Good Intentions, Bad Security: Podcast Episode Delves Into CFI Research on Data Security in Digital Finance

CFI Research Fellow Patrick Traynor and Research Manager Pablo Anton-Diaz discuss findings of "Digital Finance and Data Security" with Eric Hathaway of “The Finance Frontier.”

When I launched my podcast, The Finance Frontier, my goal was to talk with experts and trendsetters on emerging topics and developments in the world of finance. I quickly realized that there is a global explosion in the rise of fintech startups, and a common theme for many of these companies is offering access to financial products and services to the unbanked and underbanked. Fintech companies are growing in both number and value, and it’s because they are opening a door into financial opportunity for groups that didn’t previously have one.

There are differences in client security protocol. Some of these fintechs have secure back ends to ensure transactions are safe, others are a little less so. In the most recent episode of The Finance Frontier, I sat down and chatted about this topic with Patrick Traynor, CFI Research Fellow Professor of Computer Science at the University of Florida, and Pablo Anton-Diaz, CFI Research Manager.

We discussed what happens when the systems that are focused on expanding financial inclusion are poorly designed and executed, and talk through what new companies need to take into account as they break into the market.

Solving Access Problems with Fintech…

Much of this is fueled by the rise of mobile technology and its supporting infrastructure. In countries with emerging economies, EY recently found that 46 percent of consumers are adopting some kind of fintech solution, with 84 percent of consumers aware of some kind of these services.

Much of this focuses on moving money, with payments and money transfers accounting for roughly 50 percent of the daily active customer use. Additional categories include insurance, savings, investments and financial planning.

This demand is not slowing down, and consumers continue to show their enthusiasm for fintech solutions. But there is growing concern among industry professionals that this may be moving too quickly.

…But Creating Problems, Too

In this podcast episode, Anton-Diaz, Traynor and I talk about the excitement of fintechs. But we also talk about the very real challenges of consumer protection, data security and the changing nature of criminals who increasingly focus on stealing personal information.

In the CFI report “Digital Finance and Data Security,” Traynor examined the security of more than 50 fintech solutions. He looked at the privacy policies and options for consumer recourse from companies providing fintech services, and the results were eye-opening: “We see a pretty widespread set of configurations and security standings and some of them are actually downright dangerous.” And as Anton-Diaz wrote in this post on the CFI Blog, “No company studied was perfect, some were good enough, and some had real vulnerabilities.”

“We see a pretty widespread set of configurations and security standings and some of them are actually downright dangerous.”

What Does the Future of Fintech Hold?

Despite some of the challenges that Traynor and his research team discovered, fintech does represent a bright future for people who truly need access to finance products and services. In the interview, we address data questions and planning that fintech companies need to consider, as well as baseline security assumptions that fintechs need to plan for the future around.
While security requirements will continue to evolve, groups like the CFI, as well as individuals like Anton-Diaz and Traynor, are shining a light on some of the gaps that companies have today.

“If we get this wrong, we risk having another generation being excluded from the global financial infrastructure and that would be a tragedy. But if we get it right, then this can be something that can be a real differentiator between these companies.” Traynor said.

Be sure to listen to this episode of The Finance Frontier for a full discussion about the findings of this research, as well as the efforts to work with companies with security risks.

Tune In

Join the Conversation

<noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-W5XP2HF" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>