/security

News and resources on cyber and physical threats to banks and fintechs worldwide.

[On-Demand Webinar] Navigating the Macro-economy: Opportunities in Multi-currency SettlementFinextra Promoted[On-Demand Webinar] Navigating the Macro-economy: Opportunities in Multi-currency Settlement

Join the Community

Learn, share and discuss the latest banking, payments and fintech innovations with the world’s largest fintech community.

Access unique research, content, and real-time alerts, services – free to registered members.

42,358 Members   23,385 Expert opinions

Join the community Sign in

290Reports  281Webinars

Find out more

/security

Expert opinions

Frank Moreno

Frank Moreno CMO at Entersekt

Trusted devices and silent signals could help FIs improve fraud protection

Financial institutions face a growing challenge in protecting customer assets while maintaining a seamless banking experience. And, as victims of Account Takeover (ATO) fraud continue to grow, the challenge is no longer just about preventing fraud, it's about restoring customer confidence in a digital landscape where trust has become the most valu...

/security /retail Transaction Fraud Systems and Analysis

Erica Andersen

Erica Andersen Marketing at smartR AI

How I Learned to Stop Worrying and Love the Chaos

Or: AI Confessions from the Keynote Stage What a difference a year makes. Last week, I found myself on stage at the AI World Congress, delivering a keynote to a room full of people who, twelve months ago, were probably telling anyone who'd listen that AI was going to solve world hunger, cure cancer, and maybe even fix their corporate expense repo

/ai /security Big Data

Frank Moreno

Frank Moreno CMO at Entersekt

Issuers must take urgent action against fraud as chargebacks escalate

Recent data shows that issuers and merchants are struggling with rising chargeback abuse. With all indicators pointing to the already considerable problem growing by a further 24% by 2028, financial institutions (FIs) must act or risk losing both customers and profits. According to the Mastercard's 2025 State of Chargebacks report, abuse of cha...

/security /retail Banking

John Bertrand

John Bertrand MD at Tec 8 Limited

Gambling prepares Resilient and Secure Cloud Technology for Banks

Banks, Payment Service Providers and regulators are indebted to the Gambling Industry for continuingly improving the resilience and security of Cloud Technology. For example, EU has DORA (Digital Operational Resilience Act) which requires a 4 hour for reporting a major incident but no later than 24 hours. If an online gaming service goes down 10 m...

/security /regulation Banking Strategy, Digital and Transformation

James Richardson

James Richardson Global Head of Solutions at Bottomline

Beyond the Firewall: Rethinking Payment Data Security

In today’s digital economy, protecting sensitive business payment data is no longer just the responsibility of IT or treasury departments — it’s a strategic business imperative. While enterprise systems like ERP and CRM often have strong security protocols, these systems don’t operate in a vacuum. Payment data is frequently copied, stored, and use...

/security /payments

/security

Research

Report

PaaS, cloud and instant payments: Navigating the outsourcing question

Today’s institutions are in some ways faced with far greater challenges than ever before. Be it from the demand for ever-faster services; the pressure of always-on compliance; or the need to remain agile and competitive. Is PaaS the holy grail FIs have been looking for?  Outsourcing payments is an increasingly irresistible proposition for FIs. With end-user demand constantly evolving; real-time requirements on the rise; macro-economic trends becoming ever more unpredictable; and the pressure of regulatory compliance ratcheting up, the provision of proprietary payments has become a thorny pursuit.  Enter the stage: cloud technology. By leveraging modern tools and techniques to build, deploy, run, and manage software in a cloud-computing environment, FIs of all kinds can take advantage of scalability, elasticity, and automation. But the benefits of Payments-as-a-Service (PaaS) can extend beyond these practicalities – serving to revolutionise bank operations, unlock broader efficiencies, and enrich the end-user experience.  Mining this potential, however, obliges institutions to navigate some challenges. First, FIs must understand the potential of cloud-native technology as an engine for modernisation and embrace the cultural shift that is triggered by cuttingedge technologies. It may involve training, testing and concerted integration efforts.  Another key challenge is delegation: which tasks should be handed to third parties, and which should remain in-house? Indeed, when systems evolve, FIs must always keep one eye on compliance. As ever, approach and growth potential are directly impacted by the type and size of the institution in question, so approaches should be tailored.  This Finextra whitepaper, produced in association with FIS, evaluates:  The key considerations when placing client transaction data in the public cloud;  The art of delegation: Determining which tasks to offload;  The role of regulation and compliance; and  A PaaS checklist for finding the right solutions and partnerships.    Register to watch the related Finextra webinar, hosted in association with FIS – PaaS, cloud and instant payments in the spotlight: Overcoming outsourcing challenges

