As a nonprofit committed to providing life-saving assistance in areas affected by conflict and natural disasters, Solidarités International faces increasing regulatory expectations from public donors. These include the United Nations, the US Bureau for Humanitarian Assistance (BHA), and European funding bodies. These expectations include rigorous AML screening of suppliers, staff, and local partners to ensure accountability and transparency.
FinScan for AML
Solidarités International’s decision to adopt FinScan followed a thorough selection process involving external advisors and peer recommendations from within the NGO community. Criteria such as workflow flexibility, user delegation, audit history, and alignment with data privacy standards were central to the evaluation. FinScan is now fully operational at Solidarités International’s headquarters.
“With FinScan, we’re able to delegate screening responsibilities across field missions while maintaining centralised oversight and data privacy. The responsiveness of the FinScan team and the tool’s intuitiveness and configurability have been key positives,” said Pierre DeSoil, IT Project Lead at Solidarités International. “Our users picked up the system quickly and are more confident with the process.”
Designed to support complex compliance needs, FinScan helps organisations like Solidarités International meet donor due diligence requirements. It does this through customisable workflows, robust matching algorithms, and scalable deployment.
“We’re proud to support the mission of Solidarités International with a powerful, cloud-based AML solution that helps protect humanitarian aid from financial crime risk,” said Steve Maul, Chief Customer Officer at Innovative Systems. “Their dedication to both compliance and the communities they serve exemplifies how technology and purpose can align.”
About Solidarités International
Founded in 1980 and headquartered in Clichy, France, Solidarités International provides urgent humanitarian aid in conflict zones and disaster-stricken areas. Its core mission is to meet the vital needs of vulnerable populations—providing water, food, and shelter in life-threatening conditions. Learn more at https://www.solidarites.org/en/.
About FinScan
Trusted by hundreds of organisations worldwide, Innovative Systems, Inc.’s FinScan® offers advanced Anti-Money Laundering (AML) compliance technology and consulting solutions. Built on decades of experience in data management and proprietary matching technologies, FinScan provides a data-first, risk-based approach to ensure unparalleled accuracy and efficiency in identifying and reducing risk, accelerating AML compliance workflows, and optimising team productivity. FinScan’s comprehensive, integrated platform includes Know Your Customer (KYC), unparalleled sanctions screening, risk scoring, data quality, and advisory services for implementing a holistic compliance program. FinScan offers flexible deployment including SaaS, on-premise, and hybrid options. FinScan’s SaaS clients are screening more than 300 billion names a year. Learn more at www.finscan.com and follow us on LinkedIn.
Kristian Torode, Director & Co-Founder at Crystaline, on Closing the gap between digital convenience and regulatory compliance
SHARE THIS STORY
As financial firms adopt more digital tools – from instant messaging to video calls – the challenge of capturing, storing and monitoring every conversation in line with regulatory expectations for comms has grown exponentially.
With regulators demanding stricter oversight of all business comms, financial firms must now rethink how they manage messaging across every level of the organisation. Unifiesd Communications (UC) software can help financial service providers remain compliant.
A recent Theta Lake survey revealed that over 70 firms were fined in 2024 for failing to comply with communications regulations. What is more, almost two-thirds of financial firms anticipate even more regulatory requirements on communications in the coming years.
Consequences of Non-Compliance
While fines for failure to comply with comms regulations are more prevalent in the US, there have been several cases affecting financial services firms in the UK.
In August 2023, Morgan Stanley was fined £5.4 million by Ofgem, the UK’s energy regulator, after the bank’s traders discussed wholesale energy prices over WhatsApp on private devices. Use of the platform does not meet regulatory standards for data retention and monitoring, as financial service providers are unable to record these messages concerning energy trading.
Despite industry speculation, the UK Financial Conduct Authority (FCA) has chosen not to implement an outright ban on WhatsApp for business use. Instead, the FCA expects firms to implement policies and monitoring tools to ensure compliance when using such platforms. While this provides some flexibility, it puts the onus on firms to maintain secure and auditable communication records across emerging technologies.
Balancing security and convenience
For financial businesses, the challenge lies in finding a comms solution that is both secure and convenient. WhatsApp appeals to many due to its familiarity and features like group chats, voice calls and file sharing. However, while convenient, it presents serious risks in data privacy, security and compliance, making it unsuitable as a primary communication platform for highly regulated industries like finance.
To address these concerns, many firms are turning to UC platforms that integrate multiple communication tools. These include voice, video, instant messaging and file sharing across a single, secure interface. These platforms provide the convenience of more familiar tools such as WhatsApp while addressing compliance concerns.
Several UC providers now offer platforms tailored to highly regulated industries like finance. Many include security features such as end-to-end encryption, centralised access management and real-time monitoring. This can detect potential compliance breaches, offer built-in archiving for regulatory adherence and consent management to meet data protection requirements.
Digital business communications will continue to play a key role in the financial services sector, but not at the expense of traceability and data security. Unified Communications offers a secure, compliant platform for financial services without sacrificing convenience.
If your organisation is reassessing its communications strategy in light of evolving compliance demands, Crystaline can provide guidance on navigating the shift to unified communications.
With the right approach, cybersecurity can be contagious argues Galeal Zino, Founder & CEO at NetFoundry – a provider of zero-trust connectivity solutions and originator of the open source tool OpenZiti
SHARE THIS STORY
Modern financial services are composed of a digitally integrated secure ecosystem – networked together and codependent on ecosystem APIs, microservices and shared data. Complexity and ambiguity are high.
Sir Alex Younger, former head of the British Intelligence Service MI6 said recently that the job of the intelligence service is to dispel complexity and ambiguity.That would make a fine mission statement for the heads of information security in the financial sector.
Meeting a Complex Security Challenge
Most banks leverage core banking systems (CBS) from providers like Temenos, FIS and Finastra. This makes security complex. Connections are needed between the bank’s network and its CBS provider’s network. Traditionally, this necessitates nailing up VPNs. And managing permitted IP addresses in firewall ACLs, MPLS or dedicated circuit-based extranets. Also required are pre-shared certificates, shipping hardware, VDI and/or leaking routes. All of which have multiplied in complexity during digital transformation. And are about to multiply again with AI.
A different approach is secure-by-design. Rather than bolt-on the infrastructure described above, each session is strongly identified, authenticated and authorised. All before it is granted a virtual circuit on a network. This is similar to what the banks do internally with solutions for zero trust, but it is borderless. It works across their digital supply chains, including with their core banking platform and software providers.
One CBS leader, Euronet Worldwide, uses a third-party secure-by-design platform to enable their financial institution customers to connect to its core banking software. This is a great example of the supplier being proactive about their role in security. We’ll see this happen more as new legislation takes effect, the EU CRA. The Euronet example shows that it’s possible to remove some of the ambiguity from shared responsibility. Euronet’s secure-by-design system doesn’t just protect itself but makes every interaction with supply chain partners more secure.
Security designed-in for Financial Services
The same principles apply across financial services. Companies like Euronet can deploy their own zero trust supply chain connections, rather than putting the burden on their finance sector customers to figure it out. In large supply chain scenarios like CBS, this helps everyone. The reality now is that if the VPN of any one financial institution is compromised, then potentially all the banks who connect to the same CBS providers can be exploited. By removing complexity and ambiguity, Euronet is simplifying and securing the entire supply chain.
The big picture is that the WAN/SASE/firewall model is struggling in the post digital transformation, hyperconnected, soon to be AI- powered world. That model was built to secure the WAN. However, new workflows such as the financial supply chain are outside the borders of any single WAN. So, the precious SASE WAN gets connected to the internet via open firewall ports (ACLs) and vulnerable VPNs so the business can connect to supply chain partners. It’s like building a strong boat and then punching holes in it to get a better look at the water.
AI is the nail in the WAN coffin because AI multiplies and accelerates these workflows. They have at least one leg outside the WAN and it makes them less predictable and more dynamic. More complexity and ambiguity. Good luck connecting AI agents via VPNs and firewall ACLs.
Secure-by-Design Supply Chain
So, what does a secure-by-design supply chain look like and how can financial services identify viable migration paths?
The main characteristics are:
Close all inbound “listening” ports on all network firewalls and servers to make your DMZ unreachable from the underlay networks. Eliminate the reachable firewalls and VPN servers. No more holes beneath the waterline!
End-to-end zero trust between supply chain participants, meaning least-privileged access not just to the network or firewall, but all the way through to applications, APIs, servers and devices. Nothing can connect to anything else without strong identity, authentication and authorisation. This includes end-to end-encryption – no sharing of encryption keys with cloud security providers (which also helps ensure data sovereignty).
Microsegmentation, the ability to define in granular detail who or what has access to which applications, and to limit lateral movement in the event of a breach. In effect, every application session becomes a private network-of-one, and it is quarantined by design.
Rob Meakin, Director of Fraud & Identity at Creditinfo, on leveraging tech to tackle fraud
SHARE THIS STORY
Financial fraud is increasing around the world, putting both mature and emerging digital economies at risk. The overall global economic impact of financial crime has been estimated to be $5 trillion. Furthermore, according to the 2024 Nasdaq global financial crime report, fraud losses totalled $485.6 billion worldwide. This from fraud scams and bank fraud schemes alone. As such, organisations face a series of challenges, from eroding profit margins to reputational risks to data breaches.
Many factors contribute to this growing wave of fraud. For example, digitisation in banking has created new opportunities for bad actors. With more identity data existing online, attack surfaces have expanded. Hackers now have more possible entry points to exploit vulnerabilities.
At the same time, new technologies, like machine learning (ML), artificial intelligence (AI), and automation are enabling bad actors to innovate faster and evade detection more effectively. AI, in particular, is a double-edged sword. While many businesses use the technology to improve efficiency and decision-making, it also gives bad actors a helping hand. Deepfakes and social engineering, for example, enable them to impersonate individuals with uncanny realism.
Additionally, cybercrime – especially financial crime – is becoming more sophisticated. Today, over two-thirds of financial institutions admitting they’re unprepared to defend against the rising wave of attacks.
Counting the many costs of fraud
Rising fraud creates challenges at local, national, and global levels. Financial loss is, obviously, a primary concern. But financial loss is only part of the total cost of cybercrime. Fraud also brings reputational damage, increased risk of data breaches, and potential legal consequences.
As organisations devise new strategies to tackle rising fraud, they must also heed regulatory requirements. Namely, Anti-Money Laundering (AML) registration, as well as other standards for privacy and consent. These regulations create further challenges for organisations as they aim to uphold rigorous compliance requirements without impacting sales, operating costs, or the customer experience.
It’s time for a different approach to fraud detection
On both local and global levels, mounting fraud threatens economic growth. In its Plan for Change, the UK governmenthas recognised global co-operation will be necessary to tackle fraudsters. However, existing security strategies are too fragmented to suit the needs of diverse markets.
Emerging economies, for example, often lack mature controls, making them inherently vulnerable to hackers. Yet, with smaller digital infrastructures, they’re also less attractive targets for financial crime.
In contrast, more mature economies usually have stronger security defences. However, their larger digital ecosystems make them perhaps even more vulnerable to bad actors’ advances. After all, the more digital an economy becomes, the more fragmented and complex an individual’s identity and the more opportunities for bad actors to exploit or impersonate it.
Combatting fraud at a global scale requires going local
Considering the scale and sophistication of cybercrimes, combatting global fraud will require organisations to turn to localised data for more precise identity verification.
By integrating data from diverse, localised sources and tailoring fraud prevention strategies to market-specific risks, organisations can better detect fraud and establish identity trust. And in a way that both upholds the customer experience and promotes financial inclusion.
Combine credit, government, and digital data to enhance intelligence
Thwarting fraudsters begins with building intelligence to establish trust and verify presented identities. This is where localised data can help. By combining credit bureau data with government registries and digital signals, organisations can find a correlation across multiple digital identity attributes and digital risk signals to assess risk and enable real-time identity trust.
Credit bureau data associated with the presented identity can be used to determine risk and trust based on four vectors:
The bureau footprint: information comprising records from multiple contributing organisations
Activity history: evidence of recent and consistent payment activity
Data consistency: personal data stability
Application velocity: recent application history
Meanwhile, government information services and other registries can be incorporated to further cross-check the presented identity and strengthen verification.
By leveraging such a wide range of independent, localised data sources and correlating them with the presented identity attributes, organisations can significantly enhance intelligence to detect fraud without compromising the customer experience.
Tailor strategies to specific markets to support compliance and accessibility
It’s also important that organisations tailor their security and identity-verification strategies to the unique needs and maturity levels of specific markets. For example, in emerging economies, many people struggle to access financial services. This is often due to a lack of a formal credit history or other recognised financial records. Without this information, it can be a challenge for organisations to verify identity and reach trust decisions without inadvertently excluding legitimate users.
But by using localised data sources and market-specific strategies, organisations can make more informed decisions to bring more traditionally excluded parties into the financial system and promote broader financial inclusion without increasing risk or compromising security.
These targeted, market-specific fraud prevention strategies also help organisations with regulatory compliance. For example, for AML compliance, organisations must “identify, assess, and understand the money laundering and terrorist financing risk to which they are exposed.” Using localised data and market-specific strategies can help organisations meet this expectation by aligning fraud detection controls with region-specific threat intelligence.
Conclusion
Global financial crime continues to ramp up, creating new challenges for organisations to detect fraud, verify identities, and comply with regulations. But finding strategies to beat bad actors is made even more difficult by markets’ varying needs, maturity levels, and digital infrastructures.
To combat fraud and cyberthreats on a global scale, organisations should pivot to a localised approach. By combining credit, government, and digital data and tailoring fraud-prevention strategies to specific markets, they can enhance intelligence, maintain compliance, and better manage risk. In doing so, they can not only strengthen security but facilitate access to financial products and services for broader financial inclusion, worldwide.
Mark Andreev, COO at Exactly, presents a practical guide to tackling e-commerce fraud with payment tokenisation
SHARE THIS STORY
Tokenisation can solve a big problem… e-commerce fraud is a growing threat that continues to impact online businesses worldwide. According to recent figures from Statista (2025), global e-commerce losses due to online payment fraud are projected to exceed $100 billion by 2029. As fraudsters increasingly exploit IT vulnerabilities, it is imperative for online and brick-and-mortar businesses to fortify their cybersecurity posture.
Amidst the current security challenges, payment tokenisation emerges as a technology to future-proof business operations and is projected to reach USD 28.97 billion worth by 2033.
This guide explores the concept of payment tokenisation, emphasising its value and role in ensuring credit card payment processing standards for merchants.
What is Payment Tokenisation?
Tokenisation is the process of substituting sensitive data with non-sensitive values – tokens. It works as a key layer of protection for stored data by replacing card numbers with illegible, surrogate values.
During a transaction, payment details are securely transmitted to a trusted payment provider via hosted payment page or through direct API integration.
In the hosted payment page flow, the customer is redirected to a secure payment page operated by the payment provider. Here they can enter their payment information. The provider handles data collection, encryption, and transaction authorisation, keeping sensitive information off the merchant’s servers.
In the API integration flow, the merchant’s website collects payment details using secure client-side tools. In this case, the merchant is responsible for ensuring full PCI DSS compliance, as sensitive data passes through their systems.
Following a transaction, sensitive card data is substituted by a special character sequence. The translation of characters into randomised values refers to the tokenisation process.
For merchants who are not PCI DSS compliant, storing sensitive information on their side is not allowed. In these cases, the third-party payment provider retains the sensitive data and the tokens for future use, while merchants don’t retain any sensitive information.
This method is one of the key cybersecurity best practices to ensure payment providers remain compliant with PCI DSS and is also crucial for merchants using API integration to store sensitive data.
Different Types of Tokens
There are different types of tokens available to merchants, offering different levels of complexity and security. Simple tokens refer to randomised reference numbers that are unidentifiable and unrelated to customer data. They provide a high level of security when implemented correctly by a reputable payment provider.
On the other hand, token vaults represent a more complex system of payment security and data handling. Essentially, token vaults are encrypted repositories of original payment data associated with tokens from each customer transaction. Depending on the type of payment gateway integration, either the merchant or the payment provider may retrieve the payment information as needed. Token vaults can also be deployed in cloud environments, mitigating the need for extensive infrastructure.
The Value of Tokens
In an era where cybersecurity is paramount, failing to secure customer data can come at significant costs. Recently, the IT systems of the UK’s most prominent retailers suffered significant downtime following a series of cyberattacks. They were prevented from serving their customers as a result. As the consequences of these attacks continue to linger, affected UK retailers are working overtime to get back on track. In these situations, the use of tokenisation payment security has partly helped prevent what could have been a catastrophic breach. Reducing the risk of a lateral exploitation of customer data. In fact, using payment tokens, retailers avoid the need to encrypt and retain sensitive payment details. This lowers the risk of attacks, breaches, and noncompliance with ever-changing payment processing and data security policies.
Tokenisation also enables seamless customer experiences, addressing a crucial customer demand – convenience. In fact, with tokenisation enabling one-click checkouts, customers avoid re-entering card details and access a seamless shopping experience, meeting an important need for comfort and familiarity for consumers.
Finally, from a regulatory perspective, compliance with PCI DSS is mandatory for payment providers and merchants specifically using API integration within payment gateways to store sensitive information. In this regulatory context, tokenisation becomes a straightforward strategy to meet fundamental data handling legal requirements. In an era of rising cyber threats and increasing customer expectations, tokenisation offers merchants a scalable, effective, and future-ready approach to safeguarding sensitive data, building trust, and preserving business integrity.
Digital DNA – Exploring core infrastructure, platform strategies, and foundational technologies.
Embedded Intelligence – AI, machine learning, data strategies, and real-time analytics.
Beyond Fintech – Partnerships between fintechs and other sectors like retail, health, and climate.
Governance 2.0 – Regulation, digital identity, privacy, and ESG compliance.
Day three featured more impactful sessions across all four pillars, offering attendees more valuable insights and strategies for innovation.
Highlights from Key Sessions at Money20/20 Europe:
How to Create and Leverage FinBank Partnerships
The discussion focused on the evolution and success of FinTech partnerships with banks. Key points included the shift from transactional partnerships to more collaborative, value-driven relationships, emphasizing joint KPIs and product creation.
Alex Johnson, Chief Payments Officer, Nium
“You really have to differentiate. You really have to stand out for a bank to say, ‘Yeah, I like what you offer enough to go through, six months of onboarding.’ Dare I say, maybe more.”
John Power, SVP, Head of JVs & AQaaS, Fiserv
“The legacy system, it’s a fact of life. They’re there. They’re pervasive. They’re going to be here for a long time, and banks historically have made huge investments in those platforms and systems. So I think both the challenge for the for the bank and the opportunity for the FinTech is, how do you at the front end of those legacy systems develop new products that can scale and that you can bring cross border easily and readily.”
