By Mark Weir, Regional Director UK & Ireland at Fortinet
Will fintech and blockchain banking improve security, or introduce new risks to the system?
The emergence of fintech startups (companies that use technology to make financial services more efficient) and new disruptive technologies are changing how banking is being done and the way financial services are being delivered.
Spurred by competition from fintech startups—who are introducing new consumer initiatives such as peer-to-peer and market place lending and crowdfunding—banks are increasingly turning to technology to improve their processes and business models in order to redefine the experience for customers.
The Economist reports that more than US$25 billion have been invested in fintech globally over the last 5 years, and fintech firms today are challenging banks in almost every product and service area they offer.In China, for example, fintech players Tencent and Alipay already hold more customers than the leading banks.
To counter this challenge, many banks are beginning to break down their internal business and technology silos, migrating legacy and transaction systems to more responsive solutions,and exploring better ways of sharing customer data. Some banks have migrated some of their legacy systems to the cloud, with employees accessing a large range of data repositories. Others banks are implementing service-oriented architectures that enable interoperability and link their front-end systems and customer interfaces to common data sources and applications.
Growing Risks Faced
With these changes, financial institutions and banks will have to process greater volumes of data. Analysts have predicted that data used by banks will increase seven-fold between now and 2020.
A lot of the data being generated includes customer financials, account information, cardholder data and transactions and personal information, all of which are regulated and potentially sensitive or private.
As digital (and mobile) transactions become commonplace, banks moving to embrace and enable the new digital economy will inevitably face increased security and data risks. They are likely to face new strains of malware and innovative phishing attacks aimed at exploiting loopholes as banks start to share more customer data between branches, mobile users, and even through the cloud.
Rising cybercrime, hacking attacks, and data leaks have boosted the importance of sophisticated security programs. The availability of more mobile smartphone platforms will also continue to expose banks to increased danger of security attacks. And Big Data breaches can also lead to serious reputational damage and legal repercussions.
In 2015, JP Morgan suffered the largest banking corporate hack ever when 83 million records were stolen. In this attack, the stolen data wasn’t credit card numbers or banking information, but emails. The hackers then used the stolen email data to manipulate the stock market.
Will Blockchain Technology be Safe?
Financial firms, faced with the need to lower costs, improve customer service, and meet regulatory and compliance requirements, are constantly on the lookout for new financial tools.
Many are keeping up with innovation by experimenting with new technologies such as Blockchain − the software behind Bitcoin − and streamlining their IT operations.
Many digital transactions today still depend on legacy processes, and can be exposed due to inefficient oversight, untrained management, and inadequate certifications of trust.
At the same time, a key trend impacting the financial industry is that payment options are still developing and become more diversified, and many banks are still looking for a way to develop a resilient processing infrastructure.
Blockchain technology looks promising, as it offers a distributed file system where banks can keep copies of a file and agree on changes by consensus. The file is composed of blocks, where each block includes a cryptographic signature of the previous block.
Blockchain transactions promise settlements that are instantaneous, cryptographically secure, and publicly verified—all without the need for a trusted financial institution intermediary. Blockchain is also inherently more secure, as the distributed nature of the transaction actually verifies the integrity of the transactions. Plus, the transaction is transparent and cannot be changed, thus making an attack extremely difficult if not impossible.
This means that Blockchain technology can play the part of a ‘financial middleman’,thereby significantly reducing the execution time frame of a transaction and making it more secure. Banks are hopeful that Blockchain will be useful in securely trading anything, from remittances to securities exchanges, and become a standard for international trade.
Blockchain, however, is still largely unproven, and will take time to evolve to meet some of the more sophisticated requirements of modern banking instruments. There is also a lack of regulation, and issues of compliance, regulations and enforcement will likewise need to be addressed.
Bitcoin, which uses Blockchain technology,has been popular with peer-to-peer systems for years. But it has been exploited by criminals, with many users losing millions of dollars to theft. So although Blockchain can help eliminate many outdated and inefficient manual trading processes, the technology, rightly or wrongly,poses many security worries for banks.
Additionally, transaction confidentiality remains a top concern for banks. If a Blockchain is used to store confidential contract information or payment data, for example, then replicating the file could potentially offer cybercriminals more opportunities to exploit and steal data.
FinancialInstitutionsand Banks have to Stay Vigilant
Fintech is starting to fill some of the traditional roles played by banks,and new mobile banking and payment technologies are making it easier to improve the customer experience.
Financial and banking institutions cannot let their guard down when adopting new technologies and solutions, and need to continually safeguard their data from breaches, and continually invest in revamping their security postures as external attacks evolve. They also have to develop the right defense engines designed with the capabilities to counter those attacks.With technology being the core of transformation, many financial institutions will simply need to dedicate more resources to improve both security capabilities and awareness.
Banks today must be able to respond to customer demands relatively quickly, and be nimble enough to adopt new technologies and implement new tools and processes when they become available. There is a need to understand how regulation and compliance needs to evolve to allow for new innovation and timely change.At the same time, they have to be able to constantly screen new technologies, decide which make the cut and which do not, and then integrate these pieces into their IT architecture.
Planning the Right Security Strategy
With the emergence of fintech, security will become an increasingly critical concern to banks, and can only work if data is properly secured and protected. It is crucial, therefore, for financial institutions to develop a holistic security strategy, and be prepared in advance for emerging technologies and their security threats. They need to be able to identify the risks that threaten customer information, and develop a plan that includes policies and procedures to manage and control these risks.
They must also be able to implement appropriate and commensurate security controls, and to continually adjust plans to account for changes in technology, the sensitivity of customer information, and internal or external threats to information security. And as security threats evolve, they need to be able to upgrade their defense against attacks in real time, while simultaneously ensuring data protection and regulatory compliance.
It is unrealistic to expect that financial institutions can do all this on their own. When planning their security strategies, banks need to partner with an external security provider with the ability to secure their applications, while also providing the necessary training and support to make sure the staff behind the applications understands the ins and outs of the technology.
Finally, they need to have confidence that their IT department and the external provider they work with has the experience needed to migrate security policies and devices from existing legacy infrastructure to their new technologies and solutions.