The banking industry used to be a synonym for trust, responsibility and security. They are the people, after all, that look after our finances and allow us to prudently enhance, and safely access, our wealth. Bank staff were historically considered to be individuals of the highest integrity; professional pillars of our communities.
So what happened? Well, it’s complicated. But many will point to 2007 as an epoch in the history of the industry. It was the time of the financial crash, caused – for the most part – by ill-advised mortgage lending to “sub-prime” borrowers who were unable to service the mortgage payments as interest rates began to rise.
The interesting thing is that, arguably, the bank dalliance into “sub-prime” lending could track its genesis back to the regulatory and societal pressure exerted over them to grant basic banking access to those who had never been eligible for such facilities. The need for better financial inclusion for those who were either unbanked or under-served (i.e., unable to access the range of financial services they needed effectively) had gained prevalence across the global stage in the early 2000s and led to traditional banks providing facilities to those who would hitherto have been excluded as high risk. If only some of today’s more selective and prudent and pragmatic lending practices were deployed back then to accommodate those in this “gray zone.” Once entering the banking system many of the newly included customer cohort found themselves being offered products or services that were potentially beyond their means to service. Mortgages were one such example – banks believed they were well protected in the event of default because of the underlying asset but they reckoned without the crash of property prices.
It was the perfect storm and as the poor lending decisions unraveled, and financial institutions had to be shored up by public or additional shareholder funds, so were damaging scandals and revelations uncovered about past abject financial mismanagement and corruption right through to the highest levels of some organisations. Trust was irreparably broken.
Little wonder, then, that in the wake of the crisis there was a mounting, consumer- and regulator-fueled demand for a fundamental shake-up of the banking system. A need for greater innovation, new entrants, stronger competition, and the deployment of improved technology. In the early days of this new movement, financial technology (or FinTech) was considered to be the means of describing the operating systems of traditional banks, but FinTech soon become the watch word for those organisations challenging and disrupting legacy financial companies, especially through digitally led innovation.
These days FinTech is ubiquitous and organisations representing this new cadre of providers extend from neo-banks and mobile payment solutions, to accessible on-line investment companies and micro-finance providers, to crowd-funders and crypto-currency companies, and more. Traditional banks have, in some instances, tried to lay claim to the moniker too, recognising that some customer segments have a greater affinity with the digital agility which FinTech has come to represent, and in certain cases even buying into or setting up their own FinTech subsidiary.
The innovation, progress and disruption is palpable and the flames of change were further fanned by the more recent Open Banking initiatives, allowing non-account holding organisations to access non-credential based account data and, subject to consumer consent, to credential based data.
Greater choice and accessibility and technology enablement has got to be a great thing, right? Well, cautiously, yes. But, as Sir Winston Churchill once famously said, “Those who fail to learn from history are doomed to repeat it”. We saw, in the early 2000s, that the well meaning attempts at financial inclusion contributed to the unintended consequence of ill-fated sub-prime lending; and there is the very real risk that opening up financial services indiscriminately through the FinTech movement may have contributed to unforeseen exposures.
The sort of challenges that FinTech firms face are many and varied. They include data protection and data security vulnerabilities, adherence to compliance (especially where some FinTechs are not directly regulated but are playing in a highly regulated space), and adequate authentication. Each of these can present a real and present fraud risk. Indeed these days any individual or organisation has to be acutely wary of remote, digital attacks. And, of course, cyber-attacks are ever-more frequently the vehicle of choice for the mischievous, the nefarious and the downright criminal as they seek to infiltrate, frustrate and gain advantage; and data, its (secure) access and availability has become the new currency, data compromise the oil of the criminal wheels, and data breach one of the greatest challenges to organisational resilience, confidence and even existence.
New entrants to any market are often, by the criminal fraternity, considered likely to have lesser defenses and be more susceptible to manipulation or attack. That may not always be true, and this “newbie” view is not unique to the field of FinTech, but it has put a very sharp focus on the thoroughness and comprehensiveness of FinTech capabilities.
So where are the vulnerabilities manifesting themselves and what can be done to stop them?
A broader landscape of financial services players and a more open approach to account data access and payment initiation and fulfilment essentially increases the potential attack surface for a criminal to target. Thus, it is important that customers are fully authenticated when making payments or sharing credential based data, and that there is confidence customers have not been duped or socially engineered into making payments or disclosures which they do not understand or have not intended.
The good thing is that organisations like GDS Link are expertly placed to help assure the FinTech and the traditional banking environments. We empower financial services by helping to positively validate credentials, check that assertions made by the consumers are verifiable, and ensure that the consumer can be authenticated through two independent factors (something they have, something they know, or something they are). This is all done seamlessly and with the minimum of friction. But, more than that, our ModellicaPro AI Fraud Scoring Platform enables a level of confidence in the security of the channel in which an access or payment request is being made, and calibrates the veracity of the activity based upon expert models and customer profiles.
As the fraudsters morph and adapt to the new financial services environment so we stand ready to defend. Request a demo today to learn more.
This blog post was written by Brian Kinch, GDS Link’s Managing Director of Fraud Solutions.