‘FinTech companies need to treat cybersecurity as an integral part of their DNA, rather than a call to action’

With rise of millions of digital users and Work From Home (WFH), FinTechs are facing cybersecurity threats of all kinds. How can they tighten their security?

The FinTech players of today are the emerging future of digital financial services, particularly in a post COVID world. They have played a key role in accelerating economic transactions during this pandemic.

Read more: Cybersecuring Work From Home: How to start ensuring data security in an organization with WFH

However, with the benefits of technology, we also inherit the perils of fraud and cybercrime. With the growing adoption of digital services amongst customers, it will be a challenge to keep malicious activities at bay.

What good practices should organisations follow to ensure the security of their data, especially since now WFH is becoming a norm?

The Tech Panda spoke to Karan Mehta, CTO and Co-founder of Kissht, an Indian FinTech company that offers instant credit and personal loans to its customers to buy within five minutes without a credit card.

It is imperative that preventative and proactive steps are taken to enhance the security systems, because we cannot always ‘fail and learn’

“Cybercrimes and cyberattacks are a clear hindrance in the financial technology market, and FinTech firms need to build a strong cyber resilience system inside and outside their organisations to evade the threat of cyber-frauds,” he says.

“FinTech companies need to treat cybersecurity as an integral part of their DNA, rather than a call to action. It is imperative that preventative and proactive steps are taken to enhance the security systems, because we cannot always ‘fail and learn’,” he adds.

How FinTech Organisations Can Protect User Data in WFH Mode

Building an ecosystem that is robust and competent against cyber-attacks is a critical need for all FinTech companies, as they are the future of the evolving financial systems. So, says Mehta, to tighten their cybersecurity framework, FinTech players first need to ensure they are compliant to the government regulatory norms.

“They can also partner with a managed security service provider (MSSP), which will manage and monitor the security of devices and systems efficiently,” he advises.

FinTech companies can also collaborate and share their best practices or even partner with banks and other financial institutions to deliberate on the security of the wider financial services supply chain

With the norm of WFH, employees risk logging into the system via unsecure data connections, thus giving easy entry to hackers or cybercriminals. Thus, it is important to educate the staff to be vigilant and use of secure and quality networks.

“Even customers need to be made aware of dubious practices or fraud in the market, so that they do not fall prey,” he says.

Another way to keep tabs on security systems is to stage a mock potential threat drill, to evaluate the efficacy of their systems and explore other possible vulnerabilities.

“FinTech companies can also collaborate and share their best practices or even partner with banks and other financial institutions to deliberate on the security of the wider financial services supply chain,” he adds.

Types of Cyber-Fraud in 2021

The most common cyber-frauds being seen in the FinTech space are phishing, spoofing, identity fraud, account fraud, and transaction fraud. While data breaches are ripe, application security attacks on mobile and web is also on the rise, says Mehta.

“There could also be ransomware attacks and cyberextortion. Also, with the rise of WFH mode, customers are more vulnerable to fraud through unsecure data connection, lack of awareness, etc.” he says.

We also see issues of cloud security risks, application security, malware attacks, and hackers to tackle.

How Kissht Protects its User Data

“Albeit the sophisticated security systems, most frauds occur due to ignorance and lack of awareness among customers. Hence, it is critical to educate the masses to be vigilant and cautious while divulging any sensitive data or personal information.

Mehta informs that Kissht regularly reviews and upgrade its security software and firewalls to ensure the best-in-class security features safeguard its digital infrastructure.

Read more: Branchless banking: Bank branches are moving from the street into our devices

“Safety and security are an integral part of our organization, and not just a call of action. We ensure that access to critical information is restricted to only authorized persons and in case of a breach or crisis, there is an ‘action plan’ already in place, pertaining to any kind of threat level. We are compliant to all the directives and regulatory norms put in place by the RBI and the government.

Kissht is also one of the founding members of FACE (FinTech Association for Consumer Empowerment), an organization that aims to promote open and responsible lending practices, in India.