Ben Hunter, Senior Director of Financial Services at Gigamon, on the impact of the Digital Operational Resilience Act (DORA) and what financial institutions can do to ensure lasting compliance

The Digital Operational Resilience Act (DORA) came into force on January 17th. It’s high time for financial institutions to refine their compliance and Cybersecurity efforts. This regulation isn’t just another box-ticking exercise. It represents a shift in the financial services industry that touches everyone in the ecosystem. And every corner of the organisations within it. From IT teams to the board, every department must pull together under a cohesive cyber strategy to meet the challenge. It’s not simply about systems and software. DORA demands a cultural shift toward organisation-wide cyber resilience.

At this stage, the big changes should already be in place. However, the focus now must be on the finer details. The overlooked pieces that could potentially make or break compliance and prove extremely costly. Organisations must tweak processes and ensure every element of their plan works seamlessly and aligns with the broader goal of operational resilience. Here are three areas of focus to perfect preparedness and ensure DORA compliance is not just a box checked but a new standard embraced by the whole organisation.

Criticality of third-party Cybersecurity management

One of DORA’s requirements is reducing reliance on single ICT service providers. This is designed to safeguard financial institutions against concentrated risk. By now, all structural changes should already be in place, with organisations diversifying their ICT providers. Or improving internal capabilities to reduce their external dependencies. However, compliance doesn’t end with restructuring. The focus must now shift from restructuring to managing these relationships effectively. Organisations should be looking to perfect their third-party risk assessment, monitoring, and due diligence strategies. They must ensure their processes for vetting ICT service providers are not just in place but are meticulously detailed. Contracts need to leave no room for ambiguity, with explicit terms outlining providers’ security and risk management strategies. These agreements must be revisited and stress-tested to confirm they align with DORA’s standards.

Equally critical is ironing out the specifics of ongoing monitoring and oversight. Institutions should be finalising the structure and frequency of their performance reviews and audits. Ensuring these mechanisms are robust enough to identify and address any emerging vulnerabilities. Moreover, by focusing on the details now, organisations can build a resilient operational framework that doesn’t just meet DORA’s requirements but builds resilience into their core operations for years to come.

Global efficiency through multi-cloud environments

Adopting a multi-cloud strategy has become essential for financial institutions operating on a global scale. It mitigates concentrated risk by avoiding dependence on a single provider and allows organisations to address the unique regulatory and operational challenges of different regions. However, the complexity of multi-cloud environments brings its own challenges. Particularly in ensuring the visibility and control required under DORA. This is why it’s crucial for organisations and their third parties to refine the tools and processes that support this level of visibility and allow the security teams to continuously monitor their environments.

According to recent data, 50% of CISOs say their confidence in risk management hinges on having full visibility into all data in motion, including encrypted and lateral traffic across both on-premises and cloud environments. This underscores the importance of advanced monitoring capabilities to effectively manage the complexities of multi-cloud infrastructures. While DORA mandates comprehensive visibility, the benefits go beyond just meeting compliance requirements. Deep observability strengthens organisations’ ability to detect vulnerabilities in real-time, ensuring seamless operations across regions and providers, and service continuity. For multi-cloud strategies to be effective, they must be paired with the right network-level monitoring capabilities. It’s important to build resilience from the inside out.

Organisational alignment to demonstrate Cybersecurity compliance

Demonstrating compliance isn’t just about avoiding fines and ticking regulatory boxes. It’s about preserving trust and protecting the organisation’s reputation. Reputational damage and financial penalties hit the top of the organisation hardest. This makes board-level engagement essential to ensuring Cybersecurity efforts are prioritised and aligned with broader business objectives. Boards must recognise that Cybersecurity is not a siloed function; it’s a key aspect of business resilience.

While security leaders are responsible for designing and implementing security strategies, their ability to deliver is directly tied to the board’s involvement. Board members control the decisions that shape an organisation’s Cybersecurity posture, from budget allocation to strategic priorities. Without their active engagement, security leaders may lack the resources, influence, or organisational buy-in necessary to implement comprehensive security measures. This can lead to significant gaps in compliance efforts and overall resilience.

To demonstrate compliance effectively, organisations need a unified approach to gathering, standardising, and presenting evidence to regulatory authorities. This includes aligning on consistent formats for documenting key areas like risk assessments, incident management, security testing, and third-party oversight. By finalising internal policies and leveraging automation tools, institutions can ensure their compliance evidence is regulator-ready and accessible. Such coordination not only satisfies DORA’s demands but also signals a strong, unified commitment to operational resilience. One that must come from the top and ripple throughout the entire organisation.

With penalties for non-compliance reaching up to 2% of global annual turnover, financial institutions cannot afford to be anything less than fully aligned on their compliance strategies going forward. Furthermore, as the broader compliance frameworks are now finalised, the focus must shift to perfecting the finer details that will ensure long-term resilience and success.

About Gigamon

Gigamon offers a deep observability pipeline that efficiently delivers network-derived intelligence and insights to your cloud, security, and observability tools. This eliminates security blind spots, optimises network traffic and reduces tool costs. Therefore, enabling you to better secure and manage your hybrid cloud infrastructure.

  • Cybersecurity in FinTech

Bharat Mistry, Director – Product Management at Trend Micro, on why attack surfaces are more difficult to mange than ever and the need for greater Cybersecurity controls to tackle the problem

Some surprising news emerged in mid-December. A Freedom of Information request sent to the Financial Conduct Authority (FCA) revealed that the number of c

Cybersecurity attacks reported to the regulator by large financial institutions fell 53% from the previous year. Reported data breaches also fell, by 29%. While welcome news, there are some big caveats.

The fall in reports could signify attacks are getting more sophisticated and harder to spot. The reporting periods also didn’t quite align, meaning two-and-a-half months of possible regulatory reports weren’t included in 2024’s figures. In fact, we’re seeing attacks and breaches at financial services industry (FSI) firms surging. In line with these organisations ramping up investment in digital transformation and IT modernisation projects.

Threat actors are grasping the opportunity with both hands. To keep them at bay, IT and cybersecurity leaders in the sector may need to rethink their approach to cyber risk management.

Cybersecurity controls are urgently required

Digital transformation is on an inexorable path. Driven by customer demand for seamless cross-channel experiences, and the quest for more streamlined business processes and productivity gains. Cloud adoption, mobile and app-centric services, remote workforces, and expansive supply chains are the result. However, this rapid change comes at a price. Research warns that half (49%) of global FSI leaders believe their attack surface is spiralling out of control.

Put simply, the ‘attack surface’ is the total expanse of all the IT and OT systems in a business that could theoretically be hacked. It includes everything from on-premises desktops and servers to cloud containers and even employees. Vulnerabilities and misconfigurations across these systems and services are inevitable. And the more assets there are, the more chance there is that a determined threat actor will find a weakness. This allows them to compromise the corporate network or a critical cloud account.

Heeding the warning

The likelihood of them doing so is increasing all the time. Not just because the typical FSI attack surface is increasing, but also because cybercriminals and nation-state operatives are getting better at using AI to their advantage. The National Cyber Security Centre (NCSC) warned back in January 2024 that AI “will almost certainly increase the volume and heighten the impact of cyber-attacks over the next two years”. It’s right. Generative AI in particular lowers the bar for budding threat actors by enabling them to create highly effective social engineering campaigns. And perform reconnaissance at scale to find weaknesses in organisations’ attack surfaces. In some cases, these weaknesses may exist in AI tools brought in by workers themselves. One report claims over a third of firms are struggling with shadow AI.

Our adversaries are also aided by the sheer complexity and interconnectivity of modern digital environments. APIs, microservices and third-party integrations -including frequently buggy or downright malicious open source components – expand the attack surface yet further.

Why it’s time for change

Managing risk across these environments should be a priority for obvious financial and reputational reasons. Open Banking rules and the growth of FinTech have made it easier for dissatisfied customers to jump ship. Furthermore, providing more options for those looking for a new provider. A serious breach could be the catalyst for a mass exodus. It’s also expensive in other ways. FSI is the second-top sector overall in terms of the average cost of a data breach. This is estimated to be over $6m per incident, assuming no more than 113,000 records are compromised.

However, there’s increasingly a regulatory imperative for FSI firms to rethink their Cybersecurity strategy. Any operating in the EU now has to comply with a rigorous new set of requirements in the EU Digital Operational Resilience Act (DORA). From January 1, 2025, those in the UK deemed to be critical third parties (CTPs) will be required to put in place a number of “technology and cyber risk management and operational resilience measures”.

A new mindset

So what does this mean in practice? Modern technology environments are dynamic, with new assets appearing and disappearing. Furthermore, new vulnerabilities are emerging and fresh misconfigurations surfacing on a daily or even hourly basis. Managing risk across this vast, incredibly volatile and highly distributed environment requires a new approach. Traditional perimeter defences are no longer sufficient.

Instead, FSI firms need continuous monitoring of risk across their entire attack surface. From endpoints and networks to servers and cloud workloads. Ideally, such a platform will flag areas of concern and either suggest improvements or automatically remediate. It could be something as simple as changing an insecure password, or patching a critical vulnerability newly published by a key vendor. This is the way to build resilience for the long term.

But there’s more. Some threats will always sneak through corporate defences. That’s why it’s also vital to expand security operations capabilities with AI-driven analytics and cross-layer detection and response (XDR). The goal is to correlate threat data across multiple layers and automatically prioritise alerts for stretched analyst teams. Robust incident response processes are also key here, to ensure no time is wasted in containing the threat and minimising any damage caused.

More broadly, it’s about fostering a culture of cyber resilience. Continuous improvement, proactive defence, and a willingness to adapt are ingrained in the corporate mindset. More Cybersecurity regulations are promised by the government in 2025. The clock’s ticking.

  • Cybersecurity in FinTech

Industry thought leaders from Marqeta, the global modern card issuing platform, offer a detailed outlook of the fintech industry for 2025, with predictions around personalisation, digitalisation and the evolving regulatory landscape

Payments will turn fully personal, with tailored credit, rewards, and BNPL at scale in 2025

In my opinion, a major global payment trend of 2024 has been hyper-personalisation. A new generation of customers is driving a shift toward personalisation at scale, expecting their FinTech services to be unique and tailored to individual needs. Modern consumers want a future where financial services integrate seamlessly into their digital lives and keep pace with their evolving needs. 

As a result, we are seeing trends, such as personalised credit offerings and rewards booming. In an industry with increasingly low consumer loyalty, brands and financial institutions must go beyond traditional interactions with FinTech. For example, the recent Marqeta State of Credit report found that of UK consumers who use more than one credit card, 43% confirmed that they would use a credit card more frequently if better rewards were offered. By moving to a dynamic, rather than set rewards structure, consumers can earn benefits tailored to their spending habits and preferences in real time. 

Increasingly with innovations like Buy Now Pay Later (BNPL), consumers are guided to credit options specifically suited to them and their needs. In 2025, we will increasingly see personalised BNPL payment plan options being offered in real time. Often within existing payment apps and products we already use daily. We are also seeing B2B payments emerging as a strong trend. Ensuring gig workers, sellers and partners get paid efficiently while offering robust expense management and financing. I anticipate we’ll see more demand for innovative B2B payment solutions that enable seamless money management across 2025.    

Marcin Glogowski, SVP Managing Director for Europe and UK CEO

2025 will be a year of rapid innovation in financial services  

In today’s digital-first world, traditional payment infrastructure is no longer enough to keep up with the demands of consumers. The front door of a bank is now an app, digital wallet usage is increasing. New, flexible services have a growing prevalence on the market. In 2025 and beyond, customers will continue to drive a shift toward modern services which keep up with the rate of digital and mobile innovation.

The ramifications of changing consumer trends could lead to the traditional roles of banks, such as ATMs and as physical branches, disappearing. To ensure continued customer loyalty, all financial service providers will be forced to innovate and offer consumers the embedded, seamless and instantaneous services that they desire. 

Consequently, across 2025, we are likely to see new technology and solutions being offered to reduce unnecessary friction for consumers trying to pay and get paid. We are already seeing increased demand for Accelerated Wage Access (AWA). A Marqeta study shows that 74% of gig workers ages 18-34 would be interested in an employer who offered an option to get paid immediately. As businesses and workers grow tired of cash flow restrictions and having to wait for monthly pay slips in an otherwise instant, digital world. As new services evolve, competition in Fintech will be enhanced and the financial industry will be forced to grow and evolve. 

Nicholas Holt, Head of Solutions and Delivery, Europe

Proactive compliance strategies will lay the foundation for fintech in 2025

With banking and FinTech partnerships under increasing regulatory scrutiny, the stakes around compliance have never been higher. In this environment, Fintechs can no longer afford a reactive approach to compliance. Instead, they should adopt proactive compliance strategies that go beyond simply seeking to avoid fines and that are embedded into the everyday makeup of their culture and product strategies, helping to build trust, ensure stability, and foster sustainable growth. 

At Marqeta, we’re committed to embedding compliance into our company’s culture, helping to mitigate risks and create a foundation for long-term success for us and our customers. Proactive compliance strategies allow organisations to leverage advanced tools and position themselves to adapt to shifting regulatory demands while showcasing a genuine commitment to transparency. 

