A&M: AI in Fintech – A Double-Edged Sword for Cybersecurity
As artificial intelligence continues to deliver innovative new solutions to the fintech and financial services sectors, its role in both stocking the arsenal of fraudsters and providing new defence methods on the cybersecurity front is clear.
This dual nature has created an urgent need for fintech companies to stay at the forefront of cybersecurity innovation and stave off technologically empowered fraudsters.
Here, we speak to Phil Beckett, Managing Director and Leader of Alvarez & Marsal’s EMEA Disputes and Investigations practice, and Richard Grint, Managing Director of Alvarez & Marsal’s Disputes and Investigations in London, on what cybersecurity professionals must do to ensure their organisations remain at the pinnacle of cyber defence innovation.
Staying at the bleeding edge of cybersecurity innovation
For Phil, today’s cybersecurity landscape represents a continual arms race between the attackers and the defenders to see who can gain the advantage.
“It is essential that fintechs are abreast of the latest challenges and the solutions that are available to ensure that they are best able to protect both their customers and their business,” he says.
“One only has to look at how 'well' deepfakes have developed over the past couple of years to see how things are progressing… never mind the impact GenAI will have on the quality and realism of such attacks.”
While cybersecurity aims must remain at the forefront of financial institutions’ thinking, Phil reminds us there is ‘no silver bullet’ solution to solve the issue of fraudsters today.
“It is a case of improving awareness, research and knowledge to ensure that practices, procedures and technologies are implemented to improve protection,” he continues.
“One of the most commonly overlooked elements of this is training and awareness, as this can be a key control in helping mitigate risk.”
Training & Awareness: Important for both business and consumers
It is not just businesses that need to be aware of the threats fraudsters pose, customer education is just as paramount for fintechs and FIs to consider and onboard.
Richard expands: “Historically, customer education was a neglected element of traditional fraud control frameworks.
“The emergence of new fraud typologies (particularly more sophisticated APP fraud) has led to a change in mindset in recent years – FS institutions are now increasingly aware that educational initiatives, especially when tailored to the customer base in question, form a critical component of their preventative fraud controls.”
One area where consumers may not be aware of fraud’s reach is its occurrence past the KYC stage, which is becoming all the more frequent.
For Richard, while “KYC remains a critical component of any counter fraud approach, it’s only one component of the lifecycle”.
“Firms must ensure they have robust authentication controls, appropriate preventative and detective transactional controls, the ability to undertake appropriate investigations and a suitable recoveries function,” he continues.
“Without each of these components operating effectively, a firm will fall behind the de facto market standard – making both them and their customers an easy target.”
Blockchain: Creating safe, immutable transaction ledgers
So, what areas of FIs prioritising to ensure cybersecurity efforts are scaled? Many are seeing the benefits of blockchain and distributed ledger technology (DLT) in maintaining accurate, indisputable records to help mitigate potential undetected fraud.
Phil says: “Blockchain and DLTs are very powerful and useful technologies that sometimes get a bad reputation because everyone associates them with cryptocurrencies and their associated risks.
“However, the underlying technology is very useful in maintaining records of fact due to the distributed nature of the technology – there is no single point to attack. As a result, they are being used by companies to do just this.”
As Phil concludes, blockchain and DLT technology must be combined with other controls.
“Blockchain and DLT are not a silver bullet and although they are good at mitigating some risks, they provide no protection whatsoever against others. Therefore, use and implementation need to be part of an overall control environment designed to mitigate the key risks the business faces.”
**************
Make sure you check out the latest edition of FinTech Magazine and also sign up to our global conference series – FinTech LIVE 2024.
**************
FinTech Magazine is a BizClik brand.