In-Depth

Why The Indian Financial Services Startups Need To Focus On Cybersecurity

Why The Indian Financial Services Startups Need To Focus On Cybersecurity For Scaling Up
SUMMARY

India is one of the fastest-growing fintech markets in the world, currently valued at $584 Bn, it is estimated to reach $1 Tn by 2025, Inc42’s recent analysis revealed

While lack of financial literacy, awareness & regulatory stability are still major challenges for the sector, a key foundational block to its scale is cybersecurity

According to an Akamai report, out of the 6 Bn web attacks that occurred globally in 2020, the financial services industry accounted for as many as 736 Mn attacks

Inc42 Daily Brief

Stay Ahead With Daily News & Analysis on India’s Tech & Startup Economy

Although the introduction of technology into the financial services space started with credit cards in New York in the 1950s and the ATMs in London in the 1960s, it reached India in the 1980s. Despite the late start, fintech in India has evolved to become one of the fastest-growing markets globally. Today, the country is home to 19 fintech unicorns, according to a recent analysis by Inc42.

India’s Fintech Revolution: The Beginning

Although fintech developments were set in motion a few decades ago, the proliferation of the internet in the 1990s helped the industry pick up pace. Soon afterwards, India saw the emergence and growth of many diverse and intriguing micro segments within fintech.

From digital payments to techno banking, lending/crowdfunding, and consumer finance; from investment tech/wealth tech and mortgage and realty to insurtech, pension, and cryptocurrencies — these new areas liberalised finance and financial services in stark contrast to legacy systems

The country’s fintech revolution reached its peak in 2016. In April of that year, the National Payments Corporation of India (NPCI) did a pilot test of the Unified Payments Interface (UPI) across 21 member banks. And on November 8, 2016, demonetisation was announced. The apparent goal of demonetisation was to curb dirty money. But it essentially turned a cash-driven India into a less of a cash society and gave the country a push towards a formal, digital economy — subsequently giving a huge impetus to the fintech ecosystem.

Along with the UPI came the India Stack, a set of open-source APIs provided by the Unique Identification Authority of India (UIDAI) to pave the way for further innovation in this space.

While all this has had a far-reaching impact, it was during the pandemic in 2020, that digital transactions became the order of the day. As people were forced to stay in the safety of their homes, fintech was amongst the two sectors positively impacted — the other being ecommerce. 

The State Of India’s Fintech Revolution

Addressing the 2nd Global Fintech Fest in September 2021, Minister of Commerce & Industry, Consumer Affairs & Food & Public Distribution, and Textiles, Piyush Goyal said that despite the two pandemic waves wreaking devastation across sectors, India’s financial innovation kept the country afloat and helped it clock massive growth. “At 87%, India has the highest financial technological (fintech) adoption rate in the world against the global average of 64%,” he added.

Inc42’s State Of Indian Fintech Report Q1 2022, revealed that as of Dec 2021, total volume of UPI transactions crossed 73 Bn — the value of these transactions stood at $1.7 Tn.

The catalysts to the sector’s dominance include the rise of investor interest, capital inflow, and the government’s support. By December 22, 2021, Indian fintech startups had raised more than $10.6 Bn.

The digital payments subsegment is leading the charge in the fintech ecosystem, followed by lending and neobanks, insurance and personal finance management.

To drive the adoption and growth of the sector, the government and the regulators have undertaken various initiatives such as the Pradhan Mantri Jan Dhan Yojana, Startup India, licences for payments banks, recognition of peer-to-peer lenders as nonbank financial companies, and the introduction of fintech regulatory sandboxes by the Reserve Bank of India (RBI) and the Insurance Regulatory and Development Authority of India (IRDAI)

Obstacles Ahead For The Sector

Besides leveraging the government’s initiatives, fintech startups must work with all relevant financial institutions to increase adoption and growth. The massive reach of the financial institutions and the robust tech and agility of fintech companies complement each other, and the two are well-positioned to collaborate and grow.

Towards that end, India has already started taking steps to build this collaboration and growth. A case in point: The RBI released the guidelines for a regulatory sandbox for fintech firms in August 2019.

However, factors such as the lack of financial literacy, awareness, adoption, regulatory stability and more, may hinder this collaborative approach.

