Role of Cybersecurity in Fintech Industry

Why is cybersecurity in fintech important?

Top cybersecurity threats in the fintech sector

  • Identity theft, which may lead to social engineering attacks or phishing
  • Money theft and laundering
  • Application breaches ,user data compromise and data breaches
  • Spoofing
  • Malware attacks
  • Data security in FinTech is the top concern for 70% of banks consulted during the Sixth Annual Bank Survey.
  • According to the Ponemon Institute 2019 Study, capital market firms and banks spend approximately $18.5 million every year to combat cybercrime.
  • The annual cost of hacker attacks is up to $18.3 million per financial services provider. These providers collect high volumes of personally identifiable information, including financial, contact, and health data about customers, visitors, and employees.
  • Hackers can exploit system weaknesses to access this information and use it for financial fraud and data theft. Most companies don’t know about the attacks until it’s too late.
  • According to Bitdefender’s survey, around 64% of companies aren’t aware of data breaches in their systems.

Regional FinTech security requirements

  • GDPR: A set of rules for protecting privacy in FinTech applications that process information about the European Union’s residents.
  • PSD2 : The revised Payment Services Directive regulates electronic payment services activities in the EU to help banking services secure their tech.
  • eIDAS : Electronic Identification and Trust Services is another EU regulation for cross-border electronic transactions. It aims to provide a common legal framework for secure transactions between FinTech organizations, businesses, governmental entities, and end-users.
  • FCA : The Financial Conduct Authority supervises financial services in the United Kingdom. This regulation focuses on secure protection for consumers and market integrity
  • GPG13 :The Good Practice Guide affects service providers and outsourcing companies involved with the UK’s governmental system. This compliance guide is a part of the official Security Policy Framework that focuses on cybersecurity, events logging, and intrusion detection systems.
  • APPI : The Act on the Protection of Personal Information applies to financial technology vendors that handle Japanese residents’ private data
  • PIPA : The Personal Information Protection Act regulates private data security measures for private and governmental organizations in South Korea
  • PCI DSS : Payment Card Industry Data Security Standard applies to entities that gather, process, and use credit card information
  • ISO/IEC 27001 : A set of FinTech security standards for information security. It contains policies and frameworks that can help organizations worldwide establish and maintain protected data management systems. Its policies include Cryptography, Access Control, Clear Screen, and Informational Security.

Data encryption

  • RSA. A highly secure asymmetric algorithm with public encryption and private encryption key.
  • Two-fish. A freeware algorithm that encrypts data into 128-bit blocks.
  • 3DES. The preferred encryption method for encrypting credit card PINs. Triple DES divides data into 64-bit blocks and ciphers each one three times.

Secure application logic

  • One-Time Password (OTP) system. Dynamic PINs work as extra layers of protection. How do they work? The application automatically generates an additional limited-time password each time a user wants to log into the account or complete a transaction.
  • Mandatory password change. Over 80% of data leakages and breach incidents in 2019 were a result of password compromise. FinTech organizations can significantly reduce security risks by forcing a regular password change for customers and employees. For example, many online banking applications enforce resetting of users’ account passwords every three or six months.
  • Security Monitoring. With a tracking system, you can analyze suspicious activity (such as failed log-ins) to detect instances of unauthorized access. Furthermore, this solution can prevent data breaches by blocking an account after several suspicious transactions.
  • Short delay log-in sessions. Reduced session time is handy for the protection of financial data. Why? Because even if a hacker gains access to the account, he’ll have limited time to capture important data.
  • Adaptive authentication. Multi-factor authentication is no silver bullet. In fact, it can even amplify data breach risks (for example, if a hacker manages to clone your smartphone). But with adaptive authentication, your system **will analyze users’ behavior to detect suspicious activity. As a result, your platform will gain extra protection of financial data and personal information.


Full time Information Security Engineer, Part time Red Team learner

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Top Speed: Drag & Fast Racing Hack Free Resources Generator


Asset Management! Why is it Important in Cyber Security?

Cyber Security 101: Do you have inventory of all computers, printers, scanners, other devices, and application you have?

How to Scan whole country IP Addresses in a while

End-to-End Encryption Explained | Hyper Vigilance

CCSwap Maskbook ITO Guide

RAMP Vaults Mobile Guide | How To Provide Liquidity For RAMP-ETH Pool On Uniswap through Metamask…

{UPDATE} Overkill Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Adithya Sai

Adithya Sai

Full time Information Security Engineer, Part time Red Team learner

More from Medium

Google App Engine

Healthcare Companies are Not Immune to Zero Day Attacks

Artificial Intelligence in Mobile app for security

Chatbots: Why They’re a Game-Changer for Your Business?