By Giridhar YasaFintechs have always been focused on building technology that brings the underserved and unbanked onto the financial map. With the increasing ownership of mobile handsets, internet consumption in India has also increased. Now with the advent of 5G, this is only set to rise further.As per the IAMAI report – Internet in India,…
Fintechs have always been focused on building technology that brings the underserved and unbanked onto the financial map. With the increasing ownership of mobile handsets, internet consumption in India has also increased. Now with the advent of 5G, this is only set to rise further.
As per the IAMAI report – Internet in India, 346MN Indians partake in online transactions including digital payments and e-commerce. In comparison, 331MN people in the USA have used digital transactions!
This boost was also spurred during the pandemic when India saw a rise in digital transactions. It created an opportunity for the fintech companies to acquire more customers as users got accustomed to doing things remotely and in a contactless fashion. At the same time, the cyber attackers also saw the rise of digital transactions as an opportunity to feed on vulnerable and acquire and misuse their data. While most industries are facing the wrath of cyber criminals, companies invested in financial services are at a greater risk.
Hundreds and thousands of data points are collected by financial institutions in dealing with customers on a daily basis. Customers today are seeking personalized experiences – which means financial institutions collect and store data from users including personal information, bank account information, and more. Today, even malicious actors are trying sophisticated methods to access user data – through calls, clickbait messages, spam mail, impersonation, etc – which makes it easier to acquire data for committing fraud. It becomes the responsibility of users and organizations to strengthen their data protection and security set-up and not fall prey to cyber attackers.
Here’s a look at a few measures that Fintechs must take to ensure security and prevent cyberattacks while adhering to the RBI guidelines.
- Product or Application Safety: Fintechs create products to ease financial access for users that cater to data collection at several touchpoints. For example, we have SAAS products for all stages of the loan process – Origination (xlr8), Collection (collec10), Credit evaluation (cred8) and Co-lending (2gthr). At every stage of a loan application, the user is required to submit data – starting from details about the business, personal, and bank accounts. Some measures to safely store and protect data include Customer (PII) Data Encryption. All data in transit and storage is encrypted, redact masking of data, Implementation of role-based access control to limit data visibility, Cloud security, Internal and external penetration test, and regular security audits. All fintech organizations that are creating products/applications should ensure maximum security right from the development stage.
- Another important practice that all fintech organizations must follow for product/application security is Threat Modelling. Constant review and updating of threat models in all stages of SLDC is important especially in case of a new release and architecture/infrastructure change. This also means that there should be regular scanning and review of design, architecture and UML models – all in compliance with Privacy, Government and Industry standards.
- Safety from External Threats: It is important for a fintech to build external threat intelligence. Regular scanning for external threats and quick mitigation of source code leaks, credentials leaks, or any sensitive data leaks. Infrastructure risk protection by detection, identification, and mitigation of common vulnerabilities in SSL servers and certificates.
- We follow a two-teaming strategy: red teaming and blue teaming in operations. Red teaming is an ethical hacking exercise we perform on our system to check the efficiency of the defence system our organization has. This helps in identifying security gaps, addressing risks, and mitigation. The exercise also helps in finding an effective security roadmap. While blue teaming helps to create strong defences by evaluating the security environment.
- Internal System Security: With the hybrid mode of working being the trend these days, it is extremely important for fintech to ascertain that the data collected is protected from any internal threats that may arise. Endpoint security, Patching of OS, installation of only approved software on employee systems, DLP to prevent data breaches and applications, and establishing Zero Trust Network Access. This hybrid movement of business from office to/and home requires that systems, software, APIs, data, and services be made accessible anywhere, anytime. This means the systems are more prone to attacks by malicious actors. Strengthening workplace security to prevent malware or phishing attacks by building real-time threat defence – continuously scanning and advancing security measures like strong and complex passwords, warnings, secure gateways, and authentication.
Customer and Internal Employee Education: Knowledge is the most important tool. Today, public and private institutions like RBI, and fintech organizations are coming up with brand campaigns to spread awareness about data protection and sharing of data. There are shows being made on the same premise that are alarming and educational at the same time. It is imperative for all organizations including Fintech to conduct regular training for employees and share preventive communication internally and to external customers to warn and inform them of cyber criminals and forms of attacks.
Protection from cyber-attacks in Fintech means evolving with changing trends as per the needs of the organization, as cybercriminals are evolving their techniques on a daily basis. Lack of cyber security infrastructure could result in loss of operations, reputational risk, and loss of revenue. The best approach for FinTech companies to prevent this outcome is to create robust infosec, cybersecurity infrastructure that both safeguards organizations from cyberattacks and prepares them for any emergency that may arise in a cyberattack scenario.
Having said this, it is not just the responsibility of fintech / financial organizations alone but that of the Government to support awareness and establish guidelines for organizations to follow for the prevention of cyber-attacks.
The author is CTO at Lendingkart.
Disclaimer: The views expressed are solely of the author and ETCIO.com does not necessarily subscribe to it. ETCIO.com shall not be responsible for any damage caused to any person/organization directly or indirectly.
Leave a Comment
Your email address will not be published. Required fields are marked with *