Technology has a way of creeping up on you and before you know what’s happened your local high street bank has disappeared, the physical face of public services has become a website and petrol driven vehicles have almost overnight become the bête noire of existence.

One area where technology change is having a profound impact is the fintech industry. That is, companies, which build their operations around technology to compete with traditional financial services, and improve services.
  • For instance, fintech start-up Credit Kudos recognised the frustrations that can accompany credit application due to regulations, so the company analyses actual spending and bank transactions of an individual to assess their credit worthiness.
  • This may not seem like such like a big thing but traditional risk measures are based on historical repayments. Make a few successive late payments and you’re automatically bumped off the credit worthiness register.
Recently researchers at the International Monetary Fund (IMF) studied the evolution of financial services in the digital age, especially the growth of Fintech, and the implications as companies like Facebook and Amazon begin to know more about customers' financial lives than banks.
  • The IMF concluded that non-financial data gathered from your web browsing, online shopping, search histories and so on, could provide a more accurate assessment of your credit worthiness.
  • The researchers argued these methods can be better than traditional credit risk assessments carried out by banks, and help bring credit to people that banks ignore or have no way of assessing for loans.
The IMF study is an indication of how financial services are evolving. At a practical level fintech makes finance so much easier. For instance, the fintech technology can enable investments, money transfers, lending and personal finance, in seconds from your smartphone or desktop PC.

Rich tapestry

Fintech is a little word for what is essentially a complex and colourful tapestry of financial services. However, all the companies in this space have a common uniting factor… cyber security.

Fintech enterprises have massive amounts of user data to handle. This includes personal information, contact details, financial information and sometimes health data. This data is used is used to generate insights into customer behaviours in order to acquire and retain more customers.

Protection of this data and information is one of the biggest privacy and cyber security challenges that fintech enterprises.
  • Relatively recent research revealed that 98 of the 100 most prominent and well-funded fintech start-ups are vulnerable to phishing, web and mobile application security attacks.
  • All of the companies surveyed had security, privacy and compliance issues related to abandoned or forgotten web applications, APIs and subdomains.
While the research was carried out over 18 months ago cyber security is not static and as such many of the issues raised in the report are likely to have been resolved.

However, the wider point is that fintech companies are clear targets. Consulting group BCG stated categorically in its Global Wealth 2019 report “Financial services firms are 300 times as likely as other companies to be targeted by a cyber-attack…”

The fintech vulnerabilities that attackers tend to be common to many major online operations where transactions take place, for instance,
  • Websites are vulnerable to sensitive data exposure, security misconfiguration and cross-site scripting which is broadly the act of injecting malicious code into websites and applications.
  • Outsourcing of business-critical processes and data sharing with third-parties is also something of an Achilles heel, given that sensitive customer data can be lost sight of.
While there is a greater onus on fintech companies to ensure cyber security is the best it can be, users need to be aware that there is no such thing as perfect protection and we also have to take steps to protect ourselves. As such there are two fundamental requirements from the customer side:
  • Connect to a Virtual Private Network (VPN). A VPN encrypts the data you send and receive and hides your IP address to keep you safe and anonymous online.
  • Use good antimalware protection that can detect and nullify zero day threats, that is threats that exploit unknown computer security vulnerabilities.
Technology will keep evolving; many vehicle manufacturers have said they will stop producing petrol and diesel fuelled vehicles by 2030, more banks will disappear from the high street and fintech operations will become commonplace. But the need for cyber security will remain constant.