Connect with us

Politics

Passwordless Authentication: The New Shift in Cybersecurity Bound to Revolutionize Fintech – ReadWrite

Published

on

Passwordless Authentication: The New Shift in Cybersecurity Bound to Revolutionize Fintech - ReadWrite


Cybersecurity is a great concern for every organization that has even the littlest digital presence today. But even more for the financial services sector, because of the sensitivity of the information companies in the sector deals with. More so, 19% of cyber attacks target FinTech.

The New Shift in Cybersecurity Bound to Revolutionize Fintech

As such, financial services companies need to take extra steps to protect their customers and their business. For years, severely weak passwords like 123456 or otherwise easily guessable passwords have left accounts at high risk.

People have been poor stewards of passwords.

People as a whole have been lax concerning their passwords leaving organizations, including and especially FinTechs, need to step up by ditching passwords for passwordless authentication solutions.

Cybersecurity scalability

Presently, one key factor in developing an effective cybersecurity strategy is scalability.

Scalability because, as the WEF Fintech Cybersecurity Consortium establishes, cybersecurity solutions should have cross-border applications “so that a FinTech can use recognized cybersecurity best practices to facilitate entry to new markets and grow securely as it expands.”

Passwordless Authentication

Weak passwords caused 30% of ransomware attacks in 2019. For FinTechs, different modern options rival and offer better protection than passwords. More so, they are scalable so that passwords aren’t, making them effective protection solutions.

Providing financial services is a risky business. Financial crime and fraud have a long history and have waxed stronger since the digitization of financial services.

According to Mckinsey, the lines between cyber breaches, fraud, and financial crimes get increasingly blurred. FinTechs must constantly evaluate their cybersecurity and authentication profiles for continued protection.

Image Credit: McKinsey

Passwordless authentication is a product of the FIDO2 project, an open authentication standard that builds on previous work on web authentication by the FIDO Alliance and is carried out in collaboration with the World Wide Web Consortium.

Therefore, the FIDO2 specifications are drawn from the W3C’s Web Authentication (WebAuthn) and as well as FIDO Alliance’s corresponding Client-to-Authenticator Protocol (CTAP).

 

One of the major mandates of the European Banking Authority’s revised Payment Services Directive (PSD2) that came into effect in 2018 was to make Fintechs and other payment processing companies adopt stricter and more modern security authentication requirements, including multi-factor authentication.

Foundations of Passwordless Authentication Systems

Many passwordless authentication systems use a two-factor (or multi-factor) model, where a cryptographic key pair is created combining public and a private key. The public key is stored with the service provider, but it is useless without the private key that has only user-side access since they are a unique pair, and it is the private key that actually unlocks the public half of the pair.

Passwordless alternatives

Even on the users-side, people are now more inclined towards passwordless alternatives to security authentication. In a Visa survey reported in January 2020, 53% of participants (credit cardholders) are willing to switch their financial services provider if their bank does not offer biometric authentication based on fingerprints and facial features. The top reasons given for this choice include:

  • No longer needing to remember passwords (42%)
  • Improved security over passwords (34%)
  • Not forgetting or losing an authentication method (33%)

Notice that the top given reason is related to convenience. Many people have to memorize tens of passwords at a time, and this does not provide an optimal user experience.

The future of digital security authentication is fintech

The future of digital security authentication in fintech features high-level security and fraud prevention without sacrificing convenience. Indeed, user experience is listed as one of the building blocks of a future-proof authentication framework, according to a World Economic Forum report. The others include:

  • Security – of course, the logical first choice. Authentication in the financial services sector should be mainly geared towards fraud prevention in web skimming and so on.
  • Privacy – inherence-based and possession-based authentication elements transfer authentication information storage to the user-side, to some extent freeing the service provider from culpability in the case of a breach.Scalability – a passwordless authentication solution should be able to deal with exponential growth rates.

Immense benefits of passwordless authentication

Whichever perspective you view it from, user-side or server-side, passwordless authentication has immense benefits for both the users and the service providers. Passwords are being gradually phased away,. Fintechs need to audit their cybersecurity strategy and implement more secure solutions designed to mitigate modern cybersecurity risks and reduce digital fraud in the financial services sector.

