FinTech - Trust and risk when digitizing your finances for the COVIDian Era

Next story
James Shepperd

Handing your money over to other people requires trust. Handing over money and data? Well that should require quite a bit more. Yet people all over the world, are rushing to financial apps and online services requiring digital access to critical personal data, leaving the question of trust largely unaddressed. Does this stampede show just how many users fail to see that cybersecurity has become a key part of financial literacy?

Millions are stepping beyond trust relationships built over centuries with financial institutions like banks and insurance brokers. Now, as people migrate towards digital options, trust seems increasingly built on novelty, a great user interface, potentially lower cost, and the hope that governmental regulation can and is keeping up. The attraction? Tech is more convenient, self-service, fun and often “free”.
In its basic forms, Financial Technology (FinTech) can be anything from tap and pay (cards) to the SMS transactions that have enabled commerce across the remote regions of Africa and Latin America, leapfrogging traditional banking infrastructure. Other regions, including Asia, have seen a lot of activity leveraging and servicing the blockchain and cryptocurrencies. These developments have inspired a lot of interest in both Europe and North America, where subsequently cryptocurrency’s rise has driven new interest in (stock) trading, in large part fueled by rapid advances in digitization, and democratization of financial trading processes. This instills a feeling that this is both normal and good. Is it?
This evolution is at work across the spectrum of finance; whether in modestly capitalized or more developed markets with more to invest - the core issue remains the same: trust. No longer just trust in banks, currencies, regulations, businesses and products — now these have been joined by a wave of consumer-facing FinTech.

Developers are churning out these apps for everything from mobile- and crypto-wallets to stock trading and financial management. According to Ernst and Young’s Global FinTech Adoption Index 2019, “Consumers like what they see. Adoption of FinTech services has moved steadily upward, from 16% in 2015, the year our first FinTech Adoption Index was published, to 33% in 2017, to 64% in 2019.” The apps go beyond just banking, helping users more efficiently navigate purchases, trades, financial health and daily transactions – all tracked via user-friendly dashboards and secured access. But how secure?

Hot #FinTech + #COVID = Scramble
FinTech has been booming for a long time. Consider that Bitcoin v0.1 was released in 2009. More than a decade later, with the steady burn of the COVID-19 pandemic stifling the global economy and weighing on all our minds, a new sense of urgency may be driving more people to consider (consumer) FinTech. “I could certainly use budgeting help, alarms, reminders, better rates.” “I’m smart. If Alec Baldwin can trade stocks, so can I!

Case in point; people now rely on tech as never before. With millions more working from home, navigating video calls, the cloud, Microsoft 365 and Teams… there is renewed confidence in tech in general. The dashboards are intuitive, pretty secure and the industry is well regulated, plus millions of people are already in.

It’s accessible and has secured access, you say?
Consumer FinTech is also increasingly accessible, but remember that it is tech. Just like your PC, phone, email and social media accounts, your personal access needs to be secured. There are risks – unwanted access, problems that can lead to identity theft or worse. But deeper still, both the money and data giving life to these tools have significant value to cybercriminals.

Consumer FinTech apps are usually enabled via the most common trust relationship these days: your phone. Secure that with a reputable mobile security app like ESET Mobile Security -now with banking and payment protection- and you’ve taken the first critical step. With phone in hand, the next step is accessing apps via your Google Play or Apple Apps store account.

Mind you, the same caution applies to apps that function on PCs. With richer features, PC based apps may have additional risks, make sure you have solid security software with both banking & payment protection, encryption and password management like ESET Smart Security Premium.

Now the choices begin, many apps require personal and financial information, in better cases they will require multi-factor authentication (MFA), whether via SMS, a companion authenticator app, or a hardware token. But, to put it simply, the environment is complex. Less-than-savory app stores exist (not recommended), and even with various layers of protection in place users’ interests have been hurt, so tread carefully. If considering a FinTech app, always take the time to verify how it and your data are protected. If you are unfamiliar with any terms or concepts presented in the documentation, remember… it is your money and personal data that are at stake.

Into your financial future with a little help from consumer FinTech?
While acceptance of these applications largely coming from convenience, another boost stems from Open Banking regulations like 2015’s Revised Payment Services Directive (PSD2) which sought to increase pan-European competition and participation in the payments industry, to better include 3rd Party providers, and improved security for consumers (more here).

