Cyber Security of FinTech Part 1: Business Models

COVID as an Accelerator and an Opportunity for FinTech

Amid COVID19 outbreak, FinTech is one of few sectors staying afloat despite the economic and political challenges. According to the recent opinion focus group, published by the FinTech Magazine and summarised below in the form of a simple word cloud, FinTech companies see the current situation as an opportunity. There are many reasons for that, including but not limited to:

  • The COVID19 crisis works as an accelerator for many FinTech businesses, who were thinking ahead in terms of their offerings, but could not quite find their customer base prior to the outbreak.

  • FinTech companies with their less formal and more flexible culture finally gained a significant competitive advantage over traditional financial institutions, as they are more prepared to sustain the demands and challenges of working from home as well as other quarantine and physical distancing requirements.

  • FinTechs became more efficient in understanding as well as controlling risks and vulnerabilities of remote transactions, as they were already trying to tackle remote trust culture problem prior to the crisis.

  • Some of the "traditional" FinTech services, such as mobile-first banking became a necessity in the current situation, giving FinTechs a momentum.

  • The cashless economy is finally a reality as cash transactions became something of an atavism lately.

Word Cloud Summary of the FinTech Magazine Opinion Focus Group

Generated for this Blog

Why Cyber Security Is Important for the FinTech Sector

Nevertheless, much responsibility lies on FinTechs, as with opportunities of growing customer numbers and developing more appealing services, they need to make sure they do not mismanage or mishandle this unique historical situation. In other words, they need to make sure they do not screw this up. And, unfortunately, it is easy to screw this up...

Essentially, any FinTech, in its essence, is a cyber company. The implication of this is that security and trust lie at the core of its operations. And if FinTechs are not able to ensure cyber security, they will simply not be trusted. Let me give you a specific example. If hackers go after a major grocery store - e.g., UK's TESCO and steal a handful of credit card numbers, TESCO will suffer. It will be in all papers on the front page, perhaps even overtaking coronavirus news for a day or two. Yet, it will not suffer as much as, say, Revolut and Monzo, should they suffer a loss of confidential customer data. The reason for this is that TESCO’s main value proposition is to quickly equip customers which some basic products, whereas the value proposition of Revolut or Monzo is to offer secure, fast and efficient way to make financial transactions. FinTechs are primarily assessed by their customers on stability and (cyber)security of their services. Hence, these two factors - stability and security - which, in their turn, directly influence customer trust are very important growth determinants in the sector.

FinTech Cybersecurity Challenges

So what are the top cyber security challenges for FinTech? It seems that all challenges faced by the sector can be roughly partitioned into 4 main parts:

  • Business Model Challenges

  • Technology Challenges

  • Algorithmic Challenges and

  • Human Challenges

In this Part, we will consider cyber security challenges arising from the FinTech Business Models. These issues include:

1. Third-Party Cyber Risks

Many FinTechs rely on the "open data" or "data sharing" culture, where some of the services (e.g., sophisticated analytics, etc.) could be supplied by third-party partners. The main issue here is that those partners may not have very good cyber security systems, which means that consumer data or important/sensitive information could plausibly fall into the wrong hands. In economics, such problems are usually referred to as "interdependent security" problems. They are usually caused by the way in which business models, systems, or processes are set up. The typical interdependent security problem example (which is rather artificial) is an example of airline security. Imagine that you have an airline and you have an operational hub in one city, which means that in that city you pick up passengers from other airlines, connecting in this city. Now, the security of passengers and their carry-on luggage is administered by the airport, but you have to handle checked-in bags security, which is a costly exercise. How would you structure the checks? Will you check all passengers' luggage (i) at their point of origin and then again at the hub or (ii) just at their point of origin? If you decide not to check luggage at the hub, you will rely on other airlines doing a good job on checking their passengers' luggage at their respective points of origin. But checking is costly... So, the solution of this game-theoretic problem is that both your airline and other airlines will try to free-ride of each other's checks, making the whole system insecure. Why is that? Because you airline will rely on other airlines doing the checks and other airlines with connecting flights will rely on you conducting the checks at the hub... The third-party FinTech problems are rather similar. Very often, contractors rely on a FinTech company to secure information and data, whereas FinTech company relies on contractors having appropriate compliance and security measures in place. As a result, the whole system becomes very fragile.

2. FinTech "Secret Sauce" Risks

Another large range of FinTech cyber risks is directly related to the services provided by the sector and the way in which they are monetised. Transaction and data security are parts of this FinTech "Secret Sauce". At the end of December 2019, the PwC issued FinTech Cybersecurity Report, which revealed that 61% of surveyed FinTech companies are concerned about transaction security, whereas 71% of companies heavily invest into data security. Since transactions and data are the main revenue-generating activities, which are an inherent part of FinTech business model, the sector is not only thinking about how to make transactions more efficient and the data more rich, but also how to protect these main assets from adversarial impact as well as other threats.

Take Aways

Cyber security is one of the major components of FinTech success. In a series of blog posts, we will look at various FinTech cyber threats and propose some solutions to the current challenges and problems faced by the sector. In Part 1 we looked at cyber threats arising from FinTech business models. Next week, we will consider FinTech cyber security risks associated with technology.

#cybersecurity #fintech #cyberrisks #cyberthreats #datasecurity #cyberattack #hacking #COVID19 #infosec #banking #ransomware #phishing #finservices #informationsecurity