More fintech startups in Nigeria fail due to “cyberattack & KYC/identity theft” related issues than any other problem. Our data shows that when those attacks happen, most times, the companies die over time, unable to recover from the paralysis. If you google and check recent closures, and ask questions, someone will tell you how some criminals have broken into a startup’s system, took money or distorted the company’s state of equilibrium.
Why this problem? Many people see embedded finance or finance-related APIs as marginal solutions without knowing that once you offer such solutions, you have provided vectors through which people could be hacked, if not protected. In other words, if you offer banking as a service where customers can get bank accounts via your portal, you have provided a path for them to be hacked, if you do not harden the access points.
Indeed, in your fintech portal, your bank account is linked. A bad actor can initiate withdrawal from that account, and using the same fintech platform move the funds to another account. Of course, many customers do not know that once they link a bank account to the platforms, especially ones with “withdrawing” rights, they have extended withdrawing access to their bank accounts. But unfortunately, the portal where that is happening has no decent security protocol.
Tekedia Mini-MBA edition 15 (Sept 9 – Dec 7, 2024) has started registrations; register today for early bird discounts.
Tekedia AI in Business Masterclass opens registrations here.
Join Tekedia Capital Syndicate and invest in Africa’s finest startups here.
(Let me use PayPal to explain. Your PayPal account is linked to your bank account. From your PayPal account, you can initiate a deposit from your bank account into your Paypal wallet. If someone has access to your PayPal, that person also has access to your bank account!)
If you check some banks in Nigeria (one issue was reported today), their main bank websites and apps rarely have security failures, but their “fintech” subsidiaries do fail due to hacks. Why? While the Central Bank of Nigeria (CBN)’s security guidelines and regulations are adhered to on the core websites and apps, the fintech subsidiaries are not fully handled in the same way. So, some banks keep losing money due to such failures.
What can you do? One of Tekedia Capital startups wanted to build a fintech component as a marginal feature in its core business. We told the team to freeze the idea, encouraging them to continue to work with their banks’ partners, making it clear that a fintech-focused team should be in place before any voyage into that space.
Yes, that fintech marginal feature should be seen as a core product with every element of security thought-through before customers are allowed to use them. Do not just get access, embed APIs and expose customers to be burnt without a team with responsibility to ensure that you (not in the finance space) have provided basic security features.
Indeed, embedding a protected and secure product in a porous portal creates vulnerabilities for your business and your customers. And that means you must ensure you are also protected, and secure, before you ask customers to use the solution.
---
Register for Tekedia Mini-MBA (Sept 9 – Dec 7, 2024), and join Prof Ndubuisi Ekekwe and our global faculty; click here.
Simplicity comes with security threats. It is a difficult balance to build a simple and seamless solution that is very secure. If you want to initiate and complete a transaction within seconds, so also are the threat vectors. For a provider, how do you deliver a product that is easy to use and also very secure and almost free? There will always be some tradeoffs, else be ready to lose out when you least expect it.