Strong and weak easy Password. Note pad and laptop.
Banks Cybersecurity Editor's Choice Fintech North America South America

Sikur: Fintech Cyber Security Challenges

Passwords have kept our data safe for years, as traditionally, they have been the sole form of authentication to give a user access to information, and protect it from unwelcome eyes. However, this single form of protection is no longer enough as hackers are becoming more competent and skilful. 81% of data breaches have occurred due to stolen or weak passwords, begging the question, is there a better way of protecting one’s data?

Alexandre Vasconcelos is the Director of Pre Salesat Sikur. Vasconcelos argues that it is time for passwords to be abandoned in favour of other types of encryption and that passwordless authentication is the way to ensure security measures are able to work effectively. Alongside better protection, the user experience will be improved as authentication becomes seamless he says:

Alexandre Vasconcelos, Director of Pre Sales at Sikur
Alexandre Vasconcelos, Director of Pre Sales at Sikur

FinTech’s are born to be fast and satisfy client’s specific needs, heavily using technology to boost their operations and deliver services like payment accounts, small credit, insurance, and more. They must be agile, closer to customers.

On the flip side, Traditional Banks are doing their best to reinvent themselves. Trying to be (or, at least, look) cool for the new clients, who are more conscious about how to invest their money.

What a nice fight:

In the right corner: the Traditional Banks, with lots of resources, several clients, rock-solid brand, but slow, with tons of processes. Somehow, comfortably sitting on their leadership and profit.

In the left corner: Fintech, with few resources, fewer clients, no brand at all but agile, eager to conquer clients and disrupt the market, offering financial products that is the perfect fit.

Well, I am trying both (the Traditional Bank and the Fintech), there is a bit of advantage for the first, but Fintech is making me rethink it daily. I must say: it is hard to stay, I will probably move.

Choosing a financial institution that would take care of your money has also changed. The choice between Traditional Banks and Fintech is not only about “the coolest” ones but aspects like social consciousness, competitive products, security, and privacy.

It does not mean that Banks are safe from cyber-attacks, flying thousands of feet above with no concerns, expanding, and collecting their profit. Cyber security consciousness is a crucial subject these days. It has become so severe that it left CIO/CSO’s hands to the Board. Data leakage, ransomware, non-compliance with data protection regulation, and many more can bankrupt a company. Regulators hold leaders accountable, and they might get their wallets wiped out.

In cyber warfare times, cyber security strategists have a lot of options. Building protection on top of open-source, vendors, and a mix of the previous. Also, solution providers are claiming to have the silver bullet to solve all their vulnerabilities. Wrong way, it might be a cliché, but companies must deploy security in layers, and there is no one size fits all approach.

As digital-first companies, there might be some critical gaps in Fintechs, which can ruin their operations. Although it is trivial to assume that these companies must comply with a set of regulations, implementing technologies that support them in this journey.

Authentication and Encryption

Some technologies might seem trivial, and organisations tend to deliver a poor implementation or a secure-enough approach. The 2FA (Second Factor Authentication) raises the bar, making a hacker’s life hard. But the fiercer ones will accept and will surpass the challenge.

Authentication, as we know, is just a matter of inputting a username and password. The way we authenticate is changing fast. A better authentication, like a passwordless and behavioural model, generates benefits of safety and user experience.

Companies and governments did neglect passwordless authentication for almost a decade. Recently, a tech giant announced the availability of passwordless for all their customers, pushing the market in this direction. For the ones that breathe technology, it is a matter of time because passwords inject insecurity. It is simple as that.

It proves that passwordless is mature enough to deploy, no matter the organisation’s size. It will:

  • Eliminate the hacker’s target: credentials
  • Help on eliminating ransomware and malware
  • Improve customer experience

The best approach is taking credentials off the customer’s hands. A NordVPN study states that an average person has between 70 and 80 passwords to manage. Those credentials would probably be in some file in the cloud or a mobile device, reused, shared, and many other situations that put them at risk.

Getting into data is easy to overlook. It can be a turning point when it comes to cyber security strategy.

As previously mentioned, data privacy laws and regulations penalties and fines are here to stay. Today we have the technology to onboard and transmit data securely, but most often forget that this information gets stored clear. So, if it leaks, you are done. A backup may help to get back on track, but the damage is there. Encryption can solve this. Encrypting data at the origin protects sensitive data before it leaves the user’s device. This approach is not new, so why not implementing it?

Passwordless exist for around for almost ten years. The FIDO alliance is on a quest to support its development. Besides delivering safety, passwordless is a superior user experience without losing security.

Verizon Data Breach Investigation Report (2020) states: 81% of hacking-related breaches use either stolen or weak passwords. It clearly shows that we must avoid passwords.

When it comes to data protection, it is even worse and frightening. Only 17% of Organisations encrypt at least half of their sensitive data in the cloud. In a data leakage event penalties, fines from the Data Protection Regulators would be inevitable.

While most cybersecurity providers focus on detecting and solving issues, it is hard to find who focuses on anticipation, avoiding problems before turning into damages. Passwordless authentication and on-device encryption can help.

Passwordless also improves user experience. The App must be easy to use and safe so that the user feels good while using it. For sure, a path to pursue.


Related posts

This Week in Fintech: TFT Bi-Weekly News Roundup 08/09

Claire Woffenden

This Week in Fintech: TFT Bi-Weekly News Roundup 11/11

Claire Woffenden

Tips To Sending Money Abroad Safely

Francis Bignell