Conclusion

Note that passwordless authentication does not make a system resistant to any and every form of attack. As it has always been, with the introduction of new technologies, cyber attackers also refine their tactics and spot new vulnerabilities to exploit. In any case, passwordless authentication remains more secure than password-based systems.

However, there are alternative entry points for attackers beyond authentication; insider threats and backend breaches remain huge risks, and Fintechs must plug all these holes to achieve 360° security.

Image Credits: included by author; thank you!

David Odinegun

Digital Marketer and PR Specialist.
The founder and creative director of Drive Digital Buzz, a digital marketing agency that specializes in creating the buzz needed by Startups, Growth Companies, and SMEs to speed up business growth and maximize marketing ROI.

Politics

Fintech Kennek raises $12.5M seed round to digitize lending

Published

on

Google eyed for $2 billion Anthropic deal after major Amazon play


London-based fintech startup Kennek has raised $12.5 million in seed funding to expand its lending operating system.

According to an Oct. 10 tech.eu report, the round was led by HV Capital and included participation from Dutch Founders Fund, AlbionVC, FFVC, Plug & Play Ventures, and Syndicate One. Kennek offers software-as-a-service tools to help non-bank lenders streamline their operations using open banking, open finance, and payments.

The platform aims to automate time-consuming manual tasks and consolidate fragmented data to simplify lending. Xavier De Pauw, founder of Kennek said:

“Until kennek, lenders had to devote countless hours to menial operational tasks and deal with jumbled and hard-coded data – which makes every other part of lending a headache. As former lenders ourselves, we lived and breathed these frustrations, and built kennek to make them a thing of the past.”

The company said the latest funding round was oversubscribed and closed quickly despite the challenging fundraising environment. The new capital will be used to expand Kennek’s engineering team and strengthen its market position in the UK while exploring expansion into other European markets. Barbod Namini, Partner at lead investor HV Capital, commented on the investment:

“Kennek has developed an ambitious and genuinely unique proposition which we think can be the foundation of the entire alternative lending space. […] It is a complicated market and a solution that brings together all information and stakeholders onto a single platform is highly compelling for both lenders & the ecosystem as a whole.”

The fintech lending space has grown rapidly in recent years, but many lenders still rely on legacy systems and manual processes that limit efficiency and scalability. Kennek aims to leverage open banking and data integration to provide lenders with a more streamlined, automated lending experience.

The seed funding will allow the London-based startup to continue developing its platform and expanding its team to meet demand from non-bank lenders looking to digitize operations. Kennek’s focus on the UK and Europe also comes amid rising adoption of open banking and open finance in the regions.

Featured Image Credit: Photo from Kennek.io; Thank you!

Radek Zielinski

Radek Zielinski is an experienced technology and financial journalist with a passion for cybersecurity and futurology.

Continue Reading

Politics

Fortune 500’s race for generative AI breakthroughs

Published

on

Deanna Ritchie


As excitement around generative AI grows, Fortune 500 companies, including Goldman Sachs, are carefully examining the possible applications of this technology. A recent survey of U.S. executives indicated that 60% believe generative AI will substantially impact their businesses in the long term. However, they anticipate a one to two-year timeframe before implementing their initial solutions. This optimism stems from the potential of generative AI to revolutionize various aspects of businesses, from enhancing customer experiences to optimizing internal processes. In the short term, companies will likely focus on pilot projects and experimentation, gradually integrating generative AI into their operations as they witness its positive influence on efficiency and profitability.

Goldman Sachs’ Cautious Approach to Implementing Generative AI

In a recent interview, Goldman Sachs CIO Marco Argenti revealed that the firm has not yet implemented any generative AI use cases. Instead, the company focuses on experimentation and setting high standards before adopting the technology. Argenti recognized the desire for outcomes in areas like developer and operational efficiency but emphasized ensuring precision before putting experimental AI use cases into production.