“It really is cutting the line to be able to deliver opportunity for customers and to be able to expand propositions for new customers.”
“The economic development supply chains shifting to low to middle income countries are incredibly important right now, and cross border payment rails have not been good in low middle income countries.”
Where Fintech goes Next: Tapping into Platforms and Verticals
The discussion centred on the democratisation of financial services through embedded finance. The panel emphasised the importance of data quality, personalisation, and strategic partnerships in delivering seamless financial experiences – ultimately enhancing customer satisfaction and improving business efficiency.
“Embedded finance is going to be defined by region and use cases.”
Amy Loh, Chief Marketing Officer – Pipe
“Small businesses don’t want to manage their business through a bunch of different tools that are stitched together. They’re looking to platforms to do everything for them and keep high end services.”
“Most platforms or merchants out there trying to diversify revenue, and they will get auxiliary revenue, or maybe get primary revenue through FinTech activity.”
The Neobanks Strike Back
In a dynamic exploration of neobanking’s evolution, Ali Niknam revealed bunq’s remarkable journey from a tech-driven startup to a sustainably profitable digital bank. By leveraging AI across every aspect of their operations, bunq has transformed traditional banking, reducing support times to mere seconds and creating a hyper-personalised user experience. Niknam emphasised the power of user-centricity, showing how innovative features like simple stock trading and multi-language support can democratise financial services.
The bank’s strategic approach – focusing on user needs rather than investor expectations – has enabled them to expand thoughtfully, with plans to enter the UK and US markets. By embracing technological change and maintaining a relentless commitment to solving real customer problems, bunq exemplifies the next generation of banking.
Ali Niknam, Founder & CEO, bunq
“Somewhere in the 70s, we let go of the gold standard, and now currencies are basically floating. The only reason why a dollar or a euro is worth what it’s worth is because of trust and perception. Philosophically, it’s very logical that we have found another abstraction layer by introducing stablecoin, which is not much else than a byte number that has a denomination currency as a backing asset that itself doesn’t have anything as a backing asset. A lot of people might ask, ‘Why would you need a stablecoin? We have euros. I go get a coffee, pay with Apple Pay or cash.’ But there are many countries on this planet where the local currency is not stable. If your country has an inflation rate of 30,000% like Zimbabwe, you would really love to use a different currency. The US dollar has been the currency of choice, but as a normal person, you cannot access the US dollar. A US dollar stablecoin that you can access by simply having a mobile phone – that’s going to be transformational for large groups of people.”
Innovating When Regulation Can’t Keep Up: Lessons from NASA
Lisa Valencia covered an array of topics, from her 35 year career at NASA and Guinness World Record to the rise of private entities like SpaceX, which has launched 180 missions this year, and the increasing role of public-private partnerships in space exploration. The speaker also touched on international collaborations, particularly with the European Space Agency and the Italian Space Agency, and the potential for space tourism and colonization of the moon.
Lisa Valencia, Programme Manager/Electrical Engineer – Pioneering Space, LC (ex NASA)
“Back in the day, NASA got 4% of the national budget. Now it’s down to just 0.1%, so we’ve had to get creative with private partnerships. SpaceX is the perfect success story. They came to us in 2007 needing money after some rocket mishaps, and look at them now! From my balcony, I see their launches every other day. They’re planning 180 launches this year alone.Talk about a return on investment!”
“We’re planning to colonise the South Pole on the moon. The idea is to extract water and hydrogen from the regolith—both for living there and for fuel.”
Scaling Internationally in 2025: Funding, Innovating, and Breaking into New Markets
The conversation focused on the growth and strategy of fintech companies, particularly those with a strong presence in Europe and the US. The panel featured Ingo Uytdehaage, CEO and co-founder of Adyen, and Alexandre Prot, CEO of Qonto. Both leaders expressed a preference for organic growth over acquisitions, emphasizing the importance of scaling efficiently before pursuing an IPO.
Ingo Uytdehaage, CEO and co-founder of Adyen
“I think an important part of scaling a company is not just thinking about your product, but also considering the markets you want to address, and how you ensure you become local in each country.”
“We realised over time that if we really want to bring the customers, we need to have the best licenses to operate. A banking license gives you a lot of flexibility.”
“Being independent from other companies, other financial institutions, that gives you flexibility to build what your customers really want.”
“I think it’s very important, also in Europe, that we continue to be competitive. If you think about regulations and AI, we shouldn’t try to do things completely differently compared to the US.”
Alexandre Prot, CEO of Qonto
“We need to be very strict about tech integration and avoiding legacy which slows us down.”
“We still need to scale a lot before we have a successful IPO. A few team members are working on it and getting the company ready for it. But, the most important thing is just scaling efficiently in the business, and maybe an IPO would be welcome in a couple of years.”
Putting The F in Fintech
The panel discussion focused on the role of women in FinTech based on personal experiences.
Iana Dimitrova, CEO, OpenPayd
“At times, being underestimated is helpful, because if you’re seen as the competition, driving an agenda is becoming more difficult. So what I found, actually, over a period, is that bringing your emotional intelligence, leaving the ego outside of the outside of the room, and just focusing on execution is is incredibly helpful.”
Megan Cooper, CEO & Founder, Caywood
“The moment we start defining ourselves as like a female leader or a female entrepreneur, you almost kind of put yourself in a bit of a box. And so I think just seeing yourself on an equal playing field and then operating it on an equal playing field and interacting in that way is quite advantageous.”
“We can’t just want diversity and hope it happens. We actually have to be intentional about creating it.”
Valerie Kontor, Founder, Black in Fintech
“Black women make up 1.6% over the FinTech workforce, but when we look at the financial reality of black women by the age of 60, only 53% of black women have enough money in their bank account to retire. We need to start marrying people in FinTech and the people that we need to serve.”
Money20/20 Europe 2025 closed its doors but the next edition of the conference will return to Amsterdam from June 2–4, 2026, promising to continue the tradition of shaping the future of financial services…
Recorded Future’s CISO, Jason Steer, looks at how FinTechs can advance the maturity of threat intelligence programmes to strengthen the resilience of cybersecurity and deliver tangible ROI
SHARE THIS STORY
Data from the UK government’s Cybersecurity breaches survey for 2025 paints a stark picture for FinTechs. 48% of finance or insurance businesses identified a cybersecurity breach or attack in the last 12 months. Similar numbers have been reported by Mastercard. A survey of 5,000 small and medium-sized businesses across four continents revealing that 46% have suffered a cyberattack. It’s increasingly becoming clear that it’s a case of ‘when’ and not ‘if’ a business will be targeted by cybercriminals.
The growing urgency surrounding cyberattacks is helping drive a strategic shift in how organisations approach threat intelligence. When everything becomes urgent, it becomes increasingly complex to determine what is and isn’t a priority. Taking decisive and impactful action can be challenging. Threat intelligence is helping to solve this problem. With the right intelligence provider, people and processes, threat intelligence can prove a crucial part of a cybersecurity programme. It enables FinTechs to create an understanding of the who, what, how, when and why of security risks. This is pivotal for managing, accepting and reducing risk, and delivering wider ROI.
Automated Intelligence for Cybersecurity
The effectiveness of a Cybersecurity programme ultimately depends on a combination of people, processes, products and policies. Threat intelligence can add value in each of these areas. Identifying and prioritising the threats which matter most to an organisation. Not all threats carry the same level of risk. By narrowing focus to the most relevant and probable attacks, FinTechs can strengthen their overall preparedness and resilience.
Threat intelligence can provide actionable insights to better anticipate potential attacks and address vulnerabilities. This can help to prevent a security breach, minimise the possible impact of an attack and improve overall responsiveness. It’s for these reasons that threat intelligence can deliver tangible ROI, in both the short and long term.
Without automated threat intelligence and context, Cybersecurity teams can be swamped with time-consuming manual workflows required to gather and analyse data. Alongside this, manual alert triage, investigation and response processes can prove time and resource intensive, as well as being slow. A recent report by Recorded Future shows how automated threat intelligence can overcome these challenges. Cybersecurity teams can save nearly 11 hours each week by streamlining threat detection. They can then move straight to responding to relevant alerts more quickly. A similar amount of time per week was also saved through more efficient threat analysis, hunting and reporting. This enables valuable security resources to shift to other meaningful tasks that expand and grow their skills. Moreover, improving the overall security posture of their organisation.
Further findings from the report show examples of businesses automating 70% of manual security workflows, cutting investigation times by 50% and driving a 30% reduction in response times. Teams can work more efficiently and effectively to minimise downtime. Average billion-dollar businesses investing in threat intelligence recovered over $19,000 per month in revenue. This was due to reduced downtime, according to the Recorded Future report. That figure doesn’t account for the additional impacts of downtime, such as erosion of customer trust, productivity losses, and recovery expenses.
Protecting Brand Reputations
Threat intelligence also had a marked impact on cyber insurance costs, with organisations reporting reduced premiums of nearly $30,000 a year. Further ROI can be experienced through the mitigation of risks on brand reputation – something that’s particularly important in financial services, where customers want to be confident that their money and financial interests are being placed in safe hands. People need to be able to trust the FinTechs they do business with, and typosquats – illegitimate but similar-looking web domains – can quickly erode this trust.
Typosquats can be quickly identified, whether it’s company logos or brands being abused, and removed through the comprehensive understanding of digital footprints provided by threat intelligence. This can prove crucial in minimising the risks of phishing and safeguarding customers from inadvertently disclosing personal information to cybercriminals.
Cybersecurity Resilience
Cybersecurity resilience powered by threat intelligence can deliver cross-functional value across a whole organisation. It can help FinTechs to align their organisations and customers with real risks, rather than hypothetical ones, to effectively manage and mitigate the growing issue of cyberattacks. This starts by defining an organisation’s security priorities and assessing threats in the context of risk to the FinTech. It’s an important first step to determining that not all vulnerabilities will be exploited, and not all threat actors pose an immediate risk, creating opportunity to focus on addressing the actual issues that are genuinely urgent and could actually harm people, assets and business.
To find out more about how advanced threat intelligence solutions can deliver team productivity improvements and business and brand risk reduction impact, download Recorded Future’s ROI for Cybersecurity Teams report.
Intergiro’s CEO, Nick Root, on how payments providers can meet the challenges for cybersecurity in the war on fraud
SHARE THIS STORY
We operate in the trenches of FinTech – real-time, full-stack and fully exposed to the relentless tide of digital fraud. As an embedded payments provider across the EU, Intergiro lives at the bleeding edge where innovation meets exploitation. And let me be clear: fraud isn’t a back-office nuisance anymore. It’s an existential threat. One that every modern financial company, especially those bootstrapped like ours, must treat as core business, not a support function.
Right now, 30% of our headcount is dedicated to fraud prevention, compliance and cybersecurity. That’s not a vanity metric – that’s the reality of staying alive in a hostile digital environment. We spend millions annually not just on tooling and infrastructure, but on reimbursing innocent victims. For a company building its future on resilience, programmatic control, and capital efficiency, these costs are brutal. But necessary.
The Scamdemic is Here
Fraud is no longer a sideshow; it’s the main event. In the past 18–24 months, we’ve seen a sharp escalation. Sweden’s financial police reported an 80% spike in investment fraud between 2022 and 2023. Our internal metrics tell the same story. Spiking fraud attempts, more advanced attack vectors and a user base under siege.
And this isn’t abstract. It’s personal. For example, I got hit by a fake Uniqlo storefront. Nearly lost money. Only Intergiro’s own controls saved me. It was a sobering moment: even a FinTech founder can fall victim. For digital natives, that’s embarrassing. For the less tech-savvy – think your parents’ generation – it’s a nightmare. My own father won’t use Uber unless one of us physically adds his card to the app.
Understanding the Threat Landscape
To address this epidemic, we first need to clarify the categories of fraud. Payment fraud and ID theft are mostly on us – as FinTechs. If a system fails, or a tool is exploited, we own that and cover the loss. But social engineering and investment fraud? They’re tougher. These rely on psychological manipulation – human vulnerabilities we can’t patch with software updates. Still, that doesn’t mean we’re powerless. We just need to shift our lens.
Upstream, Not Downstream…Fighting social engineering with regulation is like mopping up the floor while the roof’s still leaking. Necessary, but ultimately reactive. We need to move upstream. Way upstream.
Social Media: The Root of the Fraud Problem
Over 75% of fraud starts on social platforms. That’s the front door. If we don’t lock it, we’re just chasing shadows. Meta’s FIRE partnership with UK banks is a baby step in the right direction. But let’s be honest – it shifts responsibility onto banks to clean up the mess, while platforms avoid real-time accountability.
What we need is a pan-European version of FIRE, backed by the teeth of the Digital Services Act and centralised enforcement. FinTech alone can’t drive this. We need regulators, platforms and providers rowing in the same direction.
Public Awareness: Borrowing the Pandemic Playbook
Think about this: between 2020–2022, fraud cost the EU €157 billion. That’s not far off the public health spend from COVID. And fraud doesn’t recede – it compounds.
In a pandemic, we responded with mass public education: masks, distancing, handwashing. We need the same for digital fraud. A real, coordinated public awareness campaign built around these pillars:
Basic operational security – Email is not secure. Banks don’t ask for details over email. Wire transfers aren’t reversible like card transactions.
Social media hygiene – If it smells like a scam; even from a verified blue tick – assume it is. “Stop. Think. Click.”
AI as defence – The same AI used to create scams can help spot them. Let’s teach users how to turn the tools around – scan that investment pitch, audit that wallet address.
Delivery matters here. Dry leaflets won’t cut it. Interactive quizzes, short-form video explainers, browser plug-ins – a toolkit that reaches people where the scams do: in-feed and in-app.
Collective Action Against Fraud: Collaboration Over Competition
FinTech has a reputation for speed, innovation and competition. But when it comes to fraud, isolation is the enemy. No single firm can win this war alone.
We need a secure, privacy-conscious layer for FinTech collaboration. A shared fraud intelligence layer that goes beyond blacklists and blocked BINs. We’re not talking about turning FinTechs into police forces, but enabling programmatic detection through pooled data, shared signals and joint tooling.
At Intergiro, we’re already piloting private data-sharing models with other European players. It’s early – but promising.
Final Word: It Takes a Village
This war against fraud won’t be won in the back office of your local neobank. It needs a whole-of-society effort. Platforms must step up. Regulators must align. And consumers must be trained – not blamed.
Fraud isn’t going away. As AI evolves, so will the threat. But so will we – if we move fast, stay dynamic, and invest in people, tools, and partnerships. Not just for ROI – but for resilience.
At Intergiro, we’re all in. But we can’t do it alone. If FinTech is the infrastructure of modern commerce, fraud is the fault line beneath it. And we can’t build the future on a fault line.
Husnain Bajwa, SVP Product – Risk Solutions at SEON, on KYC detection and verification to combat fraud in financial services
SHARE THIS STORY
Many fraudsters today are no longer just criminals – they’re technologists wielding powerful artificial intelligence (AI) as their primary weapon. As fraud techniques evolve, businesses are becoming increasingly vulnerable to sophisticated adversaries. With the rising wave of AI-powered fraud, traditional fraud prevention methods, which heavily emphasise Know-Your-Customer (KYC) processes, are struggling to keep pace.
Fraudsters have learned to exploit the inherent delays in standard KYC processes. They use AI to generate synthetic identities and automate infiltration techniques at an unprecedented scale. By the time most verification processes kick in, significant resources have already been spent, and potential damage has been incurred. To gain the upper hand, companies must move beyond isolated identity checks and adopt a more integrated approach. This combines pre-KYC detection with advanced KYC verification. A dual-layered defence system that’s both proactive and agile enough to adapt to the evolving threat landscape.
Introducing Pre-KYC fraud detection
Since KYC processes are essential for businesses to meet regulatory requirements and maintain compliance, the solution isn’t to abandon KYC but to transform it. Organisations must adopt a pre-KYC detection layer that detects fraud before it reaches verification processes.
What does this look like in practice? It starts by analysing a user’s digital footprint. This includes key data points, such as the age of an email address, phone number history, IP address patterns and social media activity. These indicators help assess the authenticity of a user’s identity. For example, a newly created email or an IP address associated with a known VPN service can be red flags, signalling possible fraudulent intentions and enabling businesses to proactively intervene before harm occurs.
Device intelligence further strengthens the initial stages of pre-KYC user verification. This technology detects discrepancies in device integrity, such as emulators, proxies or device spoofing techniques. These are common tactics fraudsters employ to conceal their true identities. Advanced device fingerprinting tools are critical in identifying when a device’s profile does not match its user’s provided details or shows unusual behaviour, adding an extra layer of security.
Adding to this framework, behavioural analytics play a pivotal role by monitoring how users interact with platforms. Analysing navigation patterns, session durations and behaviours during account setup can expose irregularities that suggest fraudulent activities. Indicators such as repetitive account creation attempts with varied data points or abnormally quick typing and navigation speeds often point to bot-driven fraud. This provides businesses with opportunities to intervene early in the user engagement process.
Combining Pre-KYC Technology with traditional methods
While pre-KYC tools can identify potential threats early, KYC verification remains essential for ensuring that the users who pass initial screening are legitimate. Once a user reaches this stage, robust identity verification methods must be in place to confirm the authenticity of the individual’s information.
Modern KYC processes must combine several features: document verification, biometric checks and address verification. The first, document verification, involves using optical character recognition (OCR) and machine learning to scan government-issued IDs and detect forgeries in real time. Additional security in this realm can be attained via facial comparisons – matching a user’s selfie with the photo on their ID – to ensure that the person behind the camera is the same as the one in the presented documentation.
Next, advanced liveness detection aids in combating both deepfake technology and image-based fraud – two fraud vectors on the rise. By requiring users to perform specific actions or gestures during verification processes, liveness detection ensures that fraudsters can’t simply upload a static image or video to impersonate someone. Lastly, address verification provides further protection, confirming a user’s address against authoritative databases or recent utility bills. These checks are crucial for businesses in regulated industries, where proof of residency is often a compliance requirement.
The growing threat of AI-powered fraud
Now that fraudsters can access AI tools, the fraud game has entirely changed. Bad actors can generate synthetic identities, manipulate biometric data and even create deepfake videos to pass KYC processes. Additionally, AI enables fraudsters to test security systems at scale, quickly iterating and adapting methods based on system responses.
In light of these new threats, businesses need dynamic solutions that can learn and evolve in real time. Ironically, the same technology serving sophisticated fraud can be our most potent defence. Using AI to enhance both pre-KYC and KYC processes delivers the capability to identify complex fraud patterns, adapting faster than human-driven systems ever could. These AI-powered tools don’t just detect fraud – they predict and prevent it by continuously learning from each attempted breach.
At the pre-KYC stage, machine learning (ML) algorithms can identify patterns and anomalies across vast amounts of user data, providing more accurate and faster risk assessments. As fraudsters evolve, these systems can recognise emerging fraud patterns, preventing bad actors from bypassing security.
