financial Institutions Examination Council (FFIEC) has created a handy Cybersecurity Assessment Tool that can help you identify and evaluate potential challenges with your digital offerings.
Finally, address each security issue with your product or service in order of importance. There will, of course, be an initial dent in your resources. However, as major cyber problems are addressed, your team will develop a better understanding of possible risks. Committing to security is a key part of a company's brand image and success in the digital marketplace.
Sources:
https://www.transunion.com/blog/pros-cons-seven-common-characteristics-of-fintech-startups
https://www.wired.com/2016/04/hacker-lexicon-white-hat-gray-hat-black-hat-hackers/
https://www.wired.com/story/marcus-hutchins-arrest/
https://www.ffiec.gov/
http://www.hiscox.com/cyber-readiness-report.pdf
https://beta.theglobeandmail.com/report-on-business/the-internet-of-things-will-have-to-earn-our-trust/article24781831/?ref=http://www.theglobeandmail.com&