Fintech is Solving Problems in Finance, but Introducing Risk – Part 1 of 3

As financial institutions move away from legacy environments to full digitization, they are realizing that they are not able to offer all of the digital financial services because of prohibitive development costs, speed to market, lack of technical resources but most importantly, they are recognizing that certain fintech (financial technology) organizations are able to offer a better customer experience that generates much higher revenues. This reduces internal research and development, as well as minimizing technical assets. These offerings are fundamentally changing the way financial institutions do business in how they are able to interact with their customers, which translates into greater levels of convenience, but most importantly flexibility in how their customers manage their money. These conveniences are not without their own pitfalls, as some of these fintech’s showed the world what can happen when a fintech vendor does not properly secure their own platform revealing sensitive data in a breach. What defines fintech? How does fintech affect your digital architecture? Does an enhanced customer experience broaden your attack surface?  With the financial world completely changing the way they interface with their customers; how do organizations determine what fintech vendors will actually add security and risk aversion to their internal environment? Why do CIO’s have to embrace fintech?

Why Financial World Is Changing

As the digital ecosystem continues its dramatic change, it is important to understand just what specifically defines fintech. It is the technological innovations that impact financial activities like: payments, lending, remittances, chargebacks, deposits, capital raising, insurance, regulatory compliance, etc.  creating new revenue streams. The financial institution aggregates different platforms to provide a singular service offering, so the customer now has multiple services at their fingertips. Moreover, outsourcing certain services to fintech’s is both cost effective and creating much better holistic experiences with their customers. So many of these products and services are meeting the growing digital demands of their customers, but they are also introducing an expanded attack surface.

New Risks of Using 3rd Party Vendors

Peer to Peer (P2P) transactions caught the world by storm, and subsequently will be changing the way consumers can move money between themselves and financial organizations. Unfortunately, some of the applications offering P2P transactions have been breached. For security measures, most applications utilize some form of encryption and data vaulting, allowing the user to choose a pin for login verification. This is their security layer for fraud, theft, etc., and users are capped with liability if reported in a reasonable amount of time. However, the main issue lies in the fact that the application is connected to an individual’s bank account, leading a potential cybercriminal to the foyer of a financial institution leading to an increased attack surface. Creating a larger attack surface for your organization will eventually cost you customers if your 3rd party vendors do not have the proper security controls in place, and as previous data breaches have proven, encryption by itself will not adequately secure an organization.

Selecting Secure Fintech Vendors

The reason fintech’s have been so successful is that they are able to create more transparency and accountability for financial institutions. However, creating an enhanced customer experience must also be risk averse in nature, and so much of that has to do with the security infrastructure of the fintech. The problem lies in that some fintech’s were created with an infrastructure for the general enterprise that can create data security issues and/or increased PCI compliance/scope. Considering how complex financial institution’s environments are, integrating into a traditional software/server environment that may utilize legacy hardware can create major security issues. Reason being, the vast majority of fintech’s are cloud, mobile or blockchain based, and as financial institutions slowly move to those mediums, they are heavily dependent on fintech’s to bridge that gap, so architecture and how small of a digital footprint is left is paramount.

Embrace Fintech To Solve Problems

Financial organizations are ingesting massive amounts of sensitive data (PCI, PII, NPI, ACH, etc.) into their environment, so CIO’s are looking for fintech solutions that push the sensitive data to the very far edge of their environment or keep it out of their environment altogether. Fintech is helping to solve regulatory and compliance based problems in organizations worldwide by their adherence to a regulatory infrastructure and how they are capturing, storing, and securing sensitive data. It all comes down to simplicity and efficacy. As you continue building a customer-centric platform you want to make sure that each piece works together cohesively, because when you start trying to use platforms that do not integrate seamlessly into your environment, then you risk breakage in other areas of your solution. Far too often organizations settle for solution stacks that solve 75% of the problems. The outlier 25% is the biggest reason for breakage, and most importantly creating a greater attack surface. This expanded attack surface is something organizations are going to have to secure 100%. There are ways to minimize exposure and your digital footprint. In some cases, the fintech can actually reduce scope/compliance, and help organizations solve regulatory issues.

In Part 2 of 3, we will discuss regulatory compliance, regulatory bodies (FTC, Consumer Financial Protection Bureau, SEC, etc.), and building seamless solutions that deliver a secure and elegant experience to your customers. TokenEx is the industry leader for cloud tokenization. Follow us on Twitter and LinkedIn.

Cloud Tokenization As A Service

Topic(s): payments , data security , PCI DSS , encryption , PII , tokenization

Keep Up With Our PCI & Privacy Blog