Identity, Network Security, Governance, Risk and Compliance

Compliance, emerging technology will fuel financial tech funding in 2022

“Cash Money (part two)” by jtyerse is licensed under CC BY-NC-ND 2.0

In the face of heightened ransomware threats, U.S. financial firms and other equity partners will increasingly invest in financial technology (FinTech) firms, as they must mind their compliance demands in the coming year, according to industry experts.

According to Jennifer Pavlov, director of trade operations for EquityBee, a platform for helping people exercise their stock options, “Regulations in the FinTech industry are outdated.”

Know-your-customer (KYC) and anti-money-laundering (AML) will increasingly be managed via digital channels, Pavlov said, “rather than meeting in-person, to accommodate the state of the world with regards to the pandemic, but also to provide the industry with much-needed updating and automation.”

In the same vein, FinTech funding will hit “record highs,” according to Oded Golan, chief product officer of EquityBee, who predicted that the forthcoming Stripe IPO "will be the biggest IPO for a FinTech company. They will also get very favorable multipliers.”

Indeed, André Ferraz, founder and CEO of Incognia, believed these emerging financial technology and cybersecurity startups will see continued popularity in the face of growing financial digital access and transactions.

“We’ll see the heightening need [this year] for zero-factor authentication (0FA),” said Ferraz. Zero-factor authentication will give mobile financial users more security by removing the need for the user's input to prove their identity, leveraging device and location intelligence to authenticate users with no friction, distinguishing trusted users from fraudsters to prevent account takeover and fake accounts, Ferraz explained.

Similarly, PerimeterX co-founder and CTO Ido Safruti said that as cybercriminals increasingly “find ways to bypass login checks, it is necessary to implement additional checkpoints that provide broader visibility and control over account activity.”

“The post-login wasteland has been barren for far too long, and this leaves unprotected territory for cybercriminals to take over,” Safruti said. “In 2022, we expect the financial industry, and all online businesses, to adopt solutions that address this issue. Understanding if a user is indeed who they say they are — and if their post-login activity is legitimate — will be key to maintaining accounts’ integrity.”

Arguably the weakest link in any security ecosystem is the human — both the employee and the customer. And despite valiant efforts to outfox bad actors with security technology, people are still falling for scams and often not keeping up with good security standards and practices. Hence, several experts believed that trend of cybercrime targeting humans will continue and increase — and financial firms will need to up their game, especially as more sophisticated hackers move upstream.

Daniel Schwalbe, chief information security officer (CISO) for DomainTools, pointed out that despite the recent boost in “self-service and online banking has been almost inescapable over the past decade, personal bankers are typically still available for high net-worth individuals.” He believed that black-hat hackers will increasingly target high net worth customers, especially the elderly, through “common social engineering tactics and impersonating their personal banker” to access their accounts and collect sensitive personal and financial information.

And, flipping the script, bad actors will increasingly reach out to investment professionals, traders, and financial advisors pretending to be legitimate customers. As Schwalbe points out, the on-going pandemic continues to provides a solid excuse why customers who typically visit the branch in-person might not want to (or be able to) even now that most have re-opened.

"A convincing phone call placed to the personal banker, impersonating a possibly ill client and utilizing the information gained from targeting the customer, might be just enough to not set off alarm bells,” he added. This, combined with the over-arching (and worsening) struggle to find and retain talent, especially in cybersecurity, Schwalbe and other experts believed that even the top financial firms will have to fight to keep good talent.

Wipfli Senior Manager Jim Rumph said the financial industry will “double down” on ensuring it has the right talent in place to secure their organizations, and get creative in how they find the right professionals, looking for gig workers and more focused outsourced talent such as outsourced CISOs. 

“Many a data breach has taught us that you may have the best tools and technology in the business,” said Rumph, “but if you don’t have a great team to configure and monitor those tools appropriately then you are wasting your resources.”

An In-Depth Guide to Identity

Get essential knowledge and practical strategies to fortify your identity security.

You can skip this ad in 5 seconds