According to Argenti, striking the right balance between driving innovation and maintaining accuracy is crucial for successfully integrating generative AI within the firm. Goldman Sachs intends to continue exploring this emerging technology’s potential benefits and applications while diligently assessing risks to ensure it meets the company’s stringent quality standards.

One possible application for Goldman Sachs is in software development, where the company has observed a 20-40% productivity increase during its trials. The goal is for 1,000 developers to utilize generative AI tools by year’s end. However, Argenti emphasized that a well-defined expectation of return on investment is necessary before fully integrating generative AI into production.

To achieve this, the company plans to implement a systematic and strategic approach to adopting generative AI, ensuring that it complements and enhances the skills of its developers. Additionally, Goldman Sachs intends to evaluate the long-term impact of generative AI on their software development processes and the overall quality of the applications being developed.

Goldman Sachs’ approach to AI implementation goes beyond merely executing models. The firm has created a platform encompassing technical, legal, and compliance assessments to filter out improper content and keep track of all interactions. This comprehensive system ensures seamless integration of artificial intelligence in operations while adhering to regulatory standards and maintaining client confidentiality. Moreover, the platform continuously improves and adapts its algorithms, allowing Goldman Sachs to stay at the forefront of technology and offer its clients the most efficient and secure services.

Featured Image Credit: Photo by Google DeepMind; Pexels; Thank you!

Deanna Ritchie

Managing Editor at ReadWrite

Deanna is the Managing Editor at ReadWrite. Previously she worked as the Editor in Chief for Startup Grind and has over 20+ years of experience in content management and content development.

Continue Reading

Politics

UK seizes web3 opportunity simplifying crypto regulations

Published

on

Deanna Ritchie


As Web3 companies increasingly consider leaving the United States due to regulatory ambiguity, the United Kingdom must simplify its cryptocurrency regulations to attract these businesses. The conservative think tank Policy Exchange recently released a report detailing ten suggestions for improving Web3 regulation in the country. Among the recommendations are reducing liability for token holders in decentralized autonomous organizations (DAOs) and encouraging the Financial Conduct Authority (FCA) to adopt alternative Know Your Customer (KYC) methodologies, such as digital identities and blockchain analytics tools. These suggestions aim to position the UK as a hub for Web3 innovation and attract blockchain-based businesses looking for a more conducive regulatory environment.

Streamlining Cryptocurrency Regulations for Innovation

To make it easier for emerging Web3 companies to navigate existing legal frameworks and contribute to the UK’s digital economy growth, the government must streamline cryptocurrency regulations and adopt forward-looking approaches. By making the regulatory landscape clear and straightforward, the UK can create an environment that fosters innovation, growth, and competitiveness in the global fintech industry.

The Policy Exchange report also recommends not weakening self-hosted wallets or treating proof-of-stake (PoS) services as financial services. This approach aims to protect the fundamental principles of decentralization and user autonomy while strongly emphasizing security and regulatory compliance. By doing so, the UK can nurture an environment that encourages innovation and the continued growth of blockchain technology.

Despite recent strict measures by UK authorities, such as His Majesty’s Treasury and the FCA, toward the digital assets sector, the proposed changes in the Policy Exchange report strive to make the UK a more attractive location for Web3 enterprises. By adopting these suggestions, the UK can demonstrate its commitment to fostering innovation in the rapidly evolving blockchain and cryptocurrency industries while ensuring a robust and transparent regulatory environment.

The ongoing uncertainty surrounding cryptocurrency regulations in various countries has prompted Web3 companies to explore alternative jurisdictions with more precise legal frameworks. As the United States grapples with regulatory ambiguity, the United Kingdom can position itself as a hub for Web3 innovation by simplifying and streamlining its cryptocurrency regulations.

Featured Image Credit: Photo by Jonathan Borba; Pexels; Thank you!

Deanna Ritchie

Managing Editor at ReadWrite

Deanna is the Managing Editor at ReadWrite. Previously she worked as the Editor in Chief for Startup Grind and has over 20+ years of experience in content management and content development.

Continue Reading

Copyright © 2021 Seminole Press.