By Giridhar Yasa, Chief Technology Officer, Lendingkart
In 2021, the average cost of data breaches caused the fintech industry more than US$ 5.72 billion, as per the IBM Cost of Data Breach Report 2021.
Looking towards the future as evidenced by growth across various categories, especially in digital lending – we could all be virtually looking at a tech pandemic on the horizon.
The financial damage is huge for fintech start-ups, which might never recover from the severe consequences due to a lack of security technologies and controls.
For miscreants, an industry that is sitting on the bed of innovation and technological advances is the proverbial “El Dorado” – where opportunities to exploit security gaps are as bright as gold! Today sophisticated fraudulent activities no longer require a special skill-set.
What could these be?
- Social engineering attacks, scams, and even identity theft by threat actors
- Breaches leading to targeted attacks, causing financial loss – a death-kneel of sorts for a fledgling company
Most industries are at risk for data theft, but companies invested in financial services are most vulnerable.
The last two years have also seen a complete overhaul in the work setup. While companies are setting foot and preparing for hybrid working models, they are even more focused on strengthening their cyber security framework. Models such as zero trust for API first environments are becoming more common.
Everyday thousands of data points a re collected at different interventions by fintech/bank/financial institutions. Today, the financial sector aims to personalize the customer experience at different touchpoints, for which data collection is on a rise. Fintechs use big data to understand the needs of the customers on a one-to-one basis, to cross-promote products, upsell, and more importantly reach out to customers at the right time with the right message, understand their spending needs and expand the services offered to them. Data backing quite sensitive in nature.
As more services are going online, enterprises will gather huge volumes of customer data to gain insights. Some of this data includes personally identifiable, financial, and other information. The Account Aggregator ecosystem implemented by Sahamati (Niti Aayog) is a fine example of building a scalable system of information sharing that is encrypted and fully secure. we have processed more than 54k statements in the past six months (of the 100k that exists in the ecosystem) with prior user consent through our Account Aggregator setup.
Following are some of the most common security concerns for fintech companies
Data Security is the topmost security concern for any fintech company. With customer data such as personal information, bank statements, and company details, fintech companies are a top target for the hackers. In this industry, Companies should ensure that the customer data is protected. Cloud-native is a new way of architecting the applications and infrastructure, these cloud technologies allow for accessibility and scalability and use principles of defense in depth. With such technology rapidly changing the face of data storage, cloud security is a big chapter for fintech companies.
Malware attacks are the most common type of cyber attacks – one email asking you to click a link and your personal data has been compromised. Compliance to cyber security norms is a must for all fintech companies.
As innovation tends to move at a faster pace than regulatory changes, some companies can see compliance regulations as a point of friction to meeting core objectives and deadlines.
Companies should keep an open channel of communication with regulatory bodies including RBI working groups as well as Sahamati (Niti Aayog) for sharing best practices and building standards. Having an open discussion is critical to not just integrating better, but also allows you to align business goals to security requirements.
When upgrading to newer technologies/software, companies need to ensure that their security infrastructure is robust to transition without any cyber attacks. Data leaks result in a loss of credibility. It is not only damaging to the brand image but also to the trust customers have shown in the company.
Fintech companies aim to simplify and standardize finances for MSMEs and we are building robust technology to ensure data protection and prevention of fraud. Our proprietary platforms including 2gthr, an Indian retail lending marketplace, Cred8, Xlr8, Collec10 are testimony to our commitment to ensuring data security.