How fintech companies can protect consumer trust, starting with the cloud - Lacework

How fintech companies can protect consumer trust, starting with the cloud

By: Ben Baker, Director, Product and Marketing Content

Editorial Lacework

August 30, 2022


Do you use a fintech company? Yeah, me too. In fact, just last night, I was chatting with my spouse about life before Venmo. I mean, can it even be called “life”?

I recall the days where we had to figure out how to split a dinner check on the back of a napkin, then hassle people to give us cold hard cash. What am I? A caveman? Okay, let’s be real… The hassle is still there, but at least our friends can now send money through digital means. This kind of convenience is key to securing money from our friends who are, shall we say, less reliable when it comes to paying back debts.

Fintech has added major conveniences to our lives, and the industry has turned into big business. By 2023, the global market is expected to grow by just under 9%. Fintech has turned the traditional financial services market on its head. GenZ and Millennials who are more comfortable using digital methods have spurred the growth. In fact, now 40% of consumers between the ages of 21 and 55 use fintech services. This usage creates a $13 billion market annually.

With always-on access to customer and financial data, fintech is attractive to both those building innovative solutions and those set on compromising the code for illicit purposes. In fact, it’s the second-most compromised industry and combines with healthcare to account for about 27% of all targeted attacks. And, like healthcare, data breaches in fintech can be particularly disastrous.

Fintech is an unforgiving industry

Financial services companies can’t afford to make mistakes when it comes to data security. Recent research suggests that, like healthcare, finance is an industry where trust isn’t easily gained but can be broken in an instant.

Some studies suggest that trust was the primary factor in deciding on a financial institution for 30% of American consumers. And 66% of consumers said they’d stop using a financial institution if there was a data breach affecting their data. Some 21% of those surveyed said they’d already left a financial service due to this sort of data breach.

If I’m being honest, I’d probably loop myself into that 66% for a couple of different reasons.

First, for the sake of convenience, many fintech companies gather data from multiple sources. For example, I use a fintech SaaS company to handle my personal budgeting. This service ties into all of my credit card accounts, my bank accounts, my mortgage provider, my investment accounts, etc. A single data breach into this one service could compromise my information on a grand scale. As someone who’s undergone the pain of replacing lost credit cards (on multiple occasions!), I don’t want to even think about a situation like this.

Second, our purchasing decisions are extremely personal, and a financial data breach offers an unwelcome window into our personal lives, resulting in a privacy violation. This type of data is something you want to keep away from bad actors. For example, I don’t want people to know that I spend $800 a month on Taco Bell.

Wait, did I just say that?

Data security in fintech is complicated

Cloud adoption has driven the rise of fintech. The cloud opens up unlimited opportunities for both traditional brick-and-mortar banking institutions and digital-native fintech startups. Cloud computing offers lots of benefits, including speed, scalability, accessibility, cost-savings, and unlimited storage capacity. But, on the flip side, cloud computing brings about a certain amount of risk — especially here in the financial services industry, which has historically been a prime target for cybercriminals.

Dependable cloud security is within reach for fintech companies, but there are several factors that add some complexity when it comes to securing data. Let’s take a look at a few of them.

Keeping up with compliance

Location. Location. Location. Depending where a company resides, the compliance regulations they need to comply with will vary. Failure to comply with regulations in the financial services industry can limit business growth in specific markets and open an organization up to non-compliance fines, business disruption, and penalties.

Compliance can be a real headache for companies and can be seen as an inhibitor of innovation. Many fintech organizations fall victim to the “pacing problem,” where technology and science is accelerating faster than government regulatory processes. But, as mentioned above, these “hoops” can’t be forgotten. For fintech companies, keeping up with compliance is necessary.

Who owns the data?

Cloud ownership presents its own set of challenges and can make things extremely complicated. Fintech companies need strict policies for who can access, create, modify, and delete data to ensure compliance with regulations and standards, as well as technical and legal processes.

These policies are crucial for fintech companies. As with my budgeting application, fintech companies are often interconnected with actual banks and other financial institutions. And much like the Shared Responsibility Model which lays out roles and responsibilities between companies and their cloud service providers (CSPs), these financial institutions often pass responsibilities down to the fintech companies themselves, including the burden of data security.

Fintech companies must know when they’re responsible for data security and must take action to keep that data secure.

Speed or security? Or both?

Fintech is a highly competitive industry where time to market matters. But here’s a tough reality: Fintech companies can’t afford to cave into this “win at all costs” mentality. Why?

In 2021, vulnerability exploitation was the second-most frequent infection vector, just behind phishing. This should come as no surprise. While the cloud offers the ability to develop faster, more cost-effectively, and at scale, it can create an environment riddled with blind spots and gaps, leaving data at risk.

It’s simple math. Speed often gives way to carelessness. Careless software development gives way to vulnerabilities. And vulnerabilities give way to data breaches.

It’s not all bad news

As you can see, data security in fintech is a big deal. And, honestly, we all have vested interest in this — not just because our own financial data is at risk but because we enjoy the conveniences of these platforms on a daily basis. We don’t want to see these platforms go belly-up. Please please please do not make me go back to napkins, cash, and hassling.

Some good news? Yes, cloud data security in a highly regulated industry like finance is complicated. But that doesn’t mean it’s impossible. With the right mindset and tooling, any fintech company can keep a lock on customer data and maintain trust with their customer base. Some companies are already making the magic happen.

To help you maintain your sanity, we put together a collection of tips to help fintech companies stay ahead of threats. Consider downloading 5 ways fintech security teams can protect digital trust to learn some practical ways (including things you can start doing today) to keep your customers’ precious data under wraps.

Keep the conveniences coming. Please and thank you.