31 C
Dhaka
Friday, March 29, 2024

Security in Fintech—Protecting the ecosystem to ensure economic excellence

  • Minaoar Hossain Tanzil

Following global economic trend and prospect, our promising FinTech industry in Bangladesh is going through a major transformation. It is revolutionizing the delivery of financial services in more innovative ways as opposed to the traditional methods in practice. However, as fast as it is evolving to shape the future, it is also becoming susceptible to threats and vulnerabilities from various persistent attacks, like identity theft, money laundering, mobile fraud, card cloning, ATM fraud, data breach, and so forth. Among these, the most common type of attack is bank and credit card fraud.

Recently Bangladesh Bank has warned of fraud in FinTech services. According to them, the service providers need to take prompt remedial measures to fight frauds and forgery and ensure public confidence in the financial systems. Taking timing into consideration, such warning came against the backdrop of rising trend in the FinTech ecosystem here. Security, without a doubt, is the most vital aspect of the FinTech ecosystem. From identity (account and card) to access (POS, ATM, e-commerce) there are certain areas that need to be addressed and enhanced to make the financial systems and services well-protected and resilient against cyberattacks, minimizing the risk of making it too complex and inconvenient for the customers.

In past few years, Bangladesh saw several card fraud incidents that shook the confidence of the customers and thereby put the stakeholders in a very difficult position to regain and retain that trust. Those incidents occurred for the magnetic stripe cards which offer very low security against fraud. A magnetic stripe card contains static data of the customer, and if that data is compromised, someone in possession of that data can create a clone card and use it to make a transaction at POS, ATM and online. Cloning a magnetic stripe card is also very easy and it does not require any sophisticate tool or instrument. The plain old cassette player can clone a card and do the damage.

The security drawbacks of a magnetic stripe card are addressed by the EMV technology. An EMV smartcard with a chip provides multitude of security against frauds in general. Unlike the static data of a magnetic stripe card, the smartcard uses dynamic data of the customer and enhances the security for both POS and ATM transactions.

To overcome the vulnerability in e-commerce transaction, certain measures need to be taken to make it secure. Among those, using OTP (One-Time Password) and dCVV (Dynamic Cardholder Verification Value) is proven to be very effective.

Security, however, in a digital financial service requires far greater prevention mechanisms to fight the fraud. Practical ways to protect such services and systems contain both hardware-based security (Hardware Security Module—HSM, Trusted Execution Environment—TEE) and software-based security (Host Card Emulation—HCE, Tokenization, Public Key Cryptography—PKI, Local Database Encryption—LDE, WhiteBox Cryptography, Secure Messaging, Secure Keyboard, Code Obfuscation, and so forth). Globally, cloud-based payment specifications by international payment brands (Visa, Mastercard, American Express) provide set of guidelines for the solution providers and application developers to build the system and application.

Providing FinTech services comes with a commitment of great vigilance for a service provider. But in practical that does not always happen. Security measures go overlooked for lack of dedication and to make trade-off with investment. This should not happen. There is no shortcut to achieve the standard level of security of the system and services without investing in it both mentally and financially. If otherwise, any future mishap and attack can be fatal and even costlier for them. Customers suffer, and along with them the solution providers too.

To ensure that the security measures are properly implemented, our central bank can play an important role. They should provide the policies and guidelines, as well as strictly monitor if those are implemented and practiced.

Kona Software Lab Limited, the Bangladesh office of the South Korean smartcard industry pioneer KONA I Co. Ltd., is working in Bangladesh since 2012. Being one of the top five banking card providers in the world, it is the only company that is operating its own-developed payment platform as a digital bank in South Korea. The platform was conceptualized and developed by Kona Software Lab Limited. The company has a strong presence in Bangladesh, boasting a pool of skilled research engineers, as well as the access and aptitude to bring in the state-of-the-art technologies that are ahead of time in terms of Bangladesh FinTech industry. The company envisions interoperability among the stakeholders of the ecosystem without having to compromise security, and believes that—in doing so, the ultimate economic excellence will be achieved.

The writer is the Managing Director of Kona Software Lab Limited

 

Fintech

Related Articles

CLOUD COMPUTING SECURITY

Cloud Computing Security Issues, Threats and Controls

0
Cloud Computing and service models  The official NIST definition (NIST 800-145) of cloud computing says, “Cloud Computing is a model for enabling ubiquitous, convenient, on-demand...
API and Open Banking

API and Open Banking: Way for New Service Innovation for Banks and FinTech Companies

0
The people who gathered at a hall room of a city hotel in last month had one thing in common—they all are working in...
ISO 2001

ISO 27002: 2022 Implementation vs Reality

0
After almost a decade, ISO27001: 2013 is going to publish its new iteration of ISO27001:2022 in second (2nd) Quarter this year1. But prior to...
Deepfakes: The Synthetic Media I want to believe

Deepfakes: The Synthetic Media I want to believe

0
What Are Deepfakes? A deepfake is a sort of "synthetic media," which refers to material (such as images, audio, and video) that has been modified...
The power of API platforms

The power of API platforms brings the open banking promise into sharper focus

0
Open banking is a global phenomenon whose merits are felt in virtually every time zone, including those in the Asia-Pacific region. In contrast to...
Blockchains Gaming and Collusion

“Blockchains: Gaming and Collusion- A Reading in Political Economy”:  Futuristic Exploration with Fact-based Analysis

0
In this digital age, it has become quite common for us to constantly remain mesmerized by fascinating technologies.  However, deeper thoughts about those technologies,...