Daily, all money transactions, by individuals and corporate bodies, are carried out via some financial service providers, traditional among them being the commercial banks, insurance companies, mortgage banks/companies etc. But in the last decade, this has begun to take a rather different curve; due to the fast growth and disruptive development of the internet and information technology. Thanks to technological advances of the internet, mobile technologies, data analytics and artificial intelligence; financial services and products are now being offered by not just the banks and other traditional providers, but by a new sector known as FinTech. Fintech companies are beginning to take over bigger chunks of the total financial service market share; using mobile and internet powered products and services.
Despite this disruptive growth of the FinTech industry, a huge concern is beginning to arise. Can FinTechs ensure or guarantee the privacy of their customers’ data?
What is FinTech? A quick overview
According to Wikipedia, “FinTech (a portmanteau of Financial Technology) is the new technology and innovation that aims to compete with traditional financial methods in the delivery of financial services. The use of smartphones for mobile banking and investment services are examples of technologies aiming to make financial services more accessible to the general public. Financial technology companies consist of both startups and established financial and technology companies trying to replace or enhance the usage of financial services of existing financial companies.”
The sphere of FinTech includes companies of all kinds that may operate in personal financial management, insurance, payments and basic transactions, assets management, etc.
Unlike the traditional financial service providers, FinTech companies build financial technologies using mobile and internet powered products to deliver financial services to both individuals and businesses. Notable in the industry is PayPal, which is regarded as the giant of the FinTech industry. Fintech companies bring financial services to a lot of customers who were not previously exposed to such services.
Collection of “alternative data” raises security and privacy concerns
FinTech companies collect a lot of data on their customers. They retain, store and analyze these information for marketing, sales, financial decision making; such as credit scoring and analyzing the credit worthiness of customers. The data collected include names, addresses, date of birth, telephone numbers, routing numbers, password, PINs, bank account details, social security details, etc. Besides this basic data, Fintechs are also collecting financial records and history, like rent, debt payments, employment and salary information etc. These are very sensitive and personal information of their customers.
Recently, Fintech companies are beginning to use what is known as alternative data to obtain unconventional information on their customers. This alternative data includes other sensitive and highly personal information such as customers online spending behavior, social network behavioral pattern (e.g. the kind of interaction they have, how they respond to certain issues online and what they post), the way they use the internet, and their psychological profiles, etc.
For example, some FinTech companies are beginning to collect and analyze the psychological pattern of their customers response to filling online forms, monitoring their Facebook and Twitter engagements, to make financial decisions such as loan or credit worthiness.
While this alternative data can serve well as a source of information for credit scoring for customers who do not have conventional credit history, this kind of aggressive and extensive data collection and use introduces or presents a lot of security and privacy concerns. How is this information being secured, and to what extent is the privacy of customers ensured? Do customers know that their digital footprints are being harvested for data, do they know what this information are being used for, was their consent explicitly and comprehensively sought for, were they told what extent these data will be used, are customers constantly and precisely educated on privacy terms and can they withdraw consent at any time they want?
FinTechs will have to handle these pertinent privacy issues to ensure the credibility of their system and to avoid regulatory prosecutions or sanctions.
FinTech must prove commitment to data privacy and cybersecurity
With the growth of FinTech technology, there is also the need to increase the security of the system. The financial value of the information which FinTech companies hold makes them viable targets for cyberattacks and especially since hackers and cybercriminals are likely to find it easier to break into a FinTech compared to a bank.
Being innovative and disruptive is no longer enough to entice new customers and retain old ones. FinTechs must step up and prove to customers that they take cybersecurity seriously and have put in place adequate measures to secure their customers’ data and transactions, in a manner equivalent to or even stronger than traditional financial institutions.
To demonstrate their commitment to data privacy, Fintech companies must incorporate proper privacy terms and provisions into their products and ensure that this is not just for show. While users are used to checking a box to consent to data usage for marketing, sales or other purposes, it’s no secret that most times these information usage agreements are vague and ambiguous. Customers do not know for certain what consent they have given for these companies to collect and use their data. They do not know to what extent the data are collected, to whom it is to be sold (third parties) and there are no clear provisions for withdrawal of consent by customers.
FinTechs have a lot of adjustments to make, given customers’ increased awareness of data privacy. To rely on customers’ consent, FinTechs will need to demonstrate and prove that consent was freely and knowledgeably given, specific and unambiguous. Privacy notices will have to be made more comprehensive and detailed; informing customers on what data about them is to be accessed and obtained from the internet (e.g. social media, online spending behavior, etc.) and a precise breakdown on how the collected information will be used. These provisions must be incorporated into the product purchase or signup procedure to ensure they can lawfully use customers data for purposes well known to the customers.