“The regulatory environment backed by industry tech utilities (UPI, E-KYC, AA, etc) is enabling the fintech ecosystem at every level. However, lack of customer awareness around risks, transparency around pricing, and some predatory practices around the same can create long-term trust deficit,” said Krishnan Vishwanathan, founder & CEO of Kissht.

Akshay Mehrotra, cofounder & CEO of EarlySalary added, “Fintech industry provides flexible tenure and convenience for users while bank loans are always a major stress and anxiety topic for them. The challenge here is to create awareness among the illiterate and semi-literate consumers about the fintech industry’s benefits.”

There is no doubt that India has already designed and implemented numerous policies and regulatory guidelines to support the fintech sector. However, many critical frameworks, especially those related to cryptocurrencies, payments, data, infrastructure, and consumer security, are still in the works.

Keeping in mind the sector’s dynamic nature that necessitates real-time regulatory modifications, it is now required to make progressive improvements without straining businesses. After all, frequent changes in the regulation often turn out to be a costly affair for a startup and affect its conviction.

With the base of the fintech ecosystem residing in data, startups in this space must work on stringent measures and robust mechanisms to safeguard that data, especially as data leaks, platform downtimes, and information theft become everyday hazards. 

Talking about the opportunities and the roadblocks in the industry, Sid Pisharoti, regional VP of Akamai, said, “On one hand, the fintech ecosystem in the country is all set for accelerated growth and adoption. On the other hand, the underlying foundation for the success in the ecosystem is tightly knit technologically, which means more apps and APIs talking to each other. This ever-increasing integration within the ecosystem means that the attack surface is also seeing a corresponding increase.”

“We’re already seeing this trend at Akamai, not just in APAC, but also globally. Akamai is able to help some of the largest and fastest-growing FSI organisations in the region counter and mitigate threats, and deliver fast, reliable, and secure digital experiences to millions of end-consumers every day,” he added.

Removing Roadblocks To Scale: Fintech Against Cyberattacks

A key foundational roadblock to the sector’s expansion and scale is cybersecurity. It is also one of the biggest challenges faced by fintech players. Here are a few examples: In 2019, more than 1.3 Mn Indian payment card details were up for sale on the dark web; in August 2020, a fintech company saw 35 Mn user accounts jeopardised when its server was hacked; and in March 2021, another startup saw the information of 100 Mn users leaked online.

“Often, companies prioritise features and go-to market at the cost of security and privacy objectives. When you include security as a fundamental requirement in your roadmap, it may add a few weeks to your launches, but reaps huge dividends in the long term,” said Vishwanathan.

An Akamai report titled State of the Internet | Phishing for Finance revealed that amongst the top web cyberattacks in 2020 was credential abuse, accounting for more than 3 Bn attacks, a 45% increase from 2019.

The most common web cyberattacks in this industry include local file inclusion, followed by cross-site scripting, PHP injection, and command injection. Yet another vector that rose to prominence in the same year was distributed denial of service (DDoS) volume, increasing by 110% from 2019.

During a conversation at the ETBFSI’s Tech Leaders’ Roundtable series, Abhilash Balan and Pawan Chawla, CISOs at Digit Insurance and Future Generali India Life Insurance, respectively, also pointed out that India had witnessed a 60% – 64% rise in ransomware-related attacks in 2021. This could be primarily attributed to a large number of traditional businesses shifting to the digital mode.

“Today, if you go to the darknet, you can actually hire a ransomware plotter for as low as $40 per hour,” said Chawla.

Another panellist, Aseem Ahmed, Akamai’s senior product manager of cloud security, added, “One of the key challenges in today’s world is how open you want to be, and how secure you want to be at the same time… For banking and insurance alike, this is a challenge that’s coming more and more upfront. As you open your doors, integration with third-party services and third-party partners drives your new revenue streams.”

But these are not the only challenges plaguing the fintech startups in India. 

The bigger issue today is securing at scale and having the visibility of what it is that you need to protect. While businesses launch more features and products to tap into a larger base, cybersecurity teams have clarity on what to expect and protect.

What further adds to the stress is that these businesses need to ensure both customer-facing and enterprise-facing security.

