In the world of financial services, data security is a huge raised question from consumers. Whether they are utilizing a large bank or a smaller Fintech company or some combination of the two, consumers want to be sure that their money and identity is in safe-hands. With the ever changing world of technology, security gets stronger – but so do hackers. With press about corporations being hacked in the news weekly, there is a stronger need than ever for best security practices for consumers and for businesses.
In the Current World of Data Breaches
Last week LabCorp, one of the largest clinical laboratory networks in the world, was data breached by an unknown source. Investigative reports note that 7.7 million consumers were affected by this security breach, which happened through a third-party collections firm named American Medical Collection Agency, also known as AMCA. Information exposed included names, addresses, dates of birth and balance information…with credit card and bank account credentials of LabCorp patients.
“We hired a third-party external forensics firm to investigate any potential security breach in our systems, migrated our web payments portal services to a third-party vendor, and retained additional experts to advise on, and implement, steps to increase our systems’ security,” the statement said. “We have also advised law enforcement of this incident. We remain committed to our system’s security, data privacy, and the protection of personal information.”
According to the statement, AMCA took down its web payments page after “receiving information from a security compliance firm that works with credit card companies of a possible security compromise” and conducting an internal review. However, companies and consumers can’t just assume it’s a LabCorp / AMCA issue. From Adidas (two million records compromised) to Facebook (up to two billion accounts scraped), 2018 has seen more than its fair share of massive global data breaches.
A report by digital security specialists Gemalto reveals that 945 data breaches led to a staggering 4.5 billion data records being compromised worldwide in the first half of 2018, with the total number of breaches down year-on-year — but the number of records compromised up 133 percent as the severity of incident rises. The severity of incident rises when more personal PII information is breached, because this is the information that can allow an outsider access to another’s financials. How then, you’re probably wondering, are businesses taking precautions to make sure this doesn’t happen?
Security in the Financial Industry
Cybersecurity issues are becoming a day-to-day struggle for financial businesses. We all know that cyber-attacks on businesses are driven by the desire for money. Where better to find it than in the fintech industry?
The Fintech industry is constantly going through a transitional period as they adapt to new consumer trends that demand more accessibility and streamlined transactions. Today, consumers expect to be able to pay bills, get loans, receive financial advice, and manage their money online, primarily through SaaS cloud solutions and applications.
Consumers also expect banks and other financial services companies to provide an expert level of security when it comes to their sensitive data, and rightfully so. These companies possess a wealth of personally identifiable information (PII) and payment card industry (PCI) data, such as social security numbers, credit card numbers, birthdates, addresses, phone numbers, credit scores, and more. With this data, cyber criminals can open up bank and credit card accounts, file tax returns, and spend your every penny.
With this being said, it’s important for all Fintech companies to take into measure the exercises below to prevent attacks while still providing customers with the service they expect. Read on to learn about 7 steps Fintech companies should take to ensure security for its customers.
7 Security Steps Fintech Companies Should Take
1. Mandate compliance to PCI-DSS
The requirements within the PA-DSS are designed to ensure that vendors provide products which support merchants’ efforts to maintain PCI-DSS compliance and eliminate the storage of sensitive cardholder data.
2. Use P2P encryption payment systems
Point to point encryption is important for businesses to understand because it speaks to the security of the data flowing from the customer to the credit card processing company.
3. Take a cost effective back to basics approach
This is to protect their most sensitive data. This can be achieved by classifying all data and encrypting all data deemed sensitive. No matter the breach, this would ensure all sensitive data in unreadable in the wrong hands.
4. Build a secure network and maintain a firewall configuration
This protects cardholder data. Cardholder data must also be protected at rest and as importantly should be encrypted when in transit across open/public networks.
5. Develop and maintain secure systems (including anti-virus) and applications
Whilst regularly updating the software to fully manage vulnerabilities, this is a huge step in protecting hackers from entering your network. Applying restrictions on what employees can download can help protect against this as well.
6. Implement strong access control measures
This includes the restriction of physical access to cardholder data.
7. Utilize SIEM and PAM Systems.
Security information and event management (SIEM) systems have become integral to enterprise security management. These systems process and correlate the alerts coming from various security systems. However, there are limitations with SIEM tools. They rely on being fed only by system log messages, and they lack the contextual information on privileged user activity.
In the wake of a breach, PAM tools can help to promote incident management competence by adding information sources which are able to detect and analyse privileged user based attacks. Swift investigations and making rapid, well-informed decisions can prove challenging for organisations and require data in real-time to make clear the context of a suspicious event.
These tools also provide risk-based alerting as well as searchable, easy to interpret records about user activities. This way, analysts can quickly find the root cause of a problem. A PAM tool provides a fast return on investment (ROI) in the challenge of incidents related to privileged accounts. They can be easily and seamlessly integrated into security operations center (SOC) environments, making security operations much more successful.
Now that you’ve learned more about how Fintech companies can protect themselves, it’s time to be up-to-date on what you can do to protect yourself as well.
7 Steps for a Consumer to Take to Protect Themselves
“Our Fintech company is taking all the steps to protect us, so we’re a safe…right?”
Wrong. There is always risk there and as a consumer you can’t rely completely on the other parties to do their part – you have to do yours as well! Safe practices like making highly-secure, differentiated passwords for your accounts as well as being up-to-date on security efforts are great ways to maintain security for yourself. Here’s a list of the 7 best practices for consumers to take to secure your PII and PCI information.
1. Use a full-service internet security suite
Internet security provides real-time protection against existing and emerging malware including ransomware and viruses, and helps protect your private and financial information when you go online.
2. Use strong passwords
Don’t repeat your passwords on different sites, and change your passwords regularly. Make them complex. That means using a combination of at least 10 letters, numbers, and symbols. A password management application, like 1Password, can help you to keep your passwords locked down.
3. Keep your software updated
This is especially important with your operating systems and internet security software. Cybercriminals frequently use known exploits, or flaws, in your software to gain access to your system. Patching those exploits and flaws can make it less likely that you’ll become a cybercrime target.
4. Manage your social media settings
Keep your personal and private information locked down. Cybercriminals can often get your personal information with just a few data points, so the less you share publicly, the better. For instance, if you post your pet’s name or reveal your mother’s maiden name, you might expose the answers to two common security questions.
5. Keep up to date on security breaches
If you do business with a merchant or have an account on a website that’s been impacted by a security breach, find out what information the hackers accessed and change your password immediately.
6. Use a VPN
You might be tricked into giving personal information over the internet, for instance, or a thief might steal your mail to access account information. That’s why it’s important to guard your personal data. A VPN — short for virtual private network — can also help to protect the data you send and receive online, especially when accessing the internet on public Wi-Fi.
7. Keep an eye on the kids
Just like you’ll want to talk to your kids about the internet, you’ll also want to help protect them against hackers. Identity thieves often target children because their Social Security number and credit histories frequently represent a clean slate.
In conclusion, if a company is taking the proper precautions to stay up-to-date with security trends and tools, then they are largely reducing their risk of a harmful breach. If not, they are not only risking their customers to fraud and liability – but also themselves to large sum liabilities and detrimental business press. Either way, these protective steps are not a guarantee that you’re not at risk for breaches. That’s why consumers should follow steps to protect themselves as well. If you believe that you’ve become a victim of cybercrime, you need to alert the local police and, in some cases, the FBI and the Federal Trade Commission.