Cyber Threats and Scams in FinTech Organizations: A brief overview of financial fraud cases, future challenges, and recommended solutions in Bangladesh
Md. Jafrin Hossain, Rejuan Haque Rifat, Mahadi H Mugdho, Mohona Jahan, Annajiat Alim Rasel, Muhammad Abdur Rahman
Abstract
The idea of financial systems has changed with the touch of applications based on information technology and came up with a new terminology called ‘FinTech’ (Financial Technology). With the rising technology, Fintech has become a modern phenomenon. Financial organizations deal with highly confidential and sensitive information, including personal and financial data, all of which are the primary target of cybercriminals. Users and other stakeholders are massive in number, and many are not concerned about security, so they often find themselves as victims. The result of the study shows that from the perspective of Bangladesh, most of the attacks on the fintech industry are generated using ransomware and social engineering methods. It also shows that app-based Mobile Financial System (MFS) is the most affected sector in the financial system. The study provides a comprehensive framework, FinSec, which refers to the financial Security Framework to protect from cyber-attacks targeting any financial organization. It covers recommendations for regular end-users and anybody working in the financial sector. It also provides an architecture based on Consortium Blockchain, Hyper-ledger Fabric in a hybrid cloud to ensure a high level of security at the application level. Additionally, the framework proposes newer Three-Way Authentication (3WA) and Gamification to protect end-users. The research emphasizes ensuring a minimum level of training, as even after ensuring everything, massive damage can occur for the simplest mistake of the individuals related to the industry. To protect the financial system, from end-users to employees and user applications to the whole infrastructure, everything, and everyone should be secured. The framework hence recommends three subunits – Action, Knowledge, and Simulation Unit. These subunits protect the respective sector and, finally, end up protecting the fintech organizations.