General data protection regulation and cybersecurity in the FinTech industry

Increasingly, new regulations and laws are being introduced. They no longer give organizations a pass on poor cybersecurity and privacy policies. If your company isn’t implementing sound measures to protect your customers’ privacy, you can expect fines and disciplinary actions. Below are some of the regulations that every FinTech company should comply with, depending on their location:

                         
  • PCI DSS (Payment Card Industry Data Security Standard) protocol that serves as the gold standard for organizations handling credit cards.
  •                      
  • ISO/IEC 27001 – it’s key for companies to establish an information security management system.
  •                      
  • GDPR (General Data Protection Regulations). This privacy law applies to both businesses based within the EU and companies that collect and process data related to users residing within the EU.
  •                      
  • GLBA (Gramm-Leach-Bliley Act) – a US Congressional act that enhances competition in the FinTech industry. The act establishes a prudential framework for the affiliation of all financial service providers.
  •                    

FinTech companies: Introducing Joshua Bower-Saul and Cybertonica

Joshua has over 20 years of experience leading startups, fundraising for startups, and advising tech investors. Currently, he is the Chief Executive Officer of Cybertonica—a fraud prevention company that uses data insights for fraud detection, compliance, anti-money laundering, cybersecurity, and risk management.

Joshua discovered the urgent need to automate fraud prevention and cybersecurity processes when he and Sergey Velts, co-founder of Cybertonica, worked on a digital loyalty project for a major bank. The high security and privacy standards required for the project and the level of data synchronization within the project made them realize that data insights can be adopted to prevent fraud and minimize cybercrimes. As a result, they founded Cybertonica to help financial institutions manage risk and protect themselves from fraud.

Cybertonica uses data insights and cross-channel monitoring to fight fraud and increase the security of payment systems. The company’s products are designed to assist businesses in creating totally secure and frictionless authentication to enable these businesses and their customers to conduct transactions in real life and create digital environments without fear of being compromised or disrupted by concerns about trust and fraud.

In this article, we share details of our conversation with Joshua Bower-Saul on the growing risks of fraud in data security and protective measures to prevent fraud or security breaches in your organization. If you’d prefer, you can watch the full video of our discussion with Joshua via the link below:

Why is fraud detection important in FinTech cybersecurity policies?

Preventing fraud has several benefits for your business. However, fraud prevention is really not for your business but rather for your customers, since, as Joshua puts it, “Fraud damages your relationship with your customers because fraudulent activities affect your customers.”

Personal and financial data is of great value to customers. Therefore, trust is the most important currency in the digital world. If your customers are unable to trust your business due to fraud incidents and security breaches, they will turn away from you, which will affect your company’s revenue and reputation. Also, fraud prevention is a crucial regulatory requirement that you cannot overlook, as data privacy, cybercrime, and anti-money laundering regulations make fraud prevention inevitable for businesses.

Sadly, the traditional means of managing, preventing, and detecting fraud risks are not comparable to the scale of fraudulent activities and security breaches in recent times.

Therefore, as a business owner, business leader, chief information security officer, risk officer, compliance officer, chief revenue officer, or even in your personal capacity, understanding security risk trends and adopting the right strategy to minimize security breaches is essential to ensure the sustainability of your business or protect yourself from cyber fraud.

What is the risk of cybercrime in the FinTech industry?

Millions of dollars are transferred through online transactions annually since about one-third of bank transfers globally have an online element for the consumers’ convenience. According to a 2021 McKinsey Report, global revenue from digital payments is estimated to reach 2.5 trillion dollars in 2025. Also, it has been reported that digital and mobile wallets will be the preferred payment method for over 50% of online transactions by 2024.

With the increased growth and adoption of digital payment methods comes a significant risk of revenue losses due to fraud attempts. In a 2020 survey conducted by PwC, 47% of the participating FinTech companies recorded that they had experienced fraud incidents within 24 months. Globally, the e-commerce sector lost an estimate of over $20 billion to fraud in 2021.

Countries are not safe, either, as the UK Finance reported a 30% increase in revenue loss to fraud in the first half of 2021 compared to the first half of 2020 for UK businesses. In addition to revenue losses, businesses have suffered reputational loss and incurred chargeback costs, penalties, and fines due to cyber fraud and security data breaches.

What are the cyber-enabled fraud examples?

Digital payment adoption is still growing at a rapid rate, and so will the fraud rate. Plus, due to the pandemic, people are filling out many forms and placing orders online, which has caused an exponential increase in the data collected online and the number of online users. Unfortunately, these new users don’t have the reflexes of old users and will trust the systems and processes without much skepticism.

Also, many organizations downplay the scale of digital fraud, which has grown from individual attempts to organized and structured crimes over the years. In Joshua’s words, “Fraud is not a young hacker sitting in his bedroom trying to buy Nikes on the corner with someone else’s card. Fraud has become an industry!”

The fraud industry is growing just as rapidly as its market—the digital economy. Joshua states that there are several hubs globally where fraudsters collaborate and execute organized frauds that earn millions of dollars. There are also specialists creating and selling products that help others perpetrate scams. It’s a full-blown industry that exploits the loopholes in traditional cybersecurity and fraud prevention methods.

FinTech security concerns: 5 forms of fraud on the rise that you should know about

Knowing the different types of fraud on the rise can help you protect your business from fraudulent attacks and security breaches as a chief information security officer, compliance officer, cybersecurity expert, risk officer, or business leader. If you’re wondering what the fraud industry has been up to in recent times, here are the popular types of fraud they have been executing:

1. Cyber fraud risk: Friendly fraud

Friendly fraud is usually committed by two or more people who know each other. A good example is chargeback fraud, where a person reports a transaction made with their card or account as illegal and gets a refund while benefiting from the transaction.

