Fintech service providers are considered to be torchbearers in digital financial services, particularly in the post-COVID world. They have been catalyzing and accelerating the economy in great manners during this pandemic. According to the NPCI data, there were 150 millions active users of UPI in 2020- a 32% increase on the YoY basis. The total number of digital payment transactions have crossed 2 billion, the debit and credit cards are more than 950 million numbers, i.e. more than 10% YoY increase, more than 3 million Bharat QR are currently deployed. However, with the phenomenal increase in the financial transactions, a significantly upward trend has been seen in the numbers of UPI breach, credit and debit card frauds also.
During the launch of Aujas Cyber Defense center in Mumbai, Dr. Gulshan Rai, the first Director-General of CERT and the first National Cyber Security Coordinator spoke in detail about these top five emerging cyber security risks looming large on the burgeoning Indian fintech sector, and explained why fintech companies need to build a strong cyber resilience system inside or outside their organization to protect themselves and their users from such risks.
1. Digital Transformation: While financial institutions are adopting fintech solutions to embrace the digital wave, the malicious activities have also increased manyfold. As per CERT data, more than 1000% jump in the malicious activity has been recorded during the pandemic period of the last six months including cyber crimes particularly related to digital transformation. The new and emerging cyber security risks show the unique characteristics of the digital world of monetizing everything from data to stolen card details, passwords, etc.
2. Data Breach: Some of the cyber threats, which are being faced by financial institutions and the users on a very regular basis, include malware attacks, phishing, and vishing are customized to the nature of financial transactions to breach the systems, and gather critical information. Most of the fintech companies and the customers store data such as card details, user password, credentials in their respective platforms. A small breach may lead to leakage of sensitive information.
Downloading apps without understanding the genuineness and the security risks of that particular app is another factor causing data breaches. Apps get access to the stored data in the system including the financial information of the users. Most of this stolen/breached information is available on the darknet for sale.
3. Cloud Security risks: Cloud has many advantages, but improper configuration of the public cloud systems, and of the service provider facility facilitates easy access to the hackers. Weaknesses in the interfaces, vulnerabilities in your hardware and software also create problems. The fact that encrypted information gets decrypted at every interface also poses problems depending upon the security of the system.
4. Application Security: Hidden vulnerability in the application design can attract cyber attackers. Most of the time organizations don’t test their applications or do the security verification after procuring them. When they run those applications in their systems, create vulnerabilities and risks and become the causes of potential breaches.
5. Weak Passwords: This is true for both the service provider and the individual users. If you are not able to secure your own systems, be rest assured that your service providers are not going to be bothered about it. The hackers are using AI and ML-powered sophisticated tools for exploiting risks and harvesting the personally identifiable information, financial data of the users. Some of them are even difficult to trace.
India is a leading fintech hub with close to 200 best fintech companies in the world are developing solutions in India and marketing solutions for India, but the security risks are also looming large. The nature of that data lying with these fintech platforms also makes them more susceptible to the security breaches.
“Managing digital identities of individuals is also a major challenge as fintech companies aim to provide an integrated omni channel experience to users by extending a host of banking wealth management and payment services in a seamless manner. Hence, increasing efforts must be made to educate the individual users, telecom service providers, and the fintech service providers,” advised Dr. Rai.