Fintech is Solving Problems in Finance, but Introducing Risk Part 2 of 3
In our last installment, we covered what fintech is, and how it is creating new revenue streams by changing the way money moves between organizations and customers. We also covered how the security architecture of the fintech can introduce massive risk into your organization. Fintech is utilizing a number of different standards for compliance and regulation. Why? How is this lack of continuity in regulation and compliance driving the architecture for fintech’s, while leveraging security best practices? What are the trends for fintech regulation? Fintech is creating new revenue streams with greater customer convenience, but can data security solutions lock down their environment?
Fintech’s Need Consolidated Regulation
The financial industry is more regulated and has more oversight than any other industry on the planet. However, fintech’s do not face the same level of regulation, because they may not fall under FDIC, SEC, or any other number of federal and state agencies. Therein lies one of the major hurdles to regulation. The sheer volume of oversight agencies creates more complexity in trying to build a singular regulatory policy or framework for the industry. Financial institutions are more regulated, because of the calamitous disruption and financial instability that will ensue when not properly regulated. Fintech’s create the same types of disruption and instability with data breaches and exposing customer data, because they are creating a larger attack vector for the organization utilizing their service offering.
One of the most difficult issues for fintech’s to overcome is integrating new technologies into legacy environments. Financial institutions are in the business of managing risk, and that has everything to do with understanding exactly what that risk is. So, financial institutions are utilizing fintech’s to help them manage the risk in delivering a great customer experience. That is why the fintech must be flexible in architecture to work seamlessly with the financial institution and any other third party vendors that the financial institution is currently working with to help manage the risk. For example, if your organization has outsourced its peer-to-peer payment capability, with most fintech’s being cloud or blockchain based, how does the sensitive data move from the fintech’s environment, to the financial institution, and ultimately to the customer? The whole process must be secure, and the architecture is where that starts. Does the fintech utilize encryption or tokenization in the transfer of these transactions? Financial institutions must demand that their fintech’s help them manage risk or even reduce it, and that has everything to do with how the fintech was architected.
Standardization Is Coming
The financial industry is moving in the right direction, and it appears all of the right organizations are on board with creating industry standards for cybersecurity. With a greater reliance on fintech’s there has to be. The National Economic Council created A Framework for FinTech earlier this year, which is designed for the financial services sector and their governing bodies. It sets policy goals to, “promote safe financial inclusion and financial health, build in cybersecurity, data security, and privacy protections from the start”, and this is a great roadmap, but it will need a whole industry buy-in to be successful long-term. So much of compliance and regulation in fintech is voluntary, but has very expensive consequences. PCI compliance is a great example of something that is not mandatory, and not every organization handling payment card data is compliant. The Enhanced Cyber Risk Security Standards is throwing it’s hat into the ring by “suggesting” self-assessment utilizing the FFIEC Cybersecurity Assessment Tool, NIST Cybersecurity Framework and CPMI-TOSCO Guidance. This is purely voluntary at this point, but certainly a step in the right direction.
Fintech Data Security Solutions
To dovetail the compliance discussion into the bigger picture, financial organizations must demand that all of their fintech solutions practice the highest levels of compliance, data security best practices, and most importantly do not introduce risk. This involves solutions that secure all data sets 100%. PCI, PII, ACH, NPI, and any other sensitive data sets that will be moving through an environment need efficacy in their management and security architecture. With so many data security solutions on the market, how do you know which one’s work and which ones don’t? Blinky lights and notification of fraudulent activity generally means you are too late, and you should prepare yourself for the fallout of a data breach. The core of data security has to be built around securing the data. In our final installment, we will look at the current options of fintech data security solutions that are on the market today, and how they will impact your environment from both a positive and negative perspective.
TokenEx is the industry leader in cloud tokenization. Stay tuned for Part 3 of 3 where we focus on SOC assessments, fraud prevention, encryption, and tokenization solutions for fintech's. Follow us on Twitter and LinkedIn.