Banking is still undergoing a massive digitalization process that finds some of its roots in the financial crisis of 2008.
With consumers’ trust for banks at a historical low point and banks freezing their own innovation front, an opening was left in the market for digital consumer banking services.
Enter neobanks — a new wave of fintech companies that develop web and mobile banking applications. These facilitate the traditional banks’ over-complicated procedures and enhance the user experience by providing user-specific advice as well as spending analytics.
These neobanks are quickly gaining momentum in the consumer banking market, amassing millions of clients globally.
Despite the many benefits that this shift has brought to consumers and the overall market, the digitalization in banking services has highlighted the big question of data privacy and security.
With gigantic data breaches (notably, Magecart attacks) becoming a common occurrence, consumers have grown more concerned about how their data is being stored and used — especially when it comes to their financial information.
From the standpoint of financial organizations (including Neobanks/fintechs), the answer to this concern begins on the development stage of these digital banking applications, where secure development practices must be adopted.
Developing banking applications that deal with user data requires strict security practices.
And thanks to the emergence of several regulations and standards, this need for improved security of customer data is often not only recommended but an actual requirement.
Specifically, we find regulations directly related to the financial industry — PSD2, 23 NYCRR 500, and GLBA — as well as three regulations that are aimed at consumer privacy in general (which the financial industry is also subject to) — GDPR, CCPA, and LGPD.
In this white paper, we present the general goals of each regulation, as well as provide a summary of how organizations can increase compliance. We also cover standards such as ISO/IEC 27001, ISO 12812:2017, and the NIST Cybersecurity Framework.
We end the white paper by putting forward practical recommendations to increase compliance, with specific mentions to server-side security, network security, and client-side security.
See our full analysis of this topic in our white paper here.