twitter logo linkedin logo facebook logo

How FinTechs can respond to digital threats


Fintechs respond to threats

The financial services industry has always been a tech-intensive sector. Think about the first ATMs in the 1960s or the user-friendly mobile banking apps popping up in the 2000s. But with the rise of the alternative lending market, everything changed. Suddenly, technology wasn’t just an add-on; it was the basis of a whole new way of banking. Fintech had arrived.

The FinTech industry is the UK’s strongest startup sector. It has more than 1,400 high-growth fintech companies, 20 unicorn companies (that’s half of the UK’s billion-dollar startups), and more venture capital investment than any other industry. According to the Business Research Company, the global fintech market was valued at around $128bn in 2018. Throughout 2022, it is expected to grow to an astonishing $310bn.

What makes fintech so attractive to customers? The UK’s most prominent challenger banks, Starling, Monzo and Revolut, tend to offer more targeted solutions to customers than traditional banks. They’re agile and meet customer needs with new offers that fit their lifestyle. For example, Starling has just introduced Bills Manager to help businesses streamline their finances.

How the pandemic has helped the FinTech sector

With many bank branches closed in 2022, the online banking sector thrived. Across Europe, online and mobile banking use surged up to 20% during the pandemic. Younger consumers grew up almost entirely in a digital world and manage their whole lives through smartphones or tablets.

Millennial consumers consider traditional high-street banking a thing of the past. In a report, 75% said they are attracted to these new, agile competitors in the banking sector because of their fast, easy-to-use products.

Now that so many consumers are comfortable with banking digitally, banks and credit unions can no longer count on geography to engage customers. And they need to be more active in responding to the FinTech movement. Only 7% of banks set up FinTech labs; the majority (63%) are passive when it comes to investing in startups and futureproofing their services.

Things look good for the FinTech sector. But where money can be made online, cyber threats are not far behind.

The rise in FinTech cyber threats 

According to a recent IBM report, the UK is one of the nations that most frequently falls victim to a cyber-attack. Cyber criminals are becoming bolder in their development and deployment of ransomware attacks. SonicWall said in its annual threat report that ransomware attacks over 2021 have grown by 105%. That translates into 20 attempted attacks every second. Ransomware attacks are increasing along with phishing attacks and data theft. And cyber gangs are evolving. Laurence Dine from IBM says we can expect a rise in ransomware as a service. Here, gangs acquire domain credentials and sell them on. Cyber criminal groups are also happier to collaborate if they all get paid. That makes them more powerful.

When it comes to targets, hackers typically look for businesses that can’t function without access to their data. FinTechs clearly fall under this category as they offer their services only online.

FinTech challenges

Human error is still a key factor. All it takes is an employee responding to a corrupt email and giving out sensitive information. Even if your FinTech isn’t attacked directly, a cyber attack on a platform or supplier you’re using can have a knock-on effect. If you have a platform you store data on, and this data is hacked, you’re responsible for that as a data controller.

How can FinTechs reduce the risk of cyber threats?

Padraic O’Reilly, Chief Product Officer and co-founder of CyberSaint, says companies should do more “proactive or mitigative remediation.” That way, you’re identifying cyber threats and making proactive, risk-informed decisions instead of just putting out fires.

Three starting points to reduce the risk of cyber threats include:

  • Train your FinTech staff to reduce the risk of human error.
  • Do regular testing so you know where your security is patchy and can fix it.
  • Ask your software platform provider what security measures they have to protect your data and address cyber threats.

Authentication is a chink in the armour of FinTech. 44% of workers reuse passwords across personal and work-related accounts. 34% have shared passwords with colleagues in the same group. And a whopping 62% share passwords via SMS and email.

Strong customer authentication (SCA) seems to be the answer to security woes, but that has its drawbacks: in a poll, 43% of individuals believed the increased cybersecurity protocols for remote workers will hurt workplace productivity and 49% preferred to remove extra authentication steps for essential apps and data in the workplace to save time. A single-step MFA like MIRACL can solve both of these problems. It allows a flexible, bespoke setup and is 5x faster than passwords, 10x faster than authentication apps, and 15x faster than one-time passwords.

Cryptocurrency exchanges

With the backbone of technology and the blockchain, cryptocurrency falls under the FinTech umbrella. The new kid on the block has created a new digital finance sector. As FinTech companies are growing, so is the number of crypto users. In 2022, around 300 million people used cryptocurrency — nearly 4% of the global population.

But cryptocurrency exchanges face their own online security challenges. Most crypto exchanges now use blockchain technology, which allows decentralised storage, and is considered more secure because of cryptography encrypting techniques. That doesn’t always help. In 2021, BitMart exchange lost $150 million to hackers. Numerous blockchain attacks, including Eclipse, Poly, DDOS, and Sybil, made the news.

What are the cybersecurity issues with cryptocurrency?

Cryptocurrency isn’t only popular with gamers: threat actors love it too. It’s already the most preferred form of exchange in ransomware attacks. That’s because cyber criminals can hide their true identities when asking for ransom in digital currencies. Cyber criminals target cryptocurrency trading platforms to steal funds, often via phishing campaigns. None of the over 1,000 types of cryptocurrencies available today is immune to cyber threats.

FinTech and password security

A good cryptocurrency exchange must provide a secure online environment for traders and investors. Without it, your exchange is vulnerable to cyber attacks. Protecting your servers alone will not provide adequate crypto exchange security. You must ensure that the client side of any platform is also secure.

Since many people store their passwords and usernames on their computers, hackers can use keyloggers or other malware programs to access this data. Then, they sell it online for fractions of Bitcoins. That’s possible because virtual wallets come with limited protection measures against hackers.

Traders and cryptocurrency investors should install antivirus and antimalware software on their computers. But even that may not be enough. As cryptocurrencies evolve and become more popular, cybercriminals also increase their activities.

Key cybersecurity points for traders and cryptocurrency investors:

  • Monitor your account settings and adjust them if necessary
  • Use hardware wallets when available to store funds in cold storage or offline
  • Provide strong customer- authentication (SCA)

What is SCA in crypto?

In addition to “something you know” (like a PIN), SCA also provides “something you have” (like an authenticator code) or “something you are” (like biometrics). Properly used strong customer authentication is one of the most robust defences against fintech cyber threats and crypto theft.

Will SCA become obligatory in the crypto market?

Governments recognise the dangers the unregulated crypto market poses for investors. Many would like to change to make crypto safer. Countries like India and China have already limited the trade and use of cryptocurrencies. The USA has already taken the first steps to regulate the growing market. If the cryptocurrency industry becomes regulated, it’s also likely that it will have to comply with PSD2. MIRACL is PSD2 compliant, and our cryptographic technology means that user info stays with users.

If you need inspiration on how your user flow could look with MIRACL, have a look at our website here. And if you need more help, get in touch- we’d love to show you how MIRACL works.

Try out MIRACL for yourself with our banking demo here.

Get the MIRACL memo in your inbox

Get in touch to learn more

You can opt out at any time. See our privacy policy here.