Alan Carlisle, Chief Compliance Officer

  • Cybersecurity in FinTech
  • InsurTech

Martin Greenfield, CEO of Quod Orbis, on a troubling paradox within the cybersecurity landscape: despite substantial investments in security infrastructure, confidence levels and actual capabilities remain worryingly misaligned.

Financial institutions face concrete regulatory pressure on Cybersecurity with the European Union’s Digital Operational Resilience Act (DORA) coming into force in February. This landmark regulation demands robust ICT risk management and comprehensive security monitoring. Currently, many organisations continue to rely on disparate tools and spreadsheets that may leave them vulnerable to sophisticated threats. These include AI-powered deep fakes and targeted spear phishing campaigns.

This challenge transcends the financial sector as organisations across all industries face mounting pressure to demonstrate both security effectiveness and regulatory compliance. Our research reveals a stark reality. Organisations typically maintain an average of 19 security solutions per team. However, a surprising 41% still cite insufficient technology as the primary obstacle to maintaining a robust security posture.

This misalignment points to a fundamental issue. Organisations must recognise effective cybersecurity isn’t achieved through quantity of tools, but through strategic selection of the right solutions. Furthermore, perhaps most concerning is the false sense of security prevalent among IT decision-makers. While 93% express confidence in their infrastructure visibility tools, an alarming 95% acknowledge difficulties in accessing specific digital assets over the past year. This creates dangerous blind spots leaving organisations exposed to both security breaches and compliance shortfalls.

Understanding the Cybersecurity challenge

Today’s enterprise infrastructure resembles a tapestry of critical assets, connections and endpoints. To put this complexity into perspective: IT teams now manage an average of 31 endpoints per person across their organisation. For a company of 1,000 employees, this translates to more than 30,000 devices requiring constant monitoring and protection. This challenge intensifies with the widespread adoption of cloud services, hybrid working arrangements and an ever-growing ecosystem of connected devices.

Scale amplifies these difficulties markedly. Our research reveals organisations with more than 1,250 employees demonstrate the lowest confidence in their existing tools (88%) and face the greatest challenges in accessing critical assets (97%). Moreover, these larger enterprises typically wrestle with an unwieldy combination of legacy systems, bespoke solutions and modern platforms. This results in notably lower visibility rates (79%) compared to their smaller counterparts.

Perhaps most revealing is the stark confidence gap between technical and compliance teams. While 94% of information security directors express confidence in their system visibility, merely 66% of compliance directors share this outlook. This disparity exposes a crucial misalignment between technical capabilities and compliance requirements. One that poses serious operational risks as regulatory frameworks increasingly demand continuous monitoring. Organisations clinging to manual compliance processes face an unstable burden. Teams are stretched thin handling routine tasks while regulations grow more complex. Embracing automated technologies to handle routine monitoring requirements will allow compliance teams to pivot from being reactive box-checkers to strategic risk managers.

Moving from reaction to prevention

The impulse to combat emerging threats by rapidly acquiring new security solutions has led many organisations to create sprawling, inefficient systems. These often compound the very problems they aim to solve.

This reactive approach has trapped organisations in a costly cycle of diminishing returns. Despite substantial technology investments, nearly 40% of firms report a troubling lack of actionable intelligence, while 37% struggle with budget limitations. This paradox is increasingly drawing board-level scrutiny. And rightfully so. After years of approving emergency technology purchases to plug cybersecurity gaps, boards are now questioning the value of new investments. Furthermore, tthis creates a dangerous stalemate: organisations need smarter, not just more, technology investment.

However, a more strategic approach is gaining traction through integrated system monitoring platforms. These comprehensive solutions unite previously disconnected tools under a single dashboard. This can offer real-time visibility across the entire cybersecurity landscape. This unified approach enables teams to identify and address vulnerabilities before they evolve into security incidents. A capability that resonates with the 82% of organisations who recognise enhanced visibility would substantially strengthen their cybersecurity posture.

It’s encouraging that 72% of IT teams have secured increased budgets over the past three years. However, the path forward requires more than mere financial investment. Organisations must shift from reactive spending to strategic deployment. Although this presents its own challenge: convincing board members that additional tooling represents an investment in comprehensive visibility rather than merely plugging security gaps.

The path forward

The transformation from fragmented security to comprehensive oversight demands more than technological upgrades. It requires a fundamental reimagining of how organisations approach cybersecurity monitoring and compliance.

The advantages of this strategic shift are compelling and quantifiable. Our analysis reveals security teams anticipate multiple efficiency gains: 38% expect automation to streamline document creation, 37% foresee improved board pack preparation, and 36% anticipate dedicating more time to strategic security assessments. Perhaps most significantly, 35% predict a reduction in human error alongside enhanced data accuracy. The efficiency gains are substantial. Teams could reclaim up to 60 hours annually per member on board reporting alone, time better invested in strategic security initiatives.

With regulatory frameworks growing increasingly sophisticated across sectors, including the forthcoming DORA regulation, maintaining current practices is no longer viable. The disparity between perceived and actual security capabilities poses a tangible risk that organisations must address proactively.

About Quod Orbis

Quod Orbis is the single source of truth across security, risk and compliance, providing an orchestration layer for the entire tech stack whether in the cloud, on-premise, legacy or bespoke. Founded in 2018, Quod Orbis became part of Dedagroup, one of the leading Italian IT players, in 2024.

A pioneer in Continuous Controls Monitoring (CCM), Quod Orbis provides complete and constant visibility into a company’s cybersecurity, compliance and risk posture. Quod Orbis’ ability to connect with every piece of technology within a business, unrivalled automation capabilities and continual support enables the company to serve a global client base across a wide variety of industries.

  • Cybersecurity in FinTech

Bryan Daugherty, Global Public Policy Director at the BSV Association (BSVA) and Co-Founder at SmartLedger Solutions, on how blockchain technology provides the accountability and cybersecurity needed to prevent widespread IT catastrophes across sectors

By Embracing Blockchain, We Can Create a Safer Digital Future

The rapid increase in cyberattacks poses a severe threat to businesses. These attacks are becoming more sophisticated and costly by the day. The average cost of a data breach in the UK is £3.58 million, and in the US now $9 million. It typically takes 200 days for organisations to detect a breach, followed by another 70 days to contain it. These delays expose significant vulnerabilities in traditional data management systems. They rely heavily on third parties, making them prime targets for cybercriminals.

Blockchain technology offers a transformative solution to these challenges by creating a secure, decentralised model that can effectively mitigate risks. It provides an opportunity for both individuals and organisations to take control of their data. Therefore, improving cybersecurity and ensuring operational resilience.

The Problem with Centralised Systems

Traditional cybersecurity systems are built on centralised models, where data is stored in one location or through third-party intermediaries. This structure makes them attractive targets for cybercriminals, creating a “honeypot” of information that can be breached. A concerning statistic is that, for over a decade, organisations have taken an average of 200 days to detect breaches. Despite claims from cybersecurity vendors that they provide “instant detection,” real-world results show significant gaps in protection, putting data at risk for extended periods.

Blockchain: Game-Changing Cybersecurity Features

Blockchain’s decentralised model provides a powerful alternative. By distributing data across a global network of nodes rather than a central location, blockchain makes it exponentially harder for cybercriminals to compromise large datasets. Even if one node is breached, the entire system remains intact. This eliminates the single point of failure that centralised systems suffer from.

Another key feature of blockchain is its immutability. Once data is recorded on a blockchain, it cannot be altered or erased, making tampering nearly impossible. Therefore, this ensures any unauthorised access is immediately detectable, enabling quicker response times and minimising damage.

Real-Time Threat Detection with CERTIHASH

Blockchain’s potential in cybersecurity is already being realised through solutions like CERTIHASH’s Sentinel Node. A blockchain-based tool that provides real-time threat detection. Built on the BSV blockchain, CERTIHASH can detect breaches within 10 seconds or less, offering a proactive approach to cybersecurity. This is a significant improvement over traditional systems, which often take months to identify breaches, leaving organisations vulnerable to prolonged data exposure.

By leveraging blockchain, cybersecurity shifts from being reactive to proactive. This gives organisations the tools they need to stay ahead of evolving threats and safeguard data more effectively.

Overcoming Misconceptions About Blockchain

Despite the clear advantages of blockchain, many organisations remain hesitant to adopt the technology, often due to misconceptions. Furthermore, some still associate blockchain with cryptocurrencies like Bitcoin, which have been linked to ransomware. This outdated view overlooks blockchain’s real potential as a secure, decentralised data management tool.

Blockchain is not just about crypto; it’s about creating a new standard for data integrity and security. Moreover, it offers decentralised, tamper-proof records that give users control over their own identity and data, reducing reliance on vulnerable third-party systems.

A Decentralised, Secure Future

As global reliance on centralised systems grows, so do the vulnerabilities they present. A single point of failure can lead to widespread outages, as seen in numerous cyberattacks and technical malfunctions. Blockchain, with its decentralised architecture, offers a robust alternative that enhances the security and resilience of critical systems. By distributing data across multiple nodes, blockchain ensures continuity even during attacks or outages.

Conclusion

Investing in blockchain cybersecurity is no longer optional. With cyber-attacks growing in scale and sophistication, organisations must adopt cutting-edge technologies to protect their data, operations, and customer trust. Blockchain’s decentralised and tamper-proof architecture offers the key to building a safer, more secure digital future. One where businesses and individuals alike can operate with confidence, free from the constant threat of cybercrime.

  • Blockchain
  • Cybersecurity in FinTech

Misplaced confidence in visibility tools leaves organisations vulnerable amidst record high data breaches, according to latest research

A new report from Quod Orbis highlights that 95% of businesses are at risk of a cybersecurity blindspot. A reported 93% of UK organisations have confidence in their system visibility. However, nearly all (95%) of them have struggled to access critical assets in the last year, according to the research.

Over a third (38%) actually rank lack of visibility as one of their biggest challenges, further highlighting the gap between respondents’ perceptions and the reality of their situation. This comes at a time when data breaches this year have already surpassed one billion stolen records.

Quod Orbis Cybersecurity Research

Martin Greenfield, Quod Orbis CEO, comments: “Businesses are suffering from a blind spot that’s leaving them exposed. Misplaced confidence in existing cybersecurity tools means these same organisations are susceptible to data breaches and non-compliance fallout. This results in potentially crippling financial and reputational consequences.”

Quod Orbis commissioned a research study with international research house, Censuswide, to poll 500 board executives and IT decision makers, across enterprises of 500+ employees in the UK.

Cybersecurity Tech Stacks

Cybersecurity tech stacks are growing exponentially in the face of rising threats. The average team manages 19 security solutions at any one time. However, 41% still report a lack of technology as being their biggest challenge when it comes to maintaining a robust cybersecurity posture.

As 72% of IT teams have had their IT budget increased in the past three years, Greenfield urges businesses to break free from the typical cycle of throwing money at a problem and hoping something sticks. “It’s not about the biggest investment, it’s about the right investment.”

A quarter (26%) of IT decision makers are yet to allocate budget to basic security tools like asset visibility technology. This is despite 40% reporting a lack of actionable data.

It’s clear though that businesses recognise the advantage of implementing the right technology. More than eight in 10 (82%) agree that greater visibility over digital assets will greatly improve business security. This is a huge leap from the 93% of respondents who believe their businesses already provide them with the necessary tools.

According to the data, most upcoming IT investments will be allocated to Continuous Controls Monitoring (32%), privileged and identity access management (30%) and zero trust (29%).

The Future

Greenfield concludes: “Digital infrastructure has reached a level of complexity that not only warrants, but demands, complete visibility. Now is not the time to gamble with your company’s security. Furthermore, organisations need to stop adding layers of unnecessary technology as a way of solving the immediate problem. Instead, they must take a step back and think holistically about how to resolve their issues.

“Tools like CCM, powered by automation, help teams see and understand their security and risk posture in real time. This offers peace of mind that all of their data is relevant and up to date. This level of insight provides early awareness of potential problems and empowers teams to take a proactive approach to security, instead of being forced back into the same reactive position they’ve been in for years.”

About Quod Orbis

Quod Orbis is the single source of truth across security, risk and compliance, providing an orchestration layer for the entire tech stack whether in the cloud, on-premise, legacy or bespoke. Founded in 2018, Quod Orbis became part of Dedagroup, one of the leading Italian IT players, in 2024.

A pioneer in Continuous Controls Monitoring (CCM), Quod Orbis provides complete and constant visibility into a company’s cybersecurity, compliance and risk posture. Quod Orbis’ ability to connect with every piece of technology within a business, unrivalled automation capabilities and continual support enables the company to serve a global client base across a wide variety of industries.

  • Cybersecurity in FinTech

Innovative Systems, a leading provider of enterprise data, compliance, and integration solutions, has launched FinScan Marketplace

The platform will serve as a one-stop shop for anti-money laundering (AML) compliance. It offers a streamlined approach to managing compliance risk and unified case management via a central hub for all related activities. FinScan Marketplace positions itself as a trusted partner for organisations navigating today’s complex, global regulatory landscape.

