How do FinTech companies access first-class security on startup budgets?

Irrespective of where they are in the world FinTech companies are vulnerable to cyberattacks and deploying the kind of encryption and security technology that major banks use is costly and requires technical expertise.

by Eyal Worthalter, Vice President – Global Solution Sales, MYHSM by Utimaco

FinTechs are not just getting more customers and larger investments, but we are seeing new FinTechs founded in sub-Saharan Africa and cities like Tel Aviv, Stockholm and Hangzhou beginning to compete with traditional cities such as New York, London and San Francisco as major hubs of innovation.

Cybercrime is a global problem

Cybercrime cost the world $1 trillion dollars in 2020, more than the combined cost of all natural disasters and the costs of adapting to climate change, and this number is only going to rise. Data breaches can cost companies as much as $3.86 million and take as long as 207 days to discover. Some companies have been the victims of particularly damaging, headline-grabbing hacks: after 147 million people’s personal information was exposed in the Equifax hack the company spent $1.4 billion on security upgrades.

Although the global pandemic helped FinTech companies by showing many people that they could easily administer their financial lives from their phone and pay for goods and services without cash, it also drastically increased the amount and sophistication of cybercrime. At any time when there is a global financial downturn more people will turn to crime of any kind to make ends meet.

FinTech companies may seem like low-hanging fruit to criminals when compared to banks. Both keep and process customer payment data, but banks have extensive security operations – one survey shows that banks spent on average 10.9% of their IT budget on cybersecurity, and this is growing every year. FinTech companies will have the same challenges but significantly lower budgets, which leads to a situation in which criminals perceive them as weak and are more likely to target them, increasing their need for cybersecurity when they are least able to satisfy that need.

This is a particular problem for companies based outside of the traditional tech hubs, and even more so for startups in the developing world. There is already a skills shortage in the cybersecurity industry, and the limited number of experienced professionals know that they are more likely to get high-paying jobs in the world’s major tech hubs than those cities that are still developing their FinTech industries. This leaves the younger companies who need the most support without the critical skills that they need.

Cloud-based encryption can bridge the gap

Encrypting cardholder sensitive data such as PINs during online transactions is hugely important to minimise any fraudulent activity. The use of a Payment HSMs in the financial services industry is mandated by PCI Security Requirements and are a fundamental requirement to become PCI PIN compliant. However, Payment HSMs require significant investment and specialist knowledge to operate and manage. For these reasons, they may be out of reach for small start-ups and companies in the developing world.

Cloud technology has clear advantages for FinTechs and the recent pandemic has accelerated the use of cloud-based systems in the financial world and increased the use of cloud systems by FinTechs, 55% of which say they use multiple clouds. Cloud technology may be deployed quickly without the need for new hardware, it scales to meet surges in demand, backs up all of a company’s data and can often be paid for monthly rather than as a single expensive purchase.

Furthermore, cloud-based services allow smaller companies to deploy the same level of security and compliance that is used by much larger companies at a fraction of the price. This means that startups can focus on their core business knowing that security and compliance is taken care of, which in today’s cybersecurity climate will be a major relief for the company.