There are many measures that the different players from the industry are choosing to ensure the safety of their platforms and data. One of the more prominent ones is “red team security testing,” in which an independent security team of “ethical hackers” poses as an attacker in order to gauge vulnerabilities and risk within a controlled environment.

Other ways industry players have chosen to ensure safety include collaborating with other financial bodies and security service providers, regularly performing experimentation and penetration tests, and building a dedicated team for information security.

“One of the most important measures that can be put in place is following the regulatory measures by the government. RBI has introduced regulations such as FINRA (Financial Industry Regulatory Authority) and PCI-DSS (Payment Card Industry Data Security Standard) etc, that should be implemented by all players,” added EarlySalary’s Mehrotra.

Kissht’s Vishwanathan further added, “From an enterprise perspective, there are several golden industry standard practises. Often, these look like bureaucratic overheads to free-flow of ideas and information, but in reality these are truly necessary to safeguard your enterprise against ever-increasing threats.”

Helping the industry with the struggle, Akamai has launched several solutions — recognised by Gartner — for application and API protection such as web application firewall (WAF), DDoS protection, and bot management solutions. It claims that its solutions to protect any company against phishing go a step beyond the standard two-factor authentication and protect against credential abuse as well.

“The Akamai platform has seen a massive increase in attack data over the last two years globally. The platform saw over 1.8 Bn WAF alerts fired for our FSI customers in 2021, which is a 100% increase from 2020” said Deepa Parikh, head of presales, India, at Akamai.

She added, “Given the rise in adoption of fintech, it is evident that the industry will continue to be a goldmine for attackers and the number of attacks will rise exponentially. Indian fintech firms will need to stay ahead of attackers by having comprehensive security measures in place in order to keep their data safe and maintain their customers’ trust.” 

Parikh further revealed that over the years, Akamai has helped many of its customers from the financial services sector with solutions to not only protect against DDoS attacks but also credential stuffing, phishing, and malware.

The Future Of Indian Financial Services

Currently valued at $584 Bn, India’s fintech market is estimated to grow at a compound annual growth rate (CAGR) of 31% during 2021-2025 to reach $1 Tn by 2025, revealed Inc42’s report. 

Mitesh Jain, regional director, sales, India, at Akamai, said, “India has been at the forefront of the fintech revolution for a while now. There are two significant reasons for this. Firstly, internet connectivity in the country has improved tremendously, which has in turn led to exponentially higher smartphone adoption and usage. This means that fintech companies need to cater to rising user expectations and provide a seamless and consistent experience to end-consumers, regardless of the device and location from which they log in.”

With the rise of BNPL (buy now, pay later), neobanks, and other fintech solutions, there is no denying that the financial services sector will continue to innovate and leverage the vast potential that remains untapped. “Newer business models will evolve that converge all financial services across the spectrum including payments, insurance, credit and savings, likely spurring some degree of consolidation as well,” added EarlySalary’s Mehrotra.

One of the most crucial trends, however, continues to be the further penetration of digitisation in the country. According to Mehrotra, digitisation is going to seep into the DNA of an average citizen in more ways than one, opening up more opportunities for context-based risk analytics and embedded finance opportunities. Resonating with that sentiment, Vishwanathan said that he believes “mobile-only financial services will wholly cut out physical banks.”

Considering the growth and opportunities in the space — especially with the spread of digitisation beyond metros — fintechs need to shore up their cybersecurity measures. “Many of the top brands in the FSI rely on Akamai’s unique and unparalleled presence in tier 2 and 3 cities to ensure that they provide secure last-mile connectivity to users from across the country. Fintech organisations should prioritise security as they deal with a lot of personal and financial data and transactions on a daily basis which makes their customers vulnerable to attacks, thus impacting customer trust,” Jain added.

Though the rising prominence of new age tech is the right impetus for the sector’s growth, going further, the collaboration between startups, financial institutions and regulators is bound to play a bigger role. Such collaborations are already underway in the country. The need now is to cement this partnership with the amalgamation of tech and policy and a robust infrastructure for data security.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.

Inc42 Daily Brief

Stay Ahead With Daily News & Analysis on India’s Tech & Startup Economy

Recommended Stories for You