Right off the bat, I’ll say this: Nigeria is better off with fintech solutions.
These products, driven by unprecedented innovations, have redefined traditional banking and payment systems forever. But fintech in the country is still relatively young. So, while it has positioned the country as a key player on the continent and unlocked unparalleled opportunities for its citizens, it also opened it up to significant risks.
For instance, a Nigerian-born payment service provider discovered last year that some PoS merchants had abused their access to its platform to carry out multiple illegal transfers due to a system glitch. Now, the fintech company might be among the most recent victims, but it’s by no means the only fintech to have experience that.
The long list of Nigerian financial service providers that have suffered various losses following compromised systems includes some payment companies, telcos, commercial banks, and even my own company, Glade. Reports may not have always accurately represented the amount lost, but these organisations have admitted to one security breach or the other.
This is the reality of the ecosystem: security is a major concern. And the consequences of system glitches are far too dire for security to be treated as an add-on. Besides reputational damage that might cause companies to lose customers, trust, investors, and ultimately money, there’s also the risk of regulatory penalties.
Among other businesses, I founded Glade, which built Gladefinance, a Techstars-backed fintech that provides banking, payments, and expense management tools for businesses. So I've seen first-hand a lot of the security issues fintechs face behind the scenes.
The issues and steps I'll discuss below are very practical, to ensure robust security measures to reduce or prevent cyber attacks before they even happen.
Now, where do I start from?
What fintech security should be now
Security for fintech isn’t just another feature to make the product look cool; it’s necessary to sustain customers’ trust and ensure the business's continued existence. Fintech security must go beyond being a mere technological solution and building cybersecurity tools.
Don't miss out on Africa's financial revolution
Give it a try, you can unsubscribe anytime. Privacy Policy.
Join over 3,000 founders and investors
Give it a try, you can unsubscribe anytime. Privacy Policy.
The way most of the ecosystem sees fintech security has to change from just an added feature to becoming part of company culture. Security can only be made possible when everyone in the organisation, from the CEO to the office assistant, knows its importance, appreciates it, and actively ensures it. The reason is simple: many system breaches come from within the company — deliberately or unconsciously.
Fintech startups need to build a strong security foundation from the beginning of the business. If you fail to do that at the very beginning, it would be difficult to do that 2 or 3 years during the line, so you need to build that security consciousness from the very beginning.
While external threats are a concern, the vulnerabilities within the corporate structure pose the greater risk. Companies must enforce corporate governance — clearly defined rules, practices, and processes — that states who has access to what, among other things. It’ll keep everyone involved and responsible.
In addition, the importance of a thorough hiring process for fintech companies can’t be overemphasised. Employees' character is just as critical as their technical skills. During the hiring process, there should be background checks and questions should be asked like who can vouch for this person? How has this person performed in the past and present?
Any fintech company that hires just anyone without doing adequate background checks may regret it.
How can fintechs prevent system breaches in the future?
If I were to guess, I’d say all fintechs have cybersecurity measures to keep out internal and external hacks. But the question remains: Are they enough?
Organisations should always strive to reassess, review, and improve existing security measures, as well as implement new necessary ones. There’s always room for improvement.
If my experience taught me anything, it’s that fintech companies must not leave anything to chance. Adopting relevant security technologies, protocols and processes is paramount for detecting future threats and safeguarding customer data.
You need to carry out tests constantly, low and high tests all the time, to ensure that any new idea, change, feature you are adding, and most especially the API you are consuming from other partners are optimised and have criteria to meet. You also need to keep documenting the test results. Fintech startups deals with money, so the system needs to be reliable and stable.
Specifically, pen testing should be conducted throughout the development lifecycle of fintech products regardless of the experience or pedigree of the developer. From unit testing to user acceptance testing, every aspect must be scrutinised for potential vulnerabilities.
Additionally, regular, extensive code reviews by multiple developers should be carried out to identify security flaws before they escalate into crises especially when it comes to updating new features. When and where necessary, fintechs should find opportunities to optimise the code to enhance products and systems. Also, companies should run routine security checkups to detect vulnerabilities or potential threats.
Proactive security measures are essential in anticipating and preventing cybersecurity threats before they become problems.
The company leadership plays a vital role
The need to grow at all costs, coupled with clamours to hit the next milestones just to impress investors, has been known to pressure many companies into premature product launches, causing them to skip all the necessary processes needed to successfully bring it to market. That seemingly harmless act could expose systems to hacks that would impact the organisation.
When it comes to security, fintech companies can't afford to take any shortcuts. There must be a balance between the need to grow and the responsibility to do the right thing for our business and customers.
The direction set by leadership shapes the future of the company. Even amid tight deadlines or pressures to impress investors and the market, comprehensive testing procedures should never be overlooked. It’s the responsibility of the executive to ensure that it happens and that the process becomes part of the company culture. Otherwise, it can compromise security, exposing the company to a wave of internal and external attacks, and causing you to lose credibility among customers.
Ample time spent on testing products and systems correctly and documenting them can save you a lot of headaches.
Security is one of the things no one should take a shortcut; it is the most important bridge of the business. You need not protect the platform as a platform because you are dealing with money; that is one thing, but you also need to think about who has access to the data, so it comes down to processes within the company and how easy it is to hack the platform, that should always be in the mind of every startup founder. Security is an ongoing process; there will be something that you can improve, so you need to improve the security constantly.
Also, fintech companies need to communicate properly with not just investors but with their employees and customers at all times. Let them know their role in preventing future breaches. With everyone on the same page, the likelihood of a successful hack becomes significantly less probable.
Rather than being reactive, leaders in fintech companies must take proactive security strategies to enhance security. It’s great to be able to step in during or after a system glitch and minimise the losses, but it’s even better to ensure it doesn’t get to that. Prevention, as the popular saying goes, is better than cure. For companies, this would mean reputation and a lot of money saved.
Looking to the future
Our commitment to improving security standards at Gladefinance shines through everything we do at the company. Despite the constantly evolving security threat, we are optimistic about our ability to innovate and be security-conscious. Now, more than ever, security should be at the forefront of fintech offerings.
As fintech startups in the country become more popular and Nigerians increasingly turn to its services, startups must continue prioritising optimum security to retain users’ trust and ensure the industry’s sustainability.
Whenever a fintech startup adds a change to features or the infrastructure, you need to ask what the risks are, whether it can be done better, whether it is penetrable, etc. You need to constantly run security scans and perform pen testing.
As a business in a highly regulatory space, these should be the minimum things you need to do. Because if you are hacked, you have put your customer at risk, and that affects the trust they have built-in you over the years, and you cannot afford that.
So Security should be the number one priority.
