Why Security By Design Is Essential for Every Financial Services Provider

Security breaches are a concern across industries, and no organization is immune to the impact of a breach, regardless of its size. Financial institutions, fintechs, card issuers and similar organizations that repeatedly and consistently handle a breadth of sensitive information are in a particularly precarious situation when it comes to security. This year alone, several financial institutions faced unwanted headlines as a result of a security breach or vulnerability:

• USA Today reports that the second-largest breach in 2019 involved the exposure of personal data in 885 million records related to real estate transactions at First American Financial.
• In July, Capital One announced that 100 million customer records had been compromised as a result of activity by a former Amazon Web Services employee; Capital One had used AWS for hosting.
• In August, Monzo – one of the world’s largest digital banks – requested that 480,000 customers change their personal identification numbers (PINs) after it was discovered that the information was left in an insecure file that was accessible to Monzo employees.

Regardless of the actual cause of a security incident, or the degree to which consumers are directly impacted by it, each reported breach further erodes customer confidence that their information is truly secure. In fact, FIS’ 2019 Performance Against Customer Expectations (PACE) findings revealed that one out of three respondents surveyed in the United States has been a victim of fraud. Not surprisingly 90% of them said a bank’s ability to keep their transactions safe and secure is a “very important” factor when choosing a financial provider.

These findings ultimately underscore a critical reality for all financial institutions: The importance of security cannot be underestimated — whether establishing a brand new digital only bank or maintaining the online and physical security of a well-established institution.

This is exactly why diligent security procedures and practices are a key differentiator between FIS Banking Solutions and banks and smaller fintechs who opt to build their own platforms — and why security is a factor that we steadfastly prioritize.

Security by Design at FIS

In today’s digital age, security cannot be an “add-on” to technology and solutions. FIS has invested across all its products and services with a security-first policy, and this is no exception as we take to market our new core banking platform that’s built from the ground up. The FIS private cloud allows us to take advantage of cloud-based services and technology but combines the level of security that puts our clients (and their customers) at ease. Equally important, we are committed to keeping the security measures relevant and proactive, to ensure we stay ahead of fraudsters and threat actors who continually innovate to find weaknesses in attempts to gain access to valuable data.

FIS builds security into each step of software design, development, delivery, configuration, infrastructure and implementation. Further, we conduct ethical hacking, penetration testing, identity authentication/validation, database encryption and dynamic application security testing to repeatedly “stress-test” the many elements that contribute to solution security. Additionally, we mandate required Security Awareness training for every FIS employee.

Cybersecurity is a continual, evolving and complex process, and why Security by Design is a constant priority at FIS.

Tags: Risk & Compliance, Technology, Investments