Similarly, AI-driven verification methods can detect increasingly sophisticated forgeries and manipulations in the KYC phase. At the same time, adaptive authentication systems can increase or decrease the level of verification required based on the user’s risk profile. This flexibility strengthens security and enhances the user experience by reducing friction for legitimate users.
The stakes are set to climb
The battle against AI-empowered fraud isn’t just about preventing financial losses. It’s about maintaining customer trust in an increasingly sceptical digital marketplace. Every fraudulent transaction erodes confidence, and that’s a cost too high to bear in today’s competitive landscape.
Businesses that take a multi-layered approach, integrating pre-KYC and KYC processes in a unified fraud prevention strategy, can stake one step ahead of fraudsters. The key is ensuring that fraud prevention tools – data-rich, AI-driven and flexible – are as adaptive as the threats they are designed to stop. The future of fraud prevention isn’t about building higher walls; it’s about creating smarter, more adaptive and intelligent systems to anticipate and neutralise threats before they materialise.
Ayre Group founder Calvin Ayre stresses the power of Blockchain in helping to overcome security and transparency challenges in financial data
SHARE THIS STORY
The financial services sector is built on trust. However, ongoing data breaches, security vulnerabilities, and inefficiencies have severely eroded confidence in the industry. In the past five years alone, 69% of financial institutions have experienced at least one data breach, exposing the sector’s ongoing Cybersecurity challenges.
Financial institutions handle vast amounts of sensitive customer data, including personal identification details, transaction histories, and confidential records. All of which are prime targets for sophisticated cyber criminals. Furthermore, in exploiting weaknesses in legacy systems, third-party integrations, and cloud infrastructures, attackers gain unauthorised access, manipulate data, and compromise financial integrity.
Leveraging Blockchain technology
Recently, studies have been testing and trialling data breach detection systems that leverage Blockchain technology. This includes utilising smart contracts, self-executing agreements with predefined rules, to generate alert notifiers. These studies underscore the potential of Blockchain to enhance the speed and accuracy of data breach detection. Improvements from the standard 200+ days can be made up to as little as 10 seconds.
However, external threats are only part of the problem. Internal risks such as human error, data mismanagement, and outdated compliance frameworks further exacerbate data integrity issues. Nearly a third (28%) of financial service organisations cite mistakes from manual processes as their biggest data reconciliation pain point. Another key issue is the continued reliance on legacy systems, which lack the automation, security, and scalability required to maintain accurate and tamper-proof records. This highlights the growing need to restore confidence in financial data.
These ongoing challenges have far-reaching consequences. Alarmingly, 40% of CFOs express doubts about the accuracy of their financial records. This raises serious concerns about governance, regulatory compliance, and financial stability. Insider fraud, unauthorised transactions, and data manipulation remain major risks; calling for institutions to implement immutable systems. One such solution is Blockchain technology. As a decentralised ledger that guarantees data integrity, Blockchain can play a crucial role in enhancing the reliability of data.
Many institutions hesitate to adopt new technologies due to high costs and operational disruption. A report by Duco and the Financial Technologies Forum revealed that 64% of financial institutions perceive the transformation of manual processes as too expensive or time-consuming. But Blockchain technology presents a new era of data resilience that. It can address these challenges head-on, enhancing security, and restoring trust in financial data.
Restoring resilience with the power of Blockchain
One of the most powerful features of Blockchain is its ability to create immutable records. Every transaction is securely logged, forming transparent and tamper-proof audit trails. By enabling real-time auditing and decentralised verification, Blockchain reduces the risks associated with human error, fraud, and outdated systems.
BSV Blockchain, with its focus on scalability and low-cost transactions, enhances these benefits by enabling high-volume data processing on-chain. It makes real-time auditing more efficient and cost-effective. Additionally, its data provenance capabilities allow institutions to track the origin, history, and any modifications of every data entry. Moreover, it offers complete accuracy, ensuring the creation of auditable and reliable records that help to eliminate discrepancies. This can also minimise information asymmetry across the financial ecosystem.
Accurate risk assessment is the cornerstone of financial services. Investors and institutions need reliable data to evaluate risk levels in specific markets and positions. Blockchain enhances this process by providing trustworthy data that can be verified and traced back to its source. It also reduces information asymmetry by ensuring wide accessibility to high-quality data. These features boost efficiency, making markets work more effectively and enabling money to flow to investments that are correctly priced according to their risk. Furthermore, because the data is always available and immutable, it allows for quick risk assessments. This helps individuals respond faster to market changes.
Blockchain also has the ability to revolutionise credit ratings, making assessments more transparent, automated, and fair. Further ensuring businesses and individuals gain more equitable access to financial services. Traditionally, credit assessments have been opaque, slow, and prone to biases. Blockchain enables automated credit scoring using real-time data and self-executing smart contracts. This approach can provide a more accurate and unbiased measure of creditworthiness.
For example, companies like Lendoit leverage blockchain-based platforms that use decentralised credit ratings to offer fairer access to financial services. This especially benefits individuals and businesses traditionally underserved by standard credit systems.
A new era of trust and efficiency in financial services
Financial institutions face an increase in sophisticated cyber threats and the challenge of managing vast data volumes. Adopting Blockchain-based solutions will be essential for long-term sustainability. With immutable records, real-time reconciliation, and automated auditing, the financial sector can reduce risks, lower operational costs, and rebuild trust among investors, regulators, and consumers. The adoption of Blockchain will be crucial in addressing the data integrity challenges highlighted earlier, helping to restore confidence in the industry.
By embracing Blockchain, financial institutions can future proof their operations. This can foster greater financial inclusion, and redefine trust in the financial ecosystem. Those who adopt these advancements will not only strengthen their competitive position but will also help shape a new era of transparency, security, and innovation in global financial markets.
For more Blockchain insights from Calvin Ayre visit Ayre Group
AccessPay CEO Anish Kapoor examines the positive impact of DORA on the digital payments industry
SHARE THIS STORY
The EU’s Digital Operational Resilience Act (DORA) is a positive step for the payments industry and will help boost the resilience of an ecosystem that has changed radically over the last twenty years. Even so, the implications of this landmark regulation for payment service providers (PSPs) are complex and far-reaching. It will require investment in processes and infrastructure, which must also factor in the ongoing shift to real-time payments.
The technology backstory
Two decades ago, payment technology predominantly referred to back-end systems used by banks and PSPs to process electronic transactions. Online banking was still in its infancy, the smartphone hadn’t yet been launched, and traditional payment methods such as cash and cheques were much more prevalent.
Today, it is a very different story. The number of electronic payments made via cards and digital wallets, credit transfers and direct debits has exploded. Technology is front and centre in payment service delivery, as individuals and businesses use online portals and mobile apps to manage accounts and initiate payments. While the rise of real-time payments, such as the EU’s SEPA Instant Credit Transfer (SCT Inst), means an increasing proportion of bank transfers are settled instantly rather than over several working days, which also means that anti-fraud measures and other compliance checks have to take place in real-time given the heightened fraud risk.
So, if there is a technological failure at any point in this new world of payments, it can have immediate and considerable ramifications for individuals and businesses. The now-infamous CrowdStrike outage in July 2024 affected several sectors, including banking, with some PSPs unable to process payments. More recently, an hours-long glitch at Bank of Ireland in December 2024 caused delays in processing payroll transactions for some employers, while a two-day outage at Barclays in February 2025 left customers unable to make bank transfers and use their debit cards. To catch up, Barclays had to process payments over the weekend and extend call centre operating hours.
DORA’s goals
DORA aims to make the EU’s financial institutions (FIs) more resilient to information and communication technology (ICT) risks. It will minimise the potential for IT outages and require FIs to be back online as quickly as possible when they do occur. From a practical perspective, it will oblige them to create and implement ICT risk management frameworks. And meet new requirements for resilience testing, outage reporting, and information sharing.
Of course, the advent of DORA adds to the compliance burden for FIs, who will partly be spurred to comply to avoid fines for non-compliance and the associated negative press. Still, its rollout should be seen as positive for the industry. It should help to improve resilience across the ecosystem and boost customer confidence in the sector.
Improving infrastructure resilience with DORA
One angle that is less widely discussed when it comes to DORA is its implications for a PSP’s infrastructure. Whether developed in-house or outsourced, payment systems will need to have the capacity to accommodate peak loads following any outage. This will require PSPs to scale by multiples of their standard throughput.
For example, if a PSP’s average processing volume is 1,000 transactions per hour and its systems are down for three hours, it will need to have the capacity to process those 3,000 outstanding transactions once service resumes. And without impacting new transactions coming through the system. Additionally, if they are real-time payments, the delayed transactions must be settled as soon as possible. In this hypothetical example, such an outage would mean the system needs to handle 4,000 transactions in one hour, four times its usual capacity.
This requirement to recover quickly from IT outages will necessitate additional investment in infrastructure and automation. Especially given the move towards real-time settlement. In particular, it will likely drive interest in cloud-native technology, which can scale more readily on demand.
Third-party vendor relationships
DORA will also significantly impact how PSPs manage third-party IT vendor relationships. This development has been driven by the growing complexity of the financial ecosystem in the wake of digitisation and the rise of open banking. Research from McKinsey Digital highlights how the growth in the number of apps and vendors has increased the complexity and pressure on IT leaders.
Under DORA, FIs are expected to monitor third-party providers, update supplier contracts to cover IT resilience, and establish an oversight framework for critical third-party providers. Consequently, conducting due diligence on third-party providers, particularly new vendors, and their approach to resilience is essential. Generally, we are likely to witness a flight to quality, with the providers that invest in controls and resilience set to fare best in the long term.
Adjusting to DORA
The arrival of DORA is a positive development for the payments industry. The sector has changed significantly in recent decades and relies heavily on technology for service delivery. Likewise, its customers depend on the PSPs to deliver their services so that they can conduct their business uninterrupted. However, the changes required by DORA are extensive and will require PSPs to invest in their infrastructure, processes and third-party relationships. As they adjust to the requirements of DORA, PSPs should ensure that infrastructure is resilient and flexible enough to handle surges in transaction flows. And factor in the shift to real-time settlement, which will only add to the demands made of payment systems.
Ben Hunter, Senior Director of Financial Services at Gigamon, on the impact of the Digital Operational Resilience Act (DORA) and what financial institutions can do to ensure lasting compliance
SHARE THIS STORY
The Digital Operational Resilience Act (DORA) came into force on January 17th. It’s high time for financial institutions to refine their compliance and Cybersecurity efforts. This regulation isn’t just another box-ticking exercise. It represents a shift in the financial services industry that touches everyone in the ecosystem. And every corner of the organisations within it. From IT teams to the board, every department must pull together under a cohesive cyber strategy to meet the challenge. It’s not simply about systems and software. DORA demands a cultural shift toward organisation-wide cyber resilience.
At this stage, the big changes should already be in place. However, the focus now must be on the finer details. The overlooked pieces that could potentially make or break compliance and prove extremely costly. Organisations must tweak processes and ensure every element of their plan works seamlessly and aligns with the broader goal of operational resilience. Here are three areas of focus to perfect preparedness and ensure DORA compliance is not just a box checked but a new standard embraced by the whole organisation.
Criticality of third-party Cybersecurity management
One of DORA’s requirements is reducing reliance on single ICT service providers. This is designed to safeguard financial institutions against concentrated risk. By now, all structural changes should already be in place, with organisations diversifying their ICT providers. Or improving internal capabilities to reduce their external dependencies. However, compliance doesn’t end with restructuring. The focus must now shift from restructuring to managing these relationships effectively. Organisations should be looking to perfect their third-party risk assessment, monitoring, and due diligence strategies. They must ensure their processes for vetting ICT service providers are not just in place but are meticulously detailed. Contracts need to leave no room for ambiguity, with explicit terms outlining providers’ security and risk management strategies. These agreements must be revisited and stress-tested to confirm they align with DORA’s standards.
Equally critical is ironing out the specifics of ongoing monitoring and oversight. Institutions should be finalising the structure and frequency of their performance reviews and audits. Ensuring these mechanisms are robust enough to identify and address any emerging vulnerabilities. Moreover, by focusing on the details now, organisations can build a resilient operational framework that doesn’t just meet DORA’s requirements but builds resilience into their core operations for years to come.
Global efficiency through multi-cloud environments
Adopting a multi-cloud strategy has become essential for financial institutions operating on a global scale. It mitigates concentrated risk by avoiding dependence on a single provider and allows organisations to address the unique regulatory and operational challenges of different regions. However, the complexity of multi-cloud environments brings its own challenges. Particularly in ensuring the visibility and control required under DORA. This is why it’s crucial for organisations and their third parties to refine the tools and processes that support this level of visibility and allow the security teams to continuously monitor their environments.
According to recent data, 50% of CISOs say their confidence in risk management hinges on having full visibility into all data in motion, including encrypted and lateral traffic across both on-premises and cloud environments. This underscores the importance of advanced monitoring capabilities to effectively manage the complexities of multi-cloud infrastructures. While DORA mandates comprehensive visibility, the benefits go beyond just meeting compliance requirements. Deep observability strengthens organisations’ ability to detect vulnerabilities in real-time, ensuring seamless operations across regions and providers, and service continuity. For multi-cloud strategies to be effective, they must be paired with the right network-level monitoring capabilities. It’s important to build resilience from the inside out.
Organisational alignment to demonstrate Cybersecurity compliance
Demonstrating compliance isn’t just about avoiding fines and ticking regulatory boxes. It’s about preserving trust and protecting the organisation’s reputation. Reputational damage and financial penalties hit the top of the organisation hardest. This makes board-level engagement essential to ensuring Cybersecurity efforts are prioritised and aligned with broader business objectives. Boards must recognise that Cybersecurity is not a siloed function; it’s a key aspect of business resilience.
While security leaders are responsible for designing and implementing security strategies, their ability to deliver is directly tied to the board’s involvement. Board members control the decisions that shape an organisation’s Cybersecurity posture, from budget allocation to strategic priorities. Without their active engagement, security leaders may lack the resources, influence, or organisational buy-in necessary to implement comprehensive security measures. This can lead to significant gaps in compliance efforts and overall resilience.
To demonstrate compliance effectively, organisations need a unified approach to gathering, standardising, and presenting evidence to regulatory authorities. This includes aligning on consistent formats for documenting key areas like risk assessments, incident management, security testing, and third-party oversight. By finalising internal policies and leveraging automation tools, institutions can ensure their compliance evidence is regulator-ready and accessible. Such coordination not only satisfies DORA’s demands but also signals a strong, unified commitment to operational resilience. One that must come from the top and ripple throughout the entire organisation.
With penalties for non-compliance reaching up to 2% of global annual turnover, financial institutions cannot afford to be anything less than fully aligned on their compliance strategies going forward. Furthermore, as the broader compliance frameworks are now finalised, the focus must shift to perfecting the finer details that will ensure long-term resilience and success.
About Gigamon
Gigamon offers a deep observability pipeline that efficiently delivers network-derived intelligence and insights to your cloud, security, and observability tools. This eliminates security blind spots, optimises network traffic and reduces tool costs. Therefore, enabling you to better secure and manage your hybrid cloud infrastructure.
Bharat Mistry, Director – Product Management at Trend Micro, on why attack surfaces are more difficult to mange than ever and the need for greater Cybersecurity controls to tackle the problem
SHARE THIS STORY
Some surprising news emerged in mid-December. A Freedom of Information request sent to the Financial Conduct Authority (FCA) revealed that the number of c
Cybersecurity attacks reported to the regulator by large financial institutions fell 53% from the previous year. Reported data breaches also fell, by 29%. While welcome news, there are some big caveats.
The fall in reports could signify attacks are getting more sophisticated and harder to spot. The reporting periods also didn’t quite align, meaning two-and-a-half months of possible regulatory reports weren’t included in 2024’s figures. In fact, we’re seeing attacks and breaches at financial services industry (FSI) firms surging. In line with these organisations ramping up investment in digital transformation and IT modernisation projects.
Threat actors are grasping the opportunity with both hands. To keep them at bay, IT and cybersecurity leaders in the sector may need to rethink their approach to cyber risk management.
Cybersecurity controls are urgently required
Digital transformation is on an inexorable path. Driven by customer demand for seamless cross-channel experiences, and the quest for more streamlined business processes and productivity gains. Cloud adoption, mobile and app-centric services, remote workforces, and expansive supply chains are the result. However, this rapid change comes at a price. Research warns that half (49%) of global FSI leaders believe their attack surface is spiralling out of control.
Put simply, the ‘attack surface’ is the total expanse of all the IT and OT systems in a business that could theoretically be hacked. It includes everything from on-premises desktops and servers to cloud containers and even employees. Vulnerabilities and misconfigurations across these systems and services are inevitable. And the more assets there are, the more chance there is that a determined threat actor will find a weakness. This allows them to compromise the corporate network or a critical cloud account.
Heeding the warning
The likelihood of them doing so is increasing all the time. Not just because the typical FSI attack surface is increasing, but also because cybercriminals and nation-state operatives are getting better at using AI to their advantage. The National Cyber Security Centre (NCSC) warned back in January 2024 that AI “will almost certainly increase the volume and heighten the impact of cyber-attacks over the next two years”. It’s right. Generative AI in particular lowers the bar for budding threat actors by enabling them to create highly effective social engineering campaigns. And perform reconnaissance at scale to find weaknesses in organisations’ attack surfaces. In some cases, these weaknesses may exist in AI tools brought in by workers themselves. One report claims over a third of firms are struggling with shadow AI.
Our adversaries are also aided by the sheer complexity and interconnectivity of modern digital environments. APIs, microservices and third-party integrations -including frequently buggy or downright malicious open source components – expand the attack surface yet further.
Why it’s time for change
Managing risk across these environments should be a priority for obvious financial and reputational reasons. Open Banking rules and the growth of FinTech have made it easier for dissatisfied customers to jump ship. Furthermore, providing more options for those looking for a new provider. A serious breach could be the catalyst for a mass exodus. It’s also expensive in other ways. FSI is the second-top sector overall in terms of the average cost of a data breach. This is estimated to be over $6m per incident, assuming no more than 113,000 records are compromised.
However, there’s increasingly a regulatory imperative for FSI firms to rethink their Cybersecurity strategy. Any operating in the EU now has to comply with a rigorous new set of requirements in the EU Digital Operational Resilience Act (DORA). From January 1, 2025, those in the UK deemed to be critical third parties (CTPs) will be required to put in place a number of “technology and cyber risk management and operational resilience measures”.
A new mindset
So what does this mean in practice? Modern technology environments are dynamic, with new assets appearing and disappearing. Furthermore, new vulnerabilities are emerging and fresh misconfigurations surfacing on a daily or even hourly basis. Managing risk across this vast, incredibly volatile and highly distributed environment requires a new approach. Traditional perimeter defences are no longer sufficient.
