ITU

Top experts discuss key issues at ITU Workshop on Fintech Security

‘Fintech’ or financial technology is one of the fastest growing segments in the financial services industry – and it has massive potential to improve lives worldwide.

Fintech services and applications must be secure if they are to earn people’s trust.

That’s why top experts from across the world gathered Monday at ITU headquarters in Geneva for an ITU Workshop of Fintech Security.

The workshop was held the day prior to a meeting of ITU-T Study Group 17, the ITU standardization expert group for security.

“Fintech represents the next wave of innovation for the financial sector,” said Heung Youl Youm, Chairman of ITU-T Study Group 17. “Security aspects must be the top priority to build trust and security in fintech applications.”

Workshop objectives

The workshop set out to achieve several objectives in support of ITU-T Study Group 17’s studies of Fintech security, including:

  • identifying security and privacy threats and associated risks for Fintech services and applications;
  • sharing best current practices on how to address security and privacy challenges;
  • investigating requirements on security and privacy controls for Fintech services and applications;
  • investigating the impact of decentralized frameworks (e.g., distributed ledger technologies such as blockchain) on data ownership and consent management for Fintech services and applications;
  • discussing policy implications for Fintech services and applications;
  • sharing ongoing activities among relevant groups or organizations and industries; and
  • identifying ways forward for the work ITU-T Study Group 17, including the potential for new ITU standards projects.

Rapid industry change …

During the workshop, some of the experts gave presentations that framed the rapid rise of Fintech applications — and the growing consumer demand and acceptance – as key context for understanding the importance of improving Fintech security.

Young Guk Kang, Director and Security Consultant at the Korea Information Systems Consulting & Audit Corporation, gave a presentation that detailed the rapid pace of change in Korea’s Fintech sector, one of the world’s most developed information and communication technology (ICT) markets.

Korea’s Fintech adoption index rose to 67% in 2019. That’s more than double the rate (32%) of 2018, said Young, who also said that the increased share of mobile use in home shopping payment methods is 60% and the rise of Fintech usage rates in the insurance field have surged from 8% in 2015 to 48% in 2019.

The change is driven by very high awareness levels of Fintech applications in Korea as well as improvements in Fintech services driven by important innovations to utilize Artificial Intelligence, Big Data, and blockchain.

It’s also driven by greater trust in security, trust that Young said results in part from the growing sophistication of security capabilities built on the increasing use of biometric data and innovations such as wireless hacking prevention services.

Young also described how the government of Korea was aiming to relax its restrictions to boost Fintech growth as confidence grows due to lessons learned from regulatory sandboxes.

Participants also discussed how strong authentication technologies, emerging decentralized technologies like blockchain, analytical technologies for fraud detection and anti-money laundering compliance are changing digital financial services.

… but how can security policies change with it?

Jacques Francoeur, CEO of Spheric Security Solutions, highlighted the need for “security inclusion.”

“If we’re going to have one world, we’re going to have protection for all,” said Francoeur. “There are drastic skills access inequalities. Universities are not developing these [qualified] people fast enough. We can’t create a digital world and say: ‘Good luck, you should have been a security expert.’ ”

“If we don’t do some big things, we won’t be able to improve the situation,” said Francoeur, highlighting several potential stumbling blocks to progress, including the cost to improve security and the interoperability of security data, systems and frameworks.

“If we can’t solve the interoperability problem .. we’re running around with our heads cut off,” he said. “If all frameworks were interoperable, we wouldn’t spend so much time” trying to make sense of the various security assessments.

‘Security by design’ would really help, said Francoeur, describing some of the work that he is doing with ITU to develop interoperable security standards, included a ‘Unified Security Model’, which he presented briefly.

Privacy concerns

Workshop participants identified privacy threats and risks in Fintech services and shared lessons learned from policy initiatives with an eye to identifying emerging best practices for how such privacy risks can be mitigated. This discussion included the impact of Europe’s General Data Protection Regulation (GDPR) on Fintech services.

“We are already numb to the headlines [of data breaches],”said Thomas Lammer, Principal Market Infrastructure Expert for the European Central Bank.

“We as central banks, typically one of the roles we have in payments is next to being an operator,” said Mr. Lammer. “”Of course, we have to strengthen and harden our cyber resilience for the financial market infrastructures we are operating.”

One of the key issues he spoke about was ownership. “It is important to have a transparent handling of the data collection and processing; transparent to the customer so that the customer knows what is happening with his or her data,” he said. “The decision has to be informed.”

Participants also discussed the balance between security and privacy.

“Privacy rules protect data from abuse from those who collect the data,” said Virginia Cram-Martos, CEO, Triangularity Sarl. “But security is equally or more important, because if you don’t have security, then it just negates all of the other protections.”

Read more