The benefits of the growing digital ecosystem in financial services are vast but the risks cannot be underestimated. The number of entry points for cyber criminals has risen dramatically. Consumers and businesses are coming under cyber-attack. However, if greater use of technology creates more risk, then it is technology such as AI or IoT which can help fight back especially in areas like fraud prevention.
As consumers make more online transactions criminals are attempting to capitalise. According to digital identity firm ThreatMetrix 130 million fraud attacks were detected in the first quarter of 2017, with the growth in attacks outpacing transaction growth by 50%. ThreatMetrix also reported an 80% increase in digital wallet transactions followed by a 180% increase in associated bot attacks. Juniper recently estimated the global cost of cybercrime will reach $2.1 trillion by 2019.
But dangers create opportunities and the market for fintech companies that are cyber security focused, especially in the mobile space, is growing. According to ThreatMetrix, of the two billion transactions it analyses every month, 45% originate from mobile devices. Step forward Callsign which recently raised $35 million. The firm is among the new wave of security-focused fintech companies using IoT and AI technology. They understand companies need to implement secure authentication practices that adapt to different degrees of threat but without compromising user experience. Callsign has developed Intelligence Driven Authentication which uses the most appropriate authentication in any situation. It does this by applying deep learning to device, location and behaviour analytics combined with biometric and knowledge based authenticators. This helps to paint the complete threat picture of every authentication and authorisation event. But creates a customer friendly experience as it can identify users from a single swipe of their phone.
Other companies such as HYPR and UniquID are developing security management solutions driven by password-less, interoperable biometrics. For another success story look at Darktrace. The firm’s machine learning algorithms designed to spot patterns and defend against cyber criminals has been valued at $825 million.
While the growth of the cyber security-focused fintech market offers reassurance, the financial services sector cannot afford to be complacent. The ability to manage digital identities remains one of the great challenges and it is essential all those within the sector continue to review and adjust their security architectures. We need to continually rate and assess the strength of the defence. Where IoT technology is being used, it is my strongly held view that we need security classifications based on the sensitivity of data and the capability of the IoT device in question. This means we can identify weaknesses and correct them quickly.
In the US, much is already being done in the IoT space to make it more secure as pressure from regulators grows. The Senate has outlined plans to introduce legislation to address vulnerabilities. The Internet of Things (IoT) Cybersecurity Improvement Act 2017 will require companies to ensure their products are patchable and rely on industry standard protocols. Vendors would be prohibited from offering devices that possess known security vulnerabilities, or have hard-coded passwords that cannot be changed or updated. The legislation is also proposing greater legal protections for cyber researchers working in “good faith” to hack equipment looking for vulnerabilities to enable manufacturers to address flaws that haven’t yet been identified.
There is no doubt that the financial services sector will continue to embrace mobile technology which will require more and more innovation to fight the crime that follows. The cyber security industry has an incredible opportunity for growth.
Emanuele Angelidis, CEO, Breed Reply, a leading operational investor in early stage IoT businesses