Instead, FSI firms need continuous monitoring of risk across their entire attack surface. From endpoints and networks to servers and cloud workloads. Ideally, such a platform will flag areas of concern and either suggest improvements or automatically remediate. It could be something as simple as changing an insecure password, or patching a critical vulnerability newly published by a key vendor. This is the way to build resilience for the long term.
But there’s more. Some threats will always sneak through corporate defences. That’s why it’s also vital to expand security operations capabilities with AI-driven analytics and cross-layer detection and response (XDR). The goal is to correlate threat data across multiple layers and automatically prioritise alerts for stretched analyst teams. Robust incident response processes are also key here, to ensure no time is wasted in containing the threat and minimising any damage caused.
More broadly, it’s about fostering a culture of cyber resilience. Continuous improvement, proactive defence, and a willingness to adapt are ingrained in the corporate mindset. More Cybersecurity regulations are promised by the government in 2025. The clock’s ticking.
Industry thought leaders from Marqeta, the global modern card issuing platform, offer a detailed outlook of the fintech industry for 2025, with predictions around personalisation, digitalisation and the evolving regulatory landscape
SHARE THIS STORY
Payments will turn fully personal, with tailored credit, rewards, and BNPL at scale in 2025
In my opinion, a major global payment trend of 2024 has been hyper-personalisation. A new generation of customers is driving a shift toward personalisation at scale, expecting their FinTech services to be unique and tailored to individual needs. Modern consumers want a future where financial services integrate seamlessly into their digital lives and keep pace with their evolving needs.
As a result, we are seeing trends, such as personalised credit offerings and rewards booming. In an industry with increasingly low consumer loyalty, brands and financial institutions must go beyond traditional interactions with FinTech. For example, the recent Marqeta State of Credit report found that of UK consumers who use more than one credit card, 43% confirmed that they would use a credit card more frequently if better rewards were offered. By moving to a dynamic, rather than set rewards structure, consumers can earn benefits tailored to their spending habits and preferences in real time.
Increasingly with innovations like Buy Now Pay Later (BNPL), consumers are guided to credit options specifically suited to them and their needs. In 2025, we will increasingly see personalised BNPL payment plan options being offered in real time. Often within existing payment apps and products we already use daily. We are also seeing B2B payments emerging as a strong trend. Ensuring gig workers, sellers and partners get paid efficiently while offering robust expense management and financing. I anticipate we’ll see more demand for innovative B2B payment solutions that enable seamless money management across 2025.
2025 will be a year of rapid innovation in financial services
In today’s digital-first world, traditional payment infrastructure is no longer enough to keep up with the demands of consumers. The front door of a bank is now an app, digital wallet usage is increasing. New, flexible services have a growing prevalence on the market. In 2025 and beyond, customers will continue to drive a shift toward modern services which keep up with the rate of digital and mobile innovation.
The ramifications of changing consumer trends could lead to the traditional roles of banks, such as ATMs and as physical branches, disappearing. To ensure continued customer loyalty, all financial service providers will be forced to innovate and offer consumers the embedded, seamless and instantaneous services that they desire.
Consequently, across 2025, we are likely to see new technology and solutions being offered to reduce unnecessary friction for consumers trying to pay and get paid. We are already seeing increased demand for Accelerated Wage Access (AWA). A Marqeta study shows that 74% of gig workers ages 18-34 would be interested in an employer who offered an option to get paid immediately. As businesses and workers grow tired of cash flow restrictions and having to wait for monthly pay slips in an otherwise instant, digital world. As new services evolve, competition in Fintech will be enhanced and the financial industry will be forced to grow and evolve.
Nicholas Holt, Head of Solutions and Delivery, Europe
Proactive compliance strategies will lay the foundation for fintech in 2025
With banking and FinTech partnerships under increasing regulatory scrutiny, the stakes around compliance have never been higher. In this environment, Fintechs can no longer afford a reactive approach to compliance. Instead, they should adopt proactive compliance strategies that go beyond simply seeking to avoid fines and that are embedded into the everyday makeup of their culture and product strategies, helping to build trust, ensure stability, and foster sustainable growth.
At Marqeta, we’re committed to embedding compliance into our company’s culture, helping to mitigate risks and create a foundation for long-term success for us and our customers. Proactive compliance strategies allow organisations to leverage advanced tools and position themselves to adapt to shifting regulatory demands while showcasing a genuine commitment to transparency.
Martin Greenfield, CEO of Quod Orbis, on a troubling paradox within the cybersecurity landscape: despite substantial investments in security infrastructure, confidence levels and actual capabilities remain worryingly misaligned.
SHARE THIS STORY
Financial institutions face concrete regulatory pressure on Cybersecurity with the European Union’s Digital Operational Resilience Act (DORA) coming into force in February. This landmark regulation demands robust ICT risk management and comprehensive security monitoring. Currently, many organisations continue to rely on disparate tools and spreadsheets that may leave them vulnerable to sophisticated threats. These include AI-powered deep fakes and targeted spear phishing campaigns.
This challenge transcends the financial sector as organisations across all industries face mounting pressure to demonstrate both security effectiveness and regulatory compliance. Our research reveals a stark reality. Organisations typically maintain an average of 19 security solutions per team. However, a surprising 41% still cite insufficient technology as the primary obstacle to maintaining a robust security posture.
This misalignment points to a fundamental issue. Organisations must recognise effective cybersecurity isn’t achieved through quantity of tools, but through strategic selection of the right solutions. Furthermore, perhaps most concerning is the false sense of security prevalent among IT decision-makers. While 93% express confidence in their infrastructure visibility tools, an alarming 95% acknowledge difficulties in accessing specific digital assets over the past year. This creates dangerous blind spots leaving organisations exposed to both security breaches and compliance shortfalls.
Understanding the Cybersecurity challenge
Today’s enterprise infrastructure resembles a tapestry of critical assets, connections and endpoints. To put this complexity into perspective: IT teams now manage an average of 31 endpoints per person across their organisation. For a company of 1,000 employees, this translates to more than 30,000 devices requiring constant monitoring and protection. This challenge intensifies with the widespread adoption of cloud services, hybrid working arrangements and an ever-growing ecosystem of connected devices.
Scale amplifies these difficulties markedly. Our research reveals organisations with more than 1,250 employees demonstrate the lowest confidence in their existing tools (88%) and face the greatest challenges in accessing critical assets (97%). Moreover, these larger enterprises typically wrestle with an unwieldy combination of legacy systems, bespoke solutions and modern platforms. This results in notably lower visibility rates (79%) compared to their smaller counterparts.
Perhaps most revealing is the stark confidence gap between technical and compliance teams. While 94% of information security directors express confidence in their system visibility, merely 66% of compliance directors share this outlook. This disparity exposes a crucial misalignment between technical capabilities and compliance requirements. One that poses serious operational risks as regulatory frameworks increasingly demand continuous monitoring. Organisations clinging to manual compliance processes face an unstable burden. Teams are stretched thin handling routine tasks while regulations grow more complex. Embracing automated technologies to handle routine monitoring requirements will allow compliance teams to pivot from being reactive box-checkers to strategic risk managers.
Moving from reaction to prevention
The impulse to combat emerging threats by rapidly acquiring new security solutions has led many organisations to create sprawling, inefficient systems. These often compound the very problems they aim to solve.
This reactive approach has trapped organisations in a costly cycle of diminishing returns. Despite substantial technology investments, nearly 40% of firms report a troubling lack of actionable intelligence, while 37% struggle with budget limitations. This paradox is increasingly drawing board-level scrutiny. And rightfully so. After years of approving emergency technology purchases to plug cybersecurity gaps, boards are now questioning the value of new investments. Furthermore, tthis creates a dangerous stalemate: organisations need smarter, not just more, technology investment.
However, a more strategic approach is gaining traction through integrated system monitoring platforms. These comprehensive solutions unite previously disconnected tools under a single dashboard. This can offer real-time visibility across the entire cybersecurity landscape. This unified approach enables teams to identify and address vulnerabilities before they evolve into security incidents. A capability that resonates with the 82% of organisations who recognise enhanced visibility would substantially strengthen their cybersecurity posture.
It’s encouraging that 72% of IT teams have secured increased budgets over the past three years. However, the path forward requires more than mere financial investment. Organisations must shift from reactive spending to strategic deployment. Although this presents its own challenge: convincing board members that additional tooling represents an investment in comprehensive visibility rather than merely plugging security gaps.
The path forward
The transformation from fragmented security to comprehensive oversight demands more than technological upgrades. It requires a fundamental reimagining of how organisations approach cybersecurity monitoring and compliance.
The advantages of this strategic shift are compelling and quantifiable. Our analysis reveals security teams anticipate multiple efficiency gains: 38% expect automation to streamline document creation, 37% foresee improved board pack preparation, and 36% anticipate dedicating more time to strategic security assessments. Perhaps most significantly, 35% predict a reduction in human error alongside enhanced data accuracy. The efficiency gains are substantial. Teams could reclaim up to 60 hours annually per member on board reporting alone, time better invested in strategic security initiatives.
With regulatory frameworks growing increasingly sophisticated across sectors, including the forthcoming DORA regulation, maintaining current practices is no longer viable. The disparity between perceived and actual security capabilities poses a tangible risk that organisations must address proactively.
About Quod Orbis
Quod Orbis is the single source of truth across security, risk and compliance, providing an orchestration layer for the entire tech stack whether in the cloud, on-premise, legacy or bespoke. Founded in 2018, Quod Orbis became part of Dedagroup, one of the leading Italian IT players, in 2024.
A pioneer in Continuous Controls Monitoring (CCM), Quod Orbis provides complete and constant visibility into a company’s cybersecurity, compliance and risk posture. Quod Orbis’ ability to connect with every piece of technology within a business, unrivalled automation capabilities and continual support enables the company to serve a global client base across a wide variety of industries.
Bryan Daugherty, Global Public Policy Director at the BSV Association (BSVA) and Co-Founder at SmartLedger Solutions, on how blockchain technology provides the accountability and cybersecurity needed to prevent widespread IT catastrophes across sectors
SHARE THIS STORY
By Embracing Blockchain, We Can Create a Safer Digital Future
The rapid increase in cyberattacks poses a severe threat to businesses. These attacks are becoming more sophisticated and costly by the day. The average cost of a data breach in the UK is £3.58 million, and in the US now $9 million. It typically takes 200 days for organisations to detect a breach, followed by another 70 days to contain it. These delays expose significant vulnerabilities in traditional data management systems. They rely heavily on third parties, making them prime targets for cybercriminals.
Blockchain technology offers a transformative solution to these challenges by creating a secure, decentralised model that can effectively mitigate risks. It provides an opportunity for both individuals and organisations to take control of their data. Therefore, improving cybersecurity and ensuring operational resilience.
The Problem with Centralised Systems
Traditional cybersecurity systems are built on centralised models, where data is stored in one location or through third-party intermediaries. This structure makes them attractive targets for cybercriminals, creating a “honeypot” of information that can be breached. A concerning statistic is that, for over a decade, organisations have taken an average of 200 days to detect breaches. Despite claims from cybersecurity vendors that they provide “instant detection,” real-world results show significant gaps in protection, putting data at risk for extended periods.
Blockchain: Game-Changing Cybersecurity Features
Blockchain’s decentralised model provides a powerful alternative. By distributing data across a global network of nodes rather than a central location, blockchain makes it exponentially harder for cybercriminals to compromise large datasets. Even if one node is breached, the entire system remains intact. This eliminates the single point of failure that centralised systems suffer from.
Another key feature of blockchain is its immutability. Once data is recorded on a blockchain, it cannot be altered or erased, making tampering nearly impossible. Therefore, this ensures any unauthorised access is immediately detectable, enabling quicker response times and minimising damage.
Real-Time Threat Detection with CERTIHASH
Blockchain’s potential in cybersecurity is already being realised through solutions like CERTIHASH’s Sentinel Node. A blockchain-based tool that provides real-time threat detection. Built on the BSV blockchain, CERTIHASH can detect breaches within 10 seconds or less, offering a proactive approach to cybersecurity. This is a significant improvement over traditional systems, which often take months to identify breaches, leaving organisations vulnerable to prolonged data exposure.
By leveraging blockchain, cybersecurity shifts from being reactive to proactive. This gives organisations the tools they need to stay ahead of evolving threats and safeguard data more effectively.
Overcoming Misconceptions About Blockchain
Despite the clear advantages of blockchain, many organisations remain hesitant to adopt the technology, often due to misconceptions. Furthermore, some still associate blockchain with cryptocurrencies like Bitcoin, which have been linked to ransomware. This outdated view overlooks blockchain’s real potential as a secure, decentralised data management tool.
Blockchain is not just about crypto; it’s about creating a new standard for data integrity and security. Moreover, it offers decentralised, tamper-proof records that give users control over their own identity and data, reducing reliance on vulnerable third-party systems.
A Decentralised, Secure Future
As global reliance on centralised systems grows, so do the vulnerabilities they present. A single point of failure can lead to widespread outages, as seen in numerous cyberattacks and technical malfunctions. Blockchain, with its decentralised architecture, offers a robust alternative that enhances the security and resilience of critical systems. By distributing data across multiple nodes, blockchain ensures continuity even during attacks or outages.
Conclusion
Investing in blockchain cybersecurity is no longer optional. With cyber-attacks growing in scale and sophistication, organisations must adopt cutting-edge technologies to protect their data, operations, and customer trust. Blockchain’s decentralised and tamper-proof architecture offers the key to building a safer, more secure digital future. One where businesses and individuals alike can operate with confidence, free from the constant threat of cybercrime.
Misplaced confidence in visibility tools leaves organisations vulnerable amidst record high data breaches, according to latest research
SHARE THIS STORY
A new report from Quod Orbis highlights that 95% of businesses are at risk of a cybersecurity blindspot. A reported 93% of UK organisations have confidence in their system visibility. However, nearly all (95%) of them have struggled to access critical assets in the last year, according to the research.
Over a third (38%) actually rank lack of visibility as one of their biggest challenges, further highlighting the gap between respondents’ perceptions and the reality of their situation. This comes at a time when data breaches this year have already surpassed one billion stolen records.
Quod Orbis Cybersecurity Research
Martin Greenfield, Quod Orbis CEO, comments: “Businesses are suffering from a blind spot that’s leaving them exposed. Misplaced confidence in existing cybersecurity tools means these same organisations are susceptible to data breaches and non-compliance fallout. This results in potentially crippling financial and reputational consequences.”
Quod Orbis commissioned a research study with international research house, Censuswide, to poll 500 board executives and IT decision makers, across enterprises of 500+ employees in the UK.
Cybersecurity Tech Stacks
Cybersecurity tech stacks are growing exponentially in the face of rising threats. The average team manages 19 security solutions at any one time. However, 41% still report a lack of technology as being their biggest challenge when it comes to maintaining a robust cybersecurity posture.
As 72% of IT teams have had their IT budget increased in the past three years, Greenfield urges businesses to break free from the typical cycle of throwing money at a problem and hoping something sticks. “It’s not about the biggest investment, it’s about the right investment.”
A quarter (26%) of IT decision makers are yet to allocate budget to basic security tools like asset visibility technology. This is despite 40% reporting a lack of actionable data.
It’s clear though that businesses recognise the advantage of implementing the right technology. More than eight in 10 (82%) agree that greater visibility over digital assets will greatly improve business security. This is a huge leap from the 93% of respondents who believe their businesses already provide them with the necessary tools.
According to the data, most upcoming IT investments will be allocated to Continuous Controls Monitoring (32%), privileged and identity access management (30%) and zero trust (29%).
The Future
Greenfield concludes: “Digital infrastructure has reached a level of complexity that not only warrants, but demands, complete visibility. Now is not the time to gamble with your company’s security. Furthermore, organisations need to stop adding layers of unnecessary technology as a way of solving the immediate problem. Instead, they must take a step back and think holistically about how to resolve their issues.
“Tools like CCM, powered by automation, help teams see and understand their security and risk posture in real time. This offers peace of mind that all of their data is relevant and up to date. This level of insight provides early awareness of potential problems and empowers teams to take a proactive approach to security, instead of being forced back into the same reactive position they’ve been in for years.”
About Quod Orbis
Quod Orbis is the single source of truth across security, risk and compliance, providing an orchestration layer for the entire tech stack whether in the cloud, on-premise, legacy or bespoke. Founded in 2018, Quod Orbis became part of Dedagroup, one of the leading Italian IT players, in 2024.
A pioneer in Continuous Controls Monitoring (CCM), Quod Orbis provides complete and constant visibility into a company’s cybersecurity, compliance and risk posture. Quod Orbis’ ability to connect with every piece of technology within a business, unrivalled automation capabilities and continual support enables the company to serve a global client base across a wide variety of industries.
Innovative Systems, a leading provider of enterprise data, compliance, and integration solutions, has launched FinScan Marketplace
SHARE THIS STORY
The platform will serve as a one-stop shop for anti-money laundering (AML) compliance. It offers a streamlined approach to managing compliance risk and unified case management via a central hub for all related activities. FinScan Marketplace positions itself as a trusted partner for organisations navigating today’s complex, global regulatory landscape.
Removing the complexity of AML compliance
“Our goal with FinScan Marketplace is to remove the complexity of AML compliance. We bring everything organisations need into one unified platform,” said Deborah Overdeput, Chief Marketing Officer at Innovative Systems. “This launch reflects our commitment to delivering solutions that simplify processes. We empower compliance teams to work smarter, and ensure organisations remain vigilant. And fully aligned with evolving regulatory requirements in a rapidly changing landscape.”
FinScan Marketplace revolutionises how organisations manage their AML portfolio. It provides a single, easy-to-navigate interface. Customers can seamlessly access a comprehensive suite of tools. These include sanctions screening, KYC checks, adverse media screening, payment screening, and risk scoring, with additional features continually in development.
FinScan Marketplace
At the heart of FinScan Marketplace is its unified case management system. This integrates all critical AML processes into a cohesive workflow. From performing due diligence checks to monitoring transactions and investigating potential risks, customers can manage everything within a single platform. This integration saves time, reduces errors, and ensures compliance efforts remain seamless and effective.
FinScan Marketplace provides customers with a clear vision of the platform’s evolution. Its intuitive interface lets users view in-progress product developments, register interest in upcoming features. Furthermore, they can participate in design feedback sessions. This approach ensures future enhancements align closely with real-world compliance needs.
“We are not just delivering tools; we are creating partnerships with our customers by building solutions that adapt to their challenges,” Overdeput added. “Transparency and collaboration are key pillars of the FinScan Marketplace.”
Innovative Systems for AML
FinScan Marketplace reflects Innovative Systems’ dedication to becoming a trusted partner for a host of organisations. These include financial institutions, insurance companies, fintechs, casinos and gaming entities, charities and non-profits, government agencies, and other organisations it serves. By continuously delivering value, anticipating industry needs, and prioritising customers’ feedback in its development process, the company demonstrates its commitment to supporting effective and reliable AML compliance.
