Why cloud-based payment encryption services can allow global FinTechs to build rapidly and securely

Over the past two years financial technology (FinTech) has been expanding rapidly, both as an industry and across the world. We are seeing new FinTechs founded in sub-Saharan Africa and cities like Tel Aviv, Stockholm and Hangzhou are beginning to encroach on New York, London and San Francisco as major hubs of innovation.

However, irrespective of where they are in the world these companies are vulnerable to cyber-attacks and deploying the kind of encryption and security technology that major banks use is costly and requires technical expertise.

The global spread of FinTech is of course a major boon to the people in these areas. Payments technology (PayTech) has not developed evenly around the world, and while in the developed west we might see the story of payments moving from cash to cards to digital devices, many developing countries have skipped cards and now mobile payments are the standard.

FinTech companies and governments often work hand-in-hand in countries like India and China to create payment infrastructures that in many cases eclipse western equivalents in terms of usage and functionality – 92% of people in China’s largest cities use the WeChat Pay or Alipay apps as their primary means of payment, while in  the UK only 19% of people use any kind of mobile payments. This is perhaps due to challenger banks like Starling, Monzo and Revolut pushing the features of plastic payment cards as far as they can go while providing the ‘super app’ functionality found in Alipay and others.

Other global FinTechs have much more modest goals than providing the financial hub for your entire life, but are no less important, such as companies providing micro-lending or small business loans, or apps that utilise Open Banking standards to organise a customer’s finances and find them savings. The result is a wide and varied ecosystem ranging from start-ups to fully funded unicorns, and security is a problem for them all.

The global problem of cybercrime in FinTech

Cybercrime cost the world $1 trillion dollars in 2020, more than the combined costs of all natural disasters and the cost of adapting to climate change, and this number is only going to rise. The cost of a single data breach is as high as $3.86 million and breaches can take as long as 207 days to identify.

Although the global pandemic helped FinTech companies by showing many people that they could easily administer their financial lives from their phone and pay for goods and services without cash, it also drastically increased the number and sophistication of cybercrime. To criminals, FinTech companies may seem like low-hanging fruit when compared to banks. Both keep and process customer payment data, including bank details, but banks have extensive security operations – one survey shows that banks spent on average 10.9% of their IT budget on cybersecurity, and this is growing every year.

FinTech companies will have the same challenges but significantly lower budgets which leads to a situation in which criminals perceive them as weak and are more likely to target them, increasing their need for cybersecurity when they are least able to satisfy that need.

This is a particular problem for companies based outside of the traditional tech hubs, and doubly so for start-ups in the developing world. There is already a skills shortage in the cybersecurity industry, and the limited number of experienced professionals know that they are more likely to get high-paying jobs in the world’s major tech hubs than those cities that are still developing their FinTech industries. This leaves the younger companies who need the most support without the critical skills that they need.

Bridging the gap with cloud-based encryption

The recent pandemic has accelerated the use of cloud-based systems in the financial world and increased the use of cloud systems by FinTechs, 55% of which say they use multiple clouds.

Cloud technology has clear advantages for FinTechs: it can be deployed quickly without the need for new hardware, it scales to meet surges in demand, backs up all of a company’s data and can be paid for monthly rather than as a single expensive purchase. The other main advantage of cloud-based services is that they allow smaller companies to deploy the same level of security and compliance that is used by much larger companies at a fraction of the price.

While it is true that payment hardware security modules deployed in data centres will give a company maximum protection through, for example, encrypting cardholder sensitive data such as PIN’s during card present transactions and CVV validation for card-not-present transactions, they can be costly and require specific expertise to manage, presenting a real barrier to entry for FinTechs.

The use of a Payment HSMs in the financial services industry is mandated by PCI Security Requirements and are a fundamental requirement to become PCI PIN compliant. With a stretched budget, FinTech’s may attempt to cut corners, however cloud-based services allow smaller companies to deploy encryption, PCI standards and tier-one payment security, all handled by experts via a fully managed service. This means that start-ups can focus on their core business knowing that security and compliance is taken care of, which in today’s cybersecurity climate will be a major relief for the company and their customers.

To learn more, watch our latest webinar: Breaking Down the Barriers to Cloud-based Payments Solutions