In 2023, every company should think of itself as a FinTech company. Security, privacy, and trust are not just regulatory requirements – they are also a lucrative business model. In this blog, we cover numerous topics that will be hot in 2023, including open finance, the CFPB, FedNow, fraud protection, crypto, ChatGPT3, financial wellness, transparency, and trust.
Recently, we published our 2022 Year in Review, which highlighted current attack vectors and targeted verticals in FinTech. We noted that, despite eye-popping investment in security, the threat of cybercrime and risk of data breaches is still common. Ransomware in particular had a banner year. Therefore, we urge Chief Information Security Officers (CISOs) and compliance managers to focus on PCI Data Security Standard (PCI DSS) v4.0, and to consider strategic software solutions to a myriad of persistent challenges in computer security.
In 2023, every company should think of itself as a FinTech company. Consumers now demand real-time data access and digital tools tailored to their needs. Businesses provide both by connecting their clients to vast databases in the cloud, with advanced analytics and international reach. The tricky part, of course, is security. Toward that end, financial institutions are likely to evaluate and integrate a wide range of innovative, embedded FinTech products and services, not only for basic things like account management, but also to strengthen security. A top example here is protecting against fraud and identity theft.
In 2023, FinTech companies should invest in security, privacy, and trust, not simply due to regulatory requirements, but because this is a lucrative business model. With that perspective in mind, let’s have a quick look at some of the trends and topics that are sure to be hot in 2023.
Open finance (and open banking) seek to leverage open data, or information that is more accessible, exploitable, and editable. One of its primary goals is to give consumers the ability to control their personal financial data, and allow them to buy products and services with less corporate control and network surveillance. By its nature, this is a bottom-up philosophy; therefore, it can be quite unpredictable. Think open source software. Developers today can use open APIs and open source code to build novel and unique financial products and services that give far greater autonomy to account holders.
The Fintech Open Source Foundation (FINOS), offers an independent setting to create innovative software, solutions, and standards to overcome FinTech challenges. For example, big banks are likely nervous about the explosive growth of banking as a service (BaaS), and may be willing to accept some losses in exchange for a piece of the pie.
People love to hate bureaucracy – except when they need some help. For example, George Will recently lambasted the Consumer Financial Protection Bureau (CFPB) in the Washington Post. So, what the heck is the CFPB? It is a US government agency dedicated to helping citizens receive fair treatment by banks, lenders, and other financial institutions. Here, you can find answers to money questions related to credit reports, debt collection, mortgages, credit cards, housing, college tuition, auto loans, COVID-19, unexpectedly high medical costs, and more. This organization implements and enforces consumer financial law, and seeks to ensure that markets for financial products are fair, transparent, and competitive. On the website, you may submit a complaint about a financial product or service. To date, the CFPB has answered over 3 million consumer complaints, and facilitated the distribution of nearly $15 billion in financial relief.
The simple fact is, times change – both consumers and businesses want to leverage modern information technology, but laws that address data privacy and security were written for another era in which your personal financial data were not dynamically dispersed across the globe. No matter what happens going forward, agencies similar to CFPB are going to play a role. We need their help – and they need ours.
In mid-2023, the US Federal Reserve will launch a service called FedNow, which will be available to depository institutions in the US. It is designed to give individuals and businesses, via a neutral and flexible platform, the ability to send instant payments through their depository institution accounts. In other words, FedNow will offer interbank clearing and settlement, so that funds may be transferred from a sender’s account to a receiver’s account in near real-time, any time of the year. Faster payments will allow merchants to be paid without waiting for funds to settle, and employees will receive their wages earlier than before. By contrast, automated clearing house (ACH) is batch processed, which can take up to several days, and risk the sender having insufficient funds to pay. Wires are immediate, but only happen during traditional business hours. Credit cards also have a settlement period that takes a few days. Zelle, Venmo, Mastercard Send, and Visa Direct have instant payment options, but in relatively small amounts and with lower limits.
The potential here seems immense. However, we still do not know how disruptive FedNow will be. One of its primary goals is to offer trusted infrastructure to smaller banks, giving them access to more competitive payment rails. And we know that big banks, which have earned substantial fees for payment processing, have lobbied against FedNow. However, building a platform is one thing; taking full advantage of it is another. Pending questions include ease-of-use, cross-border payments, how to diminish fraud, and dispute resolution. Depository institutions (and their service providers) will be allowed to build value-added services on top of this platform. However, developers must build apps for the new platform, and connect all the wires, in a rapidly changing payment landscape. That could be a significant hurdle for smaller banks. Therefore, for the foreseeable future, most businesses will still have a need for data vaulting and tokenization, because speed is not the same thing as security, privacy, and compliance.