Innovative Systems delivers enterprise data, compliance, and integration solutions through the company’s leading FinScan®, Enlighten®, and PostLocate® brands. These solutions offer actionable insights and enable organizations to identify the hidden opportunities or risks in their data. We have pioneered best-in-class data quality, data management, and risk and compliance solutions in thousands of applications across more than 65 countries. Our cloud-based (SaaS), on-premise, and hybrid offerings deliver dramatic, measurable improvements in accuracy, cost, and time to production over alternatives. Learn more at innovativesystems.com
About FinScan
Trusted by hundreds of organisations worldwide, Innovative Systems, Inc.’s FinScan offers advanced Anti-Money Laundering (AML) compliance technology and consulting solutions. Built on decades of experience in data management and proprietary matching technologies, FinScan provides a data-first, risk-based approach to ensure unparalleled accuracy and efficiency in identifying and reducing risk, accelerating AML compliance workflows, and optimising team productivity. FinScan’s comprehensive, integrated platform includes Know Your Customer (KYC), unparalleled sanctions screening, risk scoring, data quality, and advisory services for implementing a holistic compliance program. FinScan offers flexible deployment including SaaS, on-premise, and hybrid options. FinScan’s SaaS clients are screening more than 300 billion names a year. Learn more at finscan.com
Alex Mosher, Chief Revenue Officer at Armis, on why businesses are prioritising their cybersecurity budgets, ensuring they have the resources needed to counteract emerging threats
SHARE THIS STORY
Cybersecurity is no longer optional. In 2025, we expect a significant uptick in overall spending. With threats becoming more sophisticated, organisations recognise the imperative to invest adequately in cybersecurity measures. This trend is driven by the growing awareness that the cost of a cyber-attack far outweighs the investment required to prevent it.
In 2025, there will be a marked shift toward comprehensive security solutions that offer integrated functionalities. Companies will increasingly seek platforms that provide threat detection, incident response, and compliance management within a single solution. This trend arises from the need to simplify security management and reduce complexity. Siloed solutions are ineffective, expensive and reduce the efficiency of security teams with finite resources. Furthermore, by consolidating various security functions into a unified platform, businesses can streamline their processes and enhance their overall security posture. Integrated solutions offer a holistic approach to cybersecurity, addressing multiple aspects of an organisation’s security needs. The move toward comprehensive solutions also reflects a broader understanding of the interconnectedness of cybersecurity elements. A unified solution that addresses multiple areas provides a more robust defence against potential breaches.
Emphasis on Automation and AI
Automation and artificial intelligence (AI) are revolutionising the cybersecurity landscape. Organisations increasingly prioritise spending on AI-driven security solutions to enhance threat detection and response capabilities. The focus will be on tools that streamline incident response, reduce manual workloads, and enable security teams to focus on more strategic initiatives. Moreover, the trend will also include spending on analytics tools that help organisations understand and mitigate risks based on the current threat landscape. Threat intelligence and analytics play a pivotal role in enhancing an organisation’s security posture.
AI technologies offer a proactive approach to cybersecurity, allowing organisations to identify and mitigate threats in real-time. By leveraging machine learning algorithms and data analytics, businesses can gain deeper insights into potential vulnerabilities and respond swiftly to emerging threats. The emphasis on automation and AI is driven by the need to enhance efficiency and effectiveness in cybersecurity operations. By automating routine tasks and employing AI for advanced threat detection, businesses can optimise their resources and achieve a more robust security posture.
Investment in Cloud Cybersecurity Solutions
The migration to cloud environments continues to accelerate, driving the need for robust cloud security solutions. Key investment areas will include cloud security posture management (CSPM) and cloud workload protection platforms (CWPP). The emphasis on cloud security reflects the growing reliance on cloud services for business operations. Moreover, organisations recognise that securing their cloud environments is paramount to safeguarding digital assets and ensuring regulatory compliance. Investments in cloud security solutions also align with the broader trend toward digital transformation. Businesses are leveraging the cloud to drive innovation and agility. This neessitates a strong security framework to protect their evolving digital ecosystems.
Enhanced Budgeting for Compliance and Regulatory Needs
Data protection and privacy regulations are becoming increasingly stringent worldwide. Also, this necessitates enhanced budgeting for compliance-related cybersecurity solutions. I expect organisations to allocate more resources to auditing tools, risk management platforms, and solutions that help them meet regulatory requirements such as GDPR, CCPA, and HIPAA.
The emphasis on compliance reflects a growing awareness of the legal and reputational risks associated with non-compliance. Investing in compliance-related solutions also aligns with the broader trend toward data-driven decision-making. Moreover, by implementing tools that ensure alignment with regulatory requirements, organisations can demonstrate their commitment to ethical data practices and build trust among stakeholders.
Growth in Cybersecurity Insurance Expenditures
Cyber insurance is becoming an essential component of an organisation’s risk management strategy. The growth in cybersecurity insurance expenditures reflects a broader awareness of the financial implications of cybersecurity threats. Investing in cyber insurance aligns with the emphasis on accountability in cybersecurity spending. By securing coverage for potential losses, businesses can demonstrate their commitment to protecting their assets and ensuring business continuity in the face of unforeseen events.
By understanding the key cyber spending patterns outlined here, businesses can make informed decisions. They can enhance their security posture to protect their valuable assets and ensure business continuity as we move into 2025.
Seth Ruden, Director of Global Advisory at BioCatch, on how the UK’s financial institutions can be better prepared to deal with authorised push payment (APP) scams
SHARE THIS STORY
The focus on authorised push payment (APP) fraud scams – where scammers impersonate reputable individuals or institutions – has increasingly shifted to whether banks should reimburse customers for funds stolen by scammers. We can gain valuable insights from the approaches taken by financial institutions in the UK. They are leading the way with their cybersecurity efforts compared to their counterparts in other regions.
First, British banks established a standardised reporting system and typology. This is a fundamental first step that every financial institution should take to grasp the full scope of how financial fraud affects banking consumers. Banks may disclose the type of fraud, the amount of money stolen, and the bank measures used to prevent the scam from occurring. This centralised view brings the true scope of the totality of scams into focus.
Three ways the UK’s financial institutions are leading in the fight against fraud
Second, the UK has developed strategies to identify specific scams and reduce their losses. The regulator added a slew of new controls to banks, including confirmation of payee, scam and transaction-specific interventions, and money mule account controls for those receiving the illicit funds. Before regulation, not every financial institution had implemented these controls, providing an uneven playing field and allowing scams to flourish. Banks outside the UK should not wait for regulators to mandate controls like these. They should do it on their own accord to prove they realise the magnitude of the scam problem and the severity of its impact on bank customers.
Improved consumer financial scam controls should be a minimum requirement for financial institutions in 2024. These controls should cover: authorised push payment behavioural analysis, money mule behaviour around both account opening and account activity, and analysis of both inbound and outbound transactions. Furthermore, detecting and then closing money mule accounts – used by fraudsters as an intermediate stop between the victim’s account and the final destination for the stolen funds – is absolutely critical, as they serve as the backbone for every consumer-based financial scam.
The third? Getting involved. Banks need to integrate themselves and participate with industry and trade associations – such as the FS-ISACs and GASA (Global Anti Scam Alliance). These associations provide opportunities to network with peer institutions and others in the fraud value chain to share scam information and learn from each other.
Effective Fraud Prevention: A practical assessment of Key Strategies
Many banks today use precision anomaly detection and behavioural biometrics to notify them when a fraudulent transaction takes place. Financial institutions in the UK often issue actionable alerts to clients in real-time. Santander UK, for example, now asks customers if they have seen the item in person before approving a payment through Facebook Marketplace. For online account opening, there are good solutions for bot-detection to prevent automated bots from opening new accounts, behavioural biometrics to detect suspicious patterns of data entry, and solutions that can analyse the customer KYC data. A secondary benefit of strong account opening controls is the reduction of operational costs to close bogus accounts.
For detecting existing money mule accounts, traditionally it required tracking the circulation of funds, both the inbound and outbound transaction activity and looking for anomalies (e.g. high value in and then immediately transferred out). Now, user behaviour anomalies – such as changes in the user’s input/output device activity or navigation preferences – may indicate a change in account control before the suspicious transactions take place.
Protecting Customers: What the future holds for Financial institutions
Since the UK’s introduction to faster payments, the region has become a centre of research for the rest of the world. However, eliminating threats to UK customers and their money has remained difficult despite an increase in regulation. While Governments and international groups are starting to identify and take down some of these organisations there are still hundreds of thousands of scammers and coerced individuals involved in these intricate schemes. A key challenge for financial institutions is understanding how scammers get their customers to initiate authorised payment. However, these challenges can be combatted by understanding the psychology behind how scammers work which can be a prominent factor in tackling the problem. Financial institutions must ensure that, in a few years’ time, they can confidently answer ‘yes’ to the question: Did we do enough to help eliminate consumer financial scams?
Other key findings include surge of info-stealers and botnets, an increase in evasive malware and a rise in network attacks across the Asia Pacific
SHARE THIS STORY
WatchGuard® Technologies, a global leader in unified Cybersecurity, today released the findings of its latest Internet Security Report. The quarterly analysis details the top malware, network, and endpoint security threats observed during the second quarter of 2024.
Among the report’s key findings was that 7 of the Top 10 malware threats by volume were new this quarter. Furthermore, this indicates threat actors are pivoting toward new techniques. The new top threats included Lumma Stealer. This advanced malware is designed to steal sensitive data from compromised systems. Also, a Mirai Botnet variant, which infects smart devices and enables threat actors to turn them into remotely controlled bots. And a LokiBot malware, which targets Windows and Android devices and aims to steal credential information.
Cybersecurity fears for Blockchain
WatchGuard’s Cybersecurity Threat Lab also observed new instances of threat actors employing “EtherHiding”. A method of embedding malicious PowerShell scripts in blockchains such as Binance Smart Contracts. In these instances, a fake error message linking to the malicious script appears on compromised websites, prompting victims to “update your browser”. Malicious code in blockchains poses a long-term threat. As blockchains are not meant to be changed, theoretically, a blockchain could become an immutable host of malicious content.
“The latest findings in the Q2 2024 Internet Security Report reflect how threat actors tend to fall into patterns of behaviour. Certain attack techniques become trendy and dominant in waves,” said Corey Nachreiner, CSO, WatchGuard Technologies. “Moreover, the report illustrates the importance of routinely updating and patching software and systems to address security gaps and ensure threat actors cannot exploit older vulnerabilities. Adopting a defence-in-depth approach, which can be executed effectively by a dedicated managed service provider, is a vital step toward combating these cybersecurity challenges successfully.”
Additional key findings from WatchGuard’s Report include:
Malware detections were down 24% overall. This drop was caused by a 35% decrease in signature-based detections. However, threat actors were simply shifting focus to more evasive malware. Moreover, in Q2 2024, the Threat Lab’s advanced behavioural engine that identifies ransomware, zero-day threats, and evolving malware threats, found a 168% increase in evasive malware detections quarter-over-quarter.
Network attacks increased 33% from Q1 2024. Across regions, the Asia Pacific accounted for 56% of all network attack detections, more than doubling since the previous quarter.
An NGINX vulnerability, originally detected in 2019, was the top network attack by volume in Q2 2024. It had not appeared in the Threat Lab’s Top 50 network attacks in previous quarters. The vulnerability accounted for 29% of total network attack detection volume, or approximately 724,000 detections across the US, EMEA, and APAC.
The Fuzzbunch hacking toolkit emerged as the second-highest endpoint malware threat detected by volume. The toolkit serves as an open-source framework that can be used to attack Windows operating systems. It was stolen during The Shadow Brokers’ attack of the Equation Group, an NSA contractor, in 2016.
Seventy-four percent of all browser-initiated endpoint malware attacks targeted Chromium-based browsers, which include Google Chrome, Microsoft Edge, and Brave.
A signature that detects malicious web content, trojan.html.hidden.1.gen, came in as the fourth most-widespread malware variant. The most common threat category caught by this signature involved phishing campaigns. These gather credentials from a user’s browser and deliver this information to an attacker-controlled server. Curiously, the Threat Lab observed a sample of this signature targeting students and faculty at Valdosta State University in Georgia.
UnaFinancial study identifies cybersecurity as most influential factor driving FinTech growth
SHARE THIS STORY
A recent study from UnaFinancial has identified cybersecurity as the most influential factor driving the development of FinTech worldwide, with a 63% significance. The second most impactful factor is the average hourly wage rate, with a 13% significance.
The study showed that FinTech growth in Europe, America, and globally has the strongest correlation with the size of the cybersecurity market, with correlation coefficients of 0.8714, 0.9762, and 0.8607, respectively.
In Asia, however, FinTech growth was more closely tied to the size of the consumer electronics market (0.9403). Meanwhile in Africa, it correlated with consumer spending volumes (0.7427). Therefore, globally, cybersecurity emerges as the most significant driver of FinTech growth. More vital protection facilitates a more robust FinTech environment.
Economic Disparities with Cybersecurity: High Income vs Low Income Economies
Economic status also plays a crucial role in shaping FinTech dynamics. High-income countries display pronounced correlations with various factors. Notably, the size of the cybersecurity market (0.6923), consumer electronics market (0.5839), average wage rates (0.6237), and consumer spending volumes (0.6971) are all significantly linked to FinTech growth.
Conversely, low-income economies exhibit no substantial correlations with these factors, highlighting a disparity in FinTech development influenced by financial resources and technological infrastructure.
Middle-income countries show a more nuanced relationship, with FinTech volumes correlating with nominal GDP (0.5373), the cybersecurity market (0.5727), consumer electronics (0.5637), fintech hubs (0.5409), and consumer spending volumes (0.6136). This suggests that while multiple factors impact middle-income countries, cybersecurity remains a vital component.
Quantifiable Cybersecurity Impact on FinTech
Furthermore, another interesting finding was the measurable impact of various factors on FinTech transactions. For example, for every $1 million increase in the global cybersecurity market, FinTech transactions per adult are expected to rise by $31.6. Similarly, a $1 increase in the average hourly wage could boost FinTech transactions by $67.5. The establishment of just one more FinTech hub could increase global FinTech transactions per capita by $839.
Remarkably, as a country’s income grows, the correlation between FinTech growth and two factors—cybersecurity market size and average wage rates—becomes stronger. This means these factors may indeed influence the development of FinTech across a country.
A deeper non-linear analysis further validated the significance of these factors. It revealed that the cybersecurity market is the most influential driver of FinTech growth, with 63% of significance, followed by the average wage rate (13%). As we advance into an increasingly digital future, the investment in and enhancement of cybersecurity will remain a cornerstone of FinTech innovation and expansion.
UnaFinancial Study
The UnaFinancial study considered data from 2022 for 146 countries, which were grouped into four regions: Asia, Europe, Africa and America. The potential factors under consideration included gender ratio, nominal GDP per capita, Internet penetration, cybersecurity market volumes per capita, consumer electronics market volumes, number of FinTech hubs per 100,000 people, average hourly wages, consumer spending per capita, direct investment as a share of GDP, unemployment rates, trade volume relative to GDP, and share of urban population.
The study not only illuminates the integral role of cybersecurity but also provides a roadmap for understanding how various factors interplay to influence the global FinTech landscape. In this digital age, safeguarding financial transactions and technologies is as critical as ever. Moreover, ensuring that FinTech continues to flourish amidst evolving challenges and opportunities.
Gabe Hopkins, Chief Product Officer at Ripjar, on how GenAI can transform compliance
SHARE THIS STORY
Generative AI (GenAI) has proven to be a transformational technology for many global industries. Particularly those sectors looking to boost their operational efficiency and drive innovation. Furthermore, GenAI has a range of use cases, and many organisations are using it to create new, creative content on demand – such as imagery, music, text, and video. Others are using the new tools at their disposal to perform tasks and process data. This makes previously tedious activities much more manageable, saving considerable time, effort, and finances in the process.
However, compliance as a sector has traditionally shown hesitancy when it comes to implementing new technologies. Taking longer to implement new tools due to natural caution about perceived risks. As a result, many compliance teams will not be using any AI, let alone GenAI. This hesitancy means these teams are missing out on significant benefits. Especially at a time when other less risk-averse industries are experiencing the upside of implementing this technology across their systems.
To avoid falling behind other diverse industries and competitors, it’s time for compliance teams to seriously consider AI. They need to understand the ways the technology – specifically GenAI – can be utilised in safe and tested ways. And without introducing any unnecessary risk. Doing so will revolutionise their internal processes, save work hours and keep budgets down accordingly.
Understanding and overcoming GenAI barriers
GenAI is a new and rapidly developing technology. Therefore, it’s natural compliance teams may have reservations surrounding how it can be applied safely. Particularly, teams tend to worry about sharing data, which may then be used in its training and become embedded into future models. Moreover, it’s also unlikely most organisations would want to share data across the internet. Strict privacy and security measures would first need to be established.
When thinking about the options for running models securely or locally, teams are likely also worried about the costs of GenAI. Much of the public discussion of the topic has focussed on the immense budget required for preparing the foundation models.
Additionally, model governance teams within organisations will worry about the black box nature of AI models. This puts a focus on the possibility for models to embed biases towards specific groups, which can be difficult to identify.
However, the good news is that there are ways to use GenAI to overcome these concerns. This can be done by choosing the right models which provide the necessary security and privacy. Fine-tuning the models within a strong statistical framework can reduce biases.
In doing so, organisations must find the right resources. Data scientists, or qualified vendors, can support them in that work, which may also be challenging.
Overcoming the challenges of compliance with AI
Despite initial hesitancy, analysts and other compliance professionals are positioned to gain massively by implementing GenAI. For example, teams in regulated industries – like banks, fintechs and large organisations – are often met with massive workloads and resource limits. Depending on which industry, teams may be held responsible for identifying a range of risks. These include sanctioned individuals and entities, adapting to new regulatory obligations and managing huge amounts of data – or all three.
The process of reviewing huge quantities of potential matches can be incredibly repetitive and prone to error. If teams make mistakes and miss risks, the potential impact for firms can be significant. Both in terms of financial and reputational consequences.
In addition, false positives – where systems or teams incorrectly flag risks and false negatives – where we miss risks that should be flagged, may come from human error and inaccurate systems. They are hugely exacerbated by challenges such as name matching, risk identification, and quantification.
As a result, organisations within the industry quite often struggle to hire and retain staff. Moreover, this leads to a serious skills shortage amongst compliance professionals. Therefore, despite initial hesitancy, analysts and other compliance professionals stand to gain massively by implementing GenAI without needing to sacrifice accuracy.
