Intelligent banking needs a cybersecurity edge

Advances in financial technology are transforming banking as we know it and this spark innovation is changing the approach of this historically traditional sector.

How can the industry ensure their cybersecurity strategy matches the rest of their next-gen business?

Long gone is the age of weekly visits to your friendly neighborhood banker, as the industry has evolved significantly over the last decade. At the heart of the shifting finance sector are innovative companies, many from outside the banking ecosystem boasting ultimate convenience, next-level agility and the ability to adapt to an increasingly mobile, on-the-go lifestyle for a friction-less society, who are already overhauling even the most traditional aspects – payments, lending, insurance and more. Regulations like PSD/PSD2, SEPA and IFR have only added fuel to that fire. Thus, a race began between the traditional payment providers and the non-bank competition disrupting the status quo.

It’s imperative that cutting edge cybersecurity is not buried by efforts to create innovative and revolutionary financial technology. Apathy towards security can have detrimental results, as highlighted by the recent Bitcoin hack on South Korean cryptocurrency exchange, Coinrail, which caused a 5.6 percent drop to the value. Beyond offering a buzz-worthy new payments app or automating exhausting mortgage applications, for example, traditional payment providers and FinTechs need to ensure that their business is resilient against increasingly sophisticated cybercrime and ready for a hyperconnected world.

Agility Now and into the Future

For traditional payment providers and FinTechs to be able to tout complete agility and advancement today, they must be able to accommodate the very serious security threats of tomorrow. To help streamline their imminent arrival into the market, many FinTechs partner with established, trusted firms to help bring their ideas to life. These are often mutually beneficial relationships and are effectively levelling the playing field for banks and payments companies, creating an environment where embracing technology and innovation can help them emerge in a crowded market, secure new customers and stay compliant with changing regulations.

In our hyperconnected world of the near future, consumers may never have to take out their wallets to hand over cash or swipe a card. When you leave a store, the cost of the items in your basket will be automatically charged to your bank account. Amazon has already successfully tested this out. The same goes for: buying gas, paying for parking, paying bridge tolls etc. as your connected vehicle communicates with your bank account, as well as the city infrastructure surrounding it. However, with each new endpoint is a new opportunity to compromise security – and there will be millions. How can you ensure your FinTech is implementing cybersecurity that can support our future of digital payments?

Here are a few constants to keep in mind:

  • Identity security: From the moment of issue, identities which are used as authentication must have security that reflects their intrinsic value and the risk that is associated with their use.
  • Regulations: Transactions must be protected in accordance both with the requirements laid out by the governing bodies and with the value of each and aggregated transactions.
  • Personal data: All personal data must be protected in accordance with both industry governance and local law.
  • Data in the cloud: And last but not least: any data at rest and in motion in or into the cloud needs to be secured.

At the core of these security “constants” is a reliable robust technology: cryptography. Even in the face of a rapidly evolving market, FinTechs can look to more traditional, established banks who’ve historically – and successfully — relied on this security to accomplish critical tasks like holding highly sensitive key material, processing transactions and generating, issuing and validating identities and payment cards, which will be even more crucial as our cities, cars and infrastructures become increasingly smart.

Considerations for a Post-Quantum World

So – your FinTech is fully compliant with industry regulations like GDPR and PCI DSS, and your entire data and communications are secured with the latest NIST standards using the highest AES 256 algorithms, FIPS 140-2 Level 3 compliant protection and more. Are you safe?

Not necessarily. With the advent of the quantum computer, current encryption algorithms stand to be broken, and all of our data vulnerable as a result. Some security experts predict this can happen in the next decade, maybe even sooner than we think.

It’s imperative that the products and platforms being developed today must be ready to handle the post-quantum computer (PQC) era of tomorrow.

Traditional payment providers and FinTechs who are making moves to bring new, innovative solutions to the industry must adopt a crypto agility stance — in line with the rest of their culture of innovation — to better prepare for a post-quantum future.

Here are a few strategies for getting started:

  • The first step to becoming more crypto-agile is simply realizing that current cryptography can be broken. RSA-2048 is the encryption algorithm usually used today for authentication use cases but even the strongest of RSA encryption standards become vulnerable to the quantum computer.
  • Adjust current workflows to accommodate your protocol and IT infrastructure. This means first evaluating your system’s position to adopt each or any crypto algorithm and preparing response plans. Existing security processes often become embedded into daily operations. How can you shift these to be more agile in changing environments?
  • Make smart purchases of encryption solutions with post-quantum in mind. Can they be easily augmented to adapt to new algorithms if need be, and will they easily and seamlessly integrate?
  • Start early. It may only take you 2-4 years to implement the new algorithms in your products and infrastructure once you have chosen the right one, but it may take you a decade or more to eliminate or migrate them in products that are already in the market.
  • Privacy by design (PbD) is already considered a best-practice among many traditional payment providers and FinTechs. The apps and platforms within a given system that control much of the data must have robust security and access controls layered in the initial implementations, instead of simply added on afterward.

Innovation-centric banks and FinTechs are in a unique position to embrace crypto agility and prepare for smart cities, as they are likely already in the process of transforming their apps, platforms and infrastructures in other ways. And the benefits of preparing for tomorrow are clear even today – overall stronger cybersecurity posture, easier compliance with industry regulations and strategic implementations that maximize ROI. As these organizations shift and adapt to the rapidly evolving payments space, it’s crucial that cutting edge and future-forward cybersecurity is not buried by efforts to create innovative and revolutionary financial technology.

First published on:

Blog post by Paul Abraham

About the author

DawnM. Turner es una autora profesional apasionada por las normas y reglamentos técnicos, así como por su relevancia e impacto en las operaciones corporativas y la industria en general. Dawn cuenta con más de 10 años de experiencia en la industria de TI en hardware, programación e ingeniería de sistemas y redes. Su formación incluye un certificado en operaciones y programación informáticas, certificaciones de CompTIA y Microsoft, como A+, MCSE y MCP, una licenciatura con especialización en ciencias empresariales e informática, una licenciatura con especialización en ciencias empresariales y contabilidad, y un máster con especialización en finanzas y economía.

To find more press releases related with below topics, click on one of the keywords:

¿En qué podemos ayudarle?

Hable con uno de nuestros especialistas y descubra cómo Utimaco puede ayudarle hoy mismo.
Ha seleccionado dos tipos diferentes de Download, por lo que necesita presentar formularios diferentes que puede seleccionar a través de las dos pestañas.

Su(s) solicitud(es) de Download:

    Al enviar el siguiente formulario, recibirá enlaces a las descargas seleccionadas.

    Su(s) solicitud(es) de Download:

      Para este tipo de documentos, es necesario verificar su dirección de correo electrónico. Recibirá los enlaces a las Download seleccionadas por correo electrónico después de enviar el siguiente formulario.

      Descargas de Utimaco

      Visite nuestra sección de descargas y seleccione recursos como folletos, fichas técnicas, libros blancos y mucho más. Puede ver y guardar casi todos ellos directamente (pulsando el botón de descarga).

      Para algunos documentos, es necesario verificar su dirección de correo electrónico. El botón contiene un icono de correo electrónico.

      Download via e-mail

      Al hacer clic en dicho botón se abre un formulario en línea que le rogamos rellene y envíe. Puede recopilar varias descargas de este tipo y recibir los enlaces por correo electrónico simplemente enviando un formulario para todas ellas. Su colección actual está vacía.