paint-brush
New Challenges for Digital Banking: How Neobanks Can Defend Against Cyberattacksby@maxbeloenko
511 reads
511 reads

New Challenges for Digital Banking: How Neobanks Can Defend Against Cyberattacks

by Max BeloenkoJanuary 9th, 2023
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

Cyber threats and malicious attacks are now more real than ever Building a cybersecurity strategy in neo banking should be made a top priority Customer-centric approach: neobanks should place great focus on users’ assets and data security. Potential data leaks should be monitored 24/7  A number of technical solutions should be implemented to  quickly detect vulnerabilities in the identification app or attempts to find and exploit them Infrastructure design should be fault-tolerant so that if a telecom operator fails, the identification system will work through another operator, data center, or even city. The identification system should be connected to solutions protecting it against DDoS attacks and hacking.

People Mentioned

Mention Thumbnail
featured image - New Challenges for Digital Banking: How Neobanks Can Defend Against Cyberattacks
Max Beloenko HackerNoon profile picture

What are neobanks

The Middle East fintech ecosystem has evolved rapidly in recent years with COVID-19 accelerating digitalization in the country: users are now much more willing to make cashless payments and online purchases and also use digital technology in the financial sector.

Neobanks are banks that operate exclusively online without traditional physical branch networks, and they are beneficiaries of this covid-caused digital shift. 

However, Qrator Labs notes that digital banking poses new challenges as it makes it easier for cybercriminals to obtain sensitive information. 

Neobanking is a long-term trend

Neobanking is indeed on the rise: Abu Dhabi Commercial Bank, Emirates NBD, and Mashreq have launched digital transactions through Hayyak, Liv, and Mashreq Neo, respectively. Among others are Abu Dhabi Islamic Bank and independent neobanks like  Al Maryah Community Bank and Zand, who have already obtained banking licenses. 

According to Finder.com's Neobanking Adoption Report, 19% of adults in the UAE have a neobank account today (up two percent from the 2021 figures). Another 15% plan to open it within a year. The UAE region is projected to be at the forefront of industry development with more than 465 fintech companies by the end of 2022. 

The regulator is also keeping up with the times and is focused on digitalization: the UAE Central Bank's development strategy includes digital currency issuance and digital transformation using AI and big data, as well as secure financial cloud infrastructure. 

Banking ecosystems will definitely expand in the near future too. The banking ecosystem is a single space under the bank brand that combines services from different partners for convenient access to them by customers (financial services, food delivery, cabs, etc.). In the UAE market, this concept is still just beginning to develop, and Tawasal Information Technology’s SuperApp might be a good example of such an ecosystem.

Neobanking and cyber attacks. 

In digital banking, large amounts of sensitive, confidential information are in the crosshairs of cybercriminals. The UAE's regional financial authorities have designated cybersecurity as a top priority, with the UAE Central Bank establishing a new network and cybersecurity operations center in November 2021.

An example of ransomware attacks might be malicious attempts to extort money from an organization by sending a flood of junk network traffic (DDoS) so that legitimate users cannot receive service.

For the neobanks, this gives way to additional challenges as they do not open physical branches. Instead of face-to-face communications in the bank’s office, customers write to the support team, which is in charge of handling users' problems (Revolut, Wise, and Tinkoff Asia are especially well-known for succeeding this way).

Now suppose a traditional bank has a downtime in the server part of the mobile application, due to an error or a ransomware attack. In that case, customers can deal with critical issues at the branches. Internet outages at a neobank can’t be solved this way as users have no physical branches to go to. This is why modern fintech companies primarily target continuous resource availability, resiliency, and protection against DDoS attacks. 

How a neobank should build its cyber defense system to avoid these threats

Neobanks and other fintech organizations need to make cyber security one of the key priorities in their operations. They also need to commit to designing financial infrastructure in such a way that both businesses’ and customers’ interests are ensured. Confidentiality and banking secrecy laws are also among key security goals so that financial data, payment details, and other sensitive information are kept secure and do not leak to third parties.

In a nutshell, neobanks should implement modern approaches to information security and specialized anti-tampering tools. This can be done by adopting security best practices from other industries. Defense like this will certainly be more expensive and complicated than the cybersecurity system in an online store, for example.

However, no matter how challenging this implementation might sound, the customers should be guaranteed that their assets are under lock and key, even if they are digital. The cost of creating such a system for a neobank should primarily be compared to developing a network of physical offices and branches. Neobanks should also raise awareness among their users about phishing and other deceptive techniques designed to trick a person into revealing private information to the attacker.

Practical advice and key takeaways for the neobanks and their users when it comes to online security

  • Cyber threats and malicious attacks are now more real than ever
  • Building a cybersecurity strategy in neo banking should be made a top priority
  • Customer-centric approach: neobanks should place great focus on users’ assets and data security. Potential data leaks should be monitored 24/7 
  • A number of technical solutions should be implemented to  quickly detect vulnerabilities in the identification app or attempts to find and exploit them
  • Infrastructure design should be fault-tolerant so that if a telecom operator fails, the identification system will work through another operator, data center, or even city.
  • The identification system should be connected to solutions protecting it against DDoS attacks and hacking.