Removing the complexity of AML compliance

“Our goal with FinScan Marketplace is to remove the complexity of AML compliance. We bring everything organisations need into one unified platform,” said Deborah Overdeput, Chief Marketing Officer at Innovative Systems. “This launch reflects our commitment to delivering solutions that simplify processes. We empower compliance teams to work smarter, and ensure organisations remain vigilant. And fully aligned with evolving regulatory requirements in a rapidly changing landscape.”

FinScan Marketplace revolutionises how organisations manage their AML portfolio. It provides a single, easy-to-navigate interface. Customers can seamlessly access a comprehensive suite of tools. These include sanctions screening, KYC checks, adverse media screening, payment screening, and risk scoring, with additional features continually in development.

FinScan Marketplace

At the heart of FinScan Marketplace is its unified case management system. This integrates all critical AML processes into a cohesive workflow. From performing due diligence checks to monitoring transactions and investigating potential risks, customers can manage everything within a single platform. This integration saves time, reduces errors, and ensures compliance efforts remain seamless and effective.

FinScan Marketplace provides customers with a clear vision of the platform’s evolution. Its intuitive interface lets users view in-progress product developments, register interest in upcoming features. Furthermore, they can participate in design feedback sessions. This approach ensures future enhancements align closely with real-world compliance needs.

“We are not just delivering tools; we are creating partnerships with our customers by building solutions that adapt to their challenges,” Overdeput added. “Transparency and collaboration are key pillars of the FinScan Marketplace.”

Innovative Systems for AML

FinScan Marketplace reflects Innovative Systems’ dedication to becoming a trusted partner for a host of organisations. These include financial institutions, insurance companies, fintechs, casinos and gaming entities, charities and non-profits, government agencies, and other organisations it serves. By continuously delivering value, anticipating industry needs, and prioritising customers’ feedback in its development process, the company demonstrates its commitment to supporting effective and reliable AML compliance.

Innovative Systems delivers enterprise data, compliance, and integration solutions through the company’s leading FinScan®, Enlighten®, and PostLocate® brands. These solutions offer actionable insights and enable organizations to identify the hidden opportunities or risks in their data. We have pioneered best-in-class data quality, data management, and risk and compliance solutions in thousands of applications across more than 65 countries. Our cloud-based (SaaS), on-premise, and hybrid offerings deliver dramatic, measurable improvements in accuracy, cost, and time to production over alternatives. Learn more at innovativesystems.com

About FinScan


Trusted by hundreds of organisations worldwide, Innovative Systems, Inc.’s FinScan offers advanced Anti-Money Laundering (AML) compliance technology and consulting solutions. Built on decades of experience in data management and proprietary matching technologies, FinScan provides a data-first, risk-based approach to ensure unparalleled accuracy and efficiency in identifying and reducing risk, accelerating AML compliance workflows, and optimising team productivity. FinScan’s comprehensive, integrated platform includes Know Your Customer (KYC), unparalleled sanctions screening, risk scoring, data quality, and advisory services for implementing a holistic compliance program. FinScan offers flexible deployment including SaaS, on-premise, and hybrid options. FinScan’s SaaS clients are screening more than 300 billion names a year. Learn more at finscan.com


  • Cybersecurity in FinTech

Alex Mosher, Chief Revenue Officer at Armis, on why businesses are prioritising their cybersecurity budgets, ensuring they have the resources needed to counteract emerging threats

Cybersecurity is no longer optional. In 2025, we expect a significant uptick in overall spending. With threats becoming more sophisticated, organisations recognise the imperative to invest adequately in cybersecurity measures. This trend is driven by the growing awareness that the cost of a cyber-attack far outweighs the investment required to prevent it.


Shift Toward Comprehensive Cybersecurity Solutions

In 2025, there will be a marked shift toward comprehensive security solutions that offer integrated functionalities. Companies will increasingly seek platforms that provide threat detection, incident response, and compliance management within a single solution. This trend arises from the need to simplify security management and reduce complexity. Siloed solutions are ineffective, expensive and reduce the efficiency of security teams with finite resources. Furthermore, by consolidating various security functions into a unified platform, businesses can streamline their processes and enhance their overall security posture. Integrated solutions offer a holistic approach to cybersecurity, addressing multiple aspects of an organisation’s security needs. The move toward comprehensive solutions also reflects a broader understanding of the interconnectedness of cybersecurity elements. A unified solution that addresses multiple areas provides a more robust defence against potential breaches.

Emphasis on Automation and AI

Automation and artificial intelligence (AI) are revolutionising the cybersecurity landscape. Organisations increasingly prioritise spending on AI-driven security solutions to enhance threat detection and response capabilities. The focus will be on tools that streamline incident response, reduce manual workloads, and enable security teams to focus on more strategic initiatives. Moreover, the trend will also include spending on analytics tools that help organisations understand and mitigate risks based on the current threat landscape. Threat intelligence and analytics play a pivotal role in enhancing an organisation’s security posture.

AI technologies offer a proactive approach to cybersecurity, allowing organisations to identify and mitigate threats in real-time. By leveraging machine learning algorithms and data analytics, businesses can gain deeper insights into potential vulnerabilities and respond swiftly to emerging threats. The emphasis on automation and AI is driven by the need to enhance efficiency and effectiveness in cybersecurity operations. By automating routine tasks and employing AI for advanced threat detection, businesses can optimise their resources and achieve a more robust security posture.

Investment in Cloud Cybersecurity Solutions

The migration to cloud environments continues to accelerate, driving the need for robust cloud security solutions. Key investment areas will include cloud security posture management (CSPM) and cloud workload protection platforms (CWPP). The emphasis on cloud security reflects the growing reliance on cloud services for business operations. Moreover, organisations recognise that securing their cloud environments is paramount to safeguarding digital assets and ensuring regulatory compliance. Investments in cloud security solutions also align with the broader trend toward digital transformation. Businesses are leveraging the cloud to drive innovation and agility. This neessitates a strong security framework to protect their evolving digital ecosystems.

Enhanced Budgeting for Compliance and Regulatory Needs

Data protection and privacy regulations are becoming increasingly stringent worldwide. Also, this necessitates enhanced budgeting for compliance-related cybersecurity solutions. I expect organisations to allocate more resources to auditing tools, risk management platforms, and solutions that help them meet regulatory requirements such as GDPR, CCPA, and HIPAA.

The emphasis on compliance reflects a growing awareness of the legal and reputational risks associated with non-compliance. Investing in compliance-related solutions also aligns with the broader trend toward data-driven decision-making. Moreover, by implementing tools that ensure alignment with regulatory requirements, organisations can demonstrate their commitment to ethical data practices and build trust among stakeholders.

Growth in Cybersecurity Insurance Expenditures

Cyber insurance is becoming an essential component of an organisation’s risk management strategy. The growth in cybersecurity insurance expenditures reflects a broader awareness of the financial implications of cybersecurity threats. Investing in cyber insurance aligns with the emphasis on accountability in cybersecurity spending. By securing coverage for potential losses, businesses can demonstrate their commitment to protecting their assets and ensuring business continuity in the face of unforeseen events.

By understanding the key cyber spending patterns outlined here, businesses can make informed decisions. They can enhance their security posture to protect their valuable assets and ensure business continuity as we move into 2025.

  • Cybersecurity in FinTech
  • InsurTech

Seth Ruden, Director of Global Advisory at BioCatch, on how the UK’s financial institutions can be better prepared to deal with authorised push payment (APP) scams

The focus on authorised push payment (APP) fraud scams – where scammers impersonate reputable individuals or institutions – has increasingly shifted to whether banks should reimburse customers for funds stolen by scammers. We can gain valuable insights from the approaches taken by financial institutions in the UK. They are leading the way with their cybersecurity efforts compared to their counterparts in other regions.

First, British banks established a standardised reporting system and typology. This is a fundamental first step that every financial institution should take to grasp the full scope of how financial fraud affects banking consumers. Banks may disclose the type of fraud, the amount of money stolen, and the bank measures used to prevent the scam from occurring. This centralised view brings the true scope of the totality of scams into focus.

Three ways the UK’s financial institutions are leading in the fight against fraud

Second, the UK has developed strategies to identify specific scams and reduce their losses. The regulator added a slew of new controls to banks, including confirmation of payee, scam and transaction-specific interventions, and money mule account controls for those receiving the illicit funds. Before regulation, not every financial institution had implemented these controls, providing an uneven playing field and allowing scams to flourish. Banks outside the UK should not wait for regulators to mandate controls like these. They should do it on their own accord to prove they realise the magnitude of the scam problem and the severity of its impact on bank customers.

Improved consumer financial scam controls should be a minimum requirement for financial institutions in 2024. These controls should cover: authorised push payment behavioural analysis, money mule behaviour around both account opening and account activity, and analysis of both inbound and outbound transactions. Furthermore, detecting and then closing money mule accounts – used by fraudsters as an intermediate stop between the victim’s account and the final destination for the stolen funds – is absolutely critical, as they serve as the backbone for every consumer-based financial scam.

The third? Getting involved. Banks need to integrate themselves and participate with industry and trade associations – such as the FS-ISACs and GASA (Global Anti Scam Alliance). These associations provide opportunities to network with peer institutions and others in the fraud value chain to share scam information and learn from each other.

Effective Fraud Prevention: A practical assessment of Key Strategies

Many banks today use precision anomaly detection and behavioural biometrics to notify them when a fraudulent transaction takes place. Financial institutions in the UK often issue actionable alerts to clients in real-time. Santander UK, for example, now asks customers if they have seen the item in person before approving a payment through Facebook Marketplace. For online account opening, there are good solutions for bot-detection to prevent automated bots from opening new accounts, behavioural biometrics to detect suspicious patterns of data entry, and solutions that can analyse the customer KYC data. A secondary benefit of strong account opening controls is the reduction of operational costs to close bogus accounts.

For detecting existing money mule accounts, traditionally it required tracking the circulation of funds, both the inbound and outbound transaction activity and looking for anomalies (e.g. high value in and then immediately transferred out). Now, user behaviour anomalies – such as changes in the user’s input/output device activity or navigation preferences – may indicate a change in account control before the suspicious transactions take place.

Protecting Customers: What the future holds for Financial institutions

Since the UK’s introduction to faster payments, the region has become a centre of research for the rest of the world. However, eliminating threats to UK customers and their money has remained difficult despite an increase in regulation. While Governments and international groups are starting to identify and take down some of these organisations there are still hundreds of thousands of scammers and coerced individuals involved in these intricate schemes. A key challenge for financial institutions is understanding how scammers get their customers to initiate authorised payment. However, these challenges can be combatted by understanding the psychology behind how scammers work which can be a prominent factor in tackling the problem. Financial institutions must ensure that, in a few years’ time, they can confidently answer ‘yes’ to the question: Did we do enough to help eliminate consumer financial scams?

  • Cybersecurity in FinTech

Other key findings include surge of info-stealers and botnets, an increase in evasive malware and a rise in network attacks across the Asia Pacific

WatchGuard® Technologies, a global leader in unified Cybersecurity, today released the findings of its latest Internet Security Report. The quarterly analysis details the top malware, network, and endpoint security threats observed during the second quarter of 2024. 

Among the report’s key findings was that 7 of the Top 10 malware threats by volume were new this quarter. Furthermore, this indicates threat actors are pivoting toward new techniques. The new top threats included Lumma Stealer. This advanced malware is designed to steal sensitive data from compromised systems. Also, a Mirai Botnet variant, which infects smart devices and enables threat actors to turn them into remotely controlled bots. And a LokiBot malware, which targets Windows and Android devices and aims to steal credential information. 

Cybersecurity fears for Blockchain

WatchGuard’s Cybersecurity Threat Lab also observed new instances of threat actors employing “EtherHiding”. A method of embedding malicious PowerShell scripts in blockchains such as Binance Smart Contracts. In these instances, a fake error message linking to the malicious script appears on compromised websites, prompting victims to “update your browser”. Malicious code in blockchains poses a long-term threat. As blockchains are not meant to be changed, theoretically, a blockchain could become an immutable host of malicious content. 

“The latest findings in the Q2 2024 Internet Security Report reflect how threat actors tend to fall into patterns of behaviour. Certain attack techniques become trendy and dominant in waves,” said Corey Nachreiner, CSO, WatchGuard Technologies. “Moreover, the report illustrates the importance of routinely updating and patching software and systems to address security gaps and ensure threat actors cannot exploit older vulnerabilities. Adopting a defence-in-depth approach, which can be executed effectively by a dedicated managed service provider, is a vital step toward combating these cybersecurity challenges successfully.”

Additional key findings from WatchGuard’s Report include: 

  • Malware detections were down 24% overall. This drop was caused by a 35% decrease in signature-based detections. However, threat actors were simply shifting focus to more evasive malware. Moreover, in Q2 2024, the Threat Lab’s advanced behavioural engine that identifies ransomware, zero-day threats, and evolving malware threats, found a 168% increase in evasive malware detections quarter-over-quarter. 
     
