The rise of the FinTech ecosystem has revolutionised our lives. Going cashless has introduced an unprecedented degree of seamlessness, convenience, transparency and accountability to our transactions.
But for all its benefits, it comes with its fair share of risks. The finance industry has always been the target of scams and fraud. In pre-digital times it was forged documents and signatures or just straight up bank robberies. Today, with transactions moving online, fraud is committed digitally in the form of phishing, hacking and data theft making it imperative for the industry to utilize secure payment processing systems and infrastructure.
That is why, while the benefits of a cashless economy far, far outweigh the risks, it is the responsibility of every FinTech company to prioritise security.
India’s leading mobile wallet service provider, Bharat Interface for Money (BHIM), has over 160 million users. In fact the interface — and by extension cashless transactions — proved to be so popular that it was downloaded more than 17 million times in less than two months since its launch.
Digital payment frauds, meanwhile, account for about half of all bank frauds in India. There were 1,477 reported frauds related to ATM/debit card, credit card and internet banking transactions of more than ₹1 lakh each in in FY 2018-19, according to a report presented to the Rajya Sabha.
Now consider the fact that the RBI expects UPI and IMPS transactions to double annually and that gives you an idea of why cyber attacks on the financial ecosystem are only going to increase.
Cyber criminals are always going to look for an edge. But that doesn’t mean the threat they pose cannot be contained.
For a long time, even as FinTechs turned to the cloud to scale up their businesses, they were reluctant to adopt cloud-based security.
Attackers typically target sensitive customer details like login information, bank account, card and Aadhaar numbers, or other personal information such as names and addresses.
Also at risk could be confidential documents resting on the FinTech company’s servers that could include confidential design and trade data pertaining to their own upcoming service offering.
Cloud-based security can mitigate the risks of attackers gaining access to such information and digital payment frauds in India by offering the right systems and infrastructure for the security of online payments.
But simply getting cloud-based security isn’t going to help. It is incumbent upon every FinTech company to thoroughly vet the sort of cloud-based security they are getting.
Not all cloud-based security service providers (CSP) provide the same depth and quality of security. So every FinTech company must conduct its own due diligence. Beyond that, they then must turn to a Qualified Security Assessor (QSA) whose job it is to validate and certify the competence of a CSP’s security offering. Lastly, the FinTech should then corroborate the assessment provided by the QSA before taking a final call on signing up to a CSP’s services.
The unfortunate truth is that no system, regardless of the level of security, can be completely, totally impenetrable. But the only way FinTechs can stay two steps ahead of cyber attackers is to keep relentlessly chasing perfection in terms of standards of cybersecurity for digital payments.
Ultimately, it is in the interests of a FinTech company’s own business to protect its customers’ data. It is also their responsibility. The push towards that, therefore, should be relentless.