Fintech apps such as Mint, Robinhood and Acorns – and many more – have gained a foothold in the personal financial marketplace.
Yet, growth in the fintech app sector may be stunted, one study says, due to fear of data security loss.
The usage of apps and fears over data privacy are two very different numbers – and represent two very different mindsets, according to The Clearing House, a banking association and payments company.
This from the survey:
- Nearly one-third of consumers use fintech apps. Services for personal financial management and budgeting/saving are the most popular solutions, followed by investment services and robo-advisors, as well as lending services.
- Yet two-thirds of fintech users said they are very or extremely concerned about data privacy when using these apps.
- Nearly 25 percent report that they would not use an app that stores their bank account credentials, though that is what many fintech apps do to access information quickly and easily.
- About half are uncomfortable sharing payment and financial information with the apps. Most fintech app developers “as part of their terms and conditions, gain consent from consumers to use their data for purposes other than operating the app itself.”
A big problem with digital apps and client data security is that fintech companies have a large bulls-eye on their backs from identity thieves.
Ralph Wutscher, the COO and chief legal officer at Incubator LLC, a legal automation and fintech security solutions firm said, “Fintech and other companies that deal with sensitive data are prime targets for hackers. The recent T-Mobile breach reports are only one of many examples of the extent of risk that hackers pose to sensitive customer data.”
Advisors Should Take A Closer Look
As the old adage goes, if the customer is concerned then the service provider better be concerned, too – and that goes double for investment advisors.
Mark Friedenthal, founder of Tolerisk, a risk assessment tool for financial advisors, said, “Advisors should exhibit an appropriate level of concern for their client’s data. Clients entrust their advisors with personal information and expect that commercially reasonable measures will be taken to ensure its security.”
Although not all data is highly sensitive, the most sensitive client financial data is generally the data that identity thieves want. “No question, higher standards of data security need to be in place when highly sensitive client data is at stake,” Friedenthal said.
Although advisors should thoroughly research digital apps and how they can lead to serious consumer data breaches, fintech companies – even though they’re on the case – need to do a better job of locking down user data.
“In addition to properly securing servers, fintech app developers should conduct threat assessments and penetration testing to make sure their security is up to their current standards,” Friedenthal said. “Fin-tech apps can also enhance user security by offering two-factor authentication and advisors should utilize it so their own access point exhibits the highest level of security.”
Phishing For Data
Data thieves are getting into fin-tech apps – and into client financial data – in a reliable way.
“Hackers use many different methods to try to steal sensitive customer data, but a common method is a phishing attack where the hacker tricks a customer or a company employee into revealing passcodes, account numbers or other sensitive information,” Wutscher said. “Another method – reportedly used in the recent T-Mobile breach – is to find and then exploit a vulnerability in some discrete aspect of a customer’s or company’s systems.”
Yet while app developers may know how and why data fraudsters are stealing financial consumer data, they’re not sharing the information with security companies, or with financial consumers.
“Many quality fintech and other companies that deal in sensitive information regularly engage trusted third-party experts to conduct information security audits as to all of their physical and electronic systems,” Wutscher said. “In our view, companies should start generating public versions of the results of these audits, demonstrating they meet or exceed established standards and controls.”
Customers should ask for copies of the most recent public versions of these reports, as well. “If the company does not have or refuses to provide the public version of the reports, the customer should consider going with someone who does,” Wutscher said.
A Trust-Building Endeavor For Advisors
Keeping a client’s information safe doesn’t have to mean investment advisors take over their client’s financial app usage, but taking a keen interest in client security is a win-win for financial professionals – it helps protect client personal data and it solidifies advisor-client relationships in the process.
Chris Wong, chief executive officer of LifeSite, a security services firm that works closely with financial professionals said, “Consumers are increasingly concerned about who has access to their data and are now empowered to take back control of their information. Consequently, any business providing fin-tech solutions to clients or using enterprise software needs to be accountable for how information is being processed, transported or shared.”
That’s where an advisor can step up to the plate.
Brian O’Connell is a former Wall Street bond trader, and author of the best-selling books, The 401k Millionaire and CNBC’s Guide to Creating Wealth. He’s a regular contributor to major media business platforms. Brian may be contacted at firstname.lastname@example.org.
© Entire contents copyright 2018 by AdvisorNews. All rights reserved. No part of this article may be reprinted without the expressed written consent from AdvisorNews.