  • Network attacks increased 33% from Q1 2024. Across regions, the Asia Pacific accounted for 56% of all network attack detections, more than doubling since the previous quarter.
     
  • An NGINX vulnerability, originally detected in 2019, was the top network attack by volume in Q2 2024. It had not appeared in the Threat Lab’s Top 50 network attacks in previous quarters. The vulnerability accounted for 29% of total network attack detection volume, or approximately 724,000 detections across the US, EMEA, and APAC. 
     
  • The Fuzzbunch hacking toolkit emerged as the second-highest endpoint malware threat detected by volume. The toolkit serves as an open-source framework that can be used to attack Windows operating systems. It was stolen during The Shadow Brokers’ attack of the Equation Group, an NSA contractor, in 2016. 
     
  • Seventy-four percent of all browser-initiated endpoint malware attacks targeted Chromium-based browsers, which include Google Chrome, Microsoft Edge, and Brave.
     
  • A signature that detects malicious web content, trojan.html.hidden.1.gen, came in as the fourth most-widespread malware variant. The most common threat category caught by this signature involved phishing campaigns. These gather credentials from a user’s browser and deliver this information to an attacker-controlled server. Curiously, the Threat Lab observed a sample of this signature targeting students and faculty at Valdosta State University in Georgia. 
  • Blockchain
  • Cybersecurity in FinTech

UnaFinancial study identifies cybersecurity as most influential factor driving FinTech growth

A recent study from UnaFinancial has identified cybersecurity as the most influential factor driving the development of FinTech worldwide, with a 63% significance. The second most impactful factor is the average hourly wage rate, with a 13% significance.

The study showed that FinTech growth in Europe, America, and globally has the strongest correlation with the size of the cybersecurity market, with correlation coefficients of 0.8714, 0.9762, and 0.8607, respectively.

In Asia, however, FinTech growth was more closely tied to the size of the consumer electronics market (0.9403). Meanwhile in Africa, it correlated with consumer spending volumes (0.7427). Therefore, globally, cybersecurity emerges as the most significant driver of FinTech growth. More vital protection facilitates a more robust FinTech environment.

Economic Disparities with Cybersecurity: High Income vs Low Income Economies

Economic status also plays a crucial role in shaping FinTech dynamics. High-income countries display pronounced correlations with various factors. Notably, the size of the cybersecurity market (0.6923), consumer electronics market (0.5839), average wage rates (0.6237), and consumer spending volumes (0.6971) are all significantly linked to FinTech growth.

Conversely, low-income economies exhibit no substantial correlations with these factors, highlighting a disparity in FinTech development influenced by financial resources and technological infrastructure.

Middle-income countries show a more nuanced relationship, with FinTech volumes correlating with nominal GDP (0.5373), the cybersecurity market (0.5727), consumer electronics (0.5637), fintech hubs (0.5409), and consumer spending volumes (0.6136). This suggests that while multiple factors impact middle-income countries, cybersecurity remains a vital component.

Quantifiable Cybersecurity Impact on FinTech

Furthermore, another interesting finding was the measurable impact of various factors on FinTech transactions. For example, for every $1 million increase in the global cybersecurity market, FinTech transactions per adult are expected to rise by $31.6. Similarly, a $1 increase in the average hourly wage could boost FinTech transactions by $67.5. The establishment of just one more FinTech hub could increase global FinTech transactions per capita by $839.

Remarkably, as a country’s income grows, the correlation between FinTech growth and two factors—cybersecurity market size and average wage rates—becomes stronger. This means these factors may indeed influence the development of FinTech across a country.

A deeper non-linear analysis further validated the significance of these factors. It revealed that the cybersecurity market is the most influential driver of FinTech growth, with 63% of significance, followed by the average wage rate (13%). As we advance into an increasingly digital future, the investment in and enhancement of cybersecurity will remain a cornerstone of FinTech innovation and expansion.

UnaFinancial Study

The UnaFinancial study considered data from 2022 for 146 countries, which were grouped into four regions: Asia, Europe, Africa and America. The potential factors under consideration included gender ratio, nominal GDP per capita, Internet penetration, cybersecurity market volumes per capita, consumer electronics market volumes, number of FinTech hubs per 100,000 people, average hourly wages, consumer spending per capita, direct investment as a share of GDP, unemployment rates, trade volume relative to GDP, and share of urban population.

The study not only illuminates the integral role of cybersecurity but also provides a roadmap for understanding how various factors interplay to influence the global FinTech landscape. In this digital age, safeguarding financial transactions and technologies is as critical as ever. Moreover, ensuring that FinTech continues to flourish amidst evolving challenges and opportunities.

  • Cybersecurity in FinTech

Gabe Hopkins, Chief Product Officer at Ripjar, on how GenAI can transform compliance

Generative AI (GenAI) has proven to be a transformational technology for many global industries. Particularly those sectors looking to boost their operational efficiency and drive innovation. Furthermore, GenAI has a range of use cases, and many organisations are using it to create new, creative content on demand – such as imagery, music, text, and video. Others are using the new tools at their disposal to perform tasks and process data. This makes previously tedious activities much more manageable, saving considerable time, effort, and finances in the process.

However, compliance as a sector has traditionally shown hesitancy when it comes to implementing new technologies. Taking longer to implement new tools due to natural caution about perceived risks. As a result, many compliance teams will not be using any AI, let alone GenAI. This hesitancy means these teams are missing out on significant benefits. Especially at a time when other less risk-averse industries are experiencing the upside of implementing this technology across their systems.

To avoid falling behind other diverse industries and competitors, it’s time for compliance teams to seriously consider AI. They need to understand the ways the technology – specifically GenAI – can be utilised in safe and tested ways. And without introducing any unnecessary risk. Doing so will revolutionise their internal processes, save work hours and keep budgets down accordingly.

Understanding and overcoming GenAI barriers

GenAI is a new and rapidly developing technology. Therefore, it’s natural compliance teams may have reservations surrounding how it can be applied safely. Particularly, teams tend to worry about sharing data, which may then be used in its training and become embedded into future models. Moreover, it’s also unlikely most organisations would want to share data across the internet. Strict privacy and security measures would first need to be established.

When thinking about the options for running models securely or locally, teams are likely also worried about the costs of GenAI. Much of the public discussion of the topic has focussed on the immense budget required for preparing the foundation models.

Additionally, model governance teams within organisations will worry about the black box nature of AI models. This puts a focus on the possibility for models to embed biases towards specific groups, which can be difficult to identify.

However, the good news is that there are ways to use GenAI to overcome these concerns. This can be done by choosing the right models which provide the necessary security and privacy. Fine-tuning the models within a strong statistical framework can reduce biases.

In doing so, organisations must find the right resources. Data scientists, or qualified vendors, can support them in that work, which may also be challenging.

Overcoming the challenges of compliance with AI

Despite initial hesitancy, analysts and other compliance professionals are positioned to gain massively by implementing GenAI. For example, teams in regulated industries – like banks, fintechs and large organisations – are often met with massive workloads and resource limits. Depending on which industry, teams may be held responsible for identifying a range of risks. These include sanctioned individuals and entities, adapting to new regulatory obligations and managing huge amounts of data – or all three.

The process of reviewing huge quantities of potential matches can be incredibly repetitive and prone to error. If teams make mistakes and miss risks, the potential impact for firms can be significant. Both in terms of financial and reputational consequences.

In addition, false positives – where systems or teams incorrectly flag risks and false negatives – where we miss risks that should be flagged, may come from human error and inaccurate systems. They are hugely exacerbated by challenges such as name matching, risk identification, and quantification.

As a result, organisations within the industry quite often struggle to hire and retain staff. Moreover, this leads to a serious skills shortage amongst compliance professionals. Therefore, despite initial hesitancy, analysts and other compliance professionals stand to gain massively by implementing GenAI without needing to sacrifice accuracy.

Generative AI – welcome support for compliance teams

There are numerous useful ways to implemented GenAI and improve compliance processes. The most obvious is in Suspicious Activity Report (SAR) narrative commentary. Compliance analysts must write a summary of why a specific transaction or set of transactions is deemed suitable in a SAR. Long before the arrival of ChatGPT, forward thinking compliance teams were using technology based on its ancestor technology to semi-automate the writing of narratives. It is a task that newer models excel at, particularly with human oversight.

Producing summarised data can also be useful when tackling tasks such as Politically Exposed Persons (PEP) or Adverse Media screenings. This involves compliance teams performing reviews or research on a client to check for potential negative news and data sources. These screenings allow companies to spot potential risks. It can prevent them from becoming implicated in any negative relationships or reputational damage.

By correctly deploying summary technology, analysts can review match information far more effectively and efficiently. However, like with any technological operation, it is essential to consider which tool is right for which activity. AI is no different. Combining GenAI with other machine learning (ML) and AI techniques can provide a real step change. This means blending both generalised and deductive capabilities from GenAI with highly measurable and comprehensive results available in well-known ML models.

Profiling efficiency with AI

For example, traditional AI can be used to create profiles, differentiating large quantities of organisations and individuals separating out distinct identities. The new approach moves past the historical hit and miss where analysts execute manual searches limiting results by arbitrary numeric limits.

Once these profiles are available, GenAI can help analysts to be even more efficient. The results from the latest innovations already show GenAI-powered virtual analysts can achieve, or even surpass, human accuracy across a range of measures.

Concerns about accuracy will still likely impact the rate of GenAI adoption. However, it is clear that future compliance teams will significantly benefit from these breakthroughs. This will enable significant improvements in speed, effectiveness and the ability to respond to new risks or constraints.

Ripjar is a global company of talented technologists, data scientists and analysts designing products that will change the way criminal activities are detected and prevented. Our founders are experienced technologists & leaders from the heart of the UK security and intelligence community all previously working at the British Government Communications Headquarters (GCHQ). We understand how to build products that scale, work seamlessly with the user and enhance analysis through machine learning and artificial intelligence. We believe that through this augmented analysis we can protect global companies and governments from the ever-present threat of money laundering, fraud, cyber-crime and terrorism.

  • Artificial Intelligence in FinTech
  • Cybersecurity in FinTech

Gunnar Már Gunnarsson, Co-founder & CTO of PAYSTRAX on the potential for tokenisation to improve digital payments

The forward to the Bank of England’s most recent report on innovation in payments begins with the words:

“The concept at the heart of money is trust – a trust which is hard won but easily lost.”

In today’s financial climate, where digital transactions have become the norm, trust and security are more crucial than ever. However, 84% of consumers don’t completely trust online payments, and many drop out before they complete a purchase online due to safety concerns and a lack of payment options.

Tokenisation presents a way forward, offering an increased level of trust and efficiency that could tackle the concerns of consumers. And offer business increased security in the payments process. By replacing sensitive payment card information with unique identifiers (tokens), this technology provides a safe way to handle payment data from seller to consumer.

As the future of payments continues to evolve, safety, simplicity and global alignment will be essential. Tokenisation stands at the forefront of this with the potential to not only reduce fraud but also improve the customer experience.

An extra safeguard against cybercrime with tokenisation

The issue many businesses and customers face is that their data remains exposed during transactions. This increases the risk of fraud and company liability issues in the event of data breaches. Tokenisation technology replaces sensitive data with a unique, randomly generated string of symbols that cannot be easily interpreted. This provides an extra safeguard against cybercrime. This added level of security benefits both consumers and businesses. It can reduce vulnerabilities in everything from online purchases to mobile payments.

For merchants, this is particularly beneficial. By keeping sensitive information, such as customers’ card details, outside their own systems, they minimise the risk of security breaches. Tokenisation also helps businesses meet compliance standards, such as PCI-DSS (Payment Card Industry Data Security Standard). With no need to store or transmit sensitive data, companies can lower their security management responsibilities and reduce the overall costs of compliance. Tokenisation facilitates this easier compliance by deferring regulatory requirements across regions. Businesses can then rely on tokenised data instead of managing the security of the original PAN (Primary Account Number).

Enhancing the payment experience with tokenisation

Friction during transactions has long been an issue in finance, costing the industry $2 billion dollars a year in lost payments. Consumers increasingly expect faster and more seamless payments in all aspects of their life, from in store shopping to online purchases.

With tokenisation technology, the payment process becomes faster. Sensitive information no longer needs to be re-entered or verified externally during each transaction. This reduction in data exposure reduces the risk of fraud while maintaining the rapid pace of real-time payments. Overall this creates a secure and safe payment process for businesses while not interrupting the real-time user experience.

Frictionless payments aren’t the only benefit of tokenisation. With customers being more likely to complete purchases when a tokenisation system is in play, with Visa reporting that authorisation rates improve by 2.1% using the technology. This is mostly due to the dynamic card-on-file information that tokenisation provides. It reduces payment failures and ensures a smoother purchase process, with failed payments no longer an issue.

