A shakedown is happening in the financial world. While the traditional banking giants are struggling to retain customers, an emerging market of fintech companies are collecting them enmasss. In 2017, 13 fintech startups were valued at $1 billion or more, an achievement so rare Silicon Valley calls it unicorn status. A growing industry, their success lies in offering alternatives to conventional financial solutions through cryptocurrencies, online loans, and robo-advisors. Though it’s a rich tapestry of services that make up the fintech world, they’re united by one challenge: cybersecurity. Its unfettered growth on online platforms makes this industry uniquely vulnerable to security breaches.
Regulations can’t keep up with advancements.
The innovations of the fintech world are happening at lightspeed and few competitors can keep up — including regulating bodies. Part of the fintech platform’s success relies on this rapid pace.Unlike their slow and laborious counterpart in the country’s biggest banks, startups can adapt and change on a dime to evolve alongside its users’ needs and expectations.
They’re quick and flexible partly because they aren’t subject to the same regulatory rules as traditional financial services. The household brands of Chase and Bank of America are subject to the Basel Accord, a supervisory mandate that ensures sustainable growth for conventional institutions. There are no such regulations controlling the way startups conduct their business.
Good governance is profitable for most startups. Security that protects customers from breaches is a selling point — one that appeals to security-minded individuals worried how their personal banking information will be handled by relatively new and unknown companies. Proof that they’re taking the appropriate steps to defend its customers is just as important as the other features that set fintech startups apart from their traditional counterparts.
But as the gap between startups and financial regulations widen, there grows a risk for careless entrepreneurs to sidestep security altogether. As of yet, no official legislature is stopping them. These companies could prioritize getting to market as fast as possible, even if that means they have to sacrifice cybersecurity in order to do so.
Some fintechs follow a self-regulatory framework.
While many champions of fintech believe strict regulations would stifle the innovation powering the industry, others are already employing a self-regulatory framework to their platforms, so they can ensure risk-management and data privacy.
In collecting and storing personal information, client-facing fintech companies have to protect its customers first and foremost.The challenge then is the way they protect this data. Though they’re disrupting traditional financial channels, many of them have adopted bank-level security measures and fine-tuned them for their digital platforms.
State-licensed lenders, like MoneyKey for example, use industry standard secure socket layer (SSL) encryption and Verified Site Certificates to encrypt any information transmitted between customers and their servers. Acorns, a fintech company that automates savings, is protected by SIPC insurance and 256-bit SSL encryption. Meanwhile, Chime, a FIDC-insured online banking service, uses 128-bit AES encryption similar to the security used by the US’ biggest banks.
Perhaps not for altruistic reasons
Failure to offer these security measures promises imminent failure for careless fintech companies. The very nature of their convenient, online platforms makes it easy for its customers to leave. And don’t forget these companies service a plugged-in population who, with a few taps of their fingers, can leave an online review. Enough bad reviews can tarnish the company’s reputation. Potential customers shopping for mobile banks or direct lenders won’t click on a company if reviews warn them not to. When public trust in a startup wanes, it directly affects its bottom line.
Though they may not be held to the same regulations as traditional banks, they must follow privacy laws. If they don’t, they can suffer costly legal issues. Last year, some of the biggest US companies were hacked. Yahoo, Uber, and Equifax were separately targeted by cybercriminals in acts that exposed billions of customers’ personal information. While Uber and Equifax are stilling settling in court, Yahoo had to pay $350 million in damages for its breach.
Nearly a third of a billion dollars is a big incentive for companies to see to their security policies. The legal consequences of a lax security policy — plus the potential loss of business — should inspire startups to invest some of that venture capital money into their security. And as the industry grows, so will their defence against breaches.