Nothing to Hide
The FinTech industry is growing steadily, adapting to the new consumer trends with smooth and accessible transactions. With this, concerns around data privacy and protection have also risen.
The data being shared with these FinTech platforms is extremely sensitive, some including bank account details, bank statements, and PAN numbers. This data is way more risky and crucial than the data gathered by any social media platforms used by us. With everything being just one click away because of the magic of the Internet, the online financial services industry has developed several data protection laws. However, there’s a lack of an average user’s awareness and understanding of these laws along with the affiliated powers to take corrective measures. Users need to be aware of how their data is being used, with who is it being shared, and how are others benefitting from it.
Data as a New Revenue Model
FinTech Companies do not necessarily have to limit their profits from offerings and income management. They have also started using the data of the users as a source of revenue. These companies have made every transaction just a click away and users are willing to share their data to get these exceptional services at a nominal fee. This data shared by the users is nothing but a gold mine for companies that plan to launch new products or services into the market. These products or services could range from financial services to consumer products or any other good. Before launching their product, these companies are keen to get data on:
Needs and wants of consumers
The purchasing power of consumers
Consumers’ perception of the product
How willing would they be to invest in such products?
Personally Identifiable Information (PII)
Financial Profile Info
Access to this kind of information and insights into the customers’ financial behavior can help a company make modifications to their products and get higher profits in the long run. As a result, FinTech companies all around the world are capturing such data so that they can sell it to such third parties and generate more revenue.
These companies hoard data like monitoring users’ spending patterns, credit cards used by them, the kind of transactions they incur, etc, that is of significant importance for certain companies to drastically increase their ROI in the long term.
Consumers are, however, now getting aware of how their data is being used. As a result, they are becoming less comfortable with using FinTech companies and sharing their data. In their eyes, only banks have a fundamental upper hand in trust and transparency. A report from nCipher Security found that purchasers still overwhelmingly trust banks with their data more than they do different FinTech companies. Simultaneously, trust is winding down for innovation, with 36% of customers less open to sharing data now than as per year prior, as per PwC. As a consequence, many people will continue to use banks to carry out their financial transactions.
Customer data serves as a spectacular tool that helps such companies to provide a user-friendly platform and efficiently cater to customer needs. But, as it is said, with great power comes great responsibility. The privacy and security of the customer must be respected at all times. For example, the customer spending habits analysis can provide the companies with the key to gain customer trust and develop a personalized road map to better manage their finances. But if this information is shared with third parties, without the customer’s informed consent, to gain more revenues, then there is a breach of trust and transparency.
Big Tech companies like Google are planning to get into the financial sector as well. But what happens when we have Google as our bank? We will start getting ads based on our recent spendings and purchases like we see ads based on our recent searches. The monitoring of our data at all times will enable it to start predicting our needs and wants even before we knew they existed.
Data aggregators -- or the middlemen -- called the “screen scrapers” like Plaid and Yodlee are used by almost all financial apps like Venmo and Betterment to automatically gather a customer’s account information from their bank’s website. Most financial app users are unaware of the existence of these middlemen. Users sign over the right for these screen scrapers to pull out information using a user’s bank account username and password when they do business with such companies. This enables the aggregators to have access to more classified information. They have access to all information visible to the user when they log on to the financial app/website like transaction history and account balance. Oversight of these aggregators is essential for the existence of an open financial ecosystem. It is a system that gives customers the right to share their information with authorized third parties that can carry out menial tasks like payment of installments on the customer’s behalf. When crucial information is available to such middlemen, it becomes difficult to stop selling data for revenue to other parties. It also results in increased fraudulent activities. There have been cases of synthetic identities and the takeover of accounts via FinTech platforms. Cybercriminals are then able to initiate ostensibly legitimate financial activity and exploiting the platforms’ integration.
To protect the user’s from such fraudulent activities, financial institutions must track the source of a transaction and if they are unable to do so, they must cut off the translation. Connections to FinTech apps are to be made safely and securely. Companies like PNC have already started limiting the data accessible to the aggregators by using customer-provided login information and incorporating additional security measures.
Some other measures Fintech companies should take include:
Use P2P encryption payment frameworks
Point-to-point encryption is crucial for the protection of the information flowing from the customer to the financial company.
Take a financially savvy simple methodology
For example, classification of data based on its nature and encryption of sensitive data. This would ensure the protection of all the sensitive data, in case it gets into the wrong hands.
Develop a safe network and maintain a firewall design
It ensures the protection of cardholder data that must be protected when it is at rest, and more importantly, it should be encrypted when in transit across open networks.
Create and keep up secure frameworks and applications
Applications including anti-viruses protect against hackers. Along with these, security frameworks like restrictions on what can be downloaded by the employees can protect against such threats.
Carry out solid access control measures
For example, restriction to physical access to the information of the cardholder. This will enhance the security of sensitive information.
Use SIEM and PAM Frameworks
Security Information and Event Management (SIEM) Systems helps by processing and correlating the alerts coming from multiple security systems. A PAM tool makes us more secure since it provides a fast return on investment (ROI) in the challenge of incidents related to privileged accounts. They can be efficiently and easily integrated into Security Operations Center (SOC) environments.
Consumers must take a few precautions to protect themselves like:
Use a full-administration web security suite
It helps to protect a customer’s financial information when a person goes online by providing real-time protection against malware and viruses.
Use solid passwords
Using different and complex passwords for different websites and regularly updating them are important measures to ensure the safety of one’s own data.
Keep your software updated
Internet security software and operating systems must be updated regularly to overcome any known flaws or shortcomings that might be exploited by cybercriminals.
Be careful with your social media settings
Sharing a lot of private information publicly on social media platforms can serve as the answer key to some of the common security questions to access your financial accounts (for example, your pet name, etc.).
Utilize a VPN
A VPN or virtual private network guards our personal data especially while accessing a public Wi-Fi network.
Watch out for the children
Cybercriminals often target children since their credit scores often represent a clean slate. Thus, it becomes important to protect them with greater care.
With financial services and their security getting stronger, so are hackers. Thus, it is important to take a few security measures and practices on our end to ensure the safety of our data.
Personalized experience and a safe, secure, and transparent collection of data are the key factors to gaining customer trust. Everybody wins when there’s a right balance between ethical usage of data and superior user experience and services.
Picture Credits: @ashaghedia, Freepik
Steggall, Richard. “Fintech Companies Must Balance the Pursuit of Profit against Ethical Data Usage.” TechCrunch, TechCrunch, 19 Feb. 2021, techcrunch.com/2021/02/19/fintech-companies-must-balance-the-pursuit-of-profit-against-ethical-data-usage/.
Guida, Victoria. “Banks, Fintech Startups Clash over 'the New Oil' - Your Data.” POLITICO, POLITICO, 7 Feb. 2020, www.politico.com/news/2020/02/07/banks-fintech-startups-clash-over-the-new-oil-your-data-112188.
User, Guest. “What Data Do Canadian Fintech Companies Collect About You?” Mine, Mine, 27 May 2021, blog.saymine.com/blog-1/what-data-do-canadian-fintechs-collect-september-2020-.
“Data as the New Revenue Source for FinTech.” LendFoundry, 16 July 2020, lendfoundry.com/data-as-the-new-revenue-source-for-fintech/.
“Data Security in Fintech: PII and PCI.” Paymentsmith, 10 July 2020, paymentsmith.com/data-security-in-fintech-pii-and-pci/.