Please Wait while we set
things up for you!

Monday, 28 June 2021 06:31

Personal Data Protection and Cyber Security Threats in Fintech

The Financial Services Authority (OJK) defines fintech as "an innovation in the financial services business that uses technology usage." Technology (software, the internet, communication, and cutting-edge computing) is being implemented and used to improve a company's banking and financial services. There are 5 types of fintech: Peer-to-Peer (P2P) Lending & Crowdfunding, Investment Risk Management, Payment, Clearing & Settlement, and Market Aggregator. With the rapid advancement of technology, anyone may quickly receive information about fintech in various media.

In Indonesia, the positive trend towards fintech has been evident over the last two years. The overall Fintech distribution in 2020 increased by 91.3 percent over the previous year, reaching 155.9 trillion rupiah, with a total accumulated borrower account of 43.57 million accounts. According to data on the OJK official website, as of June 10, 2021, there are 125 registered and regulated fintech peer-to-peer lending or fintech lending enterprises.

The figure is not surprising, given that digital transactions have become one of the community's critical requirements throughout the pandemic. With the help of fintech, we no longer need to make personal contact or travel to other places to complete transactions. Instead, all we need is a device and access to the internet. This convenience, however, is not without risk. As the number of digital transactions grows, so do the risks of cybercrime.

Teguh Arifiyadi, The Acting Director of Informatics Application Control of Kominfo RI, during an iForte Cyber Security webinar on June 24th 2021, stated that from 2019 to April 2021, there was a rise in Personal Data Protection cases by a total of 29 cases, 92% of which were cases caused by cyber-attacks. The Directorate of Information Application Control has dealt with 21 of these occurrences of personal data leakage. This data once again proves that as the number of digital transactions grows, so do the chances of cybercrime.

The recent purchase and sale of consumer data by a well-known e-commerce corporation also upset Indonesian people not long ago. Irresponsible websites leak customers' data, including personal information such as social security numbers, credit card details, and so on. As a result, it is time for data security and digital transactions to become a critical plan that must be implemented quickly in order to avoid becoming even more harmful in the future.

Dr. Bisyron Wahyudi added in the same webinar that one type of cybersecurity concern in fintech is Transaction Security, which involves security threats when executing transactions. The second is Data Security, which refers to protecting personal information, and the third is Cyber Security. These issues, he added, include preventing unwanted digital access and focusing on the compliance system in providing legal protection for fintech users' data.

Farman Kosim, Senior Principal Security Engineer at GDP Labs, highlighted that today's fintech faces various cybersecurity concerns. First, there's Application Security or system flaws that allow data to be stolen through gaps. Second, malware or cyber-attacks, then third is the system's weakness caused by human error, for example, a database placed on a public cloud, making it easier for data to be misused by irresponsible people. Fourth, data theft, and last, money laundering, is usually the ultimate goal of data theft perpetrators.

Now, the most important key consideration is how to maintain cybersecurity. Digital technology users at all levels of society, including financial industry operators, are expected to take this seriously. According to Dr. Bisyron, there are at least five ways to prevent fintech consumer data theft.

  1. Data identification, the process of determining which data needs to be secured.
  2. Data classification, which divides data into three categories: confidential, public, and internal fintech.
  3. Data Securing, an integrated process for securing data.
  4. Endpoint security, such as antivirus and anti-spam software.
  5. Data Breach Detection, a type of early detection that alerts users when there is a data leak.

During the same webinar, AKBP Silvester Simamora, Kanit 4 Sub-Directorate 2 of the Directorate of Cyber Crime (Dit Tipidsiber Bareskrim Polri), said that companies must consistently take preventive actions to minimize risk, such as improving governance of information technology systems and continuing to renew the growth of technology assets information. Not only that, but they also should improve their understanding of information technology security. These factors are critical in reducing the risk of cyberattacks, especially when dealing with threats that aren't discovered right away.

On the other hand, we as consumer must as well be willing to accept reliable cybersecurity information. We could get helpful information and learn from a variety of reliable sources. For example, in the case of fintech, do not simply enter personal information into a firm without first checking whether the fintech company is registered with the OJK. You should also be cautious when using public wi-fi for transactions or installing questionable apps that steal data, and so on. Cybercrime prevention must be taken seriously by all parties involved.