Although innovation in fintech is an exciting time, not everything that’s shiny should be seen as safe, and breakthroughs should be regarded with as much cybersecurity speculation as their predecessors.
In light of this, here Marc Pell, CTO of Tempcover, discusses how steps forward by the industry still leave room for cybersecurity concerns to remain. Pell highlights the prevalence of these concerns, and how consumers might seek to better protect themselves.
Financial products and services are more readily available and easily accessible than ever before with the rapid advancement of fintech innovation. This undoubtedly benefits consumers with more personalised products, available within a faster turnaround time, and at a more competitive price. But there are always two sides to every coin, and when innovative new technology is created to benefit the end-user, it can also be used to exploit them.
Looking at the world of insurance, InsurTech has made great strides in making policies more flexible to suit the needs of the customer. Take temporary car insurance for example, where customers can take out comprehensive policies lasting anywhere from one hour to 28 days – with full cover available within 90 seconds following a few clicks online. But as the demand for hassle-free insurance policies rises among consumers, it presents an opportunity for fraudsters to take advantage.
‘Ghost Broking’ is a growing scam that involves fraudsters posing as brokers who target young and new drivers on social media platforms to entice them with bogus deals that are too good to be true. In fact, the Insurance Fraud Bureau (IFB) received over 21,000 reports of fraudulent motor insurance policies in the past 12 months which could be linked to ghost broking.
According to the IFB, its percentage of investigations into ghost broking have doubled in recent years, warning that tens of thousands of motorists could unwittingly be driving with fraudulent cover and will face serious consequences if caught by the police.
The best form of defence against being exploited is education and a healthy attitude of doubt. Users should be checking provenance in the form of publicly available information such as user reviews, FCA registration status and performing a good old-fashioned Google search to look for any news articles that might inform as to the company’s prior misdeeds.
As an industry, we can only eliminate the scourge of predatory fraudsters by working together to educate potential customers on the perils of unrealistically cheap policies through clear product guides, a transparent quote and buy process, and easily-digestible policy terms and conditions.
The growing threat of cybercrime
According to the UK National Cyber Security Centre’s Annual Review, it handled an unprecedented 777 incidents in the last year – a rise from 723 in 2020. It also received 5.4 million reports of malicious content to the Suspicious Email Reporting Service over the last 12 months – leading to the removal of more than 53,000 scams and 96,500 URLs.
This doesn’t come as a surprise to UK business tech leaders – almost two thirds (66 per cent) expect the threat from cyber criminals to increase over the next 12 months, a PwC report has shown. Another 64 per cent expect a jump in attacks on their cloud services over the next year, while a similar number (63 per cent) are increasing their cyber security budgets over the coming year.
The report went on to add that there is also now the added threat of ‘ransomware as a service’ in which ransomware developers lease out their malware in exchange for a share of the criminal profits. With that in mind, there is little wonder that fintech businesses, in particular, are investing more time and resources into building security in a more convenient, UX-friendly manner.
A common method of securing fintech apps is to build mobile-friendly authentication into the process by utilising techniques such as SMS authentication codes and biometrics. Facial recognition is a prime example of a security feature that is used equally as a security and convenience play, thus incentivising security in users. In the InsurTech sector, we have witnessed first-hand the benefit such techniques can have, not only on keeping user accounts secure but also on the speed and completion rate of registration and authentication of app use.
Empowered consumers will identify the best fintech solutions for their personal needs
It goes without saying that the onus lies with fintech businesses to ensure that the highest levels of security are maintained across all of their products and user journeys. But a certain element of responsibility also lies with consumers, who must ensure that they protect their personal information by doing due diligence when looking for a new fintech product or service.
Personal security is an ever-moving target in a world of rapid-paced progression of technology, and the use of fintech is no exception. In terms of red flags to look out for, the answer is not always a simple one. Beyond the obvious research, there are common-sense processes to look out for and avoid. Having your password repeated back to you in plain text in customer communications or leakage of data without what feels like a sensible security check during customer service interactions are both examples of obvious warning signs that security is not at the heart of the firm.
Ultimately, we all form a perspective on how much we trust companies with our data, finances, and insurance cover. Users should take a moment to ask themselves whether they have rushed into a registration process on the promise of a shiny new app or an introductory offer, ensuring they have built an acceptable level of trust in their decision-making process.
In a fintech world where choice is commonplace, taking this moment to form an opinion on which fintech’s security is sufficient could be the difference between accessing your new, fit-for-purpose financial account and being burnt.