A final example for how tokenisation enhances payment experience both user and provider side can be found in B2B Cross-Border payments. The market is projected to grow significantly, with estimates indicating a 43% increase to reach $56.1 trillion by 2030. The risk of fraud grows with this, alongside increasingly in depth and complex international laws and national regulations, companies need both security, and to be customer facing in their plans. Technologies that secure payments and provide seamless transactions, like tokenisation, are pivotal in supporting this growth by reducing risks and improving efficiency.

The future of payments

As alternative payment methods and RTP networks continue to rise, tokenisation will be crucial in creating a global payments ecosystem that is both secure and frictionless. Visa has issued over 9.5 billion tokens globally, with Mastercard reporting over 50% year-over-year growth in tokenised transactions. This rapid adoption highlights the importance of tokenisation in building secure, efficient payment networks.

By reducing fraud, simplifying security management, and improving the overall customer experience, tokenisation is set to play a leading role in shaping the future of payments. Especially as digital and cross-border transactions become increasingly important.

It’s more than just a security measure. It’s a critical technology that enhances the entire payment ecosystem, making transactions faster, safer, and more efficient for all parties involved.

Gunnar Már Gunnarsson, Co-founder & CTO of PAYSTRAX

  • Cybersecurity in FinTech
  • Digital Payments

Cullen Zandstra, CTO at FloQast on mitigating the risks of AI to deliver benefits to financial services

There’s a lot of buzz around Generative AI (GenAI). What’s not always heard beneath the noise are the very real and serious risks of this fast-developing AI tech. Let alone ways to mitigate these emerging threats.

Currently, one quarter (26%) of accounting and bookkeeping practices in the UK have now adopted GenAI in some capacity. That figure is predicted to grow for many years to come.

With this in mind, and as we hit the crest of the GenAI hype cycle, it’s critically important that leaders focus closely on the potential risks of AI deployment. They need to proactively prepare to mitigate them, rather than picking up the pieces after an incident.

Navigating the risky transition to AI

The benefits of AI are well-proven. For finance teams, AI is a powerup that unlocks major performance and efficiency boosts. It significantly enhances their ability to generate actionable insights swiftly and accurately, facilitating faster decision-making. AI isn’t here to take over but to augment the employees’ capabilities. Ultimately improving leaders’ trust in the reliability of financial reporting.

One of the most exciting aspects of AI is its potential to enable organisations to do more with less. Which, in the context of an ongoing talent shortage in accounting, is what all finance leaders are seeking to do right now. By automating routine tasks, AI empowers accountants to focus on higher-level analysis and strategic initiative, whilst drawing on fewer resources. GenAI models can help to perform routine, but important tasks. These include producing reports for key stakeholders and ensuring critical information is effectively and quickly communicated. It enables timely and precise access to business information, helping leaders to make better decisions.

However, GenAI also represents a new source of risk that is not always well understood. We know that threat actors are using GenAI to produce exploits and malware. Simultaneously levelling up their capabilities and lowering the barrier of entry for lower-skilled hackers. The GenAI models that power chatbots are vulnerable to a growing range of threats. These include prompt injection attacks, which trick AI into handing over sensitive data or generating malicious outputs.

Unfortunately, it’s not just the bad guys who can do damage to (and with) AI models. With great productivity comes great responsibility. Even an ambitious, forward-thinking, and well-meaning finance team could innocently deploy the technology. They could inadvertently make mistakes that cause major damage to their organisation. Poorly managed AI tools can expose sensitive company and customer financial data, increasing the risk of data breaches.

De-risking AI implementation

There is no technical solution you can buy to eliminate doubt and achieve 100% trust in sources of data with one press of a button. Neither is there a prompt you can enter into a large language model (LLM).

The integrity, accuracy, and availability of financial data are of paramount importance during the close and other core accountancy processes. Hallucinations (another word for “mistakes”) cannot be tolerated. Tech can solve some of the challenges around data needed to eliminate hallucinations – but we’ll always need humans in the loop.

True human oversight is required to make sure AI systems are making the right decisions. We must balance effectiveness with an ethical approach. As a result, the judgment of skilled employees is irreplaceable and is likely to remain so for the foreseeable future. Unless there is a sudden, unpredicted quantum leap in the power of AI models. It’s crucial that AI complements our work, enhancing rather than compromising the trust in financial reporting.

A new era of collaboration

As finance teams enhance their operations with AI, they will need to reach across their organisations to forge new connections and collaborate closely with security teams. Traditionally viewed as number-crunchers, accountants are now poised to drive strategic value by integrating advanced technologies securely. The accelerating adoption of GenAI is an opportunity to forge links between departments which may not always have worked closely together in the past.

By fostering a collaborative environment between finance and security teams, businesses can develop robust AI solutions. They can boost efficiency and deliver strategic benefits while safeguarding against potential threats. This partnership is essential for creating a secure foundation for growth.

AI in accountancy: The road forward

The accounting profession stands on the threshold of an era of AI-driven growth. Professionals who embrace and understand this technology will find themselves indispensable.

However, as we incorporate AI into our workflows, it is crucial to ensure GenAI is implemented safely and does not introduce security risks. By establishing robust safeguards and adhering to best practices in AI deployment, we can protect sensitive financial information and uphold the integrity of our profession. Embracing AI responsibly ensures we harness its full potential while guarding against vulnerabilities, leading our organisations confidently into the future.

Founded in 2013, FloQast is the leading cloud-based accounting transformation platform created by accountants, for accountants. FloQast brings AI and automation innovation into everyday accounting workflows, empowering accountants to work better together and perform their tasks with greater efficiency and accuracy. Now controllers and accountants can spend more time delivering greater strategic value while enjoying a better work-life balance.

  • Artificial Intelligence in FinTech
  • Cybersecurity in FinTech

Henry Balani, Global Head of Industry & Regulatory Affairs at Encompass Corporation, on meeting the demand for improved risk management, operational efficiency, and customer service with pKYC

The traditional banking and finance industry is evolving. Processes are experiencing a digital transformation as a result of perpetual Know Your Customer (pKYC). The pKYC approach enables modern banks to continuously update and verify customer information in real time. Banks are moving away from the reliance on periodic reviews. This change is driven by technological advancements. And the increasing demand for dynamic and responsive regulatory compliance mechanisms.

Perpetual KYC

Conventional KYC processes commonly involve periodic reviews of customer information at fixed intervals. These reviews are typically conducted every one, three, or five years. While these reviews are thorough and comprehensive, they are also static. This can result in outdated information, potentially overlooking changes in customer risk profiles or new compliance requirements.

On the other hand, perpetual KYC is dynamic and event driven. Through its continuous and automated approach, pKYC enables financial institutions to address risks and compliance needs in real-time. These risks can be determined by continuously monitoring customer activities. Furthermore, automatically updating profiles in response to specific triggers, including changes in personal information, significant transactions, or alterations in beneficial ownership.

Gaining a competitive advantage with pKYC

By leveraging pKYC, banks, and other regulated financial institutions can take advantage of a range of benefits. These are crucial in the modern digital era to gain a competitive edge. Through continuous monitoring, pKYC enables financial institutions to identify and address potential risks promptly. This real-time approach helps mitigate risks associated with financial crimes. Moreover, it ensures compliance with the latest regulatory standards.

pKYC will lead to operational efficiency and cost reduction. By automating many of the manual processes involved in KYC, pKYC significantly reduces the time and resources needed for compliance. This allows financial institutions to focus their efforts on high-risk cases, rather than conducting blanket reviews for all customers, resulting in substantial cost savings.

This process also enables many banks to improve their customer service and management. It also enhances the customer’s experience. With pKYC, customers are not subjected to frequent, intrusive reviews if their profiles remain stable. This results in a smoother and more positive customer experience, potentially increasing overall customer satisfaction and loyalty. Additionally, automated systems minimise human error and ensure consistency in applying KYC policies. This enhances overall regulatory compliance and reduces the risk of non-compliance penalties.

Perpetual KYC implementation: Challenges and considerations

Implementing a pKYC operating model is not straightforward. It requires the right blend of infrastructure and operating process. Every firm’s pKYC journey and ecosystem will be unique and cut across people, processes and technologies.

Data is central to the success of pKYC as reviews based on event changes (aka event driven triggers) will not be effective if client information is outdated, missing or incorrect. Without consistent access to relevant and accurate client information, pKYC is impossible. Corporate Digital Identity (CDI) is fast emerging as a foundation for ensuring valid customer information is collected for successful pKYC operations.

Being able to leverage this data requires an ecosystem of technology, which may be developed in house, utilising third-party RegTech providers, or a combination of both. This technology should drive how data is stored, structured and accessed so that pKYC triggers can be comprehensively managed. Customer lifecycle management systems (CLMs) are particularly relevant to pKYC as they connect all components along the workflow processes.

Importantly, overarching executive sponsorship is needed to ensure a successful outcome in transformation initiatives. Recognising the structural and cross departmental challenge, influential sponsors will align the multiple stakeholders involved in driving this change and will champion a firm’s pKYC strategy and approach to regulators and other key stakeholders.

Ultimately, pKYC must be future-proof and scalable, ready to adapt in line with business strategy and regulation to keep firms competitive.

The future of pKYC

The adoption of pKYC is growing, driven by regulatory pressures and the increasing complexity of financial crimes. Financial institutions are recognising the benefits of a proactive, real-time approach to compliance and risk management. The move towards pKYC is seen as a necessary evolution to stay ahead in a highly regulated and competitive financial environment.

As the technological landscape continues to evolve, integrating advanced technologies such as blockchain and further developments in AI and ML will likely enhance pKYC systems’ capabilities. Ensuring higher levels of compliance and risk mitigation, these technologies are able to provide more robust and secure mechanisms for customer verification and monitoring.

Blockchain technology can be utilised to further improve the initial customer authentication and validation process. As a result, we can expect improvements and advancements in the quality of customer data collected during initial customer onboarding processes. Financial institutions can then leverage AI-enhanced tools that can identify and collect the necessary attributes during document processing stages. This ensures that pKYC will utilise relevant, accurate, and up-to-date data. Perpetual KYC represents a significant departure from traditional, periodic KYC, as it offers a wide range of benefits in real-time risk management, operational efficiency, and customer experience. Although the implementation of pKYC poses certain challenges, it also provides numerous advantages, making it an increasingly attractive solution for financial institutions aiming to enhance their compliance and risk management frameworks and maintain a competitive edge in a rapidly evolving regulator landscape.

  • Cybersecurity in FinTech

Digital banking offers increased convenience and accessibility. However, this growth also exposes banks to heightened cybersecurity risks. Protecting data and…

Digital banking offers increased convenience and accessibility. However, this growth also exposes banks to heightened cybersecurity risks. Protecting data and information is crucial to maintaining customer trust and preventing financial loss.

Cybercrime poses a significant threat to the digital banking industry. According to Cybercrime Magazine, cybercrime costs will increase by 15% over the next five years and reach $10.5 trillion by 2025. These attacks target sensitive information and funds, causing substantial damage to banks.

To mitigate these risks, banks must implement robust cybersecurity measures to safeguard digital systems and data.

1. Strong Authentication

The Payment Services Directive (PSD2) mandates strong customer authentication (SCA) to reduce fraud and enhance online payment security. This directive imposes specific requirements on market participants to meet new obligations. The European Banking Authority (EBA) developed regulatory technical standards (RTS) based on the Commission’s authority under PSD2. 

The RTS aims to protect consumers and create a level playing field within the evolving financial technology market. To achieve this, the RTS establishes security measures for payment service providers — including banks and other financial institutions — when processing payments or offering payment-related services. 

2. Encryption

Unencrypted data is a common cyber threat. Hackers can easily access this data type and give severe consequences for banks. According to Statista, the average cost of a data breach worldwide is $4.45 million dollars. However, data breaches not only cause substantial financial loss for recovery and ransom payments but also damage a bank’s reputation.

To prevent these issues, all digital banking data must be encrypted. This safeguards information and makes it difficult for cybercriminals to access even if stolen. Encryption transforms data into a coded format that requires a specific key to decipher. Only individuals with the correct key can view the original data. 

Encryption involves using an algorithm and a key to convert plain data into encrypted data. The original data can only be recovered by decrypting the ciphertext with the correct key.

3. Regular Cybersecurity Audit

A security audit is a thorough examination of an organisation’s IT infrastructure. This process verifies the effectiveness of security policies and procedures. Security audits assess how well an institution’s cybersecurity program operates. This includes reviewing policies, testing controls, and checking compliance with industry standards and regulations.

Banks and financial institutions face increasingly complex cyber threats. Regular security audits help identify vulnerabilities in systems. By discovering weaknesses, banks can strengthen defences with firewalls, antivirus, and antimalware software. A cybersecurity audit should be conducted by an independent expert to ensure objectivity.

4. Employee Training

The World Economic Forum reports that 95% of cyberattacks involve human error. This means hackers often exploit employee mistakes. They use tactics like phishing to deceive employees into revealing sensitive information. This can lead to data breaches and financial loss. For example, employees might click on malicious links, disclose confidential data, or leave devices unattended.

Therefore, bank employees must have training to recognize that cyberattacks are a constant threat. Moreover, the consequences of a breach can be severe for employees, customers, and the bank’s reputation. Cybercriminals operate in a lucrative industry, for that reason, it is imperative to equip employees with the knowledge to safeguard against these threats.

