How FinTechs can ramp up data security in 2022

We now have ever-expanding digital identities to live our daily lives and, whether it’s crossing international borders or more innocuously buying basic products and services, our digital footprint is growing. With the increasing requirement to have a digital identity to do just about anything, our data is constantly being shared online. That said, the demands on FinTech companies to keep personally identifiable information (PII) safe are more pressing than ever.

Data privacy must be at the heart of digital identities

So how can consumers rely on companies to keep data privacy in mind, when digital identities are becoming an increasing necessity for everyone, and not something we can easily opt in or out of? This is particularly the case given that the FinTech sector is more competitive than ever, and being the first to revolutionize and offer new services is key to staying ahead.

FinTech quote 1Alex Marsh, Head of Klarna, spoke at FinTech London last summer about how, despite the pressures, FinTechs must balance innovation with regulation to protect consumers. Matt Warman, the UK Government Minister for Digital Infrastructure, also spoke at a panel at the same event, saying that companies must protect consumers, but that they can’t do it alone; they need Government policy and support.

The UK Government is consulting with leading FinTechs on these issues currently, but the outcomes are not yet available. The minister explained that some of the policy and guidance can, of course, come in the form of regulation and legislation, but data privacy and security must also be a motivation within companies themselves.

The way digital identities are built is the first step towards ensuring better data security down the line, and it all comes down to how they are developed. As Adam Desmond, Mitek Country Manager, points out in this Help Net Security article: “What digital identities could be, if we put data privacy at their core, is selective.” This essentially means that the opportunity is here now to create technology that allows people to only share the specific data they need at any one time. This gives consumers more protection as well as more control.

As FinTech grows, reputation will be key to success

We’ve covered the importance of how digital identities are built, and keeping data privacy at the core, however, understanding the mechanics is rarely the issue consumers are concerned with. For them, it’s more about ensuring there is enough trust in those who hold their data. Yes, regulation goes some way to providing people with reassurance, but it also needs to be at the heart of a company’s offering.

All this amounts to how a company is perceived by its customers. Even one data breach can be hard to come back from, partly due to the fact they are so time-consuming and complex to resolve. This is revealed in IBM’s Cost of a Data Breach Report 2021, which – worryingly – states: “On average, a breach caused by stolen credentials that occurred on January 1st would take until December 7 to be contained.” All the while there is the reputational damage to manage, as well as potential financial consequences.

FinTech quote 2A few years ago Equifax suffered perhaps the most notable data breach FinTech has seen. This exposed the personal data and credit card information of millions in both the US and UK. The breach cost Equifax hundreds of millions in fines, but also led to multiple resignations off the back of bad publicity and resulting lawsuits.

The risk of those breaches is also a constant, with IBM’s X-Force Threat Intelligence Index 2021 stating: “For the fifth year in a row, the finance and insurance industry was the most-attacked industry, underscoring the significant interest threat actors have in these organizations.”

Even where governments set the policies to protect data, they still fall foul of hackers. Last year, an audit by the Danish Agency for Development and Simplification found that a software error in the Danish government’s tax portal had exposed the personal identification CPR numbers of 1.26 million Danish citizen … for five years. All this is making consumers question how secure their data is more than ever before and many competing firms are now under close scrutiny following the poor track record of user privacy being put first.

We now have a combination of increasing transaction volume and complexity, as well as rising customer expectations, and all the while the speed and reach of financial and reputational damage is escalating, as bad actors become more sophisticated in their approach. Regulations and news of breaches in the media only serve to put more pressure on companies to avoid the same pitfalls.

Risk vs Rules based approach to data security

At the last FinTech London conference, we watched as Christine Bailey, CMO at PassFort, talked about a Risk vs. Rules based strategy when approaching digital identity. However, much of what she said can be applied to data security too.

She explained that a recent survey found that 88% of consumers want control of their data, and 75% of consumers abandon their purchase of financial products before completion. The market is highly competitive, with consumer expectations ever-increasing.

To tackle these challenges she advocates a risk-based approach instead of a rules-based one. Rules are rigid, and also broad and far-reaching. Attempting basic compliance to regulations as a tick-box exercise may not be enough to truly innovate or work effectively. It also may not prove to be enough to make customers feel their data is safe.

FinTech quote 3Risk analysis requires judgement and allows for proper and fair assessment of the risk, and can lead to more sophisticated end results. But it does of course involve a greater investment; usually people-powered, and not just relying on algorithms or blanket approaches.

In the data world, a rules-based approach could be quickly applying an in-house built masking script to high-value data to quickly anonymize it. This blanket approach may now technically comply with regulations, but it is a blunt method for an intricate and ongoing problem, and the solution here is not efficient for development teams.

A risk-based approach assesses the risks of data loss and looks for an innovative solution such as a third-party masking tool. This can quickly anonymize the data in a way that still looks and feels realistic, as well as retaining its relational integrity. Developers are then able to work at ease, without putting any data at risk.

FinTechs need to continue to consider data security at the outset, and when developing new product offerings and features for their customers. They also must ensure they retain data security for the sake of their reputation with customers if they are to have longstanding success. And finally, they should apply a risk-based strategy to their data privacy initiatives for a more sophisticated end result.

That was my take on how FinTech businesses can face the challenges coming up in 2022. For more information about how Redgate can help you speed up your digital transformation initiatives, while keeping your data safe, visit our solutions pages.

Read next

Blog post

Best practices to learn from Mizuho Financial’s database DevOps journey

Recently, I was lucky enough to co-host a webinar with James Phillips, VP of Corporate Technology at Mizuho, a leading global bank with a worldwide network of financial and business centers. He joined me to talk about how the bank had introduced database DevOps, why they did it, and the challenges they had along the

Go to the blog post

Blog post

Why DevOps isn’t a level playing field for financial services and insurance

Redgate recently published the 2021 State of Database DevOps report which, for the last five years, has followed the rise in DevOps and the challenges organizations face when adopting it for both application and database development. Based on a survey of thousands of IT professionals from around the world, it also provides the opportunity to

Go to the blog post