Studies show that human behavior is changing due to the impact of social media – relationships, inter personal communications, aspirations and value systems have all been influenced by the exposure to social media platforms. In the age of the “connected human”, we are putting up more and more of our personal lives online. Everything about us has a digital footprint somewhere, our likes, shares, follows, tweets/re-tweets, mentions, pins, boards, and search history create a digital profile which are consumed by AI algorithms to learn more about us and serve us content and ads which match our profile.
Even though everything about our lives is online in one way or the other, we still have some concerns when it comes to sharing / updating financial details on an online platform. Are these fears unfounded? Maybe not – with so many incidents of identity theft, banking hacks and online financial frauds, these are valid concerns.
We at Fintify identified data security as one of the foremost apprehensions of potential users in our target segment. These apprehensions are based on past experiences of sharing simple information like email addresses, phone numbers, annual income etc. with financial services platforms including banks, brokerages and insurance companies. This information is sometimes sold to telemarketers or used to target the customer with irrelevant offers of personal loans, credit cards and ULIPs. This coupled with regular stories in the media about online financial frauds and data thefts have made the average user cautious when it comes to sharing financial information.
Should this stop you from getting fascinating insights about your money which you will never get from the excel sheets you maintain to track your investments and liabilities? Definitely NOT.
So, the Fintify founding team decided to take this key concern head on and we thought about all the potential risks a user might face when they share their data with us. We classified the user’s data into 2 categories:
- Personal information – Email id/ Phone numbers
- Financial data: Bank account details, Transactions, Investments, Loans, Pensions and Insurance information
Then we came up with specific points to address the safety concerns of all data categories.
Personal Information
As a policy Fintify strictly follows the principle of NOT sharing user information with third parties for any purpose without the explicit consent of the user. When a user of the Fintify platform avails a service of an affiliate partner only relevant information will be shared with the affiliate after taking an explicit consent of the user.
Financial Data:
All accounts including bank accounts, investments and insurance policies on Fintify are masked at source, so we do not have access to the full account number of the user which means the account details can never be compromised from our platform. Transaction details are available with descriptions and are linked to an account number through a reference code. This is a read-only application which does not allow any movement of funds from the user’s accounts. This ensures users financial accounts are secure from any threat.
User Consent – More power to the user
UK PSD2 (Open Banking) guidelines require that Account servicing providers (like Banks/Financial Institutions) share customer account data with third party providers (AISP) after getting the customers consent. This will eliminate the need to share account credentials with third party providers. The user consent can be given for specific account and for a predefined duration. RBI has also drafted the ‘NBFC – Account Aggregator‘ directive on similar lines and plans to enforce consent based data aggregation in India. These regulatory changes will usher a new era of financial data sharing for all stake holders, with the users benefiting the most.
Fintify is compliant with General Data Protection Regulation (GDPR) which went live in May 2018, this regulation mandates that users are told exactly how and where their data is being stored and used on the Fintify platform.
This will further help assuage user’s data privacy and security fears.
In App security – Strong authentication and Data encryption
The user id of the user on Fintify is their registered email id, this along with the phone number is used for the multi layered security of the user’s app. The password is encrypted and is inaccessible to anyone at Fintify. Access to the App is possible only using a 4 digit m-PIN or Touch/Fingerprint ID of the user. This prevents unauthorized access of the App data in the event of the device being compromised. All data stored on the local device storage is encrypted using 256 bit cryptographic keys. This ensures that not only access to the app is protected but the user data itself is fully secure.
Infrastructure security – Bank grade security
All the users’ data is stored on secure servers housed in a virtual private cloud in the United Kingdom with highly restricted access via white labelled IP addresses and multi factor access controlled firewalls. Our third party data aggregation provider – Yodlee Inc supports bank-grade security which enables secure API based data transfer and connectivity to their servers.
Future of data security and privacy
Firewalls, encryption, multi-factor authentications are hygiene for any data security checklist. The trends show online applications moving towards a more augmented security protocol using intelligent and adaptive identity-centric solutions including Behavioral Bio-metrics. AI and Machine learning algorithms are being deployed in data deception technology and malware scanning products which can automatically detect and shield against advanced attacks. As fraudsters become more technology savvy, security technologies will always stay ahead of them.
Users will continue to benefit from these improvements by getting superior and more secure user experiences which will enrich their lives further as more and more innovative digital financial platforms and products are designed by mobile app developers.
Change is the law of life. And those who look only to the past or present are certain to miss the future. – John F. Kennedy
Javed Memon
Co-Founder, Fintify
Great news but the article doesn’t cover the main concerns I have for the bank account user ID and passwords I am required to share in order to link my account details. Up to this point I alone know the passwords and memorable information required to access my online bank account. Once I have shared them with fintify I would be liable for any loss resulting from unauthorised access should this information be used illegally by a third party. What protection do you have to protect against this very sensitive information being accessed by a third party
Thanks
Thanks for sharing your concerns. The new PSD2 / Open Banking initiative helps alleviate exactly those concerns by introducing a consent based architecture so you will no longer have to share your User IDs and passwords. Fintify will automatically seek your consent, not passwords, for those banks that have adopted the new Open Banking architecture. In the UK , the top 8 banks have committed to this change . Also, as per the guidelines, banks can no longer wash their hands off any liability arising from sharing their data through API feeds to third party providers. For those institutions that have not yet adopted Open Banking, your credentials are stored securely with our technology partner, an industry leading data provider, trusted by top leading banks in the U.K, USA and Europe.
Team Fintify