Why Data Encryption is Critical to FinTech
FinTech (financial technologies) is transforming the financial services industry. FinTech professionals from banks and credit unions to insurance companies deal with huge amounts of private data on a daily basis – and the best way to keep it secure is with encryption. Not only are companies deploying encryption as a security best practice, but it is also needed to meet compliance with regulations like PCI DSS.
In an interview with Patrick Townsend, Founder and CEO of Townsend Security, we discussed why encryption is critical to FinTech to meet the various compliance regulations and better secure private data.
The financial services industry is continually changing. Innovations in technology are impacting payments, lending, insurance, and even compliance. Unfortunately, security often does not get as much attention as it should. Do you have any stories that you can share where security wasn’t fully considered?
Not only is security a consideration for new solutions coming to market, but it can also be a problem for businesses using legacy technology that was deployed many years ago. Encryption and data protection were not top of mind back when these applications were built.
I recently spoke with someone at a large global bank that was running a software package from a well-known financial services software vendor that didn’t implement security in the way that we think of it today. Encryption libraries did not even exist on some of these platforms when these solutions were created, so we are left with applications missing encryption and proper key management. This is a wide-spread problem across the financial services industry and has become a considerable challenge for FinTech professionals.
Learn more about IBM i security challenges commonly faced by staff in their efforts to harden security and pass compliance audits.
How secure would our personal data would be if it weren’t for compliance regulations like PCI DSS and GLBA? What are your thoughts on the impact of compliance and data security?
I think compliance follows threats and losses. When individuals suffer from cybercrime, they complain to their legislators and lawyers which results in compliance regulations.
For example, we are seeing newer compliance regulations like those from the New York State Department Financial Services (NYDFS) requiring organizations to establish and maintain a “risk-based, holistic, and robust security program” that is designed to protect consumers’ private data. Other compliance regulations like PCI DSS, GLBA, and broader regulations that are not specific to the finance industry have been created to protect individuals who may be cybercrime targets. (Related: Five IT Security Best Practices Derived from 23 NYCRR 500)
Financial organizations are responding to compliance regulations by further protecting data that they collect. Yes, they do it because they are required to meet compliance regulations, but also because it is important to their brand and maintaining customer trust. Today, acquirers of financial technology would find it unacceptable to not protect sensitive data to industry standard encryption and security best practices.
The technologies around data protection are straightforward. Encryption and key management are the fundamental compliance-related controls required to protect non-public information (NPI) and personally identifiable information (PII) in financial services environments. Encryption can be deployed at the application or database level and allow organizations to provably meet compliance requirements for protecting data – both on premises and in the cloud.
What advice do you have when it comes to selecting and evaluating a FinTech vendor?
Security and compliance must remain top of mind. Businesses need to ensure that their FinTech is secure and that sensitive data is protected with encryption and key management. Security needs to become an internal governance issue to be sure that solutions that are acquired and deployed or upgraded truly and provably meet compliance and industry standards.
Precisely is helping financial services organizations achieve compliance through its IBM i data security solutions and services.
For more information about meeting regulatory requirements for financial services and beyond, read our eBook: Passing Your Next Audit: The Challenges of Properly Securing Your IBM i