School of Information Systems

Fintech Brings Cybersecurity Risk

Enterprises that implement fintech face cybersecurity risk from integration issues such as compatibility and legacy technologies. Integration of fintech with traditional banking systems may raise concerns regarding data privacy. Fintech enterprises collect large volumes of customer data, including sensitive personal information, making them ripe targets for hackers.

Fintech brings easy access to core banking activities to people who could not access these services previously. These new bank customers have little or no previous awareness of cybersecurity risk and, therefore, may be more exposed to hackers.

Fintech offers easily accessible services through application programming interfaces (APIs) exclusively developed for banks to access the fintech platforms, which is called API banking. The use of open APIs enables third-party developers to build applications and services around the needs of banks, which is called open banking.

The complexities and technical dependencies that exist between various technologies integrated in a fintech ecosystem have made it a very ripe target for hackers. Fintech implementation interfaces with banks, financial service providers and fintech firms, which increases cybersecurity risk as data elements travel through these interfaces.

Third-Party Security Risk

When banks establish formal relationships with fintech service providers to leverage their services, banks take on third-party security risk such as data leakage, service failures, litigation and reputational damage. Banks should consider the fintech-relationship-related risk in their third-party risk management assessment.

To mitigate third-party security risk factors, organizations should consider implementing the following proactive measures:

  • Third-party security policies
  • Nondisclosure agreements and confidentiality agreements
  • Periodic security risk assessments of third parties

To effectively address third-party risk, organizations need to work with all those parties providing various services/products to them on an ongoing basis to ensure that any current and future risk within the services/products that they supply are identified in a timely manner and appropriate risk prevention/mitigation measures are taken.

Malware Attacks

Hackers targeting the Society for Worldwide Interbank Financial Telecommunication (SWIFT) system are getting more sophisticated. The SWIFT system is used by banks and financial services organizations worldwide to securely transfer information about financial transactions. The sophistication level of malware is demonstrated by recent cyberattacks on the SWIFT/automated teller machine (ATM) infrastructure of the second-largest bank in India. A recent report illustrates that easily exploitable vulnerabilities are prevalent in banks, and hackers take advantage of these vulnerabilities by launching malware attacks.

To address malware risk, organizations should consider implementing the following proactive measures:

  • Endpoint security solutions
  • Endpoint protection and prevention (EPP) solutions
  • Endpoint detection and response (EDR) solutions
  • Sandbox-driven email gateway servers
  • Distributed denial of service (DDoS) prevention solutions
  • Ongoing security awareness and trainings on malware attacks

To effectively address the emerging innovative cyberattacks, the interaction of various new-age malware prevention technologies including host and network-based IDS, EPP and other emerging new technologies such as EDR is needed. Combining various malware prevention technologies provides robust coverage against the dynamic and innovative malware attacks emerging in the industry these days


Joni Suhartono