5. Incident Response Planning

An incident response plan is a formal document approved by bank leadership to guide the organisation before, during, and after a potential or confirmed security incident. The plan aims to reduce the impact of security events, limiting operational, financial, and reputational damage.

A successful incident response plan should be established before a security attack occurs and assigned to specific team members. IBM research shows companies with well-developed and tested response plans save an average of $2.66 million compared to those without such protocols. 

To create an effective incident response plan, banks can reference established frameworks. For specific incident handling steps, The National Institute of Standards and Technology’s SP-800-61 and SANS’s Incident Handlers Handbook provide detailed blueprints. Aligning the incident response plan with these resources ensures a focused and effective approach to managing cybersecurity incidents.

Importance of Cybersecurity Measures 

The increasing reliance on digital platforms exposes individuals and organisations to growing cybersecurity risks. Malicious actors exploit security weaknesses to steal personal information and compromise digital assets. Forbes reported a staggering increase in cyberattacks in 2023, impacting over 343 million people, with data breaches soaring by 72 percent from 2021 to 2023. These striking figures highlight the urgent need for state-of-the-art cybersecurity in digital banking.

  • Cybersecurity in FinTech

WatchGuard’s Threat Lab cybersecurity research team forecast headline-stealing hacks involving LLMs, AI-based voice chatbots and VR/MR headsets. They also assess…

WatchGuard’s Threat Lab cybersecurity research team forecast headline-stealing hacks involving LLMs, AI-based voice chatbots and VR/MR headsets. They also assess the impact of the war on talent, AI spear phishing and QR codes.

Watchguard leading on Cybersecurity

WatchGuard Technologies, a global leader in unified cybersecurity, offers an annual batch of predictions covering the most prominent attacks and information security trends that the WatchGuard Threat Lab research team believes will emerge each year. This year, these include malicious prompt engineering tricks targeting large language models (LLMs), managed service providers (MSPs) doubling down on unified security platforms with heavy automation, ‘Vishers’ scaling their malicious operations with AI-based voice chatbots, hacks on modern VR/MR headsets, and more…

“Every new technology trend opens up new attack vectors for cybercriminals,” said Corey Nachreiner, chief security officer at WatchGuard Technologies. “In 2024, the emerging threats targeting companies and individuals will be even more intense, complicated, and difficult to manage. Therefore, with an ongoing cybersecurity skills shortage, the need for MSPs, unified security, and automated platforms to bolster cybersecurity and protect organisations from the ever-evolving threat landscape have never been greater.”

Cybersecurity predictions

The following is a summary of the WatchGuard Threat Lab team’s top cybersecurity predictions for 2024:

Prompt Engineering Tricks Large Language Models (LLMs)

Companies and individuals are experimenting with LLMs to increase operational efficiency. However, threat actors are learning how to exploit LLMs for their own malicious purposes as well. During 2024, the WatchGuard Threat Lab predicts that a smart prompt engineer ‒ whether a criminal attacker or researcher ‒ will crack the code and manipulate an LLM into leaking private data.

MSPs Double Down on Security Services Via Automated Platforms

There are approximately 3.4 million open cybersecurity jobs, and fierce competition for available talent. More SMEs will turn to trusted managed service and security service providers, known as MSPs and MSSPs, to protect them in 2024. To accommodate growing demand and scarce staffing resources, MSPs and MSSPs will double down on unified cybersecurity platforms with heavy automation using artificial AI and Machine Learning.

AI Spear Phishing Tool Sales Boom on the Dark Web

Cybercriminals can already buy tools on the underground that send spam email, automatically craft convincing texts, and scrape the Internet and social media for a particular target’s information and connections. However, a lot of these tools are still manual and require attackers to target one user or group at a time. Well-formatted procedural tasks like these are perfect for automation via AI and machine learning. This makes it likely that AI-powered tools to combat cybersecurity will emerge as best sellers on the dark web in 2024.

AI-Based Vishing Takes Off in 2024

Voice over Internet Protocol (VoIP) and automation technology make it easy to mass dial thousands of numbers. Once a potential victim has been baited onto a call, it still takes a human scammer to reel them in. This system limits the scale of vishing operations. But in 2024 this could change. The combination of convincing deepfake audio and LLMs capable of carrying on conversations with unsuspecting victims will greatly increase the scale and volume of vishing calls. What’s more, they may not even require a human threat actor’s participation.


VR/MR Headsets Allow the Recreation of User Environments

Virtual and mixed reality (VR/MR) headsets are finally beginning to gain mass appeal. However, wherever new and useful technologies emerge, criminal and malicious hackers follow. In 2024, cybersecurity researchers forecast that either a researcher or malicious hacker will find a technique to gather some of the sensor data from VR/MR headsets to recreate the environment users are playing in.


Rampant QR Code Usage Results in a Headline Hack

Quick response (QR) codes provide a convenient way to follow a link with a device such as a mobile phone. They have been around for decades, but mainstream usage has exploded in recent years. Furthermore, Threat Lab cybersecurity analysts expect to see a major, headline-stealing hack in 2024 caused by an employee following a QR code to a malicious destination.

  • Cybersecurity in FinTech

As digital payments continue their rapid ascent, understanding the accompanying cybersecurity challenges has never been more critical. Furthernore, with Statista…

As digital payments continue their rapid ascent, understanding the accompanying cybersecurity challenges has never been more critical. Furthernore, with Statista forecasting a robust 9.52 percent annual growth rate for digital payments from 2024 to 2028, the urgency to address these security concerns intensifies.

While this growth brings unparalleled convenience, it also introduces new security vulnerabilities that must be addressed. Cybersecurity is fundamental in safeguarding confidential data against hacking, fraud, and data breaches. Implementing effective cybersecurity measures can also maintain trust between businesses and clients while preventing financial loss. To optimise cybersecurity, identifying the current threats to digital payment systems is a must for businesses and consumers.

Current Cybersecurity Threats

Digital banks face various threats that continually evolve as technology advances. By addressing these challenges head-on, banks can protect their users and continue the growth of digital payment.

Many types of cyber threats can disrupt digital payment systems:

Phishing attacks: These attacks use deceptive emails, phone calls, or texts to trick victims into revealing personal information, such as login credentials and financial details. The scam can lead to other types of cyber threats.

Malware: Malicious software that infiltrates systems to steal data, monitor activities, or lock accounts. Various forms of malwares have different functions, such as Trojans, Worms, and Spyware.

Man-in-the-Middle (MitM) Attacks: intercept communications between the user and the bank allowing attackers to steal sensitive information or funds.

Data breaches: Unauthorised access to digital bank databases exposes vast amounts of sensitive information, including personal and financial data.

Ransomware: It is an attack that employs malware to infiltrate computer systems to steal data, monitor activities, or lock accounts. The attackers then demand payment and keep disrupting the devices/websites until they are paid.

Credential stuffing: Attackers use stolen usernames and password combinations from other breaches to gain unauthorised access to accounts.

DDoS and DoS attacks: Distributed Denial-of-Service (DDoS) attacks overwhelm the bank’s servers, making online services unavailable to customers. Unlike the Denial-of-Service (DoS) attack where a single source is used to flood the target, DDoS use multiple sources of compromised devices (botnets).

Insider threats: Employees or contractors with access to sensitive information may intentionally or unintentionally cause data breaches or other security incidents.

Social engineering: Manipulating individuals into divulging confidential information through psychological manipulation.

Zero-Day Exploits: Attacks that exploit previously unknown vulnerabilities in software or hardware before patches are available.

Cybersecurity Measures

Encrypting data is essential to convert the personal information into a secure format. This encrypted data can only be accessed with the correct key or description. This ensures that the data remains secure and unreadable after interception.

Multi-Factor Authentication (MFA) adds a layer of security by requiring some form of verification before granting access to the platform. Tokenisation replaces critical payment data with a unique or random token that cannot be hacked once intercepted.

Biometric verification, such as fingerprint and facial recognition, provides additional security by utilising unique physical characteristics. These include the shape of the face and the outline of a fingerprint, both of which are difficult to replicate.

Financial institutions have also innovated to improve cybersecurity by implementing artificial intelligence (AI). For example, JPMorgan Chase has implemented an AI-driven fraud detection system. This application is used for monitoring transaction activity in real-time. It can also detect potential threats or fraudulent transactions using the data analytics tool.

Regulatory Requirements

Financial companies are obligated to meet regulatory compliance. It is important to build customers’ trust and avoid legal or financial penalties. For global financial institutions, regulatory issues might be more complex as each country has its version of rules. As cyber threats evolve, regulators continuously update and enforce these requirements to address new challenges in digital payment systems.

For instance, UK regulations have set strict rules to ensure the security of digital payments. These include data protection measures, and companies that do not prioritise cybersecurity will face substantial fines. Similar regulations have been implemented across European Union (EU) Member States, compelling financial institutions to enhance cybersecurity to create a safe digital payments environment for consumers.

  • Cybersecurity in FinTech
  • Digital Payments

With the growing popularity of digital payments, cybercriminals have found a lucrative target. Cybersecurity data breaches rose sharply by 72%…

With the growing popularity of digital payments, cybercriminals have found a lucrative target. Cybersecurity data breaches rose sharply by 72% in 2023 compared to the previous record-breaking year. This shows the need for financial technology companies to implement strong banking security.

While digital payments offer benefits, businesses must protect themselves and their customers from cyber threats. Understanding the common cyber threats and implementing effective countermeasures are key to long-term success.

The Importance of Cybersecurity for Digital Transactions

With the increasing reliance on online platforms for financial activities, the risk of cyberattacks has grown exponentially. These attacks can lead to significant financial losses, damage to reputation, and erosion of customer trust. From identity theft to data breaches, the consequences of compromised security can be severe.

To prevent such consequences, cybersecurity measures are required for every financial institution. By applying cybersecurity best practices such as encryption, strong authentication, and regular security audits, organisations can protect customer data, prevent fraud, and maintain operational resilience.

Threat Landscape

Cybercriminals employ various tactics to exploit vulnerabilities in digital systems. Phishing attacks, a common method, deceive users into divulging sensitive information through fraudulent emails or websites. Another prevalent threat is ransomware, where cybercriminals encrypt a victim’s data and demand payment for decryption.

Additionally, unauthorised access to accounts through stolen credentials can lead to financial loss. These cyber threats highlight the need for a security framework to protect digital transactions against malicious activities.

Best Practice 1: Encryption

Cybercriminals can easily exploit vulnerable systems, leading to substantial financial losses and reputational damage. A data breach can cost millions of dollars to rectify, including expenses for recovery and ransom payments. A recent IBM report indicates that the average global cost of a data breach exceeds $4.45 million. 

Encryption safeguards sensitive information by transforming it into an unreadable format, accessible only to authorised parties possessing the correct decryption key. This cryptographic process employs complex algorithms and keys to safeguard data integrity and confidentiality.

Best Practice 2: Multi-Factor Authentication

Cybercriminals can easily steal passwords and pins through brute-force attacks, systematically testing numerous combinations until successful. Multi-factor authentication (MFA) offers a robust defence against this threat.

Requiring users to provide multiple forms of identification strengthens account security. This authentication combines different types of verification. This includes information only the user knows, like passwords, items the user possesses, such as security tokens, and unique physical traits, like fingerprints.

By requiring multiple verification steps, banks and financial institutions create a formidable barrier against unauthorised access to sensitive information and funds. Additionally, multi-factor authentication enhances user account management by requiring unique authentication factors for each individual.

Best Practice 3: Employee Training

Organisations with regular cybersecurity training experience a 40% reduction in security incidents compared to those without, according to  This emphasis on employee education is justified as human error remains a primary target for cybercriminals.

Hackers frequently exploit employee vulnerabilities through tactics like phishing, social engineering, and other deceptive methods. By training employees to recognize these threats, financial institutions can mitigate the risk of data breaches and financial losses.

Such incidents can result in substantial financial losses and damage to an institution’s reputation. Consequently, comprehensive cybersecurity training is essential for all bank employees to mitigate these risks.

Best Practice 4: Regular Security Audits

A security audit is an evaluation of an organisation’s digital infrastructure, designed to identify vulnerabilities that could compromise digital transactions. This process involves examining security policies, testing safeguards, and ensuring compliance with industry regulations.

Given the escalating complexity of cyber threats, financial institutions must prioritise regular security audits. Banks can uncover weaknesses before malicious actors exploit them by scrutinising systems and processes.

Regular security audits empower organisations to proactively strengthen defences by implementing essential safeguards such as firewalls, antivirus software, and antimalware solutions. To ensure impartiality and objectivity, it is essential to engage an independent expert to conduct these assessments.

Best Practice 5: Incident Response Planning

As the frequency and sophistication of cyber threats continue to rise, the need for robust defences becomes increasingly critical. Safeguarding digital transactions requires a proactive approach, including a well-defined incident response plan.