188 downloads

Impact Study

Surviving digital fallout: Operational resilience in 2025 and beyond

Almost every financial institution loses money each year to outages. What does an optimal resilience strategy look like in 2025?  The financial sector is increasingly dependent on technology to deliver its offering. Notwithstanding all the benefits this brings for productivity, reach, and customer satisfaction, its side effect is that the sector is increasingly vulnerable to network and software issues, third-party service slip-ups, cyberattacks, and capacity problems. If not managed correctly, a compromised IT system can spark knock-on disruptions to financial institutions, the firms they trade with, their supply chains, and even the economy-at-large.  To mitigate such risks, the global marketplace has been flooded with regulations aimed at bolstering operational resilience. Most recently, Europe’s answer has been the Digital Operational Resilience Act (DORA) – the deadline for which passed on 17 January 2025. However, these regulations are only guidelines; they mandate a minimum level for compliance, instead of an ideal strategy to holistically handle outages.  In this Finextra impact study, produced in association with Cockroach Labs, we speak with leading firms in the space to understand the best-in-class strategies they have adopted to achieve operational resilience. In the most effective cases, firms go beyond compliance, and exploit regulations as a business opportunity to stimulate productivity, increase competitiveness, and reduce costs. In today’s increasingly digital marketplaces, architectures must be operationally simple and flexible, as well as global and robust.  We explore:  The growing challenge of outages;  Regulation, DORA, and resilience requirements;  What an optimal resilience strategy should look like in 2025 and beyond;  How organisations can future proof their operations while staying agile for future regulatory requirements. 

120 downloads

Impact Study

Why DevSecOps is key to navigating innovation and compliance

Explore how DevSecOps enable organisations to navigate economic uncertainties while treating innovation and compliance as complementary forces rather than competing priorities. A balancing act is underway within the financial services industry. Driven by client demand and fintech competition, institutions are increasingly obliged to innovate, while at the same time, ensure every step forward is secure and compliant. Often, it feels as though these two goals sit on either side of a seesaw – when one goes up, the other must go down. Many such challenges are born from the software delivery process, where countless organisations are struggling to source the expertise and capabilities necessary to deliver secure and compliant applications, at speed.  Much of the conflict stems from fragmented DevSecOps (a software development practice that integrates security throughout the development lifecycle) strategies which are built upon outdated infrastructure. Indeed, many financial institutions (FIs) today operate with disjointed security and development workflows – sometimes patching together between five to 10 separate tools that were implemented incrementally over time. While this approach worked five years ago, better options exist today. A simplified stack is conducive to both innovation and compliance – without either being compromised.  This Finextra impact study, produced in association with GitLab, explores:  How the evolution to a unified software delivery platform can deliver on both innovation and compliance;  reduce the risk of security incidents;  supercharge operational efficiencies;  amplify business agility and scalability;  and even support talent acquisition. 

146 downloads

/security

FinextraTV

Combating Cyber Threats: The role of AI, Partnerships and Education

Joining the FinextraTV studio, Michele Centemero, EVP, Regional Services Lead, Mastercard, outlined the stark position the world is in when it comes to the cybersecurity threat we face. As technology increases, it becomes both the problem and the solution, Centemero discusses what the landscape currently looks like and how education and partnership are key to heading in the right direction.

/security

Long reads

Chris Hayward

Chris Hayward Policy Chairman at City of London Corporation

The UK’s moment to lead digital verification: A roadmap to economic growth and financial security

Following London Tech Week, the spotlight is on the technologies shaping our future, and one of the most important is digital verification. With more of our lives happening online, from banking to healthcare to everyday shopping, the need for secure, reliable ways to prove who we are has never been greater. That’s why digital verification is high ...

Luke Stubbs

Luke Stubbs Partner at Shoosmiths LLP

Mitigating cyber-risks in outsourcing: Contract strategies for compliance and protection

A clear and present danger In recent years, several prominent UK businesses have faced significant technology and cybersecurity challenges and the consequences of data protection breaches. For example, in October 2023, the Financial Conduct Authority (FCA) fined Equifax over £11 million for failing to manage and monitor the security of UK consumer ...

Dominique Dierks

Dominique Dierks Senior Content Manager at Finextra

Ensuring operational resilience in 2025 – why the status quo no longer works

Operational resilience is on all UK payments leaders’ minds. In 2024, 95% of business leaders stated that they’re aware of operational weaknesses which leave them vulnerable, yet 48% said their organisations aren’t doing enough to improve resilience. The European Union (EU)’s Digital Operational Resilience Act (DORA) – having come into effect on 17...