For the fintech sector, the coronavirus crisis has been a double-edged sword. On one hand, more people are managing their money remotely using technology. On the other, that’s led to a host of new data security challenges.
The influx of users — many of them more concerned right now about their health than their data — has caught hackers’ attention. They’re hunting for everything from Social Security numbers to credit card details, which they then sell on the dark web or leverage themselves.
What specific security challenges are fintech companies facing in the age of COVID-19?
1. Contactless payments
For obvious reasons, customers are trying to minimize what they touch in public places, such as stores. One way they’re doing so is through contactless payments. Debit cards like the one available through Chime offer mobile payments through platforms like Apple Pay and Google Pay.
To keep payments secure, these platforms use tools called cryptograms to check that the data they receive actually originated from the customer’s mobile device. That ensures stolen data can’t be fraudulently resent from another device.
2. Deep fakes
Deep fakes — media distorted by AI so effectively that it appears real — have been on the radar of political strategists for some time. Only recently, however, have AI tools gotten good enough to fool trained data security pros.
Fintech leaders are worried about deep fakes for three reasons:
Impersonations during onboarding
Creating a new financial account requires the user to verify her identity. Deep fakes make it easy to pose as someone else, whether in a profile picture or via an artificially generated voice.
Fraudulent transfer and payments
When a suspicious transfer — whether due to its size, frequency, or destination — occurs, fintech groups often reach out to confirm the sender’s identity. Deep fakes can make that difficult or impossible.
A particularly sneaky way that hackers use deep fakes is to impersonate people in positions of authority. They might, for example, pretend to be a Fortune 500 executive directing his finance team to pay a vendor. Typically, employees don’t look too deeply into the request out of fear of upsetting their boss.
AI can be used to identify deep fakes in cases when a human being could not. The challenge is spotting suspicious images and audio so it can be run through such a system.
3. AI fuzzing
To find software vulnerabilities like insecure APIs, fintech companies have adopted a practice called “AI fuzzing.” In a nutshell, this process uses machine learning to identify potential exploits in an app’s codebase — ideally, before hackers can find them.
Unfortunately, digital thieves also use this technique. The result is a cat-and-mouse game in which fintech firms are trying to find and fix security flaws before the bad guys can take advantage of them.
Although AI saves manpower, fuzzing still requires people to manage it. Security engineers are some of the best paid software professionals. Fintech firms are worried about whether they can afford a best-in-class security team at a time like this.
4. Skyrocketing traffic
In Europe alone, fintech app usage is up 72% since the start of the pandemic. That means more data to manage, more opportunities for man-in-the-middle attacks, and more storage locations that must be protected.
That last factor, data storage, is a bigger security issue than it might seem. Either the fintech companies need to manage more servers themselves — which require physical, as well as digital, protection — or they need to rely on a cloud storage provider, such as Amazon Web Services.
Don’t consumers have a role to play? Antivirus solutions, device updates, and situational awareness are important, but they’re not enough. Fintech companies must take the lead in keeping customers’ data safe.
5. Integration limitations
Many consumers who use fintech applications also work with traditional banks. Right now, a lot of them are moving money to and from their savings accounts. Integrations make it possible to transfer funds in a few clicks.
The trouble is, cutting-edge financial technologies rarely integrate well with banks’ legacy systems. Costly, custom-built APIs are usually required to ensure the systems can communicate.
During an economic downturn, that gets tricky. Many APIs take months to develop, and again, data security pros don’t come cheap. Sharing the development costs is one reason fintech groups are keen on forging partnerships with banks.
6. Next-level phishing
Over the past few weeks, phishing attacks have nearly doubled. Why? Because remote employees work in separate locations. On a lot of teams, calling over to the adjacent cubicle to confirm the sender’s identity is no longer possible.
Phishing emails can be used in multiple ways to compromise fintech companies. One is password resets: Hackers trick users into revealing their login credentials by pretending to reach out from the fintech company. Another is account fees: Often, these emails encourage the user to share his or her credit card numbers over the phone — with the hacker on the other end.
Criminals come out of the woodwork in times like these. Many of them would rather break into bank accounts than homes, and a lot of fintech data looks ripe for the taking. Many apps were built with business needs in mind first, security concerns second.
With that said, fintech companies aren’t taking the challenge lying down. They’re defending themselves by using technology, educating their users, and keeping a watchful eye out for breaches. Taken together, it’s a solid strategy.