According to a study, over 250 Fintech firms have received $53 billion in funding. The list includes of nascent start-ups with seed fund and well-funded unicorns. Fintech’s growth is empowering the e-commerce industry too. Owing to the easy payment option and instant refund, e-commerce organizations are offering highly optimized customer experience.
While the Fintech penetration has increased from 16% in 2015 to 65% in 2019 in top countries like the US, China, and India, there’s a long way before the app-based payment system becomes mainstream. Compliance failure, database vulnerabilities, root misconfigurations, and phishing cases are among the top reason that is stopping the app-based payment system from becoming mainstream.
How getting PCI DSS Compliant helps Fintech Organizations?
Payment Card Industry Data Security Standard consists of 12 requirements that are designed to ensure complete protection of cardholders’ data. By adhering to the illustrated tech requirements, Fintech organizations can garner the following benefits:
- Render all attempts of internal sabotage obsolete
- Offer a highly optimized checkout experience during online payment
- Gain customer’s confidence
- Avoid getting fined somewhere between $5000-$100,000 by PCI DSS Council
- Restrict all kinds of cross-site scripting attempts
- Stop unauthorized access of cardholders’ data
Latest PCI DSS Statistics that will help Fintech Leaders
CB Insight studied over 200 Fintech organizations and compiled a report. The report presents a very scary situation, multiple Fintech firms are in grave violation of PCI requirements. Some of the enterprises even failed the basic security tests related to database management. The only positive that came out of research is that all vulnerabilities found can be fixed with intricate PCI DSS audit and improvisation.
1. 100% of all Fintech companies have errors in security and privacy requirements for web applications and subdomains.
Possible Impact: The presence of vulnerabilities in security and privacy requirements means hackers can easily acquire access to cardholders’ data and exploit it. PCI DSS compliance is strictly designed to stop unauthorized access of cardholders’ data is it a credit, debit or a prepaid card.
2. Out of 200+ websites scrutinized, 8 main sites and 64 subdomains were found to have at least one public and security vulnerability.
Possible Impact: Recently hackers acquired access to root domains of JP Morgan’s database and sensitive details like credit card and social security number of over 76 million users were exploited. Detailed scrutiny revealed that hackers were inside the system for over 3 months. The breach made it to the list of biggest data breaches in the history of mankind.
Hackers can acquire a similar kind of access to the database and exploit sensitive data of users leading to a loss in Billion. During PCI DSS audit gap assessment is done through which such vulnerabilities are discovered and catered to.
3. Cross-site scripting, security misconfiguration, and sensitive data exposure were the most common vulnerability across all sites.
Possible Impact: In 2017, Firebase reported over 2271 misconfigurations that led to the exposure of 113 GB of important data. The breach coaxed organization in checking over 2.7 million mobile apps for misconfiguration.
Cross-site scripting and security misconfiguration can allow hackers to route payments towards a specific bank account. Such attacks often go unreported because the magnitude of customer’s reactions can push Fintech firms out of business.
Conducting vulnerability scan and penetration testing is one of the 12 requirements of PCI DSS certification. With VAPT such errors like cross-site scripting and security misconfigurations can be easily identified and corrected.
4. 100% of all mobile applications scanned had 1 security vulnerability while 97% of them had more than 2 vulnerabilities. All threats were of medium risk.
Possible Impact: During 2015, a database of over 191 million US citizens were exposed on the web. The leak occurred due to a misconfigured database. The problem with medium-level vulnerability is that they can lead to disastrous results on their own let alone anyone trying to exploit it.
When PCI DSS audits are carried out, risk assessment is performed along; PCI QSA also ensures all systems are regularly updated and patch system are optimized according to the latest developments. Such intricate scrutiny and updates removes all kind of security vulnerabilities making it easier for Fintech firms to ensure proper security of cardholders’ data.
5. 56% of websites failed to furnish SSL/TLS on main pages
Possible Impact: Today customers look for green padlock while shopping online. Green padlock represents SSL, which means all transactions on this site are secured with an advanced level of encryption. Missing SSL/TLS certificate on the main page can lead to customer churn.
Boosting customer confidence is the primary benefit of getting PCI DSS Certification. The compliance ensures that all checkout pages are SSL/TLS enabled.
6. 62% of Companies failed PCI DSS Compliance Test
All these 62% of Fintech organizations failed to pass PCI DSS audit even for their homepage. Such grave violation of PCI DSS Compliance raises a concern that needs to be addressed immediately.
Possible Impact: The entire customer base almost 2 billion was put at risk. Anyone trying to hack the main website could have easily accessed the transaction details of over 2 billion users.
7. 64% of Companies flunked GDPR Compliance
Possible Impact: For organizations functioning on data of European Citizens, it is important to furnish GDPR compliance. With 64% of Fintech firms failing it, we can say that organizations are running away from their moral and legal responsibilities.
The entire database of this 64 % of Fintech enterprises could have landed in the hands of hackers and created an unmanageable situation. Combination of PCI DSS and GDPR ensures a hundred percent security against varied attempts like:
- Cross-site scripting
- Internal sabotage
- Unauthorized access
- Phishing attacks
- Unauthorized decryption
By investing in compliance, Fintech organizations can take their customers in confidence and change the way people interact with banks. The growth of Fintech will reflect positively on the growth of multiple industries and the global economy.
Faster payment and instant refund capacity will urge people to spend more. Since organizations are ensuring the security of people’s hard-earned money, people won’t hesitate to spend it through online channels.
Also, it is the increasing 4G and 5G penetration that is facilitating Fintech growth. It is a cycle and right now, Fintech is at the helm of it. By rendering all obscurities obsolete and securing all databases, Fintech can create a world where the paper currency has no use.