Date
6 December 2016
The Hong Kong Monetary Authority has issued a formal circular to all banks requiring them to implement tighter cyber security standards. Photo: theengineer.com
The Hong Kong Monetary Authority has issued a formal circular to all banks requiring them to implement tighter cyber security standards. Photo: theengineer.com

Cyber security risks threaten fintech industry

Financial technology, or fintech, has reached a tipping point.

A growing number of financial institutions are becoming more aware of the many benefits of technology, from convenient services to real-time access, amid the proliferation of mobile devices and cloud computing.

According to Accenture’s analysis of CB Insights data, investments in fintech ventures in the Asia Pacific, primarily China, reached US$9.62 billion as of July 31, 2016 – more than twice the US$4.26 billion invested in the region in the whole of 2015.

The top 10 investments in fintech ventures in Asia Pacific were reported in China and Hong Kong, which accounted for 90 percent of all investments in the region.

Evidence of this growth is all around us.

According to PwC’s Global Economic Crime Survey 2016, the number of consumers using digital banking in the Asia Pacific reached 670 million in 2014, and is expected to increase to 1.7 billion by 2020.

The service has revolutionized the banking industry, leading to an average annual growth of 35 percent in online and mobile banking, while the use of traditional banking decreased by more than a quarter.

Is the banking industry being put at risk?

Fintech services offer huge convenience to daily activities, but recent incidents across Asia, in Hong Kong in particular, have drawn attention to the security risks associated with digital banking.

The Hong Kong Monetary Authority recently revealed that there are at least 22 online bank accounts in at least four banks that have reported unauthorized stock trading activities, involving a combined amount of HK$45.97 million.

Although the HKMA said that none of the cases reported resulted in any fund transfers to unregistered third parties (thanks to a double authentication process), there were nine cases that resulted in financial losses of HK$1.56 million.

For the banks, the fallout extends beyond just financial liability, and could have a lasting impact on everything from consumer trust to organizational reputation.

Is security awareness at a healthy level?

According to a recent study by F5 and The Asian Banker, 84 percent of financial firms now rank cyber threats as one of their top business risks.

Chief executives are increasingly concerned about the impact of such threats on their business, but less than half, 37 percent, of the organizations actually have a cyber incident response plan or policy in place.

Threats are becoming increasingly sophisticated and creative. The five most common threats organizations face are malware, web application attacks, point of sale attacks, insider compromise and distributed denial of service (DDoS) attacks.

End-users are being increasingly used as alternative channels for launching such attacks due to the sheer number of devices, many of which are unsecured.

Fortunately, awareness of these threats is growing, but it is still a cat-and-mouse game, with criminals switching tactics and inventing new methods of attacks regularly.

Prevention is better than mitigation

Regulators are aware of these threats, and they are taking steps to mitigate the risks.

The HKMA has announced the launch of a Cybersecurity Fortification Initiative (CFI) at the Cyber Security Summit 2016.

It issued a circular to all banks requiring them to implement the initiative, which is aimed at enhancing the protection of multiple banking channels.

For banks and financial institutions, strategies are needed that offer real-time threat identification, deep analysis and comprehensive protection due to the dynamic nature of their operations. They should stay vigilant and focus their effort on three items.

First, they need to prioritize real-time monitoring and prevention, to guard against malware and phishing attacks which are designed to steal identity, data and money at any time.

Second, they need to make sure that no end-point software or user involvement will be required and there is full transparency for security control.

Third, they also need a multi-device support, which means protecting transactions made on any devices or channels as every transaction can be at risk.

Cybercrime is the greatest threat that banks and financial institutions face today.

Careful planning and prompt action on security threats could mean the difference between business success or failure.

– Contact us at [email protected]

RT/CG

EJI Weekly Newsletter