Government Takes Interest in Cybersecurity as FinTech Gains Steam

As more and more business takes place online, governments and companies are finding themselves with an incredible amount of easily accessible personal information and data on consumers. With high profile data breaches becoming far too common, the recent revelation that Facebook inadvertently provided user data to political strategists has also sparked Congressional concern over just how companies profit from consumer data and the potential political and social consequences such activities create. Financial technology (FinTech) is a growing component of the financial services industry; how government officials react to the growing use and misuse of consumer data could reshape the effectiveness of FinTech in the near future.

The proliferation of the internet and the massive growth of smartphones has opened a window for many tech-savvy companies into the once private world of consumers. Last year, ride-hailing app Uber came under fire for tracking the location of its customers after the ride was completed. The tech company also received significant criticism in 2016 when it was discovered that users were paying higher fares for rides when their phone batteries were almost dead. Such immoral uses of consumer data were met with swift condemnation, and for Uber, repeated scandals caused at least temporary declines in market share.

News recently broke that a political marketing firm acquired personal information for more than 50 million Facebook users to target certain voters and influence their behaviors. The marketing firm, Cambridge Analytica, was able to secure the information by hiring a psychology professor that entered into an agreement with Facebook to study user information. Facebook has been adamant that this was not a “leak” or breach, but rather a simple exercise of data sharing permitted under the agreement all Facebook users accept when creating a profile on the social media site.

Congress moved swiftly to question Facebook founder Mark Zuckerberg and try to understand how a trusted public company could so easily permit the influence and manipulation of American voters. A bipartisan bill was introduced in the Senate earlier this week that would require more transparency in user agreements, particularly by clearly spelling out which types of “individually identifiable” information is collected. The bill would place restrictions on data sharing of this information, which includes the user’s hometown, physical address, telephone number, Social Security number, and other forms of protected information.

The bill stands as a compromise between the dangerous exploitations of personal information and the consumer’s interest in still receiving relevant and targeted content. A new study finds that 80% of consumers are comfortable with companies using consumer data to personalize messages. Of note from the study, only 17% surveyed were comfortable with companies indirectly acquiring personal data for use in personalized messages.

While the ethics of burying exploitive uses of consumer data in user agreements might find transparency from Congress, a number of high profile security breaches have raised alarms as well to situations in which the data sharing was entirely involuntary. Equifax, one of the big three credit bureaus relied upon by million of consumers each year to tabulate credit scores, announced a massive breach last year resulting in the exposing of sensitive information for more than 143 million Americans. In response, Sen. Elizabeth Warren (D- MA) introduced a bill that would penalize companies for harmful breaches and give more authority to the Federal Trade Commission to investigate companies for poor cybersecurity practices.

The Consumer Financial Protection Bureau (CFPB) maintains a large database of consumer complaints. Acting Director Mick Mulvaney is considering closing access to the database for cybersecurity and policy reasons. At a recent speech, Mulvaney told representatives of the banking industry that he was not interested in running a “Yelp for financial services sponsored by the Federal government.” The agency’s efforts to combat an apparent issue with cybersecurity have left experts confused, since the Bureau has not closed the database or instituted any sweeping policy measures to curtail database infiltrations.

The sheer amount of data needed and stored by FinTech companies make them an easy target for exploitation by third parties and cyber attacks. NAFSA members adhere to a number of Best Practices directly related to the usage, storage, and security of user data, including limiting third party access and encrypting storage. Congress’ efforts to bring transparency to user agreements should also contribute to safer data usage and more informed consumers.