Can Zero Trust Redeem Fintech?

Though the ripples are gentler than they once were, the wake of the 2008 financial crisis is still felt today. Financial regulators around the world have since adopted laws that increase transparency and scrutiny alike, making it difficult for traditional banks to operate as opaquely they once did. This has opened the market-wide for tech-assisted financial services that people like to refer to as fintech.

It’s a mistake to assume that fintech innovations come from independent programmers or garage development shops, though it has lowered the barriers to entry for providing financial services. Almost all of the world’s biggest banks and institutions invest heavily in fintech for their own products in order to stay competitive, and accordingly the market is enormous, estimated to claim upwards of $4.7 trillion of the sector’s total revenue

However, opening a market may also mean exposing something within it, and alongside a rash of serious breaches in the last decade, fintech’s pace of innovation is now threatened by its inability to be a trustworthy custodian of customer data.

Technology Both a Catalyst and a Cure

The fintech sector is responsible for many new ideas. Some of them are improved versions of products and investment instruments that we already have. For example, an online lender can use an algorithm to match someone’s credit profile with applicable lenders, and within 24 hours complete a credit check, and approves the loan. Other ideas, like crowdfunding, robo-advisors, and mobile payments, are entirely new and can only have come into existence with modern technology. 

Despite the increased convenience of fintech services, customers are increasingly concerned about the handling of their personal and financial data. The July 2020 breach of Dave, a US-based fintech, exposed the details of 7.5 million users on the darkweb. Additional data breaches in the sector have perked up regulators’ ears as well.

When using fintech services, you must enter your credit and identification details into an online database. This information trades hands, and is processed and sometimes even stored or shared externally. While it may result in a loan approval 100 times faster than going to your local bank, meeting with a loan agent, and filling out forms, fintech comes with risks that customers shouldn’t be forced to consider.

Even after GDPR laws went into effect, cyberattacks on EU companies continued to increased to a rate of one attack every five minutes and damage is hurtful to customers, the fintech’s brand and their bottom line. For organizations in the sector, the innovation and the intricacy of data structures have resulted in growth, even while customer trust may lag behind. Regulations like GDPR and MiFID II are pushing against this notion, just in time for technology like Zero Trust security to provide an answer.

Zero Trust: Few Can Step Into the Vault

What makes a brick-and-mortar bank so safe? Because banks trust no one. Not visitors, not customers and not employees. Cameras watch all entrants and occupants. The bank’s money is tucked away behind layers of security, including many walls and floors. Only a few employees have access to the vault—where the customers’ most sensitive possessions are—and there are alarms everywhere.

So how can online financial services providers achieve this same level of security? 

Online finance companies and banks can regain the confidence of the market by using Zero Trust solutions. At a time when hackers are increasingly sophisticated, Zero-Trust Security solutions trust no one and grant access to network resources only after the identity of a user has been confirmed.

Zero Trust solutions offer the following technique to give IT teams control over which employees can access various parts of the network:

  • Segmented policy access: Zero Trust creates specific user access policies at the individual application and file level, rather than providing full access to any employee who has a password. Employees of financial institutions receive access to the least amount of sensitive resources required to do their jobs and no more. This significantly reduces the number of relevant targets for hackers and decreases potential impact of employees with less-than-ideal security habits. However access is often synonymous with speed, and banks that deliver high levels of customer service using “universal bankers” can rely on other aspects of Zero Trust.

  • Network monitoring: Monitoring the network activity of users is central aspect of Zero Trust and is the online equivalent of the cameras that watch and record all activity inside the brick-and-mortar bank. A central management dashboard reduces the manpower requirements of monitoring and can also funnel data to other processing tools that look for deeper insights. Suspicious activity is completely visible to IT, which can then access the threat and take mitigating action if necessary. Zero Trust also offers concrete proof or a historical record for insurance purposes and compliance reporting.

  • Secure network access: Multiple layers of identification and protection at the edge of the network requires employees to first connect through an application before granted access to network resources. Encrypted IPSec tunnels, provided by a standard enterprise VPNbusiness VPN, or IPsec VPN stretches across both the network and the cloud. Additional cybersecurity safeguards include automatic Wi-Fi protection (which cuts the internet off should the VPN connection fail), multi-factor authentication for additional device-based security, and web filtering tools that limit the access to potentially dangerous Internet content.

Trust is an Achilles Heel

With Zero Trust tools, IT teams at banks and fintech companies can safely abandon the antiquated defenses they posted at the network perimeter. Zero Trust lets them build a more agile, aggressive security apparatus that focuses on users and employees. This is important because financial breaches often occur due to employee sloppiness or negligence rather than an intrepid hacker genius. Two cases in point are Equifax’s failure to install a software patch affected 143 million people in the USA and JP Morgan’s failure to install 2-factor authentication on critical servers resulted in the exposure of the names, addresses, phone numbers and e-mail addresses of 83 million account holders. 

Since Hackers search endlessly in repetitive fashion across employees, devices, and systems for these kinds of human errors, Zero Trust not only makes gaps less common but also reduces their impact. It’s the type of safety net that helps organizations like healthcare providers and financial service providers and comply with industry regulations and meet customer expectations without reducing their pace of innovation.