Can Fintechs Fix Their Identity Blind Spots? 4 Predictions For Fintech Cybersecurity In 2022

By: Frances Zelazny, co-founder and CEO, Anonybit

2021 has been a banner year for cybersecurity issues for financial technology (fintech) companies as they push the boundaries of innovation.

Ransomware incidents are up 64% year-over-year while the average mobile bank payment has increased by 82%. News headlines warn consumers about mobile payment scams on Venmo and Zelle, where victims are tricked into sending fraudulent payments that are not protected by bank regulations. Data breaches haven’t stopped: according to the Identity Theft Resource Center, the number of data breaches through the end of the third quarter this year already surpassed the total of last year. These figures point at a record-breaking year for cyberattacks, with an even more dramatic rise in the number of issues caused by unsecured cloud databases.

 Are we hitting a breaking point? Looking into my crystal ball, given 22 years of experience in identity management and biometrics security, it seems that indeed we continue to be heading deeper into “bad news” territory. As in most industries,  pandemic supply-chain challenges aren’t helping the situation for fintech. Investors will be looking for fast money, pushed by  rising prices and inflation.

Smart investors will know where to look to avoid these risks in 2022– here are a few predictions that can help demystify this sector:

Fintech regulation will be a rallying point

The rise in mobile payment scams on platforms like Zelle, CashApp and Venmo is pushing banks to give money back. This will in turn force banks to rethink authentication measures to shore up risk. Legislators and regulators will begin to step in as constituents demand more protection in the less-regulated gray area between banking institutions and fintechs. Next year's midterm elections and even the 2024 Presidential election year will turn up the heat on fintech regulation as an easy rallying point. We can already see the beginnings of this with greater calls to unify the patchwork of consumer data protection laws and Congressional hearings held over the summer.

Identity verification wrinkles will smooth out

Nearly $3 billion has been poured into the identity verification space in the last few years, a staggering amount to tackle a major issue plaguing fintechs. Today, opening digital accounts requires a verification of a government ID along with facial photo recognition (i.e. a “selfie”   match). But this process is not linked to subsequent account login processes as people use FaceIDs stored on their personal devices, which means hackers can easily circumvent it by impersonating an account holder using stolen information from a previous data breach. This will be the number one identity problem for financial services organizations to solve going forward, along with multi-channel attribution to fully manage the customer’s experience across digital, ATM, in-person and other financial touchpoints. In the next year, expect the gap between account registration and account recovery to tighten as this investment helps fintechs solve the identity management lifecycle.

 Expect decentralized protection for personal data

As ransomware attacks continue to pose a major threat to organizations' operations, sensitive assets will be moved to decentralized protected storage to reduce risk exposure and recovery efforts. The same will happen for personal identity data, to eliminate the risk of a data breach. Fintechs are currently playing with a few emerging models related to how personal data is stored, managed and utilized. The successful ones that persist over the next several years will solve not just the problem of data storage but also the problem of verifying identity. It will not be enough to dole out digitized credentials if there is no way to verify the holder or if a hacker can impersonate someone to obtain a new credential or create a fake credential.

 Consumers will demand accountability in booming digital asset sector

With the growing prominence of digital assets like cryptocurrencies and NFTs, the problems around managing the identity of these assets will also have to be addressed. Zero-knowledge proofs and distributed data storage and exchange, which are key to these fintech innovations, will be applied in new ways to protect account holders and drive accountability into this ecosystem, while still maintaining the core tenets of privacy and user control that have been critical to its rise. This means holding personal data in a manner that is distributed and decentralized but that can still be used to authenticate a person’s identity. In fact, these models will eventually cut off the oxygen that gives life to data breaches and identity theft overall.

 In summary, as the adoption of digital wallets increases for payments, crypto assets, identity assets, health information, and more, the dependency on user devices, managing remote interactions and ensuring proper wallet access and recovery is becoming critical. More access, new currencies, increased digital interactions will result in new technological solutions that address the need for added security without impeding on the user experience and without encroaching on user privacy.

Financial institutions - both legacy and emerging - will have to create renewed trust with their consumers. This will be forced upon them by new regulations at some point, but those who can come up with improved customer service models will win out first. Eliminating the blind spots related to identity will be at the core of these successful customer service models.