Fintech Facing Three Challenges in Ensuring Security and User Confidence Amid Swift Expansion

In the rapidly evolving world of fintech, the advent of 5G connectivity opens up a new realm of possibilities for fintech apps. These applications now have the potential to study user behaviour, patterns, and activities across multiple devices associated with a unique profile, presenting powerful new opportunities (1).

However, this digital revolution also brings forth its own set of challenges. One such issue is the rise in SIM-swapping attacks, which can hijack one-time PINs and text messages, rendering traditional security measures like SMS-based two-factor authentication and hardware tokens less effective in the mobile era (2).

The COVID-19 pandemic has accelerated the adoption of fintech services, with many employers and individuals turning to fintech for income and quick repayments (3). This surge in usage, coupled with the increased popularity of fintech, offers a vast attack surface for fraud (4).

The first warnings from the FBI about increased fraud involving mobile financial apps during the pandemic were issued in mid-2020 (5). The FBI alert includes malicious software masquerading as financial apps and password-stealing Trojan software, helping criminals perform account takeovers (6).

Before the pandemic, the fintech industry had already experienced significant growth, with "money transfer and payments" having the largest adoption rate among consumers, according to Ernst & Young's Global FinTech Adoption Index for 2019 (7).

The fragility of password-based authentication means financial platforms have to carefully chart risk tolerance to accommodate on-demand transactions without getting in the way of commerce or allowing some users to be robbed (8). Increasingly, state-of-the-art analytics that compute a risk score based on login attributes and activity are being used to help defend and refine fintech interfaces and user experiences based on risk tolerance (9).

The $2 trillion stimulus package in March 2020 allowed more fintech apps and services to participate in the recovery effort (10). As the fintech industry continues to grow, it is crucial for platforms to communicate the importance of security awareness to consumers (11). This includes explaining what a fintech provider will never do, such as asking for exhaustive personal information over the phone or requesting passwords via text or social media messaging.

The FTC issued similar alerts in 2009 during America's last financial crisis, warning of deceptive websites and malicious messages and links pegged to stimulus buzz, financial uncertainty, and greater reliance on online banking (12). Cybercrime always follows the money and has upped its game considerably since 2009 (13).

Taking away the right lessons from the mobile era will put commerce, trust, and the digital economy on an even more resilient and trusted foundation (14). The fintech industry's continued growth in 2020, driven by early-adopter momentum and the necessity caused by the COVID-19 pandemic, underscores the importance of this task (15). According to Verizon's 2020 Data Breach Investigations Report, over 80% of breaches caused by "hacking" involve brute force or the use of lost or stolen credentials (16).

In the face of these challenges, fintech platforms that can analyze user behaviour to defeat fraud can use this as a strong amenity for the service in a crowded market (1). However, it is essential that they remain transparent about these practices for users' awareness and consideration. Balancing mobility and convenience with security and anti-fraud measures without adding excessive friction remains a significant challenge (2).

In the end, navigating the complexities of the mobile era requires a concerted effort from all stakeholders - fintech providers, regulators, and users - to ensure a secure and trusted digital economy.