Information security (InfoSec) is a broad and deep discipline, in which most experts only have deep knowledge in a limited number of topics. Fraud protection, ID verification, and Know Your Customer (KYC) can be tricky, because even if the personal data submitted and received is correct, it can be hard to know whether cybercriminals have 1) stolen the data, or 2) compromised the remote machine. If security-focused FinTech companies can answer these questions, they will thrive. Due to the complex and dynamic nature of data security and privacy, startups will continue to proliferate, and experiment with new ways to detect criminal behavior online (e.g. real-time biometrics, tapping into government databases). No one company can fix everything, which is a good thing – so we do not put all of our eggs in one basket.
In 2021, I gave a presentation at RSA on the security of cryptocurrency. At the time, my sense was there were still far more questions than answers. And then came 2022, which for crypto was uphill, both ways, in a snowstorm. Nonetheless, many enthusiasts, analysts, and investors continue to believe, and are sure that crypto will bounce back in the long run. Indeed, there remains little doubt that the revolutionary nature of this technology (and philosophy) will continue to create opportunities for financial gain (and loss) long into the future. Governments are not immune: the US Federal Reserve is actively researching the potential benefits and risks of creating a central bank digital currency (CBDC).
Predictions in this space are fraught; however, Sean Williams of the Motley Fool recently wrote that, in 2023, we may see 1) Ethereum surpass Bitcoin in value, 2) meme coins continue to lose value, 3) another major cryptocurrency exchange fail, and 4) El Salvador forced to end its Bitcoin experiment. As the Internet evolves – perhaps to “Web 3.0” – an increasing number of users will choose security and privacy over the sacrifices they previously made to Big Tech. Trends to look for include decentralized computing, DApps, blockchain, smart contracts, and token-based economics.
Predictions are no longer the exclusive domain of humans. Recently, ChatGPT3 also gave us 10 FinTech predictions for 2023. The groundbreaking AI engine says that this year will see more open banking and more digital payments – in part to facilitate greater financial inclusion. A more widespread use of blockchain is likely to increase the transparency, security, and efficiency of digital payments, identity, and supply chain management. And, of course, ChatGPT thinks that FinTech will soon be impacted by machine learning, artificial intelligence, and even virtual reality (e.g. to evaluate credit risk). It believes that the insurance vertical may be especially ripe for transformation.
Of course, this is all revolutionary stuff. Nevertheless, for the foreseeable future, in order to address so many persistent computer vulnerabilities and exploits, as well as human threats to security and privacy, every modern business should invest in solutions such as data vaulting and tokenization – in order to keep sensitive data both safe and usable.
According to some FinTech startups, financial literacy (knowledge and understanding) leads to financial wellness (emotional health). This idea is similar to practicing better diet, sleep, and exercise. Wise money management can and should lead to financial stability and freedom. Financial wellness apps help you to set goals, budget, invest, eliminate debt, and save. Key elements include short-term finances (living within your means), long-term finances (goal-oriented behavior like buying a home), present financial freedom (feeling like you are in control of your finances), and future financial freedom (planning for retirement). This is all about strategic thinking – and most of us could use a little help with that.
Indeed, there are many ways in which innovative FinTechs are helping our economy – and the individual workers who compose it. For example, Forage authenticates and processes Electronic Benefit Transfers (EBT) for those who receive government assistance to buy groceries; Zip gives its clients a buy now, pay later (BNPL) option to split online order payments into 4 equal installments; Zopa built the first-ever peer-to-peer (P2P) lending company, and has lent out over £6 billion to hundreds of thousands of clients in the UK; and Accrue helps you to save up for purchases, without debt, credit, or fees.
Security + Transparency = Trust
To successfully tackle InfoSec challenges, FinTechs need new strategies and tactics. On one hand, the demand for data is continually rising, in order to feed business analytics, machine learning, cloud computing, AI, quantum data science, etc. According to recent Congressional testimony, some data brokers already possess thousands of individual data points on billions of people around the world, and this fact poses a direct threat to civil rights, national security, and democracy. On the other, at each level, cybercriminals will seek an open (or vulnerable) door through which to steal your information. FinTech firms are natural targets, due to a potential high return on investment. In fact, data sharing may have already reached a breaking point.
In 2023, FinTech firms should invest in data security and privacy, not simply due to regulatory requirements, but because it is a winning business strategy, which should be celebrated and advertised. Of course, security solutions strengthen your company’s business operations. But they also increase trust among your users, clients, and partners, who will work with you not because they have to, but because they want to. When your company increases another company’s security and privacy, you are lowering their risk profile, as well as accelerating their go-to-market and time-to-revenue strategies. This is because the best solutions accomplish multiple objectives at the same time: security, privacy, transparency, observability, automation, speed, compliance, and cost.
We all know the golden rule in our business: if you collect it, you must protect it. But you may not know just how much data security as a service (DSaaS) can help. Would your business like to access its data securely, without risking a serious data breach?