Not to argue against the advantages of many FinTech apps, and already having addressed some basic security principles above, interested users must ask themselves what data they’re comfortable sharing. This may differ when seeking advice or monitoring vs. management or making money via an app.

A popular app in the “advice” and monitoring is Mint. “We bring together everything from balances and bills to your credit score and more.” Essentially a dashboard to monitor your financial health, Mint is reported to have more than 20 million users. As with many free apps, revenue is driven by in-app offers for financial services, premium features and, more recently, ads. Data, once aggregated is sold.

This is not a GDPR or CCPA violation as the data is aggregated and anonymized. However, there are privacy concerns. Popular blogger Brian Krebs reported in 2019 that NCR Corp. “took the unusual step of temporarily blocking third-party financial data aggregators Mint and QuickBooks Online from accessing Digital Insight, an online banking platform used by hundreds of financial institutions.”
The ban was put in place “in response to a series of bank account takeovers in which cybercriminals used aggregation sites to surveil and drain consumer accounts.”

While the ban was brief, concerns remain about the role of consumer FinTech apps in fighting online threats. Mint users, for example, must give usernames and passwords to link their bank accounts, credit cards and/or other financial accounts. While in Mint’s case the data is encrypted in its database, fears persist that business models built along these like won’t always deploy multi-layered hardware and software encryption adequately, resulting in credentials and data falling into the wrong hands.  

From money management to making money
Managing money digitally is a lot about having visibility into what your money is “doing”, whereas making money – trading – entails making educated guesses about the future. Although most popular apps for trading stocks or cryptocurrencies provide good visibility into what your money is doing, both can benefit from an education-first approach. Good trades are great, but good security practice is essential. Make sure to find tutorials that go into safety and security; read several articles and compare.

Cryptocurrency’s meteoric rise between 2016 - 2018 holds many lessons, and watching the story of “new” technology unfold is hugely reminiscent – think of the printing press or PCs. Cryptocurrency’s impact is similar due to aspects of personal responsibility and intention demanded from users. Personal responsibility because successful trading requires “good luck”, or luck and practice in securing coin purchases and understanding links between coin value and other indicators. Intention because there are forces working to manipulate and harm users on this new frontier via masses of scams and threats. Did we mention luck? Some days the perfect trade arises, only for your preferred exchange to be offline.

Whatever your feelings about cryptocurrencies, they’re here to stay, along with the opportunities and ills they bring. Between coin wallets from the likes of Bitcoin, to trading apps like Coinbase, there are many ways to start. Keep in mind that as many platforms as there are, each carries with it its own risks.

Making money from data vs. making money from money
What else has cryptocurrency done? It has thrown light on a lucrative group of non-traditional investors. In turn, entrepreneurs and developers of e-trading apps have largely followed the playbook of advocates of cryptocurrencies. They saw the millions of potential investors –you– who could be tapped via the right marketing messaging, process automation and display of real-time results on crafty dashboards. By catering to amateur investors, consumer FinTech apps tapped a young, the brash and a more tech-savvy than financially savvy generation leapfrogging the complexities hovering around traditional stock exchanges and processes.

Bypassing the need for capital to invest in the market directly, FinTech app entrepreneurs bringing apps like Robinhood or Trading 212 are able to make money by packaging data generated by their users, and ultimately making traditional financial service providers their clients too – by selling them the user data. Nice! However, the cost is that users and financial institutions caught up in the experiment may not be prepared for the myriad security concerns brought with new digital processes, data sharing, or the tech driving the innovation. Simply, change has occurred so fast that respect for the principles of security by design may have become a wait-and-see affair.

In the COVIDian world, we are watching this experiment in real-time, observing what users will accept in the belief that they are improving their financial wellbeing. Will trust prevail and FinTech deliver?

Cybersecurity is now key to financial literacy
Whatever the future holds, this blog’s message is that best security practice and educating yourself about data privacy regulations and their implementation is more important than whichever FinTech app you might be exploring. Indeed, it is core to financial literacy.

As the first in a series of blogs exploring the use of these technologies by consumers and their impact on the wider finance marketplace, we hope that you take to heart that your financial security, your money and the security of your personal data are on the line and, ironically, online. And, as COVID-19 fuels users’ exploration of newer, seemingly more agile approaches to finance, we shouldn’t forget that this technology hasn’t changed the fact that trust is built, not given.