At the core of the rise of embedded finance is the understanding of, and commitment to, creating exceptional user experiences.
In the automotive industry, this has led to brands offering insurance products alongside the purchase of a new vehicle. Customers can effortlessly add the protection necessary for them to drive away immediately, in a way that meets their needs and expectations.
To do this, data has to be shared across more than one platform. The issue of protection rises again - how can their details be kept safe? A breach could have a devastating effect, such as exposing individual customer financial details. Cyber attacks are on the increase and systems that store financial details are a prime target.
Cyber security is therefore of the utmost importance to any fintech organisation - and it’s important to understand whether those responsibilities are being taken seriously. At Wrisk, security is everyone’s business and the robustness of our processes are backed by ongoing commitment to best practice, evidenced by our compliance with some of the industry’s strictest certifications.
Detect and prevent
Prevention is better than cure; an old adage that is highly relevant to the protection of data. Stopping a cyber attack from ever happening through continuously monitoring systems is far preferable than creating a better system after the fact.
Rigorous monitoring should be in place at any credible financial services company, as well as robust firewalls and anti-virus software. This stops attacks before damage is done and is used to analyse our processes, alerting us to the need to change our own practices to meet the ever-sophisticated methods that cyber criminals use head-on. Being proactive in our approach helps keep every customer safe.
Prepared for anything
Even the strongest security systems can be vulnerable to cyber threats that have never been encountered before. To protect against that, a well-drilled incident response plan needs to be in place. Regular staff training ensures that, in the event of the worst happening, every team understands how to stop the threat growing and can support any customers affected in the right way.
ISO certification
27001 lays out an industry-standard method of analysing risks to the business and then focuses on security - both physical and digital.
It starts with a complete independent audit of all potential risks, while a certified organisation must prove their controls are in place to mitigate them appropriately.
Safeguarding data is just one area that ISO 27001 ensures has maximum integrity. Most importantly, it keeps IT security front-of-mind; this is not a one-off process - constant maintenance of practices is an imperative element of maintaining certification.
Regulation
Wrisk is regulated by the Financial Conduct Authority (FCA) the UK’s governing body for the financial services industry, including newer, tech-driven businesses like ours.
The FCA implements some of the toughest laws in the world, to ensure that consumers are protected in all ways - including their data.
Being FCA regulated means we are always scrutinised with regards to our alignment with the law. For example, are we following GDPR or - in the UK - the Data Protection Act, 2018. This law governs the collection, storage and use of personal data with the aim of maintaining transparency around use, and accountability for misuse.
Wrisk’s commitment to GDPR extends beyond a written promise; we are on the Information Commissioner Office (ICO) register, which checks our compliance regularly.
Company-wide training
Security should matter to everyone. At Wrisk we have embedded an Information Security training regime, which is implemented as part of our already robust Continuous Professional Development (CPD) program which focuses heavily on consumer duty, among other FCA guidelines.
It touches everything that we do, mandating certain practices within our development team, regular security penetration tests, and daily scans to ensure our infrastructure aligns to the CIS security benchmarks. If security is not embedded across an organisation then a system becomes vulnerable to attacks at its weak points.