2. Cyber fraud risk: Loyalty fraud

If you run a business that rewards consumers’ loyalty with loyalty points, you should know that fraudsters are capable of creating and redeeming multiple loyalty points by hacking and reprogramming your business system.

3. Cyber fraud risk: Robocalls

It’s extremely easy to model voices nowadays, and different software can model real-time communication. Fraudsters now set up thousands of automated robocalls to interact with users and trick them into disclosing their personal details, card details, and bank account details.

4. Cyber fraud risk: Deepfake chatbots

Always keep in mind that you may be chatting with the wrong customer care or sales agent! Fraudsters have devised means to get ahold of your banking details using pictures of people you have interacted with in a chatbot window. This is known as deepfake chatbots.

5. Cyber fraud risk: Skimming

Fraudsters and identity thieves now install skimming devices in shops, ATM machines, fuel situations, and other strategic locations to collect card details from customers. Some of these skimming devices are pretty similar to PoS devices, and unsuspecting users would not be able to differentiate between the skimming device and a PoS device.

What are the methods of preventing financial fraud that will not scare customers?

Preventing fraud and other cybercrimes can be pretty challenging for your business and your customers because it’s difficult to detect fraud without impeding your users’ journey.

Traditional fraud and cybercrime detection practices usually require users to identify themselves with identity cards, facial and fingerprint recognition, two-factor verification, or other stringent processes that can make your consumers frustrated and disinterested in your services. Also, you’ll be collecting more data and increasing the risk of data privacy violations.

Besides, these traditional processes are usually reactive and adopted upon suspicions of fraud or security risks and require disintegrated channels and personnel to complete the procedures. This usually results in high fraud prevention costs for your business.

If you’re looking for an affordable way to prevent fraud without losing your customers, Joshua shared some tips that could help:

1. Embrace technology

Fraud prevention technology can help reduce the burden and cost of fraud prevention for your business without infringing on your users’ convenience.

Joshua recommends using passive technology to monitor and predict typical behaviors and models based on built-in models and sensitive data insights. Cybertonica has a range of products suitable for businesses in the FinTech space if you’re on the lookout for such financial technology.

2. Stay updated

According to Joshua, “You need to figure out trends before they become trends.” It sounds impossible, but it actually isn’t, and understanding trends before they become trends will change how you approach security issues.

You can learn about future security trends in your industry by interacting with industry leaders who already have a clue of what’s likely to happen in your industry in the near future.

Joshua describes these industry leaders as “people dealing with tomorrow’s issues today”. It’s a good idea for you to start by joining networks and communities of industry leaders. If you’re a tech leader looking for such a community, you should definitely check out our Tech Leaders Hub Facebook Group to learn about the current trends in the tech industry.

3. Train fraud professionals

According to Joshua, few professionals have the relevant experience to tackle the growing challenges of the fraud industry. Most organizations did not anticipate the fraud industry’s rapid growth and as a result have not trained their fraud professionals to analyze, predict, and prevent the new variations of cyberfraud and security risks. An insider threat may be a result of it – by insider threats, we mean cybersecurity threats that originate with authorized users who accidentally (or incidentally) misuse their legitimate access, or have their accounts hacked by cybercriminals.

Hence, it’s advisable to prepare your fraud professionals for future trends by training and encouraging them to adopt and implement passive solutions to fraud detection and prevention.

FinTech security challenges: where to begin?

Training fraud professionals, finding and implementing passive solutions to fraud, and staying up to speed on the trends in your industry are good actions to take, though they need careful planning and strategizing to implement. In the meantime, here are some things you can do immediately:

Create a fraud prevention strategy

You can develop a plan to combat fraud in your organization and make your customers feel secure. Joshua recommends going all-hands-on-deck for the strategy brainstorming session.

Get your CISO, Chief Revenue Officer, Chief Risk Officer, compliance team, cybersecurity team, and other relevant departments together in a room and think up processes that can be implemented to prevent fraud in your organization.

Conduct fraud audits

Before you invest in fraud prevention mechanisms, it’s advisable to do a fraud audit to determine what processes and devices in your organization are the most vulnerable. This will help you figure out the immediate steps you can take to minimize your customer’s exposure to fraud, cybercrimes, and security breaches. You can also conduct these fraud audits periodically to monitor your organization’s exposure to fraud.

Final thoughts on cyber fraud and cybersecurity in FinTech

As a business leader, delivering value and ensuring that your company’s customers get good value for their money is a major responsibility you simply cannot overlook. However, security threats can make delivering value to customers difficult and increase the risk of reputational damage, revenue losses, and a decline in cash flow to your company.

But beyond the economic downsides, security threats also violate human rights and support antisocial behaviors, such as exploiting people’s earnings, savings, and even pensions.

Therefore, taking proactive steps toward combating fraud in your organization will do a lot of good for society at large. Luckily, with the tips shared here, we’re confident that you and your team will be better prepared to predict and prevent security threats in your organization and protect yourselves from being scammed.

Thank you for reading our article. If you’re in the FinTech industry, we recommend checking out the following articles and resources on our blog:

By the way, if you’re looking to build a FinTech product, we’ll be happy to assist. We offer a range of fintech development services that may be suitable for your needs. Feel free to take a look at those and other services we provide, then reach out to us to talk about your next project!