The future of Cyber Security in the Fintech Era
Fintech is a great ecosystem. It has managed to disrupt the old-fashioned finance bubble while also making people realize that money exchange, investments, insurance, and other financial services are going to be totally different in the next 5–10 years.
The old companies are terrified. They are doing everything they can to slow down this disruption and maybe even take part in it. But to me it seems that they don’t really understand this new game. It’s not about creating a mobile app for remote bank access — this disruption is about doing things differently from scratch. It’s about peer-to-peer payment and landing with no middleman. It’s about purchasing insurance in 3 minutes using chatbots with full transparency. It’s about replacing physical money with virtual digital coins.
When it comes to cyber security, we might feel that this new finance evolution could jeopardize our money. But the truth is that your money is not safe in the bank either. Bank systems are so old that it’s like a child game for attackers. In Israel, for example, there are approximately 10 banks, and if 1 of the big 5 is seriously hacked, it could be a huge disaster to the economy here.
The opposite example is having too many banks like in the US, where they have around 7,000. How many of them are really secure enough to not be breached? Maybe 100 IMHO.
Let’s take for example the SWIFT system, which was established 40 years ago. The motivation was clear: there was a need to send cross-border messages between financial organizations for money transfer and other financial needs. But from a security point of view, the current SWIFT system is based on code that was written in the early 2000’s. How secure can that be? The answer, of course, is that it’s not, and we already encountered in the last 2 years many SWIFT hacking incidents.
So what are the current cyber threats for the this new Fintech world?
When you think about the Fintech space, it’s usually young startup companies trying to disrupt some specific financial service problem. Now if you have experience with the startup nature, you know that the way it works for the first 2–4 years is that you have limited amount of money and therefore limited developers “power”. That makes your code not as secure as you wanted. The board of directors and the investors are mainly concerned about increasing sales and traffic, and they have this naive notion that you hire good developers and immediately get secure code! Obviously, that’s not the way it works. You need to spend significant time on creating unit testing and dedicate QA people to create less breakable and secure code. As a result you get from an end-user perspective non-100%-secure software which your money is in it and it can be hacked any minute.
Blockchain, Bitcoin and Ethereum
To me, the most exciting thing in Fintech right now is blockchain. We finally have the potential to get rid of banks and other middlemen using this amazing distributed model.
Finance is all about trust. If we think about the current model, we have physical money to buy stuff. The trust comes into action where the other person knows that with the same paid money he can buy food for his family. So using the same logic, if the public would have the same trust in digital coins, we can implement the same barter.
When it comes to cyber security, no software or system is bulletproof. Attackers have already started hacking bitcoin end-users and bitcoin exchanges. Right now, we have a few possible common attack vectors:
- Stealing end-users wallet’s private key.
- Stealing bitcoin exchange’s private keys.
- DDOS bitcoin miners and ISPs.
- Mathematics design issues and code flows.
Another bad impact from bitcoin is the ability to ransom users and companies (i.e. computer is encrypted and a ransom is demanded in bitcoin). This attack has proliferated because it’s very hard to trace back the bitcoin wallet source.
End-user identity is one of the most complex challenges for any product. User experience is very important for everyone, and it’s always a security tradeoff if a product decides to remove some authentication layer. Even a simple captcha object can make your users run away.
Now if someone steals your identity on Facebook, and you’re not Justin Bieber, the world is not going to collapse. But if it’s your bitcoin wallet and you migrate your entire USD to BTC, you risk being bankrupted.
Will Machine Learning and A.I. solve the Fintech cyber threats issues?
There’s no doubt that machine learning will improve our lives in many ways, whether it’s deep learning technology on autonomous cars or A.I. for better investment decisions.
As for cyber security, it’s not going to solve all problems and threats. There is always the human factor, who constantly doesn’t think and clicks any link he gets in his email. And the most important thing to remember about attackers is that they are going after the legitimate actions (e.g. using your legitimate credentials and copying the same flows you are doing as an end-user).
Long story short
We are living in a time where we see so many technological revolutions around us that make our lives better. Fintech is definitely one of them. But we can’t forget that cyber threats will continue to evolve to this new world as well. So we must minimize the impact and think constantly about progress.