|  Updated: 

A third of UK fintechs put customers data at risk of cyber attack

By:

City Reporter

Four in ten fintechs were found to be giving cyber attack hackers a “powerful headstart” by revealing software details on their web servers.

UK fintechs are putting thousands of customers in jeopardy by leaving themselves vulnerable to a cyber attack, shocking new research reveals.

Nearly 800 firms’ digital presence was analysed by the ethical hacking platform Ethiack as it scrutinised their cybersecurity. 

Four in ten fintechs were found to be giving hackers a “powerful headstart” by revealing software details on their web servers.

Jorge Monteiro, chief executive and co-founder of Ethiack, said: “While revealing the type and version of the software your server runs doesn’t give cyberthieves the key to your house, it is tantamount to telling them the make and model of your lock.”

Nearly a fifth of platforms were found to be using expired or invalid SSL certificates, which serve as a digital padlock for a website by keeping sensitive information secure.

Monteiro said: “This oversight, which customers can spot as it requires them to acknowledge a browser security warning before accessing the fintech’s website, exposes users to the risk of eavesdropping or interception while logged on.”

The research also revealed an industry-wide reliance on servers provided by Cloudfare, Nginx or Apache – with over 50 per cent of fintechs building their digital infrastructure on the platforms. 

“Were a vulnerability to emerge among any of these providers, hundreds of fintechs – and thousands of customers – could be placed at risk,” Monteiro said.

Fintechs to expand workforce to combat cyber threats

City AM reported earlier this month that fintech firms had embarked on a hiring spree in response to the recent string of cyberattacks on retailers.

Marks and Spencer suffered a near-£700m cyber attack last month, leading to a halt in contactless payments, click and collect purchases and forcing it to stop taking orders through its website and app. 

Earlier this week, Adidas was hit with a data breach that exposed the personal data of customers who contacted its help desk.

The boss of HSBC UK sounded the alarm of digital attacks last week after telling the Treasury Committee he was kept “awake at night” by the lingering threat. 

“Cyber security is at the top of the agenda and it does worry me because you can be attacked and we are being attacked all the time,” Ian Stuart told MPs.

The ramping up of cyber threats is expected to balloon the fintech industry’s workforce by 32 per cent in 2025.

“Cybersecurity is no less vital for fintechs who handle sensitive financial data that thieves seek to exploit. Fintechs large and small face similar risks and must remain vigilant,” Monteiro warned.

Subscribe

Subscribe to the City AM newsletter to have our top stories delivered directly to your inbox.

Subscribe
By signing up to our newsletters you agree to the Terms and Conditions and Privacy Policy.