Generative AI – welcome support for compliance teams
There are numerous useful ways to implemented GenAI and improve compliance processes. The most obvious is in Suspicious Activity Report (SAR) narrative commentary. Compliance analysts must write a summary of why a specific transaction or set of transactions is deemed suitable in a SAR. Long before the arrival of ChatGPT, forward thinking compliance teams were using technology based on its ancestor technology to semi-automate the writing of narratives. It is a task that newer models excel at, particularly with human oversight.
Producing summarised data can also be useful when tackling tasks such as Politically Exposed Persons (PEP) or Adverse Media screenings. This involves compliance teams performing reviews or research on a client to check for potential negative news and data sources. These screenings allow companies to spot potential risks. It can prevent them from becoming implicated in any negative relationships or reputational damage.
By correctly deploying summary technology, analysts can review match information far more effectively and efficiently. However, like with any technological operation, it is essential to consider which tool is right for which activity. AI is no different. Combining GenAI with other machine learning (ML) and AI techniques can provide a real step change. This means blending both generalised and deductive capabilities from GenAI with highly measurable and comprehensive results available in well-known ML models.
Profiling efficiency with AI
For example, traditional AI can be used to create profiles, differentiating large quantities of organisations and individuals separating out distinct identities. The new approach moves past the historical hit and miss where analysts execute manual searches limiting results by arbitrary numeric limits.
Once these profiles are available, GenAI can help analysts to be even more efficient. The results from the latest innovations already show GenAI-powered virtual analysts can achieve, or even surpass, human accuracy across a range of measures.
Concerns about accuracy will still likely impact the rate of GenAI adoption. However, it is clear that future compliance teams will significantly benefit from these breakthroughs. This will enable significant improvements in speed, effectiveness and the ability to respond to new risks or constraints.
Ripjar is a global company of talented technologists, data scientists and analysts designing products that will change the way criminal activities are detected and prevented. Our founders are experienced technologists & leaders from the heart of the UK security and intelligence community all previously working at the British Government Communications Headquarters (GCHQ). We understand how to build products that scale, work seamlessly with the user and enhance analysis through machine learning and artificial intelligence. We believe that through this augmented analysis we can protect global companies and governments from the ever-present threat of money laundering, fraud, cyber-crime and terrorism.
Gunnar Már Gunnarsson, Co-founder & CTO of PAYSTRAX on the potential for tokenisation to improve digital payments
SHARE THIS STORY
The forward to the Bank of England’s most recent report on innovation in payments begins with the words:
“The concept at the heart of money is trust – a trust which is hard won but easily lost.”
In today’s financial climate, where digital transactions have become the norm, trust and security are more crucial than ever. However, 84% of consumers don’t completely trust online payments, and many drop out before they complete a purchase online due to safety concerns and a lack of payment options.
Tokenisation presents a way forward, offering an increased level of trust and efficiency that could tackle the concerns of consumers. And offer business increased security in the payments process. By replacing sensitive payment card information with unique identifiers (tokens), this technology provides a safe way to handle payment data from seller to consumer.
As the future of payments continues to evolve, safety, simplicity and global alignment will be essential. Tokenisation stands at the forefront of this with the potential to not only reduce fraud but also improve the customer experience.
An extra safeguard against cybercrime with tokenisation
The issue many businesses and customers face is that their data remains exposed during transactions. This increases the risk of fraud and company liability issues in the event of data breaches. Tokenisation technology replaces sensitive data with a unique, randomly generated string of symbols that cannot be easily interpreted. This provides an extra safeguard against cybercrime. This added level of security benefits both consumers and businesses. It can reduce vulnerabilities in everything from online purchases to mobile payments.
For merchants, this is particularly beneficial. By keeping sensitive information, such as customers’ card details, outside their own systems, they minimise the risk of security breaches. Tokenisation also helps businesses meet compliance standards, such as PCI-DSS (Payment Card Industry Data Security Standard). With no need to store or transmit sensitive data, companies can lower their security management responsibilities and reduce the overall costs of compliance. Tokenisation facilitates this easier compliance by deferring regulatory requirements across regions. Businesses can then rely on tokenised data instead of managing the security of the original PAN (Primary Account Number).
Enhancing the payment experience with tokenisation
Friction during transactions has long been an issue in finance, costing the industry $2 billion dollars a year in lost payments. Consumers increasingly expect faster and more seamless payments in all aspects of their life, from in store shopping to online purchases.
With tokenisation technology, the payment process becomes faster. Sensitive information no longer needs to be re-entered or verified externally during each transaction. This reduction in data exposure reduces the risk of fraud while maintaining the rapid pace of real-time payments. Overall this creates a secure and safe payment process for businesses while not interrupting the real-time user experience.
Frictionless payments aren’t the only benefit of tokenisation. With customers being more likely to complete purchases when a tokenisation system is in play, with Visa reporting that authorisation rates improve by 2.1% using the technology. This is mostly due to the dynamic card-on-file information that tokenisation provides. It reduces payment failures and ensures a smoother purchase process, with failed payments no longer an issue.
A final example for how tokenisation enhances payment experience both user and provider side can be found in B2B Cross-Border payments. The market is projected to grow significantly, with estimates indicating a 43% increase to reach $56.1 trillion by 2030. The risk of fraud grows with this, alongside increasingly in depth and complex international laws and national regulations, companies need both security, and to be customer facing in their plans. Technologies that secure payments and provide seamless transactions, like tokenisation, are pivotal in supporting this growth by reducing risks and improving efficiency.
The future of payments
As alternative payment methods and RTP networks continue to rise, tokenisation will be crucial in creating a global payments ecosystem that is both secure and frictionless. Visa has issued over 9.5 billion tokens globally, with Mastercard reporting over 50% year-over-year growth in tokenised transactions. This rapid adoption highlights the importance of tokenisation in building secure, efficient payment networks.
By reducing fraud, simplifying security management, and improving the overall customer experience, tokenisation is set to play a leading role in shaping the future of payments. Especially as digital and cross-border transactions become increasingly important.
It’s more than just a security measure. It’s a critical technology that enhances the entire payment ecosystem, making transactions faster, safer, and more efficient for all parties involved.
Gunnar Már Gunnarsson, Co-founder & CTO of PAYSTRAX
Cullen Zandstra, CTO at FloQast on mitigating the risks of AI to deliver benefits to financial services
SHARE THIS STORY
There’s a lot of buzz around Generative AI (GenAI). What’s not always heard beneath the noise are the very real and serious risks of this fast-developing AI tech. Let alone ways to mitigate these emerging threats.
Currently, one quarter (26%) of accounting and bookkeeping practices in the UK have now adopted GenAI in some capacity. That figure is predicted to grow for many years to come.
With this in mind, and as we hit the crest of the GenAI hype cycle, it’s critically important that leaders focus closely on the potential risks of AI deployment. They need to proactively prepare to mitigate them, rather than picking up the pieces after an incident.
Navigating the risky transition to AI
The benefits of AI are well-proven. For finance teams, AI is a powerup that unlocks major performance and efficiency boosts. It significantly enhances their ability to generate actionable insights swiftly and accurately, facilitating faster decision-making. AI isn’t here to take over but to augment the employees’ capabilities. Ultimately improving leaders’ trust in the reliability of financial reporting.
One of the most exciting aspects of AI is its potential to enable organisations to do more with less. Which, in the context of an ongoing talent shortage in accounting, is what all finance leaders are seeking to do right now. By automating routine tasks, AI empowers accountants to focus on higher-level analysis and strategic initiative, whilst drawing on fewer resources. GenAI models can help to perform routine, but important tasks. These include producing reports for key stakeholders and ensuring critical information is effectively and quickly communicated. It enables timely and precise access to business information, helping leaders to make better decisions.
However, GenAI also represents a new source of risk that is not always well understood. We know that threat actors are using GenAI to produce exploits and malware. Simultaneously levelling up their capabilities and lowering the barrier of entry for lower-skilled hackers. The GenAI models that power chatbots are vulnerable to a growing range of threats. These include prompt injection attacks, which trick AI into handing over sensitive data or generating malicious outputs.
Unfortunately, it’s not just the bad guys who can do damage to (and with) AI models. With great productivity comes great responsibility. Even an ambitious, forward-thinking, and well-meaning finance team could innocently deploy the technology. They could inadvertently make mistakes that cause major damage to their organisation. Poorly managed AI tools can expose sensitive company and customer financial data, increasing the risk of data breaches.
De-risking AI implementation
There is no technical solution you can buy to eliminate doubt and achieve 100% trust in sources of data with one press of a button. Neither is there a prompt you can enter into a large language model (LLM).
The integrity, accuracy, and availability of financial data are of paramount importance during the close and other core accountancy processes. Hallucinations (another word for “mistakes”) cannot be tolerated. Tech can solve some of the challenges around data needed to eliminate hallucinations – but we’ll always need humans in the loop.
True human oversight is required to make sure AI systems are making the right decisions. We must balance effectiveness with an ethical approach. As a result, the judgment of skilled employees is irreplaceable and is likely to remain so for the foreseeable future. Unless there is a sudden, unpredicted quantum leap in the power of AI models. It’s crucial that AI complements our work, enhancing rather than compromising the trust in financial reporting.
A new era of collaboration
As finance teams enhance their operations with AI, they will need to reach across their organisations to forge new connections and collaborate closely with security teams. Traditionally viewed as number-crunchers, accountants are now poised to drive strategic value by integrating advanced technologies securely. The accelerating adoption of GenAI is an opportunity to forge links between departments which may not always have worked closely together in the past.
By fostering a collaborative environment between finance and security teams, businesses can develop robust AI solutions. They can boost efficiency and deliver strategic benefits while safeguarding against potential threats. This partnership is essential for creating a secure foundation for growth.
AI in accountancy: The road forward
The accounting profession stands on the threshold of an era of AI-driven growth. Professionals who embrace and understand this technology will find themselves indispensable.
However, as we incorporate AI into our workflows, it is crucial to ensure GenAI is implemented safely and does not introduce security risks. By establishing robust safeguards and adhering to best practices in AI deployment, we can protect sensitive financial information and uphold the integrity of our profession. Embracing AI responsibly ensures we harness its full potential while guarding against vulnerabilities, leading our organisations confidently into the future.
Founded in 2013, FloQast is the leading cloud-based accounting transformation platform created by accountants, for accountants. FloQast brings AI and automation innovation into everyday accounting workflows, empowering accountants to work better together and perform their tasks with greater efficiency and accuracy. Now controllers and accountants can spend more time delivering greater strategic value while enjoying a better work-life balance.
Henry Balani, Global Head of Industry & Regulatory Affairs at Encompass Corporation, on meeting the demand for improved risk management, operational efficiency, and customer service with pKYC
SHARE THIS STORY
The traditional banking and finance industry is evolving. Processes are experiencing a digital transformation as a result of perpetual Know Your Customer (pKYC). The pKYC approach enables modern banks to continuously update and verify customer information in real time. Banks are moving away from the reliance on periodic reviews. This change is driven by technological advancements. And the increasing demand for dynamic and responsive regulatory compliance mechanisms.
Perpetual KYC
Conventional KYC processes commonly involve periodic reviews of customer information at fixed intervals. These reviews are typically conducted every one, three, or five years. While these reviews are thorough and comprehensive, they are also static. This can result in outdated information, potentially overlooking changes in customer risk profiles or new compliance requirements.
On the other hand, perpetual KYC is dynamic and event driven. Through its continuous and automated approach, pKYC enables financial institutions to address risks and compliance needs in real-time. These risks can be determined by continuously monitoring customer activities. Furthermore, automatically updating profiles in response to specific triggers, including changes in personal information, significant transactions, or alterations in beneficial ownership.
Gaining a competitive advantage with pKYC
By leveraging pKYC, banks, and other regulated financial institutions can take advantage of a range of benefits. These are crucial in the modern digital era to gain a competitive edge. Through continuous monitoring, pKYC enables financial institutions to identify and address potential risks promptly. This real-time approach helps mitigate risks associated with financial crimes. Moreover, it ensures compliance with the latest regulatory standards.
pKYC will lead to operational efficiency and cost reduction. By automating many of the manual processes involved in KYC, pKYC significantly reduces the time and resources needed for compliance. This allows financial institutions to focus their efforts on high-risk cases, rather than conducting blanket reviews for all customers, resulting in substantial cost savings.
This process also enables many banks to improve their customer service and management. It also enhances the customer’s experience. With pKYC, customers are not subjected to frequent, intrusive reviews if their profiles remain stable. This results in a smoother and more positive customer experience, potentially increasing overall customer satisfaction and loyalty. Additionally, automated systems minimise human error and ensure consistency in applying KYC policies. This enhances overall regulatory compliance and reduces the risk of non-compliance penalties.
Perpetual KYC implementation: Challenges and considerations
Implementing a pKYC operating model is not straightforward. It requires the right blend of infrastructure and operating process. Every firm’s pKYC journey and ecosystem will be unique and cut across people, processes and technologies.
Data is central to the success of pKYC as reviews based on event changes (aka event driven triggers) will not be effective if client information is outdated, missing or incorrect. Without consistent access to relevant and accurate client information, pKYC is impossible. Corporate Digital Identity (CDI) is fast emerging as a foundation for ensuring valid customer information is collected for successful pKYC operations.
Being able to leverage this data requires an ecosystem of technology, which may be developed in house, utilising third-party RegTech providers, or a combination of both. This technology should drive how data is stored, structured and accessed so that pKYC triggers can be comprehensively managed. Customer lifecycle management systems (CLMs) are particularly relevant to pKYC as they connect all components along the workflow processes.
Importantly, overarching executive sponsorship is needed to ensure a successful outcome in transformation initiatives. Recognising the structural and cross departmental challenge, influential sponsors will align the multiple stakeholders involved in driving this change and will champion a firm’s pKYC strategy and approach to regulators and other key stakeholders.
Ultimately, pKYC must be future-proof and scalable, ready to adapt in line with business strategy and regulation to keep firms competitive.
The future of pKYC
The adoption of pKYC is growing, driven by regulatory pressures and the increasing complexity of financial crimes. Financial institutions are recognising the benefits of a proactive, real-time approach to compliance and risk management. The move towards pKYC is seen as a necessary evolution to stay ahead in a highly regulated and competitive financial environment.
As the technological landscape continues to evolve, integrating advanced technologies such as blockchain and further developments in AI and ML will likely enhance pKYC systems’ capabilities. Ensuring higher levels of compliance and risk mitigation, these technologies are able to provide more robust and secure mechanisms for customer verification and monitoring.
Blockchain technology can be utilised to further improve the initial customer authentication and validation process. As a result, we can expect improvements and advancements in the quality of customer data collected during initial customer onboarding processes. Financial institutions can then leverage AI-enhanced tools that can identify and collect the necessary attributes during document processing stages. This ensures that pKYC will utilise relevant, accurate, and up-to-date data. Perpetual KYC represents a significant departure from traditional, periodic KYC, as it offers a wide range of benefits in real-time risk management, operational efficiency, and customer experience. Although the implementation of pKYC poses certain challenges, it also provides numerous advantages, making it an increasingly attractive solution for financial institutions aiming to enhance their compliance and risk management frameworks and maintain a competitive edge in a rapidly evolving regulator landscape.
Digital banking offers increased convenience and accessibility. However, this growth also exposes banks to heightened cybersecurity risks. Protecting data and…
SHARE THIS STORY
Digital banking offers increased convenience and accessibility. However, this growth also exposes banks to heightened cybersecurity risks. Protecting data and information is crucial to maintaining customer trust and preventing financial loss.
Cybercrime poses a significant threat to the digital banking industry. According to Cybercrime Magazine, cybercrime costs will increase by 15% over the next five years and reach $10.5 trillion by 2025. These attacks target sensitive information and funds, causing substantial damage to banks.
To mitigate these risks, banks must implement robust cybersecurity measures to safeguard digital systems and data.
1. Strong Authentication
The Payment Services Directive (PSD2) mandates strong customer authentication (SCA) to reduce fraud and enhance online payment security. This directive imposes specific requirements on market participants to meet new obligations. The European Banking Authority (EBA) developed regulatory technical standards (RTS) based on the Commission’s authority under PSD2.
The RTS aims to protect consumers and create a level playing field within the evolving financial technology market. To achieve this, the RTS establishes security measures for payment service providers — including banks and other financial institutions — when processing payments or offering payment-related services.
2. Encryption
Unencrypted data is a common cyber threat. Hackers can easily access this data type and give severe consequences for banks. According to Statista, the average cost of a data breach worldwide is $4.45 million dollars. However, data breaches not only cause substantial financial loss for recovery and ransom payments but also damage a bank’s reputation.
To prevent these issues, all digital banking data must be encrypted. This safeguards information and makes it difficult for cybercriminals to access even if stolen. Encryption transforms data into a coded format that requires a specific key to decipher. Only individuals with the correct key can view the original data.
Encryption involves using an algorithm and a key to convert plain data into encrypted data. The original data can only be recovered by decrypting the ciphertext with the correct key.
3. Regular Cybersecurity Audit
A security audit is a thorough examination of an organisation’s IT infrastructure. This process verifies the effectiveness of security policies and procedures. Security audits assess how well an institution’s cybersecurity program operates. This includes reviewing policies, testing controls, and checking compliance with industry standards and regulations.
Banks and financial institutions face increasingly complex cyber threats. Regular security audits help identify vulnerabilities in systems. By discovering weaknesses, banks can strengthen defences with firewalls, antivirus, and antimalware software. A cybersecurity audit should be conducted by an independent expert to ensure objectivity.
4. Employee Training
The World Economic Forum reports that 95% of cyberattacks involve human error. This means hackers often exploit employee mistakes. They use tactics like phishing to deceive employees into revealing sensitive information. This can lead to data breaches and financial loss. For example, employees might click on malicious links, disclose confidential data, or leave devices unattended.
Therefore, bank employees must have training to recognize that cyberattacks are a constant threat. Moreover, the consequences of a breach can be severe for employees, customers, and the bank’s reputation. Cybercriminals operate in a lucrative industry, for that reason, it is imperative to equip employees with the knowledge to safeguard against these threats.
5. Incident Response Planning
An incident response plan is a formal document approved by bank leadership to guide the organisation before, during, and after a potential or confirmed security incident. The plan aims to reduce the impact of security events, limiting operational, financial, and reputational damage.
A successful incident response plan should be established before a security attack occurs and assigned to specific team members. IBM research shows companies with well-developed and tested response plans save an average of $2.66 million compared to those without such protocols.
To create an effective incident response plan, banks can reference established frameworks. For specific incident handling steps, The National Institute of Standards and Technology’s SP-800-61 and SANS’s Incident Handlers Handbook provide detailed blueprints. Aligning the incident response plan with these resources ensures a focused and effective approach to managing cybersecurity incidents.
