By Mike Kiser, Senior Identity Strategist, SailPoint
Splitting the bill is the mundane ending to many a delightful dinner. Who had that extra drink? How much should you tip for service? In the not-so-distant past, tables of people would load up the calculator functions on their phones to make dizzying computations to settle these question – and eventually, settle the bill. But splitting the bill today is now a much smoother procedure: a few quick taps on mobile devices can settle everything. Multiparty transactions have become an effortless experience, facilitated by the development of modern technology.
This scenario is a prime example of the impact of innovation in the financial sector. New methods for individuals to govern and access their money are emerging monthly, and a new mode of banking continues to evolve. The new banking landscape is one where innovation is powered by collaboration and the pooling of tech skills. However, could the dawn of the open banking era be exposing the industry to cyber-attacks? According to PwC’s Global FinTech Report 2019, the majority of respondents confided that getting security, compliance and data privacy right is their organisation’s biggest challenge. Arguably, this is the biggest challenge of the next decade.
When the Financial Services Act of 2012 came into force, the barrier to entry into the banking industry was lowered significantly. Over the past eight years, this has enabled various challenger banks and fintech companies to provide more nimble alternatives to the larger banking groups. These nascent entities have changed the way many utilise personal financial services; in-person (especially in-branch) interaction has been replaced by the ubiquitous mobile app, and new technologies such as digital currency and payments on the go are being rapidly introduced as ease-of-use demonstrates its importance to younger generations. Now, big tech is joining the action too, with the likes of Alipay and Google Pay now an expected, if not ‘compulsory’, payment option in businesses small and large alike.
However, this convenience does not come without a cost. Collaborating with more partners to facilitate services has become a ‘sink or swim’ issue for many challenger banks looking to expand quickly. The opportunity for such fintechs is to evolve their IT and security infrastructures in line with the increasing complexity of their operations – without impacting their productivity or customer service. Maturing — either as a human or as a financial institution — is not easy. Compliance with regulations is proving difficult for many of these new entrants into the market. Further, unexpected challenges may emerge as success could make them a target for cyber-attacks such as phishing and ransomware. For these new enterprises to grow past their initial user base, they will have to develop capabilities to address these challenges.
Compliance with consumer protections, both great and small, has long been a task for any business that serves the general public. The regulations placed on financial institutions are showing themselves to be formidable for newcomers to the market, and that’s even with an extension for certain portions of regulations such as the strong customer authentication (SCA) portion of PSD2. And as customers place a higher premium on security as a core value, proper cybersecurity features will become essential to successful institutions.
This continued emphasis on cybersecurity is a natural consequence of growth. As these new entrants into the banking market gain more market share, they become consequently more attractive for cybercriminals. Not only are they responsible for more customers and more total capital, but also their attack surface increases in line with their growing numbers of employees, systems, and services. Capabilities such as two-factor authentication (2FA), high-grade encryption for data (both in transit and in storage), identity-proofing, and a zero-trust security strategy based on identity will need to be woven into the very fabric of the financial solution. Ideally, these facilities would have been part of the base offering from the beginning. Regardless, consumers are increasingly focused on security. The ongoing surge in financial innovation can only be sustained by a continued demonstration that new technology is safe — and that it can be trusted with valuable assets. These measures will reduce the risk to the consumer and demonstrate that these new banking institutions are taking their responsibilities of the duty of care seriously.
With the rising numbers of innovative challenger banks and fintech companies, established banks have been forced to compete by continuously developing their products. However, a more mature security strategy should be pursued to keep up with their ambitious growth and profitability goals. By promptly preparing their security tools and infrastructure, founded on their twin principles of collaboration and compliance, it won’t be such a shock when the bill arrives for challenger banks.
