Web and app security for FinTechs

Web- und App-Sicherheit für FinTechs

As studies show, startups in the financial sector, as well as traditional banks, have homework to do in regard to IT security of their websites and apps. Due to ever-increasing cybersecurity threats, companies in the financial sector are faced with the major task of ensuring the functionality of their own systems as well as the security of customer data. What do modern and intelligent cybersecurity solutions for banks and FinTechs look like? 

Over and over again, studies point out the cybersecurity weaknesses of the major FinTechs. These are often old software versions on forgotten subdomains or neglected APIs. As a result, most FinTechs do not meet the requirements for state-of-the-art encryption, security, and data protection. Nevertheless, FinTechs usually do better than traditional banks when it comes to securing their web presences.

Although the financial sector is addressed specifically in this article, it goes without saying that companies in all sectors must protect themselves against cyber-attacks. In the first half of 2021, numerous international corporations, ranging from the food to energy industries, have already been the target of professional cyberattacks.

FinTechs' security situation

Security experts and analysts of ImmuniWeb, a company specializing in web security, have taken a closer look at the security systems of the top-100 the largest companies in the FinTech sector. All the tests carried out were based exclusively on information that can be obtained via the public Internet. The company did not penetrate any computer systems or networks of the companies under review.

The investigation included the websites of the FinTech companies, including all subdomains and identifiable API endpoints, as well as their apps. The security of the software currently in use, the configuration of SSL encryption, and the possibility of phishing attacks against the operators of the websites and apps were tested. In addition, compliance with the EU GDPR and the PCI DSS credit card data processing standard was reviewed.

Among the most common vulnerabilities encountered are the following:

  • Various variations of cross-site scripting (XSS)
  • Incidental data leaks
  • Incorrectly configured security settings

Another problem that could be identified: half of all server backend systems, which are supposed to communicate exclusively with mobile apps, also disclose parts of their data to third parties. This can not only result in data protection issues, but also in dangerous security gaps that may be exploited by cyberattacks.

Positive: FinTechs are ahead of traditional banks. Overall, the 100 startups tested perform better in almost everywhere aspect than the top-100 credit institutions on S&P Global’s list of the largest banks.

In summary, it is important for the entire financial sector and beyond to keep IT security standards high in order to protect themselves against the growing occurrences of cyber-attacks.

Are you interested in more detailed information on web and app development regarding cybersecurity? Feel free to read our German article on this or get in touch with us!

Read the latest stories.

Never miss an update from us. 
Follow us on LinkedIn or subscribe.

Explore More

Prompt Engineering

What Is Prompt Engineering? – Insights Into the Jobs Of Tomorrow

A career in Prompt Engineering seems promising given the increasing growth of artificial intelligence (AI) in various industries. Tech companies from around the world are seeking qualified and efficient Prompt Engineers. Not only do they have the opportunity to further develop their skills, but they can also earn a substantial salary from it. What Is

Read More »
Versicherungen für Selbstständige

Insurance For Self-Employed – What to Know as a Freelancer

There are the same insurances for self-employed as for employees. The difference, however, is the responsibility you bear for your insurance coverage as a self-employed person. Self-employed people have to insure themselves against risks during their work, as you do not have an employer to cover the financial consequences of any damage. Therefore, ensuring that

Read More »
Confidentiality Agreement

Confidentiality Agreement – What Freelancers Have to Know

In many freelance projects in the IT environment and other areas, the contracting parties exchange information that is confidential. This can be about the projects themselves, but also about technical and content issues. The freelancer is not bound by the confidentiality regulations in the fulfillment of his assignment, which arise from the employment contract in

Read More »
Freelancer Contract

Freelancer Contract – The Ultimate Guide to Contract Creation

Especially in the IT sector, but also in other project fields with creative demands, employees are not always employed on a salaried basis. For project-related work, the freelancer contract is the best option. On its basis, you are dealing with a contract for work or services, but you are not working as an employee. Especially

Read More »
Internal and External Recruiting

Internal and External Recruiting Methods – Direct Comparison

The shortage of skilled workers and labor has made recruiting a critical process for success for all companies. Both internal and external recruitment serve as instruments for filling the company’s own vacancies. However, there are specific advantages and disadvantages to be considered for both options. These ensure that not all tools of both external and

Read More »
Job Interview

Crush any Job Interview: Top 9 Questions with Foolproof Answers

The new employer was already able to get an idea of your professional skills in your application. At the interview, they want to get to know you better and find out whether you fit the advertised position, the team and the company itself. Various questioning techniques are used in job interviews. HR managers use different

Read More »

IT Experts Are Highly-Demanded.
Future-Proof Your Team.