Sunday, December 4, 2022

How FinTech Companies Will Be The MSPs For The US Banking System

 


Well, here we are now loafing into the last month of December.  I actually did some shopping yesterday, and I couldn’t believe how packed the parking lots were.  You would think that with some of the layoffs that are happening in the tech sector would have some sort of impact on spending, but that is totally untrue. 

But the troubling thing (?) is that most of the customers were paying with either a credit card or debit card of sorts.  No hard cash trading hands, or even checks being written.

So, now this brings me up to our financial system here in the United States.  Now of course, I have not travelled the world in some 20 years or so, but I do think we have the best banking system in the world.  I remember a few times when things went bust, the Feds were here to rescue us.  Probably the best time I remember this happening was during the 2008-2009 Great Recession.

I had a good chunk of change in what was as the Reserve Primary Fund.  This was deemed to be the largest mutual fund in the world, with some $60 Billion in its funds.  It was also one of the most trusted in the world.  Then when all of the banks went bust, so did this one. 

The mutual fund literally “broke the buck”, and now was valued at some .98 cents per share.

Because of this, this mutual fund froze all assets, and all redemptions were halted. It was not until almost 6 months later, that Ameriprise (the broker dealer at the time) and the Feds bought back these toxic assets so that shareholders (like me) would start to get their money back.  That was a scary time, and I will never forget it.  But now, times have changed, and there is even a scarier front that we are facing.

And that is of the Cyberattacker and the threat vectors that are posed to our financial system.  Luckily nothing has happened yet to the degree where our entire financial system is frozen, but you keep hearing all the time as to how accounts are hijacked into, and how data leaks are such a common thing now. 

But despite all of this, believe it or not, our banking system is probably one of the most secure in the world, and we just don’t realize it.  A lot of this has to do with the fact that most security takes place behind the scenes, without us even knowing it.

*Since the 08-09 crisis, all bank accounts are now insured up to $250,000.

*Layered security is already place.

*Many banks (including mine) are now requiring the usage of 2FA, such as a One Time Password.  But now many of them are thinking of going to MFA, where at least three or more layers of authentication are actually being used.

*Almost all banks now use some sort of AI or ML based technology to keep track of any fraudulent activity happens on your account.  This is especially great when a company has become a victim of a Business Email Compromise (BEC) attack, and the victim is conned to sending out millions of dollars to some phony, offshore account.

*Opening a basic bank account today requires more paperwork and forms of ID than ever before.  In fact, if you are a new business trying to open a bank account, the scrutinization increased even more.

*Many online banking portals now require their customers, from time to time, to refresh their answers to the challenge/response security features.

*If you are at online store, and make a large purchase that is out of the norm of your baseline spending, it is highly likely that the credit card company will halt that purchase, and contact you directly to confirm that you are actually making that transaction.

*The banking system at least here in the United States, is being watched all of the time by regulatory officials that represent the various laws, such as that of the GDPR, CCPA, and other data privacy laws.  Because of this, banks always have to make sure that they have adequate controls in place to safeguard your money.

But despite all of this, there are two main areas of concern that still hound the banking system:

*With everything going all digital, if your needs are simple, and have all of the necessary docs and IDs in place, you can even open up a bank account online.  Because of this, there is now a huge explosion of customer information and data must be stored securely.  Trying to keep up with all of this has been a big battle.  But the banks have no choice here, if they do not come into compliance, they will face a time exhausting audit and even stiff financial penalties.

*Because of the digital trend, banks here in the United States have now become even more dependent upon third party vendors to outsource some of the business ops to.  So now comes the question as to who can be trusted and who can’t when trying to make a decision on vendor selection.

In attempt to resolve the last issue, many banks have now started to partner up with Financial Technology companies.  In a way, they can be compared to the MSP of the Cyber Industry.  Because of the finance commonality, there is an inherent layer of trust, which makes it easier for a bank to outsource some of their business functions to.  Consider some of these stats:

*65% of banks have partnered with a FinTech firm;

*35% of them have intentions to form a business relationship with a FinTech firm;

*An over whelming 89% of the banks polled claimed that forming a partnership with a FinTech firm is important to them.

More information about this can be seen at the link below:

https://19538404.fs1.hubspotusercontent-na1.net/hubfs/19538404/220110%20SYNCTERA%20Bank-Fintech%20Partnerships.pdf?__hstc=197324528.a494842efb2e954db50418a9a75b93cc.1651076748563.1656253782972.1656265273139.8&__hssc=&hsCtaTracking=892e1abe-b4be-40c9-bb79-ddb6ad3bd7b6%7C67567be7-c1b8-46e0-920c-055220cf93f2

My Thoughts On This:

While I think it is great to see our banking system so dedicated to Cybersecurity, the threat vectors will always abound.  For example, just in the last year alone, 300 million Americans were impacted by some sort of security breach at their financial institution. 

In the end, there is only so much that a bank can do to protect you.  Ultimately it is important that you “CYA” and be proactive on keeping track of them.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...