It was the emergence of digital payment platforms that made the recent e-commerce boom possible. As consumers increasingly rely on their smartphones to access goods and services, the availability of multiple e-payment options contribute to a thriving fintech industry.
But despite its successes, the industry is facing several challenges — cyberattacks and stiff competition among them. Given these, one company thinks that digital resilience will be the element for survival for banks and fintechs alike.
Frontier Enterprise touched base with Neil Drennan, CTO of Currencycloud, a fully cloud-based platform for B2B cross-border payments, to tap into the potential of the fintech space, and authenticate what it really means to achieve digital resilience.
According to Drennan, the current rapid digitalisation being observed across enterprises is linked with new sets of vulnerabilities.
“Cybercriminals and attacks have become more complicated and sophisticated, at a higher rate than the advancement and shifting attitudes towards cybersecurity,” he said.
Securing the platform
No doubt, digital payments are prime targets for bad actors looking to cash in on platform vulnerabilities, such as weak API security.
“Fintech companies often offer similar services as banks, and they also work with the same type of data. It is natural that they would be impacted by similar security vulnerabilities,” Drennan said.
Common threats come in the form of social engineering scams and fake websites, which are widely-used in the region, especially in Singapore, Indonesia, and Malaysia, the CTO added.
Then there’s ransomware, which companies must pay close attention to.
“The basic best practices that keep banks secure would therefore work for fintechs too. These include ensuring their own technology is free of vulnerabilities and flaws prior to launch, and having adequate BCDR (business continuity and disaster recovery) to minimise downtime and support smooth daily operations,” Drennan explained.
Despite the high-level threats that fintechs face, there is, however, one distinct advantage which they should leverage immediately.
“These digital enterprises are often built on modern, cloud-native technologies, and have access to a broad and ever-expanding range of sophisticated security tools that operate at significant scale globally. What this does is enable them to evolve their security capability rapidly. For example, they can use automated toolsets to ‘shift-left’ to identify and resolve security vulnerabilities early in the software development lifecycle, and then apply them consistently across their platform. This is a key advantage in the medium to longer term as the threat landscape is also evolving quickly,” the CTO remarked.
Since most enterprises now are either digital first, or have cultivated a strong digital presence, achieving digital resilience should be part of any company’s goals, moreso for fintechs.
“Any use of IT would bring about an associated IT risk, so the greater the digital maturity of a company, the more risk IT poses to the business. Hence, for a business to be digitally resilient, the extent of innovation and digital disruption it desires must be balanced against the revenue opportunities that these activities bring,” Drennan said.
“According to IDC, digital resiliency is the ability of an organisation to rapidly adapt to business disruptions by leveraging digital capabilities to not only restore business operations, but also capitalise on the changed conditions. In essence, it describes the convergence of business resiliency and IT risk, which encompasses not just security but also agility, speed, and specific goals and initiatives, like deploying organisation-wide data and digital governance, and ensuring continuous improvement of speed and time to market for innovative applications,” he added.
Meanwhile, for non-financial firms making use of financial APIs, digital resilience would be measured by how well they use digital tools that are already existing, to turn themselves into an intelligent enterprise.
Among these tools are AI, ML, blockchain, IoT, automation, and predictive analytics, which would constantly optimise the benefits of embedded finance.
“For example, making better use of customer data generated by embedded payments can help to improve real-time recommendations for that customer at a shopping site. This not only drives up the company’s e-commerce user experience but also helps to strengthen the site’s business resiliency. Likewise, embedding multi-currency account capability on an investment platform can speed up an investor’s capitalisation of emerging opportunities, thus, generating the familiarity and trust that build business resilience,” Drennan said.
“Companies should ensure their security approach covers good security hygiene practices but also extensive monitoring, detection, and security incident response plans are regularly tested,” he went on.
Currencycloud, for its part, operates almost exclusively on AWS, leverages Confluent’s Kafka platform for real-time data streaming, and Snowflake for analytics.
“We have extensive security toolsets in our software development lifecycle and specific tools to enable teams to test the performance, scalability, and resilience of their microservices and the broader platform. We use Gremlin to run weekly chaos engineering game days across the company to deliberately break our platform to see if it is resilient to the failure scenario,” Drennan shared.
“To make life easier for our engineers, we have a developer experience team who assists with common tooling across all the teams. This helps us move fast and enables us to scale the organisation in a reliable manner,” he continued.
Tools for the future
Within the next five years, the CTO predicts that there will be more prolific use of API in the fintech sector, and as a result, there will be an increase in specialisation and innovation in the software supply chain.
“Whether you are a non-financial institution or a traditional banking organisation, there will be a lesser need to develop innovative applications in-house, and a greater need to source from third-party financial solution providers offering suitable, customisable, and supported applications that can be launched quickly into the desired market. Companies that specialise in infrastructure will be the ones to develop this expertise, so that their customers gain the advantages of cost and scalability when they embed the depth of the technology into their business,” he said.
According to Drennan, this phenomenon will allow businesses to focus on what they are good at, instead of worrying about their IT infrastructure.
“Investors, for example, can easily see which account has the best interest or promotion, and transfer funds there to get better returns. This also applies to credit lines, where they can transfer funds to the line with the lowest repayment rates, while being able to make real-time payments at the very last minute to maximise the payment term. Such micro savings can snowball to significant earnings, especially when they are diligently performed by automation in the background, to the convenience of the user,” he noted.
As for Currencycloud, the target destination at the moment is the enhancement of its global, instant cross-border payments.
“We are currently working on event-driven processing, real-time data streaming, and speeding up cross-border payments from wherever you are in the world,” Drennan concluded.