FinTech may still be in its infant stages, but it’s one industry that knows how to make waves. Since the early 2000’s, FinTech and other digital financial services have been making services such as investment planning, borrowing and lending, crowd funding and bill paying more accessible and reliable for millions of people around the world. Additionally, this industry has brought banking to previously “unbanked” populations, easing money transfers and fundraising, as well as offering personalized financial advice from robo-advisors for a new set of digital consumers.
There’s no denying that FinTech has permanently altered the banking industry, but all this convenience doesn’t come without risk. Oftentimes, when these platforms are being designed, security may not be high on the developer’s concern list. This leads to gaping security holes within many of these FinTech programs that are often blindly trusted by their customers. To make matters worse, the security gaps often go ignored until a catastrophic security breach occurs.
Chances are, you’re already using a FinTech platform to simplify your financial life, so you need to understand the risk associated with these digital platforms before you sign on the proverbial dotted line. Here are some of the key security issues to be aware of when using any FinTech platform:
They add to your attack surface: In security speak, the attack surface is the total sum of all points from which an attacker can try to attack you. What this means in practical terms is that with each new device or account you connect to the internet, you’re giving attackers yet another way to get their hands on your data. Banking online and using FinTech platforms presents hackers with the perfect opportunity to get their paws on the information they want the most, your financial data.
They are (too) easy to access: The name of the game in FinTech is “ease-of- access”, which makes sense as this is one of the industry’s greatest advantages. You find the platform that makes the most sense for your needs, create an account and, voila, you’re able to lend, borrow and make payments all without the huge time investment associated with traditional banking. This tempo is perfect for millennials, the generation that’s helped power the industry, but it also means that hackers can access these platforms with relative ease. Considering that some of these apps have access to your bank account, as well as your date of birth and social security number, this should create cause for concern.
It’s easy to fall for fraud: Crowdfunding and P2P platforms are a great way to raise capital for investors and charities looking for a quick financial boost, but the internet creates the perfect cover for fraudsters looking to make a buck. They create fake P2P projects, like the one that the BBC fell for in 2016, scamming investors out of sums of money, ranging from single digit donations to donations that are hundreds of thousands of dollars.
They are (mostly) unregulated: Government-imposed regulations, part-and- parcel of the traditional banking ecosystem, exist to ensure confidentiality, transparency and the overall stability of industry. Much effort is being put into trying to cram FinTech into the traditional regulation framework of big banks, but there is still a vast amount of FinTech that does not fit this framework that can be manipulated by hackers, given the right circumstances.
Some Tips for Using FinTech Without Getting Hacked
Before you commit to never download another digital payment app, know that soon, FinTech will be unavoidable, so you might as well educate yourself about its pitfalls now. Here are some ways you can protect yourself and your data while using any digital payment/banking platform:
- Create unique, long and random passwords: Include special characters and numbers and don’t use words found in the dictionary
- Research your chosen platform: Research any and all platforms you plan on using thoroughly to ensure that they are trustworthy and aren’t asking for access to too much of your data
- Use multi-factor authentication: Enable this wherever possible to ensure that if attackers do get access to your passwords, they still can’t breach you accounts
We can expect to see significant development from the FinTech space in the coming years and as this sector grows, a stronger emphasis on security must be developed as well. FinTech has much to offer to the world of banking, but it will never mature and gain the trust of customers without the assurance of proper security and protection.
Written by Batya Steinherz.
Batya is the senior security writer at Reason Software, creators of Reason Core Security Anti-malware. Aside from the Reason Core Security blog, her articles have been featured in numerous IT and security publications, including InfoSecurityMag.com, ITBriefcase, CyberSecurityZen.com, and is a featured writer on many Information Security industry blogs.