Amid rising inflation and interest rates, and the growing number of cyber threats, businesses are constantly evolving in order to be resilient. This month, The Fintech Times is highlighting how businesses are showing this resilience against a myriad of factors – some within, and some beyond, their control.
We previously heard from Nexpay, Unqork, Kasada and Credolab, about what they believed were the biggest cybersecurity trends this year. To get a greater understanding of the industry’s views we also hear from Securiti, Sensedia, Finaro, DataVisor, and SoftServe.
Fintechs are targets
Jocelyn Houle, the senior director of data governance with Securiti, the provider of unified data controls, explains the importance of knowing the whereabouts of all sensitive data as attacks on fintechs increase.
“Generative AI and cyber warfare are major fintech cybersecurity trends we have seen dominating conversations so far in 2023. For starters, more fintechs are integrating AI. This includes the ability to spot fraud, assess risk, and provide responsive customer service. However, cybercriminals are also using these technologies to launch new attacks against fintechs and their customers.
“One area of special concern is cyber warfare and data security posture management (DSPM). The threat of cyber warfare is growing, and fintechs are increasingly being targeted by nation-state actors. These attacks can be highly sophisticated and difficult to defend against. Fintechs need to understand their data risk by knowing the location of all the sensitive data in their organisation and being able to respond immediately in case of a breach.”
API trends
There have been a variety of developments in the API world according to Felipe Torqueto, head of US solutions at Sensedia. He says: “APIs have become the most frequent gateway for cyberattacks. As we’re midway through 2023, several key fintech cybersecurity trends related to API security have emerged.
- “Enhanced API Authentication: API security primarily focuses on robust authentication methods such as OAuth 2.0, OpenID Connect, and JWT. These mechanisms ensure that only authorised entities can access APIs, significantly reducing the risk of data breaches.
- “Increased API Encryption: Encrypting data in transit and at rest is becoming the norm in API security. Many fintech organisations use HTTPS for data in transit and other encryption techniques to protect sensitive data at rest.
- “API Threat Detection: Advanced AI and machine learning technologies are used to monitor API activity and detect abnormal behaviour. These systems can proactively identify and respond to potential API-based threats by analysing patterns and flagging anomalies.
- “Rate Limiting and Throttling: These techniques are widely used to prevent DDoS attacks and ensure fair usage of APIs. By limiting the number of API calls that a single user or entity can make within a specific time frame, organisations can safeguard their systems against abuse.
He also highlights the importance of adopting API security standards. Especially as the use of Security-as-a-Service (SECaaS) has grown. Torqueto concludes: “With regulations like GDPR and CCPA, privacy by design has become a core principle in API development. This design considers privacy and data protection issues early in the API design phase.
“These trends highlight the increasing importance of API security in the fintech sector, driven by the widespread use of APIs, and the rising number of API-related security incidents is a huge trend now.”
AI is a trend – but there’s so much more to it
Moshe Selfin, chief operations and technology officer at Finaro, (formerly Credorax) the global cross-border payment provider, identifies three main trends we have seen this year.
“Increased Focus on AI and Machine Learning Security: AI is introducing an advanced way of addressing risks and threats. Its ability to analyse large sets of data opens the opportunity to not only protect, block, and prevent against risks, but also more accurately manage them.
“Customer data and privacy: Implementing robust encryption and ensuring secure data handling practices are critical to maintaining customer trust and avoiding legal issues. For example, fintech firms have been actively adopting biometric authentication methods, such as fingerprint and facial recognition, for enhanced user security. As these methods become more prevalent, it is important to address potential vulnerabilities and ensure biometric data protection.
“Quantum-Resistant Cryptography: As the threat of quantum computing to traditional cryptographic methods increases, fintech firms are exploring quantum-resistant cryptography to safeguard sensitive financial data from such attacks in the future.”
Fraud prevention and cybersecurity are equal priorities
Due to the tough economic climate this year, many organisations have had to make budget cuts. For some, cybersecurity teams were the ones to feel the biggest impact from these cuts. However, this is a big mistake according to Fang Wu, co-founder and chief product officer at DataVisor, the fraud and AML detection platform.
“In today’s hyper-connected, high cyber-threat environment, the siloed approach between fraud prevention and cybersecurity has become a concerning issue for organisations. With many reporting cybersecurity budget cuts in 2023, it is time for these two disciplines to work together in an integrated manner to enhance overall security.
“While cybersecurity professionals understand the importance of analysing risks holistically, many organisations have not applied this approach to their fraud practices. Consequently, fraud prevention teams may invest heavily in preventing fraudulent transactions, but without aligning their efforts with robust account protection frameworks, vulnerabilities persist.
“The winning fraud prevention mindset extends beyond perimeter security, continuously monitoring customer transactions to detect and prevent takeover attempts and irregularities.
“Conversely, solely focusing cybersecurity efforts on guarding account access without monitoring user actions leaves firms susceptible to various attacks.
“To strengthen overall security, organisations should empower both teams with a centralised view of account lifecycle events and attributes for continuous monitoring and protection. Cross-utilising tools developed or purchased by one area can optimise resources, and joint training sessions can foster learning and cooperation between disciplines.”
House must be in order or face the fine
Antonina Skrypnyk, director digital business Solutions at SoftServe, the digital advisor and provider, looks at how many organisations have been fined in 2023 in regards to poor consumer data protection – noting that the total value of fines in this year alone are greater than 2019, 2020 and 2021 combined.
She says: “The financial services security landscape is undergoing a rapid period of change due to the emergence of gen AI, the continuing rise of geopolitical threats, and ever-increasing cloud complexity.
“For SoftServe, this has made 2023 all about creating responsive ecosystems to improve organisational readiness for all these changes. It’s also meant looking carefully at how financial services organisations can restructure their approaches. Especially in regard to mitigating attacks and widening their vectors more rapidly. Finally, this third-pronged approach includes working with clients on rebalancing practices to help them focus on their people, processes, and technology.
“That third focus is particularly important as the first five months of 2023 have seen a massive €1.6billion in fines for violations of GDPR. This is more than 2019, 2020, and 2021 combined, effectively creating a stark warning for any organisation dealing with sensitive customer data to make sure each house is in order.
“As 2023 wraps up, it’ll be interesting to see how the EU AI Act, the full introduction of which still depends on extended discussions focused mostly around gen AI, may further affect regulatory practice like helping organisations to adapt and grow security estates.”
Francis Bignell
