MyCFO, Fintech

FinTechs – Navigation In a World of Data Security Challenges

Coopetition is a portmanteau of co-operation and competition. While two players compete with each other, they can also co-operate. The idea was brought to the fore in 1996 in a book by Brandenberger and Nalebuff.

Coopetition is a portmanteau of co-operation and competition. While two players compete with each other, they can also co-operate. The idea was brought to the fore in 1996 in a book by Brandenberger and Nalebuff. It builds on the much older Game Theory. Like many other #managementtheories, it gained prominence only in the last few years. Essentially, consumers have become very demanding and specific about what they want; often, it’s very difficult for companies to rapidly satisfy every need through in-house efforts, and it makes #business sense to partner with other companies that have complementary offerings. The outcome is superior. Satisfied customers result in a larger market share and a greater stickiness factor. 

In the financial services sector, this model works well. In the earlier years, large #financialinstitutions weren’t too keen on partnering with fintechs, and being traditional in their approach, they steered clear of such operating models. But things changed very rapidly as customers went online and physical branches started to disappear. Though some of the new digital products were developed in-house, for others, partnering with #fintech companies made great business sense. Established firms get access to innovation, and for fintech companies, bigger revenue, scale, and greater credibility are in the offing. To remain competitive in #financialservices, entities have to constantly innovate, remain agile, and most importantly, a secured environment is imperative. 

Security Challenges:

  1. Data security. Due to a massive rise in net & mobile banking, fintechs have to collect a very large amount of data – personal information, contact details, financial information, even health data, etc. It’s data that leads to pattern-identification based on which “personalization” of products is possible. Though a mammoth-sized exercise, the collection of data is only one part of it. The other is about keeping data secure.
  2. Data sharing. Collaboration is possible if there’s seamless data-sharing. The digital business model anchors on this parameter and companies have to remain alert against the possibility of misuse. The guidelines for data sharing will have to be a lot clearer and consent sought from consumers at all times.
  3. Managing digital identities. Increasingly, biometrics, OTPs, etc. are being used to authenticate online transactions and adding to the security layer. In the event of a cyber-attack, these identities have to be protected. Fintech companies must use reliable data recovery services.        
  4. Multiple vendors operate. Ensuring that all maintain the desired level of #cybersecurity.

Before the pandemic, the volume of data was doubling every 3 years and now in a hybrid economy that is largely contactless, data velocity has been immensely faster. Either fintech companies buy servers or they #storedata on the cloud. These aren’t exactly cheap options and economizing on #security will surely expose the company to attacks, as many have found to their chagrin.

Cutting-edge technologies such as AI & ML makes it possible to draw patterns where none seemingly exist within the realm of traditional computing. But what is significant from a security standpoint is that the Dark Web users have access to the same technologies and they are more amenable to share the “tricks of the trade” within their “community” than CIOs. Understandably, CIOs are reluctant to admit that their systems have been hacked and may take months to come out in the open to share the learnings. The Dark Web members “work” with a different mindset altogether. A case in point is how nefariously deep-fakes are being used.

The pandemic accelerated the already fast-paced cloud adoption. The general impression is that it’s a magical silver bullet for all tech challenges. While the benefits are undeniable but at the same time, one must be aware of the consequences and make vendor choice with adequate due diligence. Cloud-based solutions can be accessed from anywhere and any device and APIs have to be very secure. Hackers are known to exploit vulnerabilities and DDOS attacks (Direct Denial of Service) are frequent. Traditionally, CIOs and CTOs have been responsible for the security of on-premise IT infrastructure – both hardware and software. In a cloud environment, some of those controls are given away to a third-party, the cloud infrastructure service provider. Moreover, companies function in a hybrid environment where applications are running on cloud (private & public) and on-premise servers. During the WFH shift, VPN patches had to be established for millions of users accessing on-premise software from remote locations. Naturally, this puts additional pressure on IT resources.

The world of scamming is also evolving and sometimes not as foolishly as we think. In the early 2000s, the internet was flooded with the Nigerian scam syndicate. Then we had SMS warnings from banks alerting us not to share bank details or passwords over the phone. We’ve now started to converse with bots and we must use the same kind of judgment and prudence while sharing sensitive data. Rogue bots are a reality. Lastly, do read the fine print before you click on the “I agree” button next time and every time.     

In terms of digital capabilities, India is right up there. To sustain our competence, the Personal Data Protection Bill has been tabled in the Parliament and we need to see its enactment at the earliest. Once this is done, it will bring in greater clarity about roles and responsibilities. 

Follow us on  LinkedIn|Facebook|Twitter 






Write a Comment