Fintech is — and has been — an emerging market globally for some time now. Accenture reported that global fintech investments climbed 28% in the first half of 2019 compared to 2018. No other region has seen this stark growth more than in Asia, where over $14.4B of investments were recorded since 2016, as reported by UOB in the State of Fintech in ASEAN report.
The immense opportunities that come with this growth also carry an equal amount of threats in the form of hackers. It was revealed in the Money20/20 event that more than 19,000 Singapore bank cards were up for sale in the dark web in 2018, amounting to an estimated underground value of S$640,000.
Unsurprisingly, among the most prominent regulatory bodies in Asia, including the Reserve Bank of India and the Financial Services Agency (Japan), the Monetary Authority of Singapore (MAS) is regarded as one of the most stringent and progressiveMonetary Authority of Singapore (MAS) is regarded as one of the most stringent and progressive with regards to emerging fintechs.
As a young fintech desiring to succeed in this enormous market in Asia, what are the top 3 challenges organizations need to overcome?
Fintech regulations are not yet laid out clearly in black and white – there is a lot of gray space in the financial industry, with constantly evolving requirements and rules. Regulators are working to develop rules that will govern the fintech space, but as a business wants to grow beyond one country, they will notice that the regulations may differ drastically. Best practices and guiding principles are universal but nuances and interpretations differ. There is thus a need to adapt to globally recognized standards including PCI-DSS, CIS, or NISTPCI-DSS, CIS, or NIST, as well as to local regulatory mandates, for example, the MAS-TRM and MAS Cyber Hygiene in Singapore.
As an emerging fintech, compliance needs to be addressed with the relevant security regulations early on to avoid costly mistakes later. The best way to do this is to either have a team inhouse or to engage a team of experts who can help the business with governance, risk regulations, policy planning, advice, and automated compliance tools to monitor operations and infrastructureautomated compliance tools to monitor operations and infrastructure.
The consumerization of finance means we are seeing more fintech applications that can access users’ profiles and data to realize various real-time transactions. With the proliferation of these web, mobile or IOT apps, these have also become one of the main attack vectorsmain attack vectors and primary entry points into larger infrastructures and networks.
Given the latest cloud and container technology, integration of business-critical processes, and data sharing with numerous third-parties, incomplete visibility and complexity remain a big challenge.
Businesses need specialists that can create data flow maps, secure the network, and implement sensitive data storage solutions. What’s also important is thinking about implementing the rights to access certain data, as well as rights to be forgotten, in order to ensure tighter user control of data. Even with scaled growth at CardUp, this remains a top priority of our team, especially as a fintech company in the payments space.
3. Increasingly Sophisticated Cyber Threats
From increasingly sneaky malware to highly-targeted phishing attacks, there are simply too many ways for threat actors to gain access to the systems.
It just takes one team member on the wrong end of a phishing campaign to trigger a sensitive data exposure event. Threats coming from all angles and not just unauthorized malicious actors. there are even some unexpected ones, such as insider threatsinsider threats. According to Verizon’s report — 57% of database breaches involved insider threats within an organization. Including the possibility of accidental sensitive data sharing and malware/ransomware attacks, covering all the bases becomes a costly and complex endeavor.
At CardUp, we take this prevention a step further by inculcating a culture that security is everybody’s responsibility. We constantly remind everyone in the company to stay vigilant and to consciously apply security principles in their day-to-day work.
What An Emerging Fintech Needs
- A cybersecurity strategycybersecurity strategy that combines up-to-date know-how, understanding of the latest tools and trends, and an experienced cybersecurity team to handle it.
- Correct understanding of the data governance and integrity tools as part of a nimble and easily adaptive framework for the development and operations life cycle and policies.
- Financially realistic ways to manage and implement tools and a team of cybersecurity experts.
CardUp is the market-leading credit card enablement platform, which allows individuals and businesses to make and collect any big payment by credit card anywhere in the world, even where cards are not accepted.
This helps payors maximise the benefits of their credit card, making use of the available credit limit for an extra 2 months of interest-free payment terms. In addition, CardUp equips payors with the tools they need to automate their entire payables and receivables processes, helping save time and manage finance processes remotely, whilst earning credit card rewards on expenses.
CardUp is trusted by tens of thousands of users, and manages hundreds of millions of dollars in payment volume in the region today. The company continues to innovate in technology across business financing, payment automation, data insights and card rewards, to deliver our mission of making big payments more rewarding.
This blog post was written by CardUp. Read more about how Horangi helped CardUp to secure their financial information and customer data in the case study here.