An incident response plan is a crucial component of any organisation’s cybersecurity strategy. This formal document outlines strategies for preventing, detecting, and responding to security breaches that could compromise financial data. By establishing clear protocols and assigning specific responsibilities, banks can minimise the impact of cyberattacks and protect both their reputation and customers’ assets.

To be effective, an incident response plan must be established in advance and assigned to specific teams. By following established frameworks, such as those provided by the National Institute of Standards and Technology (NIST) and SANS, organisations can develop comprehensive plans. These resources offer detailed guidance on handling various types of security incidents to ensure a coordinated and efficient response.

Conclusion

Protecting digital transactions requires a multi-faceted approach. Implementing cybersecurity measures is essential for protecting sensitive financial data and maintaining customer trust.

Encryption and multi-factor authentication are foundational elements of a strong security posture. Encryption safeguards data by rendering it unreadable to unauthorised individuals, while multi-factor authentication adds an extra layer of protection by requiring multiple forms of verification. These are just two examples of critical best practices financial institutions should adopt.

Financial institutions must prioritise cybersecurity to maintain customer trust and protect their bottom line. By investing in advanced security measures and staying vigilant against emerging threats, organisations can effectively mitigate risks and ensure the integrity of digital transactions.

  • Cybersecurity in FinTech

From AI to multi-factor authentication, here are 7 cybersecurity solutions keeping financial institutions’ critical data secure.

Data belonging to 20.4 million UK citizens was affected by cyberattacks made against financial institutions at the end of 2023. This represents a 143% increase from the 8.4 million individuals affected in the previous year. The demand for robust cybersecurity is ever-increasing in financial institutions.

Financial Institutions encompass a wide range of businesses dealing with financial and monetary transactions, including banks, insurance companies, and brokerage firms. These institutions are pivotal for a functioning capitalist society, simplifying transactions, enabling individuals and entities to seek investment or lend money, and assisting in managing assets.

The increasingly digitalised nature of the economy, including the rise of online-only financial institutions like challenger banks, has accelerated the development of financial technologies and their adoption in the market. As a result, Software as a Service (SaaS) for finance, such as digital banking, electronic payment, online investment, and other online-based services, makes financial services more accessible to the consumer. But, with the ease of access technologies provided, new challenges have also emerged, especially regarding cybersecurity.    

Financial institutions are enticing targets for cybercriminals. Therefore, cybersecurity has become integral to banking security in protecting data from malicious attacks. 

Here are seven top cybersecurity solutions to secure data from online threats.

1. AI-Powered Threat Detection

The ability for AI models to perform pattern recognition on large amounts of unstructured data is opening up an exciting new frontier in threat detection for cybersecurity teams. AI tools can potentially flag subtle differences, anomalies, and patterns that could point to a zero-day threat or the presence of a bad actor in the system. 

Some industry experts believe that AI-powered threat detection will be pivotal in helping cybersecurity teams respond to rapidly evolving cyberattack strategies that are increasingly difficult to combat — somewhat ironically, this uptick in the frequency and sophistication of attacks is at least partially due to the availability of AI tools, which hackers are also putting to use. 

AI’s adaptive learning and advanced recognition capabilities enable automated responses to threats and can predict future risks by analysing past patterns. This helps reduce false positives and saves security teams time on assessments.

2. Multi-Factor Authentication

Multi-factor authentication has quickly become the standard in security and identity protection as more and more people bank, shop, and administer their lives entirely online. Put simple, it’s a multistep account login in which more information besides username and password must be provided. 

Typically referred to as “something you have, something you know”, multi-factor login procedures drastically reduce account hacking, allowing security teams to detect suspicious activity that occurs in the logging processes. 

3. DDoS Mitigation

Distributed Denial of Service (DDoS) is a coordinated cyberattack that overwhelmingly sends a request to the server simultaneously, which makes the server slow down or even go offline. DDoS mitigation is important for banking service security to prevent the interruption of vital services. 

Cynersecurity teams can perform DDoS mitigation by implementing a load balancer, restricting requests from certain places, and blocking communication from outdated or unused ports, protocols, and applications.

4. Compliance

Compliance is vital to both ensure the security of systems and organisations against cyber attack, but also to prevent legal penalties and repercussions if an organisation is found to be in breach of existing regulations. These regulations ensure that an organisation’s cybersecurity set up is in line with the security and data protection laws in the countries where it operates, with the end goal of mitigating risk to the consumer — or just people in general whose data is collected and kept by the company. 

There can be serious legal and financial risks associated with non-compliance — tied to both finance and cybersecurity. For example, in 2021, Natwest was fined over £264 million by the FCA for its extended failure to identify and prevent money laundering. Since the FCA was established, there has not been a year when its total fines issued have been less than £1 million. In the UK, other financial and cybersecurity compliance regulations are DPA 2018, UK GDPR, NIS regulations, and the Computer Misuse Act 1990.

5. Database Activity Monitoring

Database Activity Monitoring refers to any set of tools that monitors and analyses database activity. The goal of this monitoring is to flag and report deceptive, illegal, or undesired behaviour taking place within a system. Ideally, these tools run and operate without any serious impact on user experience.

Because most databases don’t monitor or flag suspicious activity by default, unless you have a tool that handles activity monitoring, making third party solutions a necessity in many cases. According to monitoring software solutions vendor Cyral, most systems also don’t collect enough data to enable “a full forensic investigation of historical breach events.” Also, databases that do often log and store this information inside the database itself. Any attacker that gains access to the database can then, supposedly, have write access to the full collection of tables (as is often the case), meaning they can easily delete any activity rows associated with their presence and theft of data.

6. SQL Injection Prevention

SQL injection is a code injection technique attackers use to steal, spoof, and manipulate data. An effective SQL injection attack can result in attackers gaining unapproved access to sensitive data like including credit card information, PINs, or other private information. In banking security, a failure to prevent SQL injection can result in attackers altering balances, voiding transactions, and even transferring money to their bank accounts. 

Cyberattackers inject malicious SQL code into the backend of a target system when they discover defenceless user inputs in a web application or web page. The hackers can then use this opening to locate the IDs of other users within the database, impersonating these users — usually those with data privileges such as the database administrator — to run malicious code within the system. 

7. Regular Risk Assessment and Training

Perhaps most importantly, the best defence against the rising tide of cybercrime is a cybersecurity conscious culture. Financial institutions should conduct regular risk assessments manually to identify potential vulnerabilities and threats to their systems and networks. 

They should regularly evaluate and revise systems and networks based on analytics and assessments to prioritise cybersecurity initiatives and protect vital assets. Security teams shouls also conduct periodic security awareness training, which can strengthen cyber-readiness among finance personnel. This is particularly important given the rise in generated AI-driven phishing campaigns and other technologically democratised forms of cyber crime.  

Case Study – Cybercriminals in UK Businesses

An investment article from IFA magazine reported 300,000 cybersecurity breaches in finance institutions across the UK in 2022 alone, making them the second-highest number of data breaches from all industries after the IT sector. Reports estimate losses in the region of £27 billion per year, with small businesses in the UK affected the most by cyberattacks, usually phishing. 

The UK authority encourages its citizens to be more aware of the possibility of cyberattacks, especially phishing and fake charity emails, as online threats are growing exponentially. Ledi Sallilari from the SEO consulting firm Reboot also suggested that more complex passwords can help prevent account breaches. 

The rapid expansion of internet usage brings new challenges for cybersecurity. Proper knowledge and awareness about cyber criminals should become mandatory for all Internet users to protect their online data.

Financial institutions, responsible for managing customer funds, need to implement strong cybersecurity measures. With more secure backend systems, they can protect assets and maintain customer trust in an increasingly digital world.

  • Cybersecurity in FinTech

AI, real-time monitoring, and machine learning are helping fintech firms stay ahead of growing cyber threats.

The financial sector faces a growing threat—cybercrime.

Cybersecurity Ventures predicts a significant rise in cybercrime costs, with the total impact of hacks, breaches, and data theft potentially reaching as high as $10.5 trillion a year by 2025. As attacks become more common and more severe, mitigating these risks and preventing fraud is paramount for financial institutions and financial technology companies alike.

Luckily, ongoing advancements in technology offer fintech organisations a powerful arsenal of weapons to combat cybercrimes. Adaptive fraud prevention systems use artificial intelligence (AI) to detect and prevent fraudulent activity in real-time. These intelligent systems continuously learn from new data, allowing them to identify evolving patterns and improve cybersecurity.

Introduction to cyber fraud protection

Cybersecurity is crucial in the financial services industry, where sensitive financial data and transactions are a prime target for cybercriminals. Moreover, cyber attacks can inflict significant financial losses, not just through direct theft but also via hefty regulatory fines, legal costs, and reputational damage.

Financial institutions have a responsibility to safeguard customer trust by implementing robust cyber fraud protection measures. This includes advanced technologies like network security, intrusion detection systems, and malware protection.

By securing financial transactions and customer data, these measures not only deter cyberattacks but also mitigate their impact, fostering customer confidence in the bank’s security posture.

Common types of Cyber fraud

The financial sector occupies a bull’s-eye for cybercriminals, ranking second only to healthcare in global cybercrime costs according to the IBM Cost of a Data Breach Report 2023. Financial institutions face an average loss of $5.9 million per cyber incident, highlighting the critical need for robust cyber fraud protection measures.

These attacks come in various forms. One of the most common isphishing scams. These are attempts to trick people into surrendering sensitive information. Meanwhile, ransomware attacks aim to disrupt operations or extort money by encrypting critical data. Distributed Denial-of-Service (DDoS) attacks overwhelm systems with traffic, making essential services unavailable to legitimate customers.

Advanced cybersecurity technologies

The fight against cyber fraud necessitates sophisticated tools, and advanced technologies like AI and machine learning (ML) are playing an increasingly crucial role.

AI fraud detection uses ML algorithms to identify fraudulent activities within vast datasets. These algorithms are trained to recognise patterns and anomalies that deviate from typical user behaviour and transaction patterns. Once the patterns are identified, attackers can be purged from the system before they have a chance to steal anything of value. Cybersecurity systems powered by ML can drastically reduce the amount of time bad actors spend inside a system.

ML algorithms excel at identifying patterns and trends that might signal potential fraud. Also, by analysing big data, these algorithms can adapt quickly to evolving fraud tactics.

They can detect and alert security teams within seconds of suspicious behaviour, such as unusual purchases or login attempts from unfamiliar locations. Thanks to continuous data analysis, businesses can gain an immediate advantage, allowing them to swiftly identify and respond to suspicious activity, ultimately minimising potential losses.

Case studies

The financial sector is actively exploring the potential of AI to combat cyber fraud. Mastercard’s Decision Intelligence technology exemplifies this trend. By analysing historical spending habits, this AI solution creates a personalised baseline for each cardholder’s behaviour.

This approach is a significant improvement over traditional, one-size-fits-all methods, which often lead to false declines. AI’s contextual analysis of transactions allows it to bypass common triggers for false positives, ultimately enhancing fraud detection accuracy.

Future prospects

The future of cyber fraud protection hinges on the continued evolution of technology. One promising area lies in adaptive technologies, such as behavioural biometrics. Additionally, these systems move beyond static passwords or fingerprints, creating a unique user profile based on a person’s interaction patterns.

These patterns are ‘behavioural fingerprints’ that include typing style, mouse movements, and even how an individual holds their phone. Over time, the system learns user habits, building a digital identity that can detect deviations indicative of unauthorised access.

This approach is particularly effective because it’s nearly impossible for hackers to replicate one’s unique behavioural traits, even if they steal the password. This adds a crucial layer of security that traditional methods cannot provide.

  • Cybersecurity in FinTech

The digital banking industry faces cybersecurity challenges. A Statista report shows a 10 percent jump in global malware attacks in…

The digital banking industry faces cybersecurity challenges. A Statista report shows a 10 percent jump in global malware attacks in 2023, reaching 6.06 billion incidents.

Cybercriminals are growing more skilled, leading to more frequent data breaches that expose vulnerabilities in banking security. Moreover, effective risk management and strong network protocols are essential to securing digital banking operations.

Introduction to Cybersecurity in digital banking

As online transactions become the norm, strong cybersecurity measures become more crucial. Banks keep sensitive financial data and handle high-value transactions, making them prime cyberattack targets.

Effective cybersecurity is a multi-layered approach. Also, it combines advanced technology, strict policies, and constant monitoring to fight cyber threats. These security measures shield not only a bank’s finances but also customer personal information.

For that reason, cybersecurity is the foundation of trust and reliability in finance. Without strong security protocols, the balance between innovation and managing risk is disrupted, potentially shaking customer confidence in digital banking.

Early Cybersecurity practices

The rise of the internet gave birth to a new genre of malicious activity. Cybercriminals emerged to target this new frontier. They launched worms, malware, and phishing attacks.

In response to these escalating threats, the 1990s saw the introduction of firewalls and antivirus software. Additionally, these early security measures acted as barriers between networks to protect systems from unauthorised access.

Cybercriminals constantly develop new viruses and threats. Likewise, antivirus companies continuously create new software patches and signature updates to stay ahead. Despite that, the possibility of new threats slipping through these defences remains a challenge.

