Neobanks interact with their customers via applications and API. As hackers employ increasingly sophisticated techniques to drain accounts, this may pose a real threat to the industry. For example, a recent study from Juniper Research clearly shows that online payment fraud will cost neobanks more than $206 billion between 2021 and 2025. The integration of digital technology and cybercrime could further exacerbate the fraud problem and even make it an issue of unprecedented scale.
The FinTech industry is particularly vulnerable to cyber attacks.
The urge to land as many customers as possible through the seamless adaptation process often leaves developers too little time to implement high-tech solutions for the financial crime management. Banking has historically been at the top of the list for fraudsters. Commercial banks have a great deal of experience in taking anti-fraud actions, therefore they have had plenty of time to develop workable security systems. In addition, they tend to cover up the fraud cases through an immediate refund of the amounts stolen to affected customers.
However, according to findings of a survey of banking sector specialists conducted by Accenture, the commercial banks are not doing as well as it seems. 85% of respondents confirmed that they encountered cyber attacks on a regular basis, and at least three of them were successful.
Another study from Accenture conducted in 2019 clarified the big picture. It found out, for example, that cybercrime had gone up by 67% from 2014 to 2019. The study also revealed that the cost of cybercrime had increased by 72% from 2017 to 2018. Quite impressive growth, isn’t it?
However, the non-banks have even more issues with security, as this emerging industry is most vulnerable to crime. Both our reputation and our customers suffer from cyber attacks, but there is no way to escape them entirely. With an increasing number of transactions, cybercrime will also rise. The most common fraud methods include malware, web-based attacks, denial-of-service attacks, malicious insiders, ransomware, and many others.
I think everyone remembers the high-profile investigation of Bank N26 in 2016. Vincent Haupert, a researcher and PhD student in the Computer Science Department of the University of Erlangen-Nuremberg, told the Chaos Communications Congress in Hamburg how he and two colleagues discovered multiple holes in the N26's security system. According to Haupert, he identified 33,000 customer accounts. The researcher speculated that someone could send phishing emails to all of these customers and hack into their profiles. This case is the perfect evidence of the vulnerability of neobank security systems.
Thorough verification of users is the number one problem.
Most hacker attacks occur at the stage of registration and identification of new users. Fraudsters commonly use fake or stolen identities to pass the verification process. Once the criminal registers an account, they launch an attack based on money laundering. Fraudsters connect to DarkNet and launder money that was illegally earned through neobank accounts.
Another popular method is deepfakes. Using artificial intelligence, criminals can mimic videos and photos, displaying a user's face that in fact simply does not exist. In this way, scammers look for vulnerable software in applications and cheat them.
Fortunately, there are already major players in the market who help solve this problem. For example, my startup project cooperates with Sumsub that provides us with the SDK to protect users.
Identifying the malicious intent of a new user is quite an issue, but you can always measure the risks. For example, a Pre-KYC check can quickly filter out customers. It is also essential to collect reliable information about the client at the time of application for registration. Let's say to obtain the IP-address, e-mail address, phone number or even the device that they use for the registration. Using this data, employees will be able to assess risks and request additional information if necessary.
Many neobanks fail to get licenses due to security issues.
On average, large financial services companies spend 10% of their IT budgets on cybersecurity. But more often than not, neobanks can't afford to spend much on security or hire a full-time cybersecurity team. This is a serious problem that prevents a number of countries from licensing startups.
Unfortunately, the complete elimination of security flaws is just not possible. Cybercriminals are constantly improving their knowledge and skills and looking for new tricks, so no one is safe from fraud. However, the creation of a global association aimed at protecting neobanks from cybercrime and headed by a major industry organization could help solve this problem.
Such an association would allow the rapid exchange of information. Let's say one neobank is attacked – and thousands of other players are immediately aware of the situation and can take action. In this way, it would be easy to identify the perpetrator by identifying their patterns of behavior.