Are fintech startups taking right measures on the cyber security front?
The integration between digital technology and financial services has led to exciting new developments in the financial sector over the last couple of years, and has given rise to a whole new industry vertical – the fintech industry. Companies operating in the sector are developing and enabling a gamut of innovative solutions that are radically impacting our lives by increasing the reach and flexibility of conducting financial transactions. Technology has also accelerated the extension of financial services to the underserved and unbanked populace, and is one of the prime reasons why the fintech sector has grown from $7.3 billion in 2014-15 to $14.5 billion in 2015-16 and continues to grow at a high rate. The industry and its rapid growth, however, now face a major challenge: cybersecurity.
According to a report published by KPMG and CB Insights, fintech ventures secured 710 venture funding deals in 2014, 807 in 2015, and 416 deals till the second quarter of 2016. Many of these ventures were new entrants. But even as these startups conduct business functions such as fund transfers and instant loans through technology, their interconnected operations are often found wanting for adequate and effective cybersecurity measures. This gives cybercriminals an opportunity to take advantage of the system and exploit vulnerabilities and limitations within the digital payments process.
There are, at present, very few fintech companies that have adequately invested in developing their cyber security frameworks and ensuring safer and more secure digital payments experience for their users. Many startups in the sector do not opt for lobbying servers, monitoring systems, or back-up systems, which are all measures that can help in minimizing the chances of a data breach and mitigating the impact in case one does occur. Moreover, there is – at least in India – little attention paid to hardware-level security, something that is fast becoming mandatory for facilitating secure online transactions.
One area where Indian fintech startups really struggle, however, is raising the awareness about secure digital practices, both within their organizations and their consumer base. The lack of knowledge about cyber security and threats can often give rise to security vulnerabilities, which can then be exploited by cybercriminals. All this makes it highly necessary to align front, mid, and back-office functions to prevent instances of fraud and money laundering; and will enable quick assessment of potential security breaches. Entrepreneurs in the fintech sector must reassess their priorities and conduct extensive tests and trials to ensure a secure and fraud-proof platform.
This can be done by devising a complex strategy and a sturdy program to prevent and manage cyber threats. Firstly, companies must develop a strong risk culture to shape the decisions of the management and employees. This risk culture relates to the firm’s integrity and that of its employees, and how it can influence favourable customer experiences. Correspondingly, there is a critical need to use data insights and risk intelligence optimally and to apply them in business decisions. Regulators from around the world have provided significant insights on counter measures that must be conducted to prevent fraudsters from gaining access to fintech networks. Companies need to conduct constant due diligence to avoid such risks. Constant security updates are essential in ensuring a secure and threat-free financial environment in the digital sphere, while periodic audits from third-party experts also help in maintaining a robust and healthy cyber security profile.
Considering the dynamic and complex nature of digital finance, cyberattacks are almost inevitable. The fintech industry is extremely vulnerable to external threats that can find and exploit limitations within the ecosystem. Besides causing immediate financial losses, security breaches can weaken consumer confidence in digital solutions over the long run. Fintech players need to focus on cyber security as an essential aspect of their operations, instead of an afterthought, to prevent such an eventuality. Only then will the sector be able to achieve its vision of a less-cash, digitally-driven economy powering the rise of a truly digital India.