Importance of Cybersecurity Measures
The increasing reliance on digital platforms exposes individuals and organisations to growing cybersecurity risks. Malicious actors exploit security weaknesses to steal personal information and compromise digital assets. Forbes reported a staggering increase in cyberattacks in 2023, impacting over 343 million people, with data breaches soaring by 72 percent from 2021 to 2023. These striking figures highlight the urgent need for state-of-the-art cybersecurity in digital banking.
WatchGuard’s Threat Lab cybersecurity research team forecast headline-stealing hacks involving LLMs, AI-based voice chatbots and VR/MR headsets. They also assess…
SHARE THIS STORY
WatchGuard’s Threat Lab cybersecurity research team forecast headline-stealing hacks involving LLMs, AI-based voice chatbots and VR/MR headsets. They also assess the impact of the war on talent, AI spear phishing and QR codes.
Watchguard leading on Cybersecurity
WatchGuard Technologies, a global leader in unified cybersecurity, offers an annual batch of predictions covering the most prominent attacks and information security trends that the WatchGuard Threat Lab research team believes will emerge each year. This year, these include malicious prompt engineering tricks targeting large language models (LLMs), managed service providers (MSPs) doubling down on unified security platforms with heavy automation, ‘Vishers’ scaling their malicious operations with AI-based voice chatbots, hacks on modern VR/MR headsets, and more…
“Every new technology trend opens up new attack vectors for cybercriminals,” said Corey Nachreiner, chief security officer at WatchGuard Technologies. “In 2024, the emerging threats targeting companies and individuals will be even more intense, complicated, and difficult to manage. Therefore, with an ongoing cybersecurity skills shortage, the need for MSPs, unified security, and automated platforms to bolster cybersecurity and protect organisations from the ever-evolving threat landscape have never been greater.”
Cybersecurity predictions
The following is a summary of the WatchGuard Threat Lab team’s top cybersecurity predictions for 2024:
Prompt Engineering Tricks Large Language Models (LLMs)
Companies and individuals are experimenting with LLMs to increase operational efficiency. However, threat actors are learning how to exploit LLMs for their own malicious purposes as well. During 2024, the WatchGuard Threat Lab predicts that a smart prompt engineer ‒ whether a criminal attacker or researcher ‒ will crack the code and manipulate an LLM into leaking private data.
MSPs Double Down on Security Services Via Automated Platforms
There are approximately 3.4 million open cybersecurity jobs, and fierce competition for available talent. More SMEs will turn to trusted managed service and security service providers, known as MSPs and MSSPs, to protect them in 2024. To accommodate growing demand and scarce staffing resources, MSPs and MSSPs will double down on unified cybersecurity platforms with heavy automation using artificial AI and Machine Learning.
AI Spear Phishing Tool Sales Boom on the Dark Web
Cybercriminals can already buy tools on the underground that send spam email, automatically craft convincing texts, and scrape the Internet and social media for a particular target’s information and connections. However, a lot of these tools are still manual and require attackers to target one user or group at a time. Well-formatted procedural tasks like these are perfect for automation via AI and machine learning. This makes it likely that AI-powered tools to combat cybersecurity will emerge as best sellers on the dark web in 2024.
AI-Based Vishing Takes Off in 2024
Voice over Internet Protocol (VoIP) and automation technology make it easy to mass dial thousands of numbers. Once a potential victim has been baited onto a call, it still takes a human scammer to reel them in. This system limits the scale of vishing operations. But in 2024 this could change. The combination of convincing deepfake audio and LLMs capable of carrying on conversations with unsuspecting victims will greatly increase the scale and volume of vishing calls. What’s more, they may not even require a human threat actor’s participation.
VR/MR Headsets Allow the Recreation of User Environments
Virtual and mixed reality (VR/MR) headsets are finally beginning to gain mass appeal. However, wherever new and useful technologies emerge, criminal and malicious hackers follow. In 2024, cybersecurity researchers forecast that either a researcher or malicious hacker will find a technique to gather some of the sensor data from VR/MR headsets to recreate the environment users are playing in.
Rampant QR Code Usage Results in a Headline Hack
Quick response (QR) codes provide a convenient way to follow a link with a device such as a mobile phone. They have been around for decades, but mainstream usage has exploded in recent years. Furthermore, Threat Lab cybersecurity analysts expect to see a major, headline-stealing hack in 2024 caused by an employee following a QR code to a malicious destination.
As digital payments continue their rapid ascent, understanding the accompanying cybersecurity challenges has never been more critical. Furthernore, with Statista…
SHARE THIS STORY
As digital payments continue their rapid ascent, understanding the accompanying cybersecurity challenges has never been more critical. Furthernore, with Statista forecasting a robust 9.52 percent annual growth rate for digital payments from 2024 to 2028, the urgency to address these security concerns intensifies.
While this growth brings unparalleled convenience, it also introduces new security vulnerabilities that must be addressed. Cybersecurity is fundamental in safeguarding confidential data against hacking, fraud, and data breaches. Implementing effective cybersecurity measures can also maintain trust between businesses and clients while preventing financial loss. To optimise cybersecurity, identifying the current threats to digital payment systems is a must for businesses and consumers.
Current Cybersecurity Threats
Digital banks face various threats that continually evolve as technology advances. By addressing these challenges head-on, banks can protect their users and continue the growth of digital payment.
Many types of cyber threats can disrupt digital payment systems:
Phishing attacks: These attacks use deceptive emails, phone calls, or texts to trick victims into revealing personal information, such as login credentials and financial details. The scam can lead to other types of cyber threats.
Malware: Malicious software that infiltrates systems to steal data, monitor activities, or lock accounts. Various forms of malwares have different functions, such as Trojans, Worms, and Spyware.
Man-in-the-Middle (MitM) Attacks: intercept communications between the user and the bank allowing attackers to steal sensitive information or funds.
Data breaches: Unauthorised access to digital bank databases exposes vast amounts of sensitive information, including personal and financial data.
Ransomware: It is an attack that employs malware to infiltrate computer systems to steal data, monitor activities, or lock accounts. The attackers then demand payment and keep disrupting the devices/websites until they are paid.
Credential stuffing: Attackers use stolen usernames and password combinations from other breaches to gain unauthorised access to accounts.
DDoS and DoS attacks: Distributed Denial-of-Service (DDoS) attacks overwhelm the bank’s servers, making online services unavailable to customers. Unlike the Denial-of-Service (DoS) attack where a single source is used to flood the target, DDoS use multiple sources of compromised devices (botnets).
Insider threats: Employees or contractors with access to sensitive information may intentionally or unintentionally cause data breaches or other security incidents.
Social engineering: Manipulating individuals into divulging confidential information through psychological manipulation.
Zero-Day Exploits: Attacks that exploit previously unknown vulnerabilities in software or hardware before patches are available.
Cybersecurity Measures
Encrypting data is essential to convert the personal information into a secure format. This encrypted data can only be accessed with the correct key or description. This ensures that the data remains secure and unreadable after interception.
Multi-Factor Authentication (MFA) adds a layer of security by requiring some form of verification before granting access to the platform. Tokenisation replaces critical payment data with a unique or random token that cannot be hacked once intercepted.
Biometric verification, such as fingerprint and facial recognition, provides additional security by utilising unique physical characteristics. These include the shape of the face and the outline of a fingerprint, both of which are difficult to replicate.
Financial institutions have also innovated to improve cybersecurity by implementing artificial intelligence (AI). For example, JPMorgan Chase has implemented an AI-driven fraud detection system. This application is used for monitoring transaction activity in real-time. It can also detect potential threats or fraudulent transactions using the data analytics tool.
Regulatory Requirements
Financial companies are obligated to meet regulatory compliance. It is important to build customers’ trust and avoid legal or financial penalties. For global financial institutions, regulatory issues might be more complex as each country has its version of rules. As cyber threats evolve, regulators continuously update and enforce these requirements to address new challenges in digital payment systems.
For instance, UK regulations have set strict rules to ensure the security of digital payments. These include data protection measures, and companies that do not prioritise cybersecurity will face substantial fines. Similar regulations have been implemented across European Union (EU) Member States, compelling financial institutions to enhance cybersecurity to create a safe digital payments environment for consumers.
With the growing popularity of digital payments, cybercriminals have found a lucrative target. Cybersecurity data breaches rose sharply by 72%…
SHARE THIS STORY
With the growing popularity of digital payments, cybercriminals have found a lucrative target. Cybersecurity data breaches rose sharply by 72% in 2023 compared to the previous record-breaking year. This shows the need for financial technology companies to implement strong banking security.
While digital payments offer benefits, businesses must protect themselves and their customers from cyber threats. Understanding the common cyber threats and implementing effective countermeasures are key to long-term success.
The Importance of Cybersecurity for Digital Transactions
With the increasing reliance on online platforms for financial activities, the risk of cyberattacks has grown exponentially. These attacks can lead to significant financial losses, damage to reputation, and erosion of customer trust. From identity theft to data breaches, the consequences of compromised security can be severe.
To prevent such consequences, cybersecurity measures are required for every financial institution. By applying cybersecurity best practices such as encryption, strong authentication, and regular security audits, organisations can protect customer data, prevent fraud, and maintain operational resilience.
Threat Landscape
Cybercriminals employ various tactics to exploit vulnerabilities in digital systems. Phishing attacks, a common method, deceive users into divulging sensitive information through fraudulent emails or websites. Another prevalent threat is ransomware, where cybercriminals encrypt a victim’s data and demand payment for decryption.
Additionally, unauthorised access to accounts through stolen credentials can lead to financial loss. These cyber threats highlight the need for a security framework to protect digital transactions against malicious activities.
Best Practice 1: Encryption
Cybercriminals can easily exploit vulnerable systems, leading to substantial financial losses and reputational damage. A data breach can cost millions of dollars to rectify, including expenses for recovery and ransom payments. A recent IBM report indicates that the average global cost of a data breach exceeds $4.45 million.
Encryption safeguards sensitive information by transforming it into an unreadable format, accessible only to authorised parties possessing the correct decryption key. This cryptographic process employs complex algorithms and keys to safeguard data integrity and confidentiality.
Best Practice 2: Multi-Factor Authentication
Cybercriminals can easily steal passwords and pins through brute-force attacks, systematically testing numerous combinations until successful. Multi-factor authentication (MFA) offers a robust defence against this threat.
Requiring users to provide multiple forms of identification strengthens account security. This authentication combines different types of verification. This includes information only the user knows, like passwords, items the user possesses, such as security tokens, and unique physical traits, like fingerprints.
By requiring multiple verification steps, banks and financial institutions create a formidable barrier against unauthorised access to sensitive information and funds. Additionally, multi-factor authentication enhances user account management by requiring unique authentication factors for each individual.
Best Practice 3: Employee Training
Organisations with regular cybersecurity training experience a 40% reduction in security incidents compared to those without, according to This emphasis on employee education is justified as human error remains a primary target for cybercriminals.
Hackers frequently exploit employee vulnerabilities through tactics like phishing, social engineering, and other deceptive methods. By training employees to recognize these threats, financial institutions can mitigate the risk of data breaches and financial losses.
Such incidents can result in substantial financial losses and damage to an institution’s reputation. Consequently, comprehensive cybersecurity training is essential for all bank employees to mitigate these risks.
Best Practice 4: Regular Security Audits
A security audit is an evaluation of an organisation’s digital infrastructure, designed to identify vulnerabilities that could compromise digital transactions. This process involves examining security policies, testing safeguards, and ensuring compliance with industry regulations.
Given the escalating complexity of cyber threats, financial institutions must prioritise regular security audits. Banks can uncover weaknesses before malicious actors exploit them by scrutinising systems and processes.
Regular security audits empower organisations to proactively strengthen defences by implementing essential safeguards such as firewalls, antivirus software, and antimalware solutions. To ensure impartiality and objectivity, it is essential to engage an independent expert to conduct these assessments.
Best Practice 5: Incident Response Planning
As the frequency and sophistication of cyber threats continue to rise, the need for robust defences becomes increasingly critical. Safeguarding digital transactions requires a proactive approach, including a well-defined incident response plan.
An incident response plan is a crucial component of any organisation’s cybersecurity strategy. This formal document outlines strategies for preventing, detecting, and responding to security breaches that could compromise financial data. By establishing clear protocols and assigning specific responsibilities, banks can minimise the impact of cyberattacks and protect both their reputation and customers’ assets.
To be effective, an incident response plan must be established in advance and assigned to specific teams. By following established frameworks, such as those provided by the National Institute of Standards and Technology (NIST) and SANS, organisations can develop comprehensive plans. These resources offer detailed guidance on handling various types of security incidents to ensure a coordinated and efficient response.
Conclusion
Protecting digital transactions requires a multi-faceted approach. Implementing cybersecurity measures is essential for protecting sensitive financial data and maintaining customer trust.
Encryption and multi-factor authentication are foundational elements of a strong security posture. Encryption safeguards data by rendering it unreadable to unauthorised individuals, while multi-factor authentication adds an extra layer of protection by requiring multiple forms of verification. These are just two examples of critical best practices financial institutions should adopt.
Financial institutions must prioritise cybersecurity to maintain customer trust and protect their bottom line. By investing in advanced security measures and staying vigilant against emerging threats, organisations can effectively mitigate risks and ensure the integrity of digital transactions.
From AI to multi-factor authentication, here are 7 cybersecurity solutions keeping financial institutions’ critical data secure.
SHARE THIS STORY
Data belonging to 20.4 million UK citizens was affected by cyberattacks made against financial institutions at the end of 2023. This represents a 143% increase from the 8.4 million individuals affected in the previous year. The demand for robust cybersecurity is ever-increasing in financial institutions.
Financial Institutions encompass a wide range of businesses dealing with financial and monetary transactions, including banks, insurance companies, and brokerage firms. These institutions are pivotal for a functioning capitalist society, simplifying transactions, enabling individuals and entities to seek investment or lend money, and assisting in managing assets.
The increasingly digitalised nature of the economy, including the rise of online-only financial institutions like challenger banks, has accelerated the development of financial technologies and their adoption in the market. As a result, Software as a Service (SaaS) for finance, such as digital banking, electronic payment, online investment, and other online-based services, makes financial services more accessible to the consumer. But, with the ease of access technologies provided, new challenges have also emerged, especially regarding cybersecurity.
Financial institutions are enticing targets for cybercriminals. Therefore, cybersecurity has become integral to banking security in protecting data from malicious attacks.
Here are seven top cybersecurity solutions to secure data from online threats.
1. AI-Powered Threat Detection
The ability for AI models to perform pattern recognition on large amounts of unstructured data is opening up an exciting new frontier in threat detection for cybersecurity teams. AI tools can potentially flag subtle differences, anomalies, and patterns that could point to a zero-day threat or the presence of a bad actor in the system.
Some industry experts believe that AI-powered threat detection will be pivotal in helping cybersecurity teams respond to rapidly evolving cyberattack strategies that are increasingly difficult to combat — somewhat ironically, this uptick in the frequency and sophistication of attacks is at least partially due to the availability of AI tools, which hackers are also putting to use.
AI’s adaptive learning and advanced recognition capabilities enable automated responses to threats and can predict future risks by analysing past patterns. This helps reduce false positives and saves security teams time on assessments.
2. Multi-Factor Authentication
Multi-factor authentication has quickly become the standard in security and identity protection as more and more people bank, shop, and administer their lives entirely online. Put simple, it’s a multistep account login in which more information besides username and password must be provided.
Typically referred to as “something you have, something you know”, multi-factor login procedures drastically reduce account hacking, allowing security teams to detect suspicious activity that occurs in the logging processes.
3. DDoS Mitigation
Distributed Denial of Service (DDoS) is a coordinated cyberattack that overwhelmingly sends a request to the server simultaneously, which makes the server slow down or even go offline. DDoS mitigation is important for banking service security to prevent the interruption of vital services.
Cynersecurity teams can perform DDoS mitigation by implementing a load balancer, restricting requests from certain places, and blocking communication from outdated or unused ports, protocols, and applications.
4. Compliance
Compliance is vital to both ensure the security of systems and organisations against cyber attack, but also to prevent legal penalties and repercussions if an organisation is found to be in breach of existing regulations. These regulations ensure that an organisation’s cybersecurity set up is in line with the security and data protection laws in the countries where it operates, with the end goal of mitigating risk to the consumer — or just people in general whose data is collected and kept by the company.
There can be serious legal and financial risks associated with non-compliance — tied to both finance and cybersecurity. For example, in 2021, Natwest was fined over £264 million by the FCA for its extended failure to identify and prevent money laundering. Since the FCA was established, there has not been a year when its total fines issued have been less than £1 million. In the UK, other financial and cybersecurity compliance regulations are DPA 2018, UK GDPR, NIS regulations, and the Computer Misuse Act 1990.
5. Database Activity Monitoring
Database Activity Monitoring refers to any set of tools that monitors and analyses database activity. The goal of this monitoring is to flag and report deceptive, illegal, or undesired behaviour taking place within a system. Ideally, these tools run and operate without any serious impact on user experience.
Because most databases don’t monitor or flag suspicious activity by default, unless you have a tool that handles activity monitoring, making third party solutions a necessity in many cases. According to monitoring software solutions vendor Cyral, most systems also don’t collect enough data to enable “a full forensic investigation of historical breach events.” Also, databases that do often log and store this information inside the database itself. Any attacker that gains access to the database can then, supposedly, have write access to the full collection of tables (as is often the case), meaning they can easily delete any activity rows associated with their presence and theft of data.
6. SQL Injection Prevention
SQL injection is a code injection technique attackers use to steal, spoof, and manipulate data. An effective SQL injection attack can result in attackers gaining unapproved access to sensitive data like including credit card information, PINs, or other private information. In banking security, a failure to prevent SQL injection can result in attackers altering balances, voiding transactions, and even transferring money to their bank accounts.
Cyberattackers inject malicious SQL code into the backend of a target system when they discover defenceless user inputs in a web application or web page. The hackers can then use this opening to locate the IDs of other users within the database, impersonating these users — usually those with data privileges such as the database administrator — to run malicious code within the system.
7. Regular Risk Assessment and Training
Perhaps most importantly, the best defence against the rising tide of cybercrime is a cybersecurity conscious culture. Financial institutions should conduct regular risk assessments manually to identify potential vulnerabilities and threats to their systems and networks.
They should regularly evaluate and revise systems and networks based on analytics and assessments to prioritise cybersecurity initiatives and protect vital assets. Security teams shouls also conduct periodic security awareness training, which can strengthen cyber-readiness among finance personnel. This is particularly important given the rise in generated AI-driven phishing campaigns and other technologically democratised forms of cyber crime.
Case Study – Cybercriminals in UK Businesses
An investment article from IFA magazine reported 300,000 cybersecurity breaches in finance institutions across the UK in 2022 alone, making them the second-highest number of data breaches from all industries after the IT sector. Reports estimate losses in the region of £27 billion per year, with small businesses in the UK affected the most by cyberattacks, usually phishing.
