The banking and finance industry has witnessed a tremendous technological shift, from customers going to physical bank outlets for financial services, to accessing such services digitally at the tip of their fingers. There are newer concepts that have come into the picture over the last decade such as net banking, digital payments, and now Neobanks – banks that provide digital banking and financial services without having a physical presence. As consumers embrace digital-only choices, the demand for digital banking and Neobanks is on the rise. In fact, according to a recent Twimbit report, “India, the new hub of Neobanks 2.0”, the Neobank market in India is growing at 43 per cent CAGR.
With the rise of new ways of banking, and digital payment platforms accelerating the speed of transactions, it is by no surprise that the usage of app-based banking services has increased tremendously. However, this upward trend has also inevitably led to a wider risk of data exposure and cyber threats.
Cybercriminals are integrating digital technologies and criminal strategies to leverage these vulnerabilities and conduct fraud at a scale never seen before. As per CERT-In, there were 14,02,809 and 6,74,021 cybersecurity incidents reported in 2021 & 2022, respectively. With financial services going digital, Neobanks have become one of the most alluring targets for cybercriminals.
In fact, there are multiple kinds of cyber-attacks that have been witnessed. Phishing and spoofing, are some of the cyberthreats that Neobanks must be prepared for, with banking operations being conducted online and the bad actors can potentially get access to customers’ bank details such as login credentials, credit card numbers, and other personal details. Furthermore, an enormous amount of sensitive data is being handled by Neobanks over the cloud and digital platforms which makes them prone to malware attacks. As per a report by Mimecast, 75 per cent of organisations have faced malware attacks in 2022.
A bot or worm can bring down the entire ecosystem of Neobanks, as there is an enormous amount of sensitive data hosted across the network. Another challenge that Neobanks might have to tackle is the lack of an adequate budget to deploy an in-house cybersecurity team. Hence, they have to partner with third-party vendors for the services. The risk of cyberattacks and data breaches could potentially rise if the vendor does not have a robust security infrastructure or requisite skills.
Despite the risks, the demand for Neobank services is still high as they meet the demands of the new reality, making it even more crucial for Neobanks to focus on making their ecosystem impenetrable. Here are some ways that Neobanks can focus on, to ensure a robust security infrastructure:
- Adhering to compliance: The first and foremost step they must take is to comply with all the regulations to ensure security. Compliance can help them to regularly assess their risk, and test parameters such as penetration, application, devices, and network.
- AI/ML for detection: Artificial Intelligence will enable Neobanks to scrutinise the relationship between identities & transactions and differentiate between legitimate and criminal activities, helping them avoid money laundering cases.
- WAF and API protection: Neobanks provide app-based services which require protection for web application firewall (WAF) and API security against DDoS and malicious bots. To dramatically simplify operations, Neobanks must reduce the number of endpoints and enforce a centralised security policy across the entire estate of apps.
Opting for a robust security infrastructure, adopting advanced technologies, and ensuring complete compliance with the regulatory framework are some important steps for Neobanks to focus on, to ward off cybercriminals.
Views expressed by Dhananjay Ganjoo, Managing Director for India, and SAARC at F5