Fintech must protect critical data and information through robust encryption to ensure business continuity
To comply with the security requirements established by the regulations and standards of the financial authorities, generate trust and ensure their business continuity, new financial players must comply with the same cybersecurity regulations as traditional banking.
Financial institutions have always been pioneers in the implementation, within their business strategy, of robust cybersecurity solutions, procedures and policies for the protection of the critical assets they manage, while minimizing the risks of fraud.
Among a country’s critical infrastructures, banking has always been a target for cybercriminals and it is, therefore, considered one of the sectors most susceptible to attacks. For this reason, it is subject to a high level of regulation by the financial institutions of each country, and is obliged to comply with strict security regulations in order to protect the confidentiality and integrity of critical information, as well as the personal data associated with the development of its activity.
The objective is none other than to protect banking users, as well as the financial institutions themselves.
This same trend applicable to traditional banking extends to new financial agents such as Fintech, focused on Crowdfunding, Lending, payment and remittance systems, cryptocurrency trading, digital cards, electronic payment funds (Wallets or electronic wallets) as well as neobanks (as part of these) and new open banking models and other agents of the financial ecosystem.
Mexico, Fintech hub in Latin America
At this point, I would like to address the case of Mexico, a country where the number of fintechs is growing, after Brazil, and where the number of fintechs registered at the end of 2020 amounted to 441, according to data published in Finnovista, a reference association in this sector.
These figures make the country one of the most important Fintech hubs in Latin America. Most of its activity is centered in Mexico City (around 70%), followed by Monterrey and Guadalajara.
Although for years the financial system has been unstoppable in Digital Transformation, the pandemic has accelerated this process, with 2020 being the year of the Fintech boom, whose growth trail continues now in 2021, and will continue to do so in the years to come.
As Finnovista has pointed out, “After the arrival of the coronavirus pandemic, consumers, households and businesses depend even more on the digital world than in other years, creating a great demand for fintech services” and undoubtedly, the large Fintech ecosystem in Mexico has in this segment a great business opportunity to meet these needs, without forgetting that to generate confidence in their services, cybersecurity must be a priority within their business strategy.
Hardware encryption for Fintech security challenges
As financial technology entities, Fintech must comply with the security requirements and, specifically, with the encryption requirements defined by the CNBV (National Banking and Securities Commission), the Secretary of Treasure and Public Credit, Banxico as the country’s Central Bank and CONDUSEF.
As with traditional banking, fintechs are subject to regulation, supervision and auditing by the country’s financial authorities in order to guarantee the security, confidentiality and protection of information, the continuity of operations and the prevention of any type of risk, among others.
With encryption based on cryptographic technology, i.e., through a Hardware Security Module (HSM), we can strengthen the security of transactions and data while aligning with compliance, complying with the requirements of the financial supervisory authorities.
The combination of symmetric encryption (PIN code and passwords) and asymmetric encryption (digital certificates, SSL protocol and TSL protocol) together with the appropriate algorithms are the key to protecting sensitive and valuable information.
In turn, all this provides the process with a robustness that is not offered by software encryption, whose keys are exposed because they are not stored in a secure device that provides robustness to the storage and custody of the cryptographic keys for encryption and decryption through an HSM, as well as the rest of the keys that we use in the different processes of our business.
From REALSEC, as a manufacturer of encryption systems, we support Fintech so that they can comply with the different regulations through solutions to protect information and transactions, authenticate customers, tokenize operations, identify customers according with the requirements of the INE, perform onboarding with Blockchain technology, etc.
We combine technology certified and accredited by the most recognized entities in the field of cybersecurity, such as PCI PTS HSM and FIPS 140-2 Level 3, as well as an extensive knowledge of security requirements in the financial sector.
Our broad presence and customers in the Mexican banking sector and in several Fintech endorse us.
Also, through this LINK, we invite you to download the study, prepared together with the consulting firm IDC, “FinTech and Banking. Security & HSM Trends” in Mexico.
In adittion, you can visualize our Webinar “Evaluating Payment HSMs in Financial Services”
In short, we can say that with encryption based on certified cryptographic hardware, Fintech can align themselves in compliance with Mexican financial regulations, protect critical and sensitive information of their business processes, as well as safeguard and securely manage their encryption and/or signature keys. Moreover, all of the aforementioned, as the most reliable option for building secure processes.
With reference to this topic, last June 9th I gave a presentation at the business continuity event organized by the Association of Banks of Mexico (ABM), which I invite you to see in this LINK, and in which as a conclusion I exposed that when it comes to data confidentiality and privacy “Encryption and Data are an inseparable couple” highlighting that the cryptographic Hardware (HSM) is our best and most reliable ally to protect sensitive and critical information, as well as personal data and ensure business continuity.