Human error remains a key challenge in fintech security
In Q1 of 2022, fintech companies have experienced 2.5 times more attacks than in the two previous years. The growing rate of cybercrime has added to the market unrest and questioned fintech preparedness; some claimed that the industry players are more susceptible to virtual threats than traditional banking, with greater resources at their disposal.
Thibaud Catry, head of compliance at ConnectPay, said that claims about diminishing fintech security are far-fetched, although he encouraged ramping up defenses due to rising cyber threats.
“In today’s day and age, the size of your business does not determine the capability to fend off fraudsters”, said Catry. “The massive fraud prevention departments that traditional banks have are becoming obsolete, as the ‘strength in numbers’ paradigm has shifted to ‘strength in technology’. Now it’s possible to prevent fraud at the same — or even higher — efficiency with fewer people simply by utilizing the appropriate tools and automation.”
He also noted that, in a way, the long-standing credibility of legacy banks puts them at greater risk. For instance, in phishing assaults, large banks are frequently a better target for fraudsters as they service an incredibly high number of people.
“If a person has an account with a well-known bank and receives a notice, stating that it has been blocked, it is more likely that s/he will click the link. As a result, scammers frequently target people using the most common bank names, exploit brand awareness to reel in unaware clients.”
Threats on rise
When comparing the pre-pandemic period with the first couple of years of the pandemic, reports indicate that online fraud attack rates have shot up by 233%. Fintechs have not been immune as well, with attacks on the industry players reportedly soaring by 70% in 2021.
Catry has shared this is largely felt across the industry, noting an increased amount of phishing attacks, Brand Abuse, and CEO scams (fraudsters impersonating a senior company manager). The latter is harder to stop, as social engineering types of frauds prey on and exploit human trust.
“Even the best technology implemented might not work if a recipient blindly trusts any sender, does not take time to evaluate the legitimacy of content, and press any link s/he gets,” Catry said.
In the last few months alone, ConnectPay had to up their security several times; most recently – when Russia invaded Ukraine. Early preparations have helped keep scammers at bay and clients’ funds secure so far; Catry accredits resilience to securing not only their systems’ backend but also their website, having its backups on another domain. The company also uses its own cyber security solution to maintain ironclad safety.
Although the trend is continuing upward, he emphasized that being digitally native enables the fintech sector to handle cyberthreats with more ease than legacy banking could. Yet one crucial point on both sides needs greater attention. “The importance of sound tech safeguards in place cannot be overstated, but when it comes to security, human decisions, rather than technology, is still the weakest link in the chain,” he added.
Educating clients to limit human error
Building awareness both internally and externally (the latter is often overlooked) could significantly change the power dynamic. Catry noted that while training employees on the most prevalent scam scenarios is a common practice, clients are usually not part of this process, even though they are the primary target.
“Raising awareness regarding fraud is key to making sure that the preemptive safeguards hold up. Of course, fraud prevention requires sophisticated technical solutions to quickly spot and address anomalies in transactions. However, you cannot be one step ahead if all the people, involved in the process, are not aware of possible risks.”
He mentioned that educating clients along with employees has bore fruit at ConnectPay as well, raising overall preparedness to ward off scammers. “Including clients into the equation can drastically tip the scales in financial service provider’s favor, adding an extra layer of security that is not easily penetrated, as con artists are left with fewer vulnerabilities to exploit.”