Tag Archive for: FinTech

Cybersecurity – the challenges for fintech

/in


Fintech is one of the business sectors that needs cybersecurity most – and needs it to be most effective. That’s because it’s a sector which, alongside the hardcore functional and ransom-worthy data that makes any business work, also potentially holds the financial data, and therefore direct access to resources, of all its customers. Fintech and cybersecurity should go together like a lock and a key.

Unfortunately, cyber-attackers know that just as much as fintech companies do – which has a tendency to make fintech companies a big prize for bad actors, and a big nightmare for insurers, because in the event that a fintech organization suffers a bad cyber-attack, the implications have far more ripples than would be usual outside of the sector. In the fintech sector, there’s more lucrative damage to be done by targeting the users of the tech, who may have significantly less rigorous cybersecurity in place, than there is in targeting a fintech company head-on. One malicious app, loose in the app ecosystem, can strip fintech users of their assets, and leave the fintech company with a reputation in tatters for failing to prevent the attacks.

Unleash Profitable Chaos!

That level of chaos and potential pay-out inspires bad actors to create ever more sophisticated ways to access everything from banks and neobanks to crypto wallets – and sometimes, to do it in ways that don’t flag up their activities until it’s far too late.

Ways like the new generation SOVA banking trojan, which is making a return in 2022 in a new upgraded form. When it first appeared in September 2021, it could target 90 different apps, and hit both financial and shopping apps, all across the US and Europe, harvesting credentials by launching overlay attacks.

Now, less than a year later, it can infect 200 apps. It hides inside fake apps that use the logos of legitimate traders like Amazon and Google Chrome, and can then scrape credential data at will. That’s made easier in the latest iteration by features that allow it to both capture screenshots and record device screens. It can also get data from your Binance and Trust Wallet accounts, including…

Source…

What you need to know about Cyber-security in the Fintech World

/in


Thirty-one percent – that’s the increase in cyber security attacks within the past year. Per company, attacks increased to an average of 270 attacks per year. 

Keeping your sensitive data and systems safe is important for any industry, but some industries have their own cybersecurity challenges. Fintech security is one such industry.

When you’re dealing with around-the-clock financial transactions such as deposits, withdrawals, and payments, every transaction has to be secure and has to be trustworthy, otherwise, you risk losing money – and your customers’ trust. 

Not every hacker is an ethical hacker. Many see your vulnerabilities as their next big payday. 

So how does cybersecurity work when it comes to fintech products and services? Keep reading to learn more.

What Is Fintech?

Financial technology (fintech) is a broad term used to refer to financial services that use technology to provide financial services to customers. Originally the term was for traditional financial institutions like banks, but as technology evolved the term fintech changed to refer to technology that disrupts traditional financial services. 

Some examples of fintech include payment processing services like Stripe. It could also include a cryptocurrency app used for trading Bitcoin and other cryptocurrencies. Another example is investment apps like Robinhood.

Other examples of fintech include Robo advisors, peer-to-peer lending apps, and payment apps.

What Is Cybersecurity?

Cybersecurity, (also known as cyber security, computer security, or IT security) is the practice of protecting important and sensitive data. This could include computers, networks, mobile devices, and other hardware and software.

Cybersecurity has grown a lot, especially with the rise of smart devices and Web 3.0. In a connected world, everyone benefits from good cybersecurity.

The Importance of Cybersecurity for Fintech

When it comes to financial technology, cybersecurity is of utmost…

Source…

Fintech Statrys Adds MFA To Further Strengthen Security

/in


(MENAFN– EIN Presswire)

Statrys MFA

Verma Pankaj CTO

mfa Statrys

In response to growing cyber security threats in Asia

We’re going the extra mile to make sure the Statrys account is safer than ever before. After all, the safety of our clients’ money is our top priority.” — Pankaj VermaHONG KONG, July 18, 2022 /EINPresswire.com / — Hong Kong-based Fintech Statrys  is introducing MFA on all its platforms to strengthen the security of its services. Statrys’s mission is to be the world’s ‘go-to’ payment platform for SMEs and entrepreneurs. The company provides virtual business accounts with all the features of a traditional bank offering but without the red tape and hassle.

This move is intended to ensure that the users’ accounts are always safe and under their control and access. The financial industry typically features in the top five sectors for severity and frequency of cyber-attacks. The 2022 IBM Security X-Force Threat Intelligence Index found that Asia has become the region most targeted by cyberattacks, with financial services and manufacturing organizations, in particular, experiencing nearly a combined 60% of attacks.

Hong Kong is an attractive target for cyberattacks as a leading global financial center. With more than USD 2 billion in transaction value , Statrys wants to ensure that further transactions are carried out without fear of fraud.

“We’re going the extra mile to make sure the Statrys account is safer than ever before. After all, the safety of our clients’ money is our top priority.’ — Pankaj Verma, Statrys’ Chief Technology Officer.

Adopting multiple-factor authentication helps Statrys secure access to the platform, protect users’ identities, and guarantee that the proper user carries out each transaction.

Multiple-factor authentication at Statrys is implemented at all platform and mobile app levels, ensuring that mobile security is just as reliable as other methods. MFA safeguards their account in case any of the devices are misplaced. Even if a password or other authentication method is compromised, it’s extremely rare that a hacker also has a second or third authentication factor.

By fully implementing…

Source…

Fintech startup passes SOC 2 audits with serverless security

/in


A startup providing AI-based cloud services to financial customers favors serverless computing for security, despite the challenges of translating ISO and SOC 2 audit requirements for the cloud-native architecture.

CrossBorder Solutions began to seek certification under the American Institute of CPAs’ Service Organization Control (SOC) 2 and the Information Organization for Standardization (ISO) 27001 programs for its cloud-based products in 2019. While it isn’t required by law to demonstrate compliance with these programs, the company saw a business advantage in demonstrating to its highly regulated customers that it was compliant with those standards.

“We did the certifications to help clients understand that we’re safe to do business with,” said James Ford, who served as the company’s chief security architect from 2019 until October 2021. “SOC requires [them] to do vendor risk management, [which is] basically making sure all your vendors … are more or less doing ISO and SOC.”

The problem with this, at first, was that the company also ported its entire IT environment in early 2020 to AWS, which provides services that don’t require IT teams to manage virtual machine resources — also known as serverless computing. These include AWS Lambda function as a service, along with the AWS Fargate managed container service, Aurora database as a service, application load balancers and CloudFront CDN.

“Serverless does not equate to infrastructure-less,” Ford said. “What it really makes difficult is trying to explain to the auditor what you don’t do and what you don’t have control of.”

ISO, SOC 2 audits require people and policy plans

Ford said he believes CrossBorder was among the first companies to receive SOC 2 certification in a fully serverless environment, but the process ultimately involved more of a focus on people and process issues than technological problems.

James Ford, former chief security architect, CrossBorder SolutionsJames Ford

First, there was the work required to help IT compliance auditors understand cloud services that didn’t fit what ISO and SOC 2 controls were originally designed to describe: private data centers that contain servers.

“It’s a lot of talking to the auditor and talking them off the ledge at some…

Source…