Trust in fintech security has been shaky
In Q1 of 2022, fintech companies experienced 2.5 times more attacks than in the previous two years. The increasing frequency of cybercrime has increased market unrest and questioned fintech readiness; some argued that the industry players are more exposed to virtual threats than traditional banking, with greater resources at their disposal.
Thibaud Catry, head of compliance at ConnectPay, said claims of reduced fintech security are far-fetched, although he called for increased defenses due to growing cyber threats.
“In this day and age, the size of your business does not determine your ability to fend off fraudsters,” Catry said. “The massive fraud prevention departments that traditional banks have are becoming obsolete, as the ‘strength in numbers’ paradigm has shifted to ‘strength in technology.’ Now it is possible to prevent fraud with the same – or even higher – efficiency with fewer people simply by using the right tools and automation.”
He also noted that the longstanding credibility of older banks somehow puts them at greater risk. For example, in phishing attacks, large banks are often a better target for fraudsters as they serve an incredibly high number of people.
“If a person has an account with a well-known bank and receives a message that it has been blocked, he/she is more likely to click on the link. As a result, fraudsters often target people using the most common bank names, leveraging brand awareness to trap unsuspecting customers.”
Threats are increasing
When comparing the pre-pandemic period to the first couple of years of the pandemic, reports show that online fraud attack rates have increased by 233%. Fintechs have not been immune either, with attacks on industry players reportedly increasing by 70% in 2021.
Catry has shared that this is being widely felt across the industry, noticing an increase in phishing attacks, brand misuse and CEO fraud (fraudsters impersonating a senior business executive). The latter is more difficult to stop, as social engineering fraud shapes fraud and exploits human trust.
“Even the best technology implemented may not work if a recipient blindly trusts a sender, doesn’t take the time to evaluate the legitimacy of the content and click on any link he/she receives,” Catry said.
In the past few months alone, ConnectPay had to increase security several times; most recently – when Russia invaded Ukraine. Early preparation has helped keep fraudsters at bay and clients’ funds secured so far; Catry approves resiliency to secure not only the systems backend, but also their website, with backup on another domain. The company also uses its own cyber security solution to maintain ironclad security.
Although the trend continues upwards, he emphasized that being digitally native allows the fintech sector to deal with cyber threats more easily than previous banking services. Nevertheless, one crucial point on both sides needs greater attention. “The importance of solid technical safeguards in place cannot be overstated, but when it comes to security, human decisions, rather than technology, remain the weakest link in the chain,” he added.
Training clients to limit human error
Building awareness both internally and externally (the latter is often overlooked) can significantly change the power dynamic. Catry noted that while training employees in the most prevalent fraud scenarios is a common practice, clients are usually not part of this process, even though they are the primary target.
“Fraud awareness is key to ensuring that preventative security measures are upheld. Fraud prevention, of course, requires sophisticated technical solutions to quickly detect and address irregularities in transactions. However, you cannot be one step ahead if all the people involved in the process are not aware of the possible risks.”
