How to prevent five common fintech security mistakes

0
283

The fintech (financial technology) industry in India has seen exponential growth, especially in the post-pandemic years. In 2019, Ernst & Young’s Fintech Adoption Index stated that fintech has improved and expanded its offerings around the world, spurring change across the financial services industry.

The size of the global fintech market was estimated at $110.59 billion in 2020 and is expected to increase at a CAGR of 20.5% to reach $699.50 billion by 2030. Increasing technological penetration into the Indian market is expected to foster financial inclusion and improve customer experiences but it has also triggered fears about cyber security risks. This is why it is crucial that fintech firms address five common security mistakes and prevent them:

Prevention 1 – Weaker authentication management system
A crucial ingredient for the success of any fintech firm is a robust authentication management system and many companies fail on this front. This can undermine credibility and lead to customer churning. While launching and scaling their products suitable for various versions, including mobile phones, laptops, or desktops, organisations need to keep security factors right at the forefront.

When customers log in to their bank accounts, these devices offer a method through which the passwords can be permanently saved and retrieved through malicious code. Firms can employ methods such as Multi-Factor Authentication (MFA), Single-Sign-On (SSO), or the biometric system that will overcome such security risks, eliminate redundant passwords, and ensure that the device is not hacked to retrieve passwords.

Prevention 2 – Adoption of public cloud service
Many fintech companies utilise public cloud services to reduce operational time and to combat rising company costs but remain oblivious to security threats. Firms often hire assistance from lesser-known or smaller providers who may not be proficient in handling cybersecurity risks. And if you have got complicated network architecture, the risks could increase.

Data regulation requirements and data compliance may also be a challenge while using the public cloud, especially in industries like banking and healthcare that deal with sensitive and personal data. Before hiring a service provider, firms should carefully review them and ensure that they have strong security measures. They may also consider adopting private cloud solutions or a hybrid system, where flexibility and security can be combined.

Prevention 3 – Having a poor user experience
Fintech has made it possible to avail of financial products with a single click. With the advancement of disruptive technologies like blockchain and cryptocurrency, there are numerous products available in the market that attempt to stand apart by providing a remarkable and enhanced customer experience.

However, companies that strategize their plans without keeping the customer in mind, eventually suffer and lose the customer. Hence, every product should be tested stringently and frequently before it reaches the customer. User experience can also be improved by using simple language and avoiding jargon, enabling a ticketing system, where the customers can record their complaints, and adding chat boxes for personalised communication.

Prevention 4 – Implementing a weaker backup policy
A robust backup policy is very critical for a firm’s resilience and crucial for the company’s Business Continuity and Disaster Recovery (BCDR). Unfortunately, many companies have very weak backup policies. They back up their data less frequently, say once or twice in a year or in a quarter. This increases the risk of data loss during an outage. Data should be backed up frequently, possibly once a week or once every day. The backup frequency must match the level of criticality of services and sensitivity of the data and have very clear specifications for backup methods, frequency, recovery objectives, and recovery procedures.
The recovery point objective (how much data the organisation can afford to lose) and recovery time objective (the maximum time defined to restore operations, after the data is lost) are two critical points that must not be overlooked.

Prevention 5 – Lack of trained staff
As per the 2021 reports by Research and Markets, the fintech market is projected to grow at a CAGR of 26.87% by 2026, globally. However, in India, we do not have adequately trained hands which in turn could create security issues. A lack of proper knowledge can lead employees to use unauthorised software, which could compromise data security. Employers cannot turn a blind eye to the training needs of different employees who may have different learning curves. Some organisations provide just one-time training when it should be a continuous process. As software gets updated, companies should re-skill their employees, train them to use secured passwords, and use VPNs while working in a remote set-up. Re-skilling employees can also curtail operational costs by minimising the need to hire new people.

Additionally, organisations can also educate customers about technological safeguards and create awareness regarding cyber-attacks. Fintech has enormous potential to transform the finance and investment industries, especially after the COVID-19 crisis. By implementing safer and more secure ecosystems, institutions can work confidently towards building trust equity and lasting resilience.
Credits: The author Alok Bansal is MD of Visionet Systems India