Paper Check writing, wire transfers, and automated clearing house payment process continue to be sunsetted in favor of the global expansion and accessibility to the digital asset currencies backed by fintech ledger technology architectures.
In need of a global digital transformation strategy, the idea of banking, payments, and front-end and back-end processing has been replaced with the need for equal access to credit, funds, and accessibility of digital payment services for all citizens across borders.
Peer-to-peer payments continue to gain traction across several countries. 50% of point-of-sale transactions in China are completed with mobile apps, including WeChat and UnionPay. Cash utilization fell by 40% in the United States and 23% in Sweden.
A contributing factor to the growth in digital currencies, peer payments, and the mobile banking industry has been the COVID-19 pandemic. Virtually overnight, as many people across the globe went into isolation, working from home or relocating to less populated areas, the need to conduct commerce transitioned to online solutions. With the growth of eCommerce for medical supplies, home food deliveries, and access to fintech services, more people relied on online transaction systems' availability, accessibility, and resilience. Electronic payment services became even more of a necessity for people to receive and send mobile payments to from customers and partners. The online bank quickly replaced a trip to the bank branch. The transition was sudden and widespread; many companies did not have the requisite cybersecurity protocols in place to protect the reams of consumer data now being exchanged online.
In fact, only 40% of small businesses had an adequate cybersecurity policy after the outbreak of the public health crisis, according to the Cyber Readiness Institute. Many malicious actors concluded that this trend was a highly lucrative opportunity to exploit unprepared online companies and exfiltrate consumer data for financial gain, and that has caused the number of attacks to increase in recent years. Research from Accenture found that cyberattacks increased by 31% between 2020 and 2021.
With the rapid expansion of online financial, shopping, and meeting systems, the growth of cybersecurity attack vectors against these new attack surfaces impacted organizations, governments, and individuals.
Cybersecurity breaches grew between 2019 to 2022 in these areas:
Phishing is historically one of the tried-and-true methods of data theft, but it continues to be an effective form of hacking in the digital economy. According to research from Proofpoint, 83% of organizations were subject to a phishing attack in 2021, a 26% increase from the previous year.
While many of these attack vectors existed before COVID-19, many hacker techniques expanded into attacking newer digital current assets and platforms. Payment service providers, including Vimeo, Zelle, PayPal, WeChat, UnionPay, LINE, and others, all began to enable strong customer authentication capabilities to meet regulatory and privacy mandates to help reduce consumer risks.
With the creation of digital currency offerings, several current and next-generation technology capabilities are needed to enable this fintech offering. Cloud computing, blockchain, multi-factor authentication, anti-phish, anti-malware protection, and secure biometrics are all associated with a fintech platform for bitcoin, stablecoins, medical record protection, and financial transactions.
Blockchain's architecture relies solely on a decentralized and distributed ledger system to ensure optimal security, confidentially, and data reliability. While many organizations are still considering blockchain as a digital transformation, this next-generation platform is the backbone behind Web 3.0, including artificial intelligence, edge security, and autonomous machine-to-machine functionality. Considered primarily secure, blockchain and fintech systems still are vulnerable to cyberattacks.
Digital currency wallets, peer applications, and online transaction systems all remain vulnerable to several attack vectors, including:
As more fintech organizations roll out their global payment capabilities, including new service offerings, cross-border payments, and ease-of-use wages payment systems for employers, security requirements, meeting security regulations, and privacy protection are top-of-mind.
Many countries considering fintech digital payments and currency have many challenges in supporting these offerings. Fintech relies on stable mobile internet service and infrastructure to deliver reliable connections between the payee and payer. The dependency on the internet in many developing countries, including the ability to protect the fintech platforms and users from cybersecurity breaches, is a concern for many.
Hackers, leveraging a security-vulnerable fintech platform hosted in a developing nation, could use this platform to launch attacks into other countries through the various integration connections, API, along with mutual access to the central bank digital currencies (CBDC systems).
Like legacy banking payment and financial systems, hackers use various methods to access people's bank accounts, healthcare records, and personal emails.
A global survey of financial institutions in 2021 revealed that account takeovers had become a favorite source of attack by cybercriminals, with the number of attempted takeovers rising 282% between 2019 and 2020.
These methods include:
These attack vectors are a concern even in a blockchain fintech architecture. While layers of blockchain are designed to be more secure than traditional client-server three-tier security architectures, no system is without some flaws, especially with human interaction still part of the daily operation. With the inception of web 3.0 incorporates intelligent agents and leveraging of autonomous machine executions, hackers still find exploitable elements to breach.
Organizations with an immature security operations team, process, and response capability continue to be hampered by data security breaches, identity theft, and loss of digital currency.
With cybersecurity at the forefront of blockchain deployments, organizations should still consider the following protection and prevention strategies:
Fintech platforms must meet several global and national compliance and privacy regulations, including GDPR, PCI-DSS, and PSD2. Compliance mandates requiring several payment control systems, including:
<h3> Aligning to PSD2 Standards
Payment Services Directive 2 (PSD2) was an initiative of the European Commission designed to improve the functioning of the Single Market for payments within the European Union. It aimed to achieve greater interoperability between electronic payment network methods and services and to provide consumers with better protection against fraud and abuse.
The backbone of fintech platforms is the incorporation of blockchain architecture. Blockchain architecture provides a solid security foundation for fintech to help reduce cybersecurity risk. Fintech, however, is also mandated by a financial operation to comply with several other laws and mandates, including:
Organizations developing blockchain solutions for fintech and other vertical markets will struggle to find talent with expertise and experience. Blockchain is still a relatively new technology with a limited field of candidates with working experience.
Many organizations are leveraging managed security services providers to help with monitoring, incident response, and compliance legislation which mandates log monitoring and reporting for the various privacy requirements. MSSPs have an essential role in ensuring the fintech blockchain is deployed correctly and will maintain security operations, patching, and remediation of systems.
MSSP’s can also provide organizations guidance concerning compliance mandates like the Payment Card Industry Data Security Standard (PCI DSS.) PCI DSS provides companies with a detailed set of guidelines they can use to enhance the protection of consumer credit card data. There are 12 components required to be PCI DSS compliant, including using secure firewalls, encrypting cardholder data, updating software on a routine basis, and restricting access to systems and devices.
While PCI DSS compliance could add a layer of security to digital payment systems, it also signals to consumers that companies take the privacy and security of their data seriously, which could help to create stronger customer relationships.
Developing a globally accepted digital payment, currency, and cybersecurity standard may be years away. Many developing nations are recovering from COVID-19 and struggle with the cost and lack of expertise to develop and offer digital fintech services to their customers. That said, many organizations continue to expand the acceptance of digital currencies, including stablecoins and bitcoin. Central government banking systems, including the United States, also are preparing their payment systems to adopt a centralized bank digital currency alignment. The US, in 2023, will launch the FedNOW Service to expedite faster access to funds and payment processing for all citizens. The goal of FedNOW is to help people access available funds 24 hours a day. No longer will fund availability fall into traditional banking hours.
Cyber security has a critical role in the future of digital payments and currency. Blockchain implementations will help address cyber concerns. However, the complexity and risk of fintech should be addressed by cyber security best practices and resilience strategies which we discussed in this post and embraced in other industries.