One of the major themes set to be discussed at this year’s FinTech Aviv is cybersecurity. The threat of cyberattacks has long been a key concern for FinTech companies – not only because of the practical impact of data breaches, but because cybersecurity attacks can seriously undermine a financial institution’s reputation. Clients need to be confident that their data, and their assets, are safe. Particularly in a world where cybersecurity attacks are becoming more common, an appreciation of how best to guard against such threats is all the more important. This is a message that Attila Romics, Head of Service Delivery at Balasys, is bringing to FinTech Aviv. Balasys is a computer security service company based in Budapest.
Attila believes that there are “two main types of threat” that finance companies should be aware of. These are “fraud and attacks that cannot be prevented by strong authentication.” He elaborated:
“The finance sector is regulated very precisely: PSD2, MiFID II, PCI-DSS are only a few examples. Thanks to these regulations, most companies have implemented effective cyber defenses, especially strong authentication. Knowing this, cybercriminals attack organizations with methods where strong authentication can’t help. The most prevalent attack method is exploiting injection vulnerabilities. These can pop up in all sorts of places within a web application that allows the user to provide malicious input. An injection may occur when the user’s input is accepted by the web application and processed without the appropriate sanitization. This means that the hacker can influence how the web application’s queries and commands are constructed and what data should be included in the results. As APIs are everywhere today, these are becoming increasingly essential targets for hackers.”
While financial companies have had to fight against fraud “since antiquity” the type of computer fraud Balasys deals with is “much younger,” largely involving credit card fraud and account takeovers. However, there is also another risk which Balasys have identified: legacy applications. Some banks – perhaps in a bid to cut costs – fail to upgrade their systems, leaving them exposed to major risks:
“Nearly half of banks do not upgrade old IT systems as soon as they should, according to a report by the UK’s Financial Conduct Authority (FCA). And 43% of US banks still use COBOL, a programming language dating from 1959. Protecting old IT systems is a considerable challenge, as their outdated internal structure makes the defence much more demanding.”
Balasys occupies a crucial place in the market, providing FinTech firms with the technology required to protect against these risks. Attila explained that Balasys’ main offering is their API security suite (Proxedo API Security, or PAS) that“provides complete control over the application communication to prevent API breaches.” At the core of the solution is Balasys’ “deep packet inspection (DPI) technology, which validates, encrypts, and analyses API traffic in detail.” This works with the PAS technology to ensure that only permitted data is transmitted through an institution’s network and to prevent “potentially malicious data reaching the systems or sensitive data from being leaked.”
Another interesting product Balasys offers is the “bot detection module,” which reduces the load placed on servers by up to 30% and thereby helps minimise the risk of a system outage caused by botnet attacks. They also have a fraud detection offering that “decreases the cost, time, and challenges of fraud management in online financial transactions by harnessing device fingerprinting and enriching incoming data with alternate sources.”
Unlike some cybersecurity companies, many of which develop generic software designed to apply to practically any company that uses IT software, Balasys have developed technology specifically targeted at the FinTech market. Their Proxedo API Security product helps “prevent these kinds of attacks [that financial companies suffer from]” and the company also helps “support API developers of fintech companies through our comprehensive API management solution. Using it, companies can speed up development and publish APIs to external and internal developers and partners, driving and accelerating innovation.” It is for this reason that the product is used by FinTech companies all over the world. While the sensitive nature of the cybersecurity space means that Attila was not at liberty to mention many of the companies Balasys works with, he was able to name OTP – one of the largest banks in Central Eastern Europe – as a client. Cleary Balasys plays an important role in FinTech cybersecurity in CEE and beyond.
Attila ended by reflecting on why he and Balasys are keen to attend FinTech Aviv, and engage with the ecosystem in Israel. For him, “Tel Aviv is one of the capitals of cybersecurity in the modern world.” As a result, “solutions that excel in this market do not need any more proof” as to their viability. Demonstrating just how the a role the Tel Aviv ecosystem plays in global FinTech – Attila concluded by noting that “if we can be successful with our products here, we can be successful anywhere.”
Author: Harry Clynch
The FinTech Aviv annual summit is taking place this year on March 9th. It will be a hybrid event, with on-site and online tickets both available. To find out more, and to purchase tickets, visit the website here: March 9 – Annual Summit 2022 | fintechaviv (fintech-aviv.com)
#FinTech #TelAviv #FinTechAviv #Cybersecurity #APIs #Fraud