Securing embedded finance platforms

Chris Caruana at Feedzai explores the problems of keeping embedded finance platforms secure and suggests three key steps for protecting them

 

In today’s hyper-connected economy and mass digitalisation of procedures, consumers tend to have one expectation from online businesses: convenience.

 

One way that some businesses are achieving this is by using embedded finance platforms, which are vital in delivering the type of convenience that consumers expect by making financial interactions possible from any platform.   

  

Embedded finance solutions give non-banking platforms and organisations the ability to offer financial services from their applications. While this does come with major benefits for the providers, the financial partners who support them and their consumers, it also creates certain challenges, particularly with regards to security.

 

With the increased adoption of embedded finance platforms, organisations must ensure they are fully aware of the risks and consequences of lack-lustre security practices.   

  

What are embedded finance solutions?  

Embedded finance solutions are a type of technology that offer organisations the opportunity to integrate financial services and payments into their own key infrastructure.

 

In this way, they can streamline their business processes and provide the most convenient and efficient experience to their customers, by enabling them to make payments, access their financial accounts or user other services (such as loans and insurance) without having to visit another website or third-party provider.

 

They should, however, not be mistaken with banking as a service (BaaS) solutions. They deliver back-end services through application programming interfaces (APIs), and can support a platform’s embedded finance solutions, such as Uber and Lyft or DoorDash and Delivery Hero. These types of apps allow consumers to order a fast ride home or get their dinner delivered to their door.

 

Embedded finance solutions enable users to pay for their transactions in-app, removing the need for cash exchanges or entering credit card numbers digit by digit.   

  

What’s behind the embedded finance push?  

With the increased adoption of embedded finance solutions, the market is on track to reach $7 trillion by 2031, which is being driven by three different factors:  

• Social expectations are shifting: More and more, consumers expect to be able to make payments from one single platform, whether logging into banking applications or shopping online. The easier the payment experience, the better.  
• New revenue streams: By enabling payments through APIs, businesses are encouraged to invest more into embedded finance services, which allow them to accept new payment options, including credit cards, debit cards and even buy-now-pay-later schemes (BNPL). As a result, they create new revenue sources without needing to act as the financial services provider.  
• Rising trust in embedded finance services:  With ease of payment and positive user experience, consumers are more likely to trust platforms and services, particularly if they are able to pay on the same platform. The more these are used, the more likely users are to trust these platforms with their personal information, creating an increased risk for financial fraud and cyber-criminal activity.    

Challenges of embedded finance platforms  

The unfortunate reality is that fraudsters and cyber criminals will continue to exploit new financial services wherever possible; especially if they are gaining traction. This is further exacerbated by the fact that these platforms make it incredibly easy to move money around, which opens up the door to scams and illicit activity.

 

In addition, the novelty of these platforms means they often lack the right security or awareness of risk that is necessary for adequate protection. This is because the new ‘players’ will offer financial services on their platform to improve convenience and efficiency for its consumers, without understanding financial crime and how fraudsters operate. As such, they are unaware of how to detect and prevent fraud on their platforms.   

  

If they aren’t careful, they can easily grant bad actors access to their systems, along with the financial institutions that support them, giving them free reign to steal data and money and access personal information.   

  

Keeping embedded finance secure  

As soon as an organisation provides financial services, it must understand the obligations to ensure security and understand all the risks that accompany this decision. Financial institutions that have experience in this should guide embedded finance platforms and teach them how to navigate the associated risks to keep their end-users safe from fraud.   

   

Additionally, there are three steps organisations can take to keeping their embedded finance platforms secure:  

1. Risk assessments: In order to understand how these services are consumed and how the end-users are involved, organisations must perform risk assessments. All risk profiles will vary depending on the party, and as such, a top-to-bottom review of the services can help organisations to identify any vulnerabilities and implements the correct controls to mitigate them.  
2. Controlling risks: Following the risk assessment, embedded finance platforms should implement strong fraud prevention measures that will protect them from exploitation and illicit activity. One way to do so is to consult with banking partners on the best fraud prevention practices and how they can spot suspicious patterns.  
3. Working with partners: In order to improve the process, banks should help embedded finance platforms to understand the risks that they, and financial services are frequently faced with. With the right partner, they can come to terms with the numerous challenges the financial services industry faces and learn how to think strategically about implementing new programmes, identifying new and emerging threats and implementing KYC controls.    

Ultimately, embedded finance providers must accept that convenience is and always will be the top differentiator for their services. That being said, they must also realise that, as a result, they will have the same obligation and responsibility as banks.

 

Neglecting security will only put them and their customers at risk, and while delivering convenience with these new financial services, they must remember to only deliver them in a way that keeps their assets and customers safe from illicit transactions and cyber criminal activity.  

 

---

 

Chris Caruana is Global SME Team and Product Strategy Head at Feedzai 

 

Main image courtesy of iStockPhoto.com