The UK authority encourages its citizens to be more aware of the possibility of cyberattacks, especially phishing and fake charity emails, as online threats are growing exponentially. Ledi Sallilari from the SEO consulting firm Reboot also suggested that more complex passwords can help prevent account breaches.
The rapid expansion of internet usage brings new challenges for cybersecurity. Proper knowledge and awareness about cyber criminals should become mandatory for all Internet users to protect their online data.
Financial institutions, responsible for managing customer funds, need to implement strong cybersecurity measures. With more secure backend systems, they can protect assets and maintain customer trust in an increasingly digital world.
AI, real-time monitoring, and machine learning are helping fintech firms stay ahead of growing cyber threats.
SHARE THIS STORY
The financial sector faces a growing threat—cybercrime.
Cybersecurity Ventures predicts a significant rise in cybercrime costs, with the total impact of hacks, breaches, and data theft potentially reaching as high as $10.5 trillion a year by 2025. As attacks become more common and more severe, mitigating these risks and preventing fraud is paramount for financial institutions and financial technology companies alike.
Luckily, ongoing advancements in technology offer fintech organisations a powerful arsenal of weapons to combat cybercrimes. Adaptive fraud prevention systems use artificial intelligence (AI) to detect and prevent fraudulent activity in real-time. These intelligent systems continuously learn from new data, allowing them to identify evolving patterns and improve cybersecurity.
Introduction to cyber fraud protection
Cybersecurity is crucial in the financial services industry, where sensitive financial data and transactions are a prime target for cybercriminals. Moreover, cyber attacks can inflict significant financial losses, not just through direct theft but also via hefty regulatory fines, legal costs, and reputational damage.
Financial institutions have a responsibility to safeguard customer trust by implementing robust cyber fraud protection measures. This includes advanced technologies like network security, intrusion detection systems, and malware protection.
By securing financial transactions and customer data, these measures not only deter cyberattacks but also mitigate their impact, fostering customer confidence in the bank’s security posture.
Common types of Cyber fraud
The financial sector occupies a bull’s-eye for cybercriminals, ranking second only to healthcare in global cybercrime costs according to theIBM Cost of a Data Breach Report 2023. Financial institutions face an average loss of $5.9 million per cyber incident, highlighting the critical need for robust cyber fraud protection measures.
These attacks come in various forms. One of the most common isphishing scams. These are attempts to trick people into surrendering sensitive information. Meanwhile, ransomware attacks aim to disrupt operations or extort money by encrypting critical data. Distributed Denial-of-Service (DDoS) attacks overwhelm systems with traffic, making essential services unavailable to legitimate customers.
Advanced cybersecurity technologies
The fight against cyber fraud necessitates sophisticated tools, and advanced technologies like AI and machine learning (ML) are playing an increasingly crucial role.
AI fraud detection uses ML algorithms to identify fraudulent activities within vast datasets. These algorithms are trained to recognise patterns and anomalies that deviate from typical user behaviour and transaction patterns. Once the patterns are identified, attackers can be purged from the system before they have a chance to steal anything of value. Cybersecurity systems powered by ML can drastically reduce the amount of time bad actors spend inside a system.
ML algorithms excel at identifying patterns and trends that might signal potential fraud. Also, by analysing big data, these algorithms can adapt quickly to evolving fraud tactics.
They can detect and alert security teams within seconds of suspicious behaviour, such as unusual purchases or login attempts from unfamiliar locations. Thanks to continuous data analysis, businesses can gain an immediate advantage, allowing them to swiftly identify and respond to suspicious activity, ultimately minimising potential losses.
Case studies
The financial sector is actively exploring the potential of AI to combat cyber fraud. Mastercard’s Decision Intelligence technology exemplifies this trend. By analysing historical spending habits, this AI solution creates a personalised baseline for each cardholder’s behaviour.
This approach is a significant improvement over traditional, one-size-fits-all methods, which often lead to false declines. AI’s contextual analysis of transactions allows it to bypass common triggers for false positives, ultimately enhancing fraud detection accuracy.
Future prospects
The future of cyber fraud protection hinges on the continued evolution of technology. One promising area lies in adaptive technologies, such as behavioural biometrics. Additionally, these systems move beyond static passwords or fingerprints, creating a unique user profile based on a person’s interaction patterns.
These patterns are ‘behavioural fingerprints’ that include typing style, mouse movements, and even how an individual holds their phone. Over time, the system learns user habits, building a digital identity that can detect deviations indicative of unauthorised access.
This approach is particularly effective because it’s nearly impossible for hackers to replicate one’s unique behavioural traits, even if they steal the password. This adds a crucial layer of security that traditional methods cannot provide.
The digital banking industry faces cybersecurity challenges. A Statista report shows a 10 percent jump in global malware attacks in…
SHARE THIS STORY
The digital banking industry faces cybersecurity challenges. A Statista report shows a 10 percent jump in global malware attacks in 2023, reaching 6.06 billion incidents.
Cybercriminals are growing more skilled, leading to more frequent data breaches that expose vulnerabilities in banking security. Moreover, effective risk management and strong network protocols are essential to securing digital banking operations.
Introduction to Cybersecurity in digital banking
As online transactions become the norm, strong cybersecurity measures become more crucial. Banks keep sensitive financial data and handle high-value transactions, making them prime cyberattack targets.
Effective cybersecurity is a multi-layered approach. Also, it combines advanced technology, strict policies, and constant monitoring to fight cyber threats. These security measures shield not only a bank’s finances but also customer personal information.
For that reason, cybersecurity is the foundation of trust and reliability in finance. Without strong security protocols, the balance between innovation and managing risk is disrupted, potentially shaking customer confidence in digital banking.
Early Cybersecurity practices
The rise of the internet gave birth to a new genre of malicious activity. Cybercriminals emerged to target this new frontier. They launched worms, malware, and phishing attacks.
In response to these escalating threats, the 1990s saw the introduction of firewalls and antivirus software. Additionally, these early security measures acted as barriers between networks to protect systems from unauthorised access.
Cybercriminals constantly develop new viruses and threats. Likewise, antivirus companies continuously create new software patches and signature updates to stay ahead. Despite that, the possibility of new threats slipping through these defences remains a challenge.
Technological advancements
Fraud is a major challenge for financial institutions. Artificial intelligence (AI) has emerged as a powerful weapon in the fight against this threat.
This technology excels at detecting various types of fraud. AI algorithms can detect suspicious activity in real time, helping prevent fraud before it happens.
AI solutions go beyond simple detection. By creating detailed profiles of each customer and tracking their activities, AI can predict potential risks and prevent fraud proactively.
Current Best Practices
A strong foundation is critical to banking security. This includes constantly checking for weaknesses through risk assessments. Digital banks must update their security protocols regularly to keep pace with changing risks. Collaborations with other financial institutions and government agencies help banks stay informed about the latest threats and how to respond.
Data classification is also essential. Banks need strict controls on who can access sensitive information. Employee security training must be regular to make them aware of threats.
Case Studies
The digital bank Starling Bank partnered with cybersecurity firm HackerOne in 2019. This partnership created a streamlined system for anyone to report weaknesses found in its apps and website.
The initiative initially focused on specific areas and common vulnerabilities. This collaboration revealed valuable insights into weaknesses often missed during standard testing. The project’s findings allowed Starling to develop automated detection tools that proactively prevent security issues.
Future Trends
A report byStatista predicts the global cybersecurity market will hit $271.90 billion in 2029, highlighting the growing need for strong defences in digital banking. While still new, quantum computing presents a future hurdle. Its ability to crack current encryption methods means new, quantum-resistant cryptography needs to be developed for banking security.
However, machine learning and AI are expected to be adopted more widely in cybersecurity. Beyond just reacting to threats, financial institutions will also increasingly focus on proactive threat hunting. This means identifying and stopping potential vulnerabilities before they can be exploited.
The FinTech sector has changed how we manage our money. From mobile banking apps to robo-advisors, FinTech offers a new…
SHARE THIS STORY
The FinTech sector has changed how we manage our money. From mobile banking apps to robo-advisors, FinTech offers a new level of convenience and efficiency. But with this convenience come challenges and cybersecurity responsibilities: safeguarding the vast amount of sensitive financial data entrusted to these platforms.
Cybersecurity is no longer an afterthought for FinTech companies; it’s an essential foundation for their success. Breaches exposing financial information can have devastating consequences, not just for the companies involved but for their users as well.
Understanding these cyber threats is crucial for FinTech companies aiming to safeguard their operations and customer data. Here are the top 10 cybersecurity risks FinTech firms must be aware of in 2024.
1.Phishing Attacks
Phishing attacks trick people into divulging personal information. Cybercriminals often pose as legitimate companies through emails, texts, or phone calls. They llure victims into clicking malicious links or revealing passwords.
Phishing attacks significantly threaten financial companies because they target the human element rather than technological weaknesses. Hackers impersonate trusted sources like banks or colleagues to trick employees into revealing sensitive information or clicking malicious links. It can lead to data breaches, financial losses, and account takeovers.
2. Ransomware
Ransomware attacks involve cybercriminals holding sensitive data hostage and demanding a ransom from the victim. FinTech companies are particularly vulnerable to ransomware attacks because they rely on digital systems and customer financial data.
These attacks can impair operations, damage reputations, and lead to significant financial losses. They can be devastating, as there is no guarantee that paying the ransom will result in the safe return of the data.
3. Insider Cybersecurity Threats
FinTech companies may face a unique cybersecurity threat from their employees, known as insider threats. These insiders can be malicious, accidentally negligent, or even tricked into compromising sensitive data. Malicious insiders might steal financial information or sabotage systems for personal gain. Negligent insiders could leave data exposed or fall victim to phishing scams, unintentionally giving away access.
4. DDoS Attacks
Distributed Denial of Service (DDoS) attacks overwhelm online systems with traffic, making them inaccessible to legitimate users. FinTech firms are attractive targets for these attacks because they offer multiple entry points (banking systems, online accounts) and prioritise constant service availability.
DDoS attacks can severely hurt a FinTech company’s reputation and finances by causing downtime, raising security concerns among customers, and potentially leading to data breaches during the distraction.
5. Malware
FinTech companies are prime targets for malware attacks, accounting for 19 percent of all attacks and suffering nearly US$18.3 billion in losses in 2017. While the number of traditional banking malware strains is decreasing, it doesn’t represent a decline in overall threat. Instead, attackers are developing more sophisticated malware that uses techniques like obfuscation and slow, staged attacks to bypass antivirus detection.
6. Data Breaches
FinTech companies are under fire due to data breaches exposing sensitive financial information. Hackers exploit security flaws to steal user data, leading to financial losses, identity theft, and damaged trust. To combat this, strong encryption methods like end-to-end encryption and tokenisation can scramble data, making it useless to attackers.
7. Mobile Security Risks
Despite offering convenient access to financial services, mobile apps are a double-edged sword for FinTech companies. These apps are vulnerable due to their popularity, making strong security practices essential. Regular security updates, secure coding from the start, and robust data encryption during transmission are crucial to patching weaknesses.
8. Third-Party Cybersecurity Risks
The reliance on third-party vendors for services and integrations creates a security blind spot for FinTech firms. To address this, thorough vetting through due diligence and vendor risk assessments is crucial before forming partnerships.
9. API Vulnerabilities
FinTech companies rely heavily on Application Programming Interfaces (APIs) to enhance customer interfaces and share information across systems. While APIs are essential for data exchange, they also open doors for cyberattacks.
To fortify their defences, FinTech companies need to focus on secure API design with solid authentication methods (like OAuth or API keys), constant monitoring, and regular security assessments to identify and fix weaknesses before they become exploited.
The use of artificial intelligence (AI) and machine learning (ML) has increased in FinTech for decision-making processes. While beneficial, these systems also present risks if they make inaccurate decisions based on incorrect data. Rigorous testing and monitoring of AI and ML systems are necessary to minimise these risks.
Steps to mitigate threats
The cybersecurity threats facing FinTech in 2024 are varied and complex. FinTech firms must prioritise cybersecurity to protect customer data and maintain trust. By researching technology usage, training employees on cybersecurity, regularly monitoring suspicious activity, and building advanced security systems, FinTech companies can improve their defences against these evolving threats.
With more financial transactions shifting to digital platforms, having proper cybersecurity measures becomes a priority.
SHARE THIS STORY
Moreover, data is at the heart of every fintech company, which makes them attractive targets for hackers and malicious actors.
Financial technologyhas created new opportunities for customers and businesses in the finance industry. Individuals can now borrow, transfer, save, and invest from the convenience of their homes. Also, the growth of the industry is massive, with fintech revenues projected to grow sixfold from $245 billion to $1.5 trillion by 2030.
However, following that growth are security risks associated with it. Accounting services firm BPM predicts that cybersecurity attacks aimed at fintech companies will only continue to grow in 2024 and beyond. Furthermore, these attacks can end in monetary losses, reputational damage, and brand erosion.
To prevent such cases,fintech security leaders globally have implemented cybersecurity measures.
1. Stripe
Founded in 2010 by Patrick and John Collison, Stripe specialises in payment processing software and application programming interfaces (APIs).
Based in South San Francisco, California, the company offers top-tier encryption and secure transmission protocols. The protocols, which adhere to the PCI DSS standards, are in place to ensure the security of credit and debit card data.
Launched in 2018, Stripe’s innovative tool Radar detects and blocks fraudulent transactions. After its 2.0 update in 2018, the company claimed it helped reduce fraud rates byan additional 25% for its users.
With other services like Stripe Terminal, Stripe Tax, and Stripe Capital, Stripe has become a trusted name in online payment processing. It powers payments for major companies like Amazon, Google, and Shopify, all of which demand high-security standards.
2. Square
Owned by Block, Inc., Square was launched in 2009 by CEO Jack Dorsey and co-founder Jim McKelvey. Square offers an all-in-one financial services platform, including customer booking, e-commerce, payroll, shifts, loan financing, and banking.
In 2021, Square received FDIC approval from the Utah Department of Financial Institutions. Additionally, with end-to-end encryption, regular vulnerability assessments, and secure data storage, Square reached Level 1 PCI DSS certification. This is the highest level for payment processor certification.
3. PayPal
Launched in 2000 from the merger of Confinity and X.com, PayPal is a leader in secure online transactions.
Acquired by eBay in 2002, PayPal became the leading global payment application after eBay discontinued its Billpoint service. It has arguably outpaced competitors like Citibank C2IT, Yahoo! PayDirect, and BidPay from Western Union.
PayPal uses advanced encryption technologies and multi-factor authentication to protect user data. With its continuous monitoring and fraud prevention mechanisms, the company is compliant with industry standards.
According to the company, its fraud detection tools are informed by data from 1 billion monthly transactions. It claims that the toolgets smarter with each transaction.
4. Ant Financial (Alipay)
Ant Financial’s Alipay, is the second-largest international payment processor after Visa.
Founded in 2014 by Jack Ma as an affiliate of Alibaba, Ant Financial offers a range of products. Available services include electronic payment processing, banking, and mobile payments through brands like Yu’ebao, Huabei, and Xianghubou.
Ant Financial combines advanced cybersecurity measures such as AI-driven fraud detection, biometric authentication, and data encryption. Alipay itself also holds the internationally recognized ISO/IEC 27001 cybersecurity certification.
Used by more than 1.2 billion users, Ant Financial is protected by its AI-powered risk engine AlphaRisk. With the tool, Alipay’s fraud loss rate has been kept under0.64 in 10 million, way lower than the industry average.
5. Plaid
Established in 2013 by Zack Perret and William Hockey, Plaid is an embedded financial platform. It facilitates secure online payments and transactions by connecting users’ bank accounts to finance applications.
Plaid ensures authorised access to bank data through secure bank portals, which eliminates the need for user credentials. In October 2020, Plaid introduced “Plaid-Link,” a service that enables real-time payments for loans, insurance, and wages. It securely connects 12,000 US financial institutions, plus many more in Canada, the UK, and Europe.
6. Chime
Founded in 2012 by Chris Britt and Ryan King, Chime partners with regional banks to offer fee-free mobile banking services. Chime uses encryption, access protocols, continuous monitoring, and proactive fraud prevention to keep its payment processes secure.
In April 2020, Chime launched the fee-free overdraft product “SpotMe.” It successfully processed $375 million in Economic Stimulus Payments one week from the scheduled government disbursement.
7. Adyen
Adyen, listed on Euronext Amsterdam, is a Dutch FinTech company founded in 2006 by Arnout Schuijff and Pieter van der Does. Primarily catering to businesses, Adyen offers e-commerce, mobile, and POS payment solutions. The company successfully achieved 1.3 billion euros in revenue in 2022.
Adyen’s cybersecurity measures include encryption, tokenization, secure data storage, and regular security assessments, all backed by Level 1 PCI DSS certification.
8. Sift
Founded in 2011, Sift is one of the cybersecurity companiesproviding AI-powered fraud platform. It uses machine learning combined with data network scoring 1 trillion events per year to offer security solutions.
The company notices that online fraud is a growing problem, especially for retailers and financial institutions. Therefore, Sift’s algorithm distilled over hundreds of millions of user actions to create fraud pattern recognition tool.
Sift has received several accolades, including being named a leader in 2023 Forrester Wave for Digital Fraud Management and G2’s Momentum Leader in Spring 2024.
9. Darktrace
Cybersecurity company Darktrace, established in 2013, uses AI to respond to cyber threats in real time. Since its inception, the tools it created has been deployed over 9,000 times.
With its Enterprise Immune System technology, Darktrace is able to handle Industrial Operational Technology, email, SaaS, cloud, network, and endpoint safety. More than 9,400 organisations, including major financial institutions, rely on its advanced solutions.
The company was included in The Cyber Award’s AI Product of the Year in 2020 and Fast Company’s top 10 most innovative AI companies for 2022.
10. Netskope
Cloud-based cybersecurity company Netskope was founded in 2012 to help organisations apply zero trust principles. The company’s solutions protect data across cloud services and apps, which makes it pivotal for fintech institutions relying on such technologies.
The California-based firm helps financial services companies meet compliance requirements such as FINRA, PCI-DSS, GLBA, and GDPR. Not only that, it provides necessary protection, such as SWG, CASB, ZTNA, DLP, Cloud Firewall and SD-WAN.
In 2024, Netskope is recognized as a leader in the Gartner Magic Quadrant for Cloud Access Security Brokers (CASBs).
What makes these a success
These top cybersecurity firms in fintech have set high standards in cybersecurity. Their efforts have significantly contributed to a safer digital landscape for fintech.
They have also demonstrated collaboration with fellow financial or cybersecurity experts. Collaboration means having access to specialised knowledge that may not be available in-house. This includes latest threat intelligence, security tools, and tailored audits.
Additionally, it is imperative that companies adhere to industry standards and regulations. Compliance is the first step in building trust with users and stakeholders alike.
