In the age of everyone sharing pictures of their lunch, broadcasting their location, and sending all kinds of risqué images to one another, one might be right to ask if privacy as a concept continues to exist. Simply put, do we care about what the world knows about us?
The short answer is that it depends, given the stakes of what is likely to actually move people to action.
If you thought that the public was up in arms around the fact that Cambridge Analytica was able to access the personal data of some 50 million Americans from Facebook in the lead up to the 2016 U.S. election, just imagine if there was a slightly more tangible thing that was stolen. Think not just about which kinds of pages you liked on Facebook or other details that could help someone take a hazy guess at what interests you, but your actual money or financial data.
Consumers trust companies with their data, expecting them to keep it safe. As we see with the pushback against Facebook, outrage can reach pretty significant proportions when this trust is violated.
We had a preview of how the public, and even the government, can respond to the compromising of user data back in September 2017, when news broke that hackers had stolen the personally identifiable information of some 143 million people during the Equifax breach.
This number later climbed to 145.9 million, and could continue to grow if new details emerge from the investigation.
The hackers succeeded in breaking into an agency that holds our social security numbers, addresses, credit histories, and all the other details like credit cards that could put our financial futures in their grubby hands.
For a company the size of Equifax, whose customers are actually the banks, lenders, and others that buy our credit reports, the news of the leak was bad but apparently not the nail in their corporate coffin that came after years of slipshod security practices. Their CEO, CSO, and CIO all resigned amongst the raucous in the days following the attack. For the time being, they appear to have weathered the storm, despite their stock price still failing to fully recover.
However, for companies that are not one of the big three credit rating agencies, the chances of emerging from a significant data breach are much slimmer. The risk is even higher for fintech businesses, which are built on keeping their users’ transactions and data secure. In other words, these companies cannot afford to be the next Equifax.
“With Great Power Comes Great Responsibility”
Fintech, the agile startups and SMBs that provide us with services like faster and smoother payments (PayPal), help us get better rates on loans (SoFi), manage insurance (Lemonade), and offer us the future of the blockchain (Colu), are forming the backbone of the modern economy, changing the way that we think and interact with money.
The financial industry faces increased regulatory scrutiny due to their handling of our money and sensitive data that they hold within their applications. Fintechs are asking their customers for some pretty big asks, like giving them access to their bank account data in open banking models or other payment methods that could see someone severely exposed if their data was compromised.
There is a higher bar for companies that ask us to trust them with our hard-earned cash. Not only are they prime targets for hackers who see them as treasure chests of loot, fintechs carry significant risk with their reliance on their applications — web and mobile — that their customers use to interact with their services, as well as for all of their internal uses.
For U.S.-facing companies, this means complying with PCI-DSS standards for data security which requires companies to “develop and maintain secure systems and applications.”
Why are Applications More Risky?
Well, the developers who build these beautiful interfaces are dependent on open source components to work more efficiently, meeting their rapid release schedules. While every company has their own special sauce that they write themselves — their proprietary code — over 80% of applications turn to open source components to include the basic features that make their applications work, all without having to reinvent the wheel.
The problem is that many of these developers are not checking their open source components to see if they have known vulnerabilities. Most are not even properly tracking their open source components in a proper inventory, so they are caught unaware when a new vulnerability is discovered.
Many of these companies and their security teams depend on application security testing tools to keep them out of hot water and their code clean. The issue is that the tools that work for finding flaws in the proprietary code, a very necessary tool to have on hand, will not catch open source components with known vulnerabilities.
Instead, these companies need a dedicated tool called Software Composition Analysis that can detect all the open source components in their products, and alert them when one is found to be vulnerable.
Stepping Up to the Challenge
Speaking with members of the fintech community, a common fear that they have expressed is that they will be caught off-guard by a user or client who asks them why they have a vulnerable component in their application. By their nature, open source vulnerabilities are public knowledge, as they are listed on databases like the National Vulnerability Database (NVD) for all to see, including hackers and researchers.
If a potential customer or partner were to examine the code in a fintech’s app, all the vulnerable components could be visible, and downright embarrasing for the company. Think of the lost deals or users leaving your app in droves if a service is not believed to be trustworthy, and their application vulnerable to attacks by hackers. Not fun.
Of course being breached would be even worse, seeing their company’s name plastered everywhere as the fintech that failed to properly patch. But losing customer confidence can be the kiss of death for fintech companies in an increasingly crowded field.
Rami Sass is CEO and Co-Founder of WhiteSource, the leading open source security and compliance management platform. Rami is an experienced entrepreneur and executive with vast experience in defining innovative products, leading technology groups and growing companies from seed level to business maturity.
© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.
Your update on what’s going on in the Fintech space. Keep up-to-date with news, valuations, mergers, funding, and events. Sign up today!