An explosion of FinTech innovation has jump-started traditional financial institutions’ (FIs) digitization efforts. M&A initiatives and partnerships, Open Banking business models and data integrations, and significant investments in new, cloud-based products and services have legacy banks working intensely to meet customers’ digital demands.
Yet, each of these strategies to modernization is a double-edged sword, exposing a bank — and, thus, its partners and customers — to a new breed of fraud risks.
PYMNTS’ latest Digital Banking Tracker examines the latest trends and initiatives from the banking community to continue pressing forward into the future of financial services. As the Tracker revealed, though, this journey comes with security concerns that add a new level of complexity to banks’ digitization journeys.
This is especially true as banks’ customers expect their FIs to bear the burden of fraud protection. Customers, particularly consumers and small businesses, naturally blame the bank when fraud or data breaches occur, regardless of who is actually at fault — and fraud is a growing problem. In the U.K., for example, cyberattacks cost an estimated $10.74 billion for small businesses alone.
In addition, as Open Banking business models proliferate around the world (a direct response to customers’ demand for seamless interoperability between financial solutions), banks’ connections with third-party FinTech firms have introduced new avenues for fraudsters to infiltrate.
“Maintaining consumers’ trust is critical for FIs,” the Tracker said, “and it involves more than simply upgrading fraud detection systems.”
Innovation’s Security Downsides
PYMNTS’ latest Tracker noted that, while FinTech firms often position themselves on the cutting edge of technology, newer businesses may rely on less-developed security tools. Fraudsters, meanwhile, have been developing their strategies for years, enabling bad actors to find the weak points in new FinTech firms’ systems.
Furthermore, many of the newer players in the financial services market lack the capital necessary to bolster their security strategies. As a result, once a fraudster is able to infiltrate a FinTech firm, they could threaten its entire partner ecosystem — traditional banks included.
In addition to Open Banking, other industry trends like faster payments are keeping banks on their toes when it comes to security. Again, younger players on the market are at the greatest risk of security lapses, sometimes with the weakest ability to maintain the accelerated pace of payments fraud detection that faster payment initiatives demand.
“Larger banks can easily implement two-factor authentication and other effective security measures, but challengers must often wait years before they have the funds to implement sophisticated anti-fraud technologies,” the Tracker stated. “Fraudsters, thus, rely on this technology gap to circumvent the strongest anti-fraud measures employed by established institutions.”
Big Banks’ Big Security Concerns
While larger, established FIs can find themselves with greater risk exposure as a result of their collaborations with smaller FinTech firms and challenger banks, those large FIs also grapple with new security challenges. (The Tracker pointed to recent, high-profile security breaches at Capital One and Wells Fargo, for example.) However, though large FIs have the capital to implement elevated security strategies, the sheer size and complexity of their back-office infrastructure make it more difficult to enact sweeping changes to internal operations than for younger, more nimble FinTech firms.
The future of the banking industry is one that embraces the Open Banking business model, speed, FinTech integrations and partnerships. While that shift indeed encourages innovation to more adequately meet customers’ demands, it is also changing the landscape of how financial service providers — large and small, traditional and not — tackle fraud.
Banks are not likely to divert away from the path of innovation that the financial services landscape is on. Yet, they must step up to address security and fraud risks, which are now more complex than ever.
“Cybercriminals are patient,” the Tracker warned, “and they can compromise an entire network if they identify even one weak spot. It is up to banks to ensure there are no vulnerabilities to find.”