How should fintech companies handle data security?

The era of digitalisation has paved the way towards the evolution of the financial sector, where the integration of tradition financial services with technologically-driven innovations has led to the genesis of the financial technology sector: fintech.

Fintech companies have grown from US$14.5 billion in 2016 to a staggering US$31 billion in 2017, and continue to develop rapidly – primarily as a consequence of the radial influence they have on our lives. Thanks to fintech, technologically-savvy consumers are now able to execute any digital transaction at their fingertips

However, the rapidly growing billion-dollar industry is accompanied by its fair share of uncertainties; and cybersecurity is perhaps on the top of the list.

Why is the Fintech sector at a risk of cyber crime?

The bulk of emerging fintech companies lack the awareness for ensuring secure digital transactions, focusing instead on growing the business and gaining market share. Few start-ups implement effective cyber security measures, even those that engage in electronic funds transfers and instant loans. This gives rise to security vulnerabilities that provide cyber criminals with the opportunity to exploit weaknesses of the digital payment process.

According to Sanjay Kathar, MD Quick Heal Technologies LTD, the sensitive consumer data possessed by Fintech companies and startups is the key attraction for cyber criminals. For cyber criminals motivated by financial gains, by either performing security breaches to feed identity theft or perpetrating a direct fraud, Fintech companies are an easy target.

What fronts need to be secured?

Managing software-based technology that provides consumer services can leave room for vulnerabilities. While most security liabilities are the result of undetected coding errors made during the development stages, software applications can also be the doorway for criminal hackers. It is crucial to design software that effectively incorporates security technologies, including network firewalls and intrusion detection systems, to identify potential vulnerabilities.

Furthermore, Cloud storage is increasingly being adopted by IT professionals and extensively used by fintech giants and start-ups for greater productivity at a lower cost. However, Cloud computing comes with new risks.

In order to address them, fintech companies should implement dynamically scalable, multi-Cloud security standards to protect financial data. Data centres need to be secured using stringent authentication methods to prevent large amounts of data from being susceptible to distributed denial-of-service (DDoS) attacks, intended to disrupt services. In addition, internal segmentation can improve data visibility.

As cyber criminals increasingly rely on automation to improve the chances of their attacks succeeding, companies need to incorporate automated threat detection systems to keep up. Such systems collect information from at-risk devices and compare it against attack trends and methods, and share that information through security networks.

Penetration testing for fintech

Most organisations are the target of random, indiscriminate attacks, and fintech is no exception. In fact, the amount of sensitive information financial service organisations hold makes them especially vulnerable.

That’s why they need to be certain that their systems are as secure as possible before being put into use. The growing popularity of apps in the sector has expanded the threat, with organisations needing to look out for attackers stealing cryptographic keys or reverse engineering them.

Organisations can prevent these attacks by conducting web application penetration tests. This involves an expert analysing your apps looking for vulnerabilities in the same way as a criminal hacker would. This allows organisations to identify and address weaknesses before it’s too late.

IT Governance is a CREST-accredited provider of penetration tests. Those who book with us will receive:

  • A range of manual tests closely aligned with the OWASP methodology;
  • A series of automated vulnerability scans;
  • Immediate notification of any critical vulnerabilities to help you act quickly;
  • A detailed report that identifies, explains and ranks the vulnerabilities;
  • A list of recommended countermeasures to address any identified vulnerabilities; and
  • An executive summary that explains what the risks mean in business terms.

Find out more about our penetration testing services >>