How to prevent five common fintech security mistakes
By Alok Bansal
The fintech (financial technology) industry in India has seen exponential growth, especially in the post-pandemic years. In 2019, Ernst & Young’s Fintech Adoption Index stated that fintech has improved and expanded its offerings around the world, spurring changes in the financial services industry. The size of the global fintech market was estimated at USD 110.59 billion in 2020 and is expected to grow at a CAGR of 20.5% to reach USD 699.50 billion by 2030. Increasing technology penetration in the Indian market is expected to promote financial inclusion and improving customer experiences, but it has also sparked fears of cyber security risks. This is why it is critical that fintech firms address five common security flaws and prevent them:
Prevention 1 – Weaker authentication management system
A critical ingredient to the success of any fintech firm is a robust authentication management system, and many companies fail on this front. This can undermine credibility and lead to customer defections. While launching and scaling their products to suit different versions including mobile phones, laptops or desktops, organizations need to keep security factors at the fore. When customers log into their bank accounts, these devices provide a method where the passwords can be permanently stored and retrieved through malicious code. Businesses can use methods such as Multi-Factor Authentication (MFA), Single-Sign-On (SSO) or the biometric system that will overcome such security risks, eliminate redundant passwords and ensure that the device is not hacked to retrieve passwords.
Prevention 2 – Adoption of public cloud service
Many fintech companies use public cloud services to reduce uptime and to combat rising business costs, but remain unaware of security threats. Companies often hire assistance from lesser-known or smaller vendors who may not be adept at managing cybersecurity risks. And if you have complex network architecture, the risk can increase. Data regulatory requirements and data compliance can also be a challenge when using the public cloud, especially in industries such as banking and healthcare that deal with sensitive and personal data. Before hiring a service provider, firms should review them carefully and ensure they have strong security measures in place. They can also consider using private cloud solutions or a hybrid system, where flexibility and security can be combined.
Prevention 3 – Having a bad user experience
Fintech has made it possible to use financial products with a single click. With the development of disruptive technologies like blockchain and cryptocurrency, there are many products available in the market that try to differentiate themselves by providing a remarkable and enhanced customer experience. But companies that strategize their plans without keeping the customer in mind end up suffering and losing the customer. Therefore, each product should be tested rigorously and frequently before it reaches the customer. User experience can also be improved by using simple language and avoiding jargon, enabling a ticket system, where customers can register their complaints, and adding chat boxes for personal communication.
Prevention 4 – Implementing a weaker backup policy
A robust backup policy is very critical to a firm’s resilience and essential to its Business Continuity and Disaster Recovery (BCDR). Unfortunately, many companies have very weak backup policies. They back up their data less frequently, such as once or twice a year or quarterly. This increases the risk of data loss during a power outage. Data should be backed up frequently, possibly once a week or once every day. The backup frequency must match the level of criticality of the services and the sensitivity of the data and have very clear specifications for backup methods, frequency, recovery objectives and recovery procedures. The recovery point target (how much data the organization can afford to lose) and the recovery time target (maximum time defined to restore operations, after the data is lost) are two critical points that must not be overlooked.
Prevention 5 – Lack of trained staff
According to Research and Markets 2021 reports, the fintech market is estimated to grow at a CAGR of 26.87% by 2026, globally. But in India we don’t have sufficiently trained hands, which in turn can create security issues. Lack of proper knowledge can lead to employees using unauthorized software, which can compromise data security. Employers cannot turn a blind eye to the training needs of different employees who may have different learning curves. Some organizations only offer one-off training when it should be a continuous process. As the software is updated, companies should re-educate their employees, train them to use secure passwords and use VPNs while working in a remote setup. Re-skilling can also reduce operating costs by minimizing the need to hire new people.
In addition, organizations can also educate customers about technological security measures and create awareness about cyber attacks. Fintech has enormous potential to transform the finance and investment industry, especially after the COVID-19 crisis. By implementing safer and more secure ecosystems, institutions can work safely to build trust equality and lasting resilience.
The author is MD of Visionet Systems India and Global Head of BFSI Business.
Disclaimer: Views expressed are personal and do not reflect the official position or policies of Financial Express Online. Reproduction of this content without permission is prohibited.