The scrimmage between security and fintechs is building up to be a lesson for all other organizations using sensitive user data. A recent research revealed that 98% of the world’s fintech startups are vulnerable to application and web attacks, despite being well-funded.

According to ImmuniWeb, a security firm, 100% of the fintech startups have issues with privacy, security, and compliance related to the abandoned or forgotten web applications, APIs, and subdomains. Similar types of security risks are even present in banks, with a study indicating 97 out of every 100 largest banks’ vulnerability to web and mobile attacks.

According to KPMG, in 2018, about $ 111.8 billion were invested in fintechs globally, which also attracted many non-productive elements. Fintech organizations are also responsible for the growing menace in data security. The fintech research revealed that 8 main websites and 64 subdomains have at least 1 publicly disclosed and exploitable security vulnerability, which is of medium or high risk.

All the mobile applications tested contained at least 1 security vulnerability of medium risk, and 97% of them had at least 2 medium or high-risk vulnerabilities. About 56% of the mobile apps have misconfigurations or privacy issues related to SSL/TLS configuration and insufficient web server security hardening.  The websites have been no different from vulnerabilities that have cross-site scripting (XSS), sensitive sata exposure, and security misconfiguration.

The recent Capital One data breach that affected more than 100 million individuals in the US and 6 million in Canada is said to have been caused due to firewall misconfiguration.

Ilia Kolochenko, CEO and Founder, ImmuniWeb, asserted that the research is focused on getting new information around the spiraling cybersecurity challenges faced by both dynamic fintech businesses and well-established businesses. 

Data connectivity is what drives fintechs, but a robust configuration and security cover should be implemented at every step to improve the storage environment and connectivity.