FinTech apps have taken the world of financial information by storm in recent years. Between personal financial, budgeting/saving and investment apps. Financial technology and banking were once held to be separate, competing entities in the financial space, but recently, the two have begun finding more ways to partner together and provide better offerings for their customers. While both banks and FinTech providers, along with their consumers, may benefit from expanded product offerings, all parties will increasingly have to consider the implications of data and information security.

challenges are we facing with authentication and security?

The digital age has always presented challenges for authentication. It was so much easier when people’s identities could be verified face-to-face at a bank branch. User names, passwords, and security questions have been among the most common ways institutions try to determine who is at the keyboard. These traditional approaches are quickly becoming outdated, and less secure.

A combination of new tactics and new technology is required to provide protection. At the first layer is a need for more robust authentication. How can banks verify the identity of an accountholder? At the second layer, security measures must protect those accounts from unauthorized access.

What does this mean for fintech companies?

The panelists stressed the importance for both banks and fintech companies to verify user information across multiple channels. The contact center, IVR, branch, mobile app, and website should share a single, comprehensive, view of the customer. For banks with legacy IT systems, this is difficult– and it can create vulnerabilities.

Fintech companies are pioneering new approaches to verifying and managing identity. In some cases, the new technology is for sale to banks and other FIs. In other instances, the fintech company simply makes their own product more secure. And in a growing number of cases, authentication is being provided via banking APIs.

In strengthening authentication, one avenue being explored is behavioral biometrics. A good example is the precise tracking of user typing patterns. By looking at factors like typing speed and rhythm, data can be captured for each online or mobile session. This behavioral data pattern becomes one element of a very complex algorithm.

Physiological biometrics use everything from the shape of a person’s face or hands, to retina scans, to voice verification, in order to identify the person. The panel of experts in San Francisco mentioned cool new technology that uses photo selfies to enable a customer to login.


This information may make your bank want to run from the prospect of ever partnering with a fintech, but don’t turn away yet! Innovative technology doesn’t automatically equate to risk, it merely means putting equally as innovative new measures in place to protect your customers. There are many approaches to data protection, but two key options banks should explore include communication aimed at customers’ security awareness, and the utilization of application program interfaces (APIs).

Increasing customer awareness

One of the simplest steps to protecting your customers and their data is to keep them informed. When asked which entity should provide education and promote awareness on how fintech apps collect and use customer data, most respondents answered banks (59 percent). There is a significant deficit in customers’ understanding of how their fintech app will access, collect, store, use and share their data. Have you ever clicked the terms of agreement checkbox without actually reading them? Probably so. Chances are, your customers have too. Many times, customers don’t realize the freedom third parties have with their data simply because they haven’t taken the time to learn.

Educate your customers on the “whys” and “whats.” Why should they keep their bank account details secret? Why is their data at risk to start with? What should they look out for in terms of suspicious data sharing? What is okay to share and not okay to share? Creating a document that customers can easily access via the bank’s website offering insights, advice and best practices in data security can help mitigate future risk. Security features like two-step logins can seem like a hassle to customers, but educating customers on why it is necessary and how it helps mitigate risks will not only help protect your customers, but it will strengthen their trust in your brand and your ability to protect their information.

Utilizing APIs

One of the most effective and secure ways for today’s banks to incorporate fintech is through the use of application programming interfaces, or APIs. Utilizing APIs is advantageous for both the financial institution, as well as the customer. APIs allow customers to take advantage of fintech apps, while also keeping their information secure.

There are a number of ways that APIs bolster security, data transparency and control. For one, APIs allow banks to share information with third parties, such as fintech app providers, without depending on customers to share their banks’ log-in credentials. Banks that utilize an API can also limit the amount of data shared with third parties so that only necessary information is shared. While most people are relatively comfortable sharing an email or their date of birth, customers are significantly more apprehensive to share their bank account information, credit card number or social security number. Luckily, with the use of an API, banks can offer features like the ability for a customer to access their credit score in real-time through their bank account, without having to give these sensitive details away. APIs give both the financial institution and the customer increased control over data management.

As the realm of fintech continues to grow, it becomes more and more apparent the industry is not going away anytime soon. Banks are seeing the benefits of teaming up with fintech, but also discovering there are new risks involved. As the most trusted institution for ensuring customers’ data is safe and secure, banks have a responsibility to uphold and maintain their customers’ trust, even as their technological capabilities expand. Banks that provide transparency into the benefits and risks of using fintech and utilize APIs to ensure greater control over the information shared with third parties will build customers’ trust and will be able to provide an even greater repertoire of offerings for those customers.