Technological advancements

Fraud is a major challenge for financial institutions. Artificial intelligence (AI) has emerged as a powerful weapon in the fight against this threat.

This technology excels at detecting various types of fraud. AI algorithms can detect suspicious activity in real time, helping prevent fraud before it happens.

AI solutions go beyond simple detection. By creating detailed profiles of each customer and tracking their activities, AI can predict potential risks and prevent fraud proactively.

Current Best Practices

A strong foundation is critical to banking security. This includes constantly checking for weaknesses through risk assessments. Digital banks must update their security protocols regularly to keep pace with changing risks. Collaborations with other financial institutions and government agencies help banks stay informed about the latest threats and how to respond.

Data classification is also essential. Banks need strict controls on who can access sensitive information. Employee security training must be regular to make them aware of threats.

Case Studies

The digital bank Starling Bank partnered with cybersecurity firm HackerOne in 2019. This partnership created a streamlined system for anyone to report weaknesses found in its apps and website.

The initiative initially focused on specific areas and common vulnerabilities. This collaboration revealed valuable insights into weaknesses often missed during standard testing. The project’s findings allowed Starling to develop automated detection tools that proactively prevent security issues.

A report by Statista predicts the global cybersecurity market will hit $271.90 billion in 2029, highlighting the growing need for strong defences in digital banking. While still new, quantum computing presents a future hurdle. Its ability to crack current encryption methods means new, quantum-resistant cryptography needs to be developed for banking security.

However, machine learning and AI are expected to be adopted more widely in cybersecurity. Beyond just reacting to threats, financial institutions will also increasingly focus on proactive threat hunting. This means identifying and stopping potential vulnerabilities before they can be exploited.

  • Cybersecurity in FinTech

The FinTech sector has changed how we manage our money. From mobile banking apps to robo-advisors, FinTech offers a new…

The FinTech sector has changed how we manage our money. From mobile banking apps to robo-advisors, FinTech offers a new level of convenience and efficiency. But with this convenience come challenges and cybersecurity responsibilities: safeguarding the vast amount of sensitive financial data entrusted to these platforms.

Cybersecurity is no longer an afterthought for FinTech companies; it’s an essential foundation for their success. Breaches exposing financial information can have devastating consequences, not just for the companies involved but for their users as well.

Understanding these cyber threats is crucial for FinTech companies aiming to safeguard their operations and customer data. Here are the top 10 cybersecurity risks FinTech firms must be aware of in 2024.

1. Phishing Attacks

Phishing attacks trick people into divulging personal information. Cybercriminals often pose as legitimate companies through emails, texts, or phone calls. They llure victims into clicking malicious links or revealing passwords.

Phishing attacks significantly threaten financial companies because they target the human element rather than technological weaknesses. Hackers impersonate trusted sources like banks or colleagues to trick employees into revealing sensitive information or clicking malicious links. It can lead to data breaches, financial losses, and account takeovers.

2. Ransomware

Ransomware attacks involve cybercriminals holding sensitive data hostage and demanding a ransom from the victim. FinTech companies are particularly vulnerable to ransomware attacks because they rely on digital systems and customer financial data.

These attacks can impair operations, damage reputations, and lead to significant financial losses. They can be devastating, as there is no guarantee that paying the ransom will result in the safe return of the data.

3. Insider Cybersecurity Threats

FinTech companies may face a unique cybersecurity threat from their employees, known as insider threats. These insiders can be malicious, accidentally negligent, or even tricked into compromising sensitive data. Malicious insiders might steal financial information or sabotage systems for personal gain. Negligent insiders could leave data exposed or fall victim to phishing scams, unintentionally giving away access.

4. DDoS Attacks

Distributed Denial of Service (DDoS) attacks overwhelm online systems with traffic, making them inaccessible to legitimate users. FinTech firms are attractive targets for these attacks because they offer multiple entry points (banking systems, online accounts) and prioritise constant service availability.

DDoS attacks can severely hurt a FinTech company’s reputation and finances by causing downtime, raising security concerns among customers, and potentially leading to data breaches during the distraction.

5. Malware

FinTech companies are prime targets for malware attacks, accounting for 19 percent of all attacks and suffering nearly US$18.3 billion in losses in 2017. While the number of traditional banking malware strains is decreasing, it doesn’t represent a decline in overall threat. Instead, attackers are developing more sophisticated malware that uses techniques like obfuscation and slow, staged attacks to bypass antivirus detection.

6. Data Breaches

FinTech companies are under fire due to data breaches exposing sensitive financial information. Hackers exploit security flaws to steal user data, leading to financial losses, identity theft, and damaged trust. To combat this, strong encryption methods like end-to-end encryption and tokenisation can scramble data, making it useless to attackers.

7. Mobile Security Risks

Despite offering convenient access to financial services, mobile apps are a double-edged sword for FinTech companies. These apps are vulnerable due to their popularity, making strong security practices essential. Regular security updates, secure coding from the start, and robust data encryption during transmission are crucial to patching weaknesses.

8. Third-Party Cybersecurity Risks

The reliance on third-party vendors for services and integrations creates a security blind spot for FinTech firms. To address this, thorough vetting through due diligence and vendor risk assessments is crucial before forming partnerships.

9. API Vulnerabilities

FinTech companies rely heavily on Application Programming Interfaces (APIs) to enhance customer interfaces and share information across systems. While APIs are essential for data exchange, they also open doors for cyberattacks.

To fortify their defences, FinTech companies need to focus on secure API design with solid authentication methods (like OAuth or API keys), constant monitoring, and regular security assessments to identify and fix weaknesses before they become exploited.

10. Artificial Intelligence & Machine Learning Risks

The use of artificial intelligence (AI) and machine learning (ML) has increased in FinTech for decision-making processes. While beneficial, these systems also present risks if they make inaccurate decisions based on incorrect data. Rigorous testing and monitoring of AI and ML systems are necessary to minimise these risks.

Steps to mitigate threats

The cybersecurity threats facing FinTech in 2024 are varied and complex. FinTech firms must prioritise cybersecurity to protect customer data and maintain trust. By researching technology usage, training employees on cybersecurity, regularly monitoring suspicious activity, and building advanced security systems, FinTech companies can improve their defences against these evolving threats.

  • Cybersecurity in FinTech

With more financial transactions shifting to digital platforms, having proper cybersecurity measures becomes a priority.

Moreover, data is at the heart of every fintech company, which makes them attractive targets for hackers and malicious actors.

Financial technology has created new opportunities for customers and businesses in the finance industry. Individuals can now borrow, transfer, save, and invest from the convenience of their homes. Also, the growth of the industry is massive, with fintech revenues projected to grow sixfold from $245 billion to $1.5 trillion by 2030.

However, following that growth are security risks associated with it. Accounting services firm BPM predicts that cybersecurity attacks aimed at fintech companies will only continue to grow in 2024 and beyond. Furthermore, these attacks can end in monetary losses, reputational damage, and brand erosion.

To prevent such cases, fintech security leaders globally have implemented cybersecurity measures.

1. Stripe

Founded in 2010 by Patrick and John Collison, Stripe specialises in payment processing software and application programming interfaces (APIs).

Based in South San Francisco, California, the company offers top-tier encryption and secure transmission protocols. The protocols, which adhere to the PCI DSS standards, are in place to ensure the security of credit and debit card data.

Launched in 2018, Stripe’s innovative tool Radar detects and blocks fraudulent transactions. After its 2.0 update in 2018, the company claimed it helped reduce fraud rates by an additional 25% for its users.

With other services like Stripe Terminal, Stripe Tax, and Stripe Capital, Stripe has become a trusted name in online payment processing. It powers payments for major companies like Amazon, Google, and Shopify, all of which demand high-security standards.

2. Square

Owned by Block, Inc., Square was launched in 2009 by CEO Jack Dorsey and co-founder Jim McKelvey. Square offers an all-in-one financial services platform, including customer booking, e-commerce, payroll, shifts, loan financing, and banking.

In 2021, Square received FDIC approval from the Utah Department of Financial Institutions. Additionally, with end-to-end encryption, regular vulnerability assessments, and secure data storage, Square reached Level 1 PCI DSS certification. This is the highest level for payment processor certification.

3. PayPal

Launched in 2000 from the merger of Confinity and X.com, PayPal is a leader in secure online transactions.

Acquired by eBay in 2002, PayPal became the leading global payment application after eBay discontinued its Billpoint service. It has arguably outpaced competitors like Citibank C2IT, Yahoo! PayDirect, and BidPay from Western Union.

PayPal uses advanced encryption technologies and multi-factor authentication to protect user data. With its continuous monitoring and fraud prevention mechanisms, the company is compliant with industry standards.

According to the company, its fraud detection tools are informed by data from 1 billion monthly transactions. It claims that the tool gets smarter with each transaction.

4. Ant Financial (Alipay)

Ant Financial’s Alipay, is the second-largest international payment processor after Visa.

Founded in 2014 by Jack Ma as an affiliate of Alibaba, Ant Financial offers a range of products. Available services include electronic payment processing, banking, and mobile payments through brands like Yu’ebao, Huabei, and Xianghubou.

Ant Financial combines advanced cybersecurity measures such as AI-driven fraud detection, biometric authentication, and data encryption. Alipay itself also holds the internationally recognized ISO/IEC 27001 cybersecurity certification.

Used by more than 1.2 billion users, Ant Financial is protected by its AI-powered risk engine AlphaRisk. With the tool, Alipay’s fraud loss rate has been kept under 0.64 in 10 million, way lower than the industry average.

5. Plaid

Established in 2013 by Zack Perret and William Hockey, Plaid is an embedded financial platform. It facilitates secure online payments and transactions by connecting users’ bank accounts to finance applications.

Plaid ensures authorised access to bank data through secure bank portals, which eliminates the need for user credentials. In October 2020, Plaid introduced “Plaid-Link,” a service that enables real-time payments for loans, insurance, and wages. It securely connects 12,000 US financial institutions, plus many more in Canada, the UK, and Europe.

6. Chime

Founded in 2012 by Chris Britt and Ryan King, Chime partners with regional banks to offer fee-free mobile banking services. Chime uses encryption, access protocols, continuous monitoring, and proactive fraud prevention to keep its payment processes secure.

In April 2020, Chime launched the fee-free overdraft product “SpotMe.” It successfully processed $375 million in Economic Stimulus Payments one week from the scheduled government disbursement.

7. Adyen

Adyen, listed on Euronext Amsterdam, is a Dutch FinTech company founded in 2006 by Arnout Schuijff and Pieter van der Does. Primarily catering to businesses, Adyen offers e-commerce, mobile, and POS payment solutions. The company successfully achieved 1.3 billion euros in revenue in 2022.

Adyen’s cybersecurity measures include encryption, tokenization, secure data storage, and regular security assessments, all backed by Level 1 PCI DSS certification.

8. Sift

Founded in 2011, Sift is one of the cybersecurity companies providing AI-powered fraud platform. It uses machine learning combined with data network scoring 1 trillion events per year to offer security solutions.

The company notices that online fraud is a growing problem, especially for retailers and financial institutions. Therefore, Sift’s algorithm distilled over hundreds of millions of user actions to create fraud pattern recognition tool.

Sift has received several accolades, including being named a leader in 2023 Forrester Wave for Digital Fraud Management and G2’s Momentum Leader in Spring 2024.

9. Darktrace

Cybersecurity company Darktrace, established in 2013, uses AI to respond to cyber threats in real time. Since its inception, the tools it created has been deployed over 9,000 times.

With its Enterprise Immune System technology, Darktrace is able to handle Industrial Operational Technology, email, SaaS, cloud, network, and endpoint safety. More than 9,400 organisations, including major financial institutions, rely on its advanced solutions.

The company was included in The Cyber Award’s AI Product of the Year in 2020 and Fast Company’s top 10 most innovative AI companies for 2022.

10. Netskope

Cloud-based cybersecurity company Netskope was founded in 2012 to help organisations apply zero trust principles. The company’s solutions protect data across cloud services and apps, which makes it pivotal for fintech institutions relying on such technologies.

The California-based firm helps financial services companies meet compliance requirements such as FINRA, PCI-DSS, GLBA, and GDPR. Not only that, it provides necessary protection, such as SWG, CASB, ZTNA, DLP, Cloud Firewall and SD-WAN.

In 2024, Netskope is recognized as a leader in the Gartner Magic Quadrant for Cloud Access Security Brokers (CASBs).

What makes these a success

These top cybersecurity firms in fintech have set high standards in cybersecurity. Their efforts have significantly contributed to a safer digital landscape for fintech.

They have also demonstrated collaboration with fellow financial or cybersecurity experts. Collaboration means having access to specialised knowledge that may not be available in-house. This includes latest threat intelligence, security tools, and tailored audits.

Additionally, it is imperative that companies adhere to industry standards and regulations. Compliance is the first step in building trust with users and stakeholders alike.

With 64% of financial services institutions falling victim to ransomware attacks last year, finance organisations should follow best practices from these companies.

  • Cybersecurity in FinTech