Blog General

Fintech Data Privacy Best Practices

Shivkumar M Shivkumar M has over 20 years of experience shaping technology product and GTM strategy. With B2B SaaS expertise across industries, he leads product launches, adoption, and GTM as Director of Product Marketing.
Fintech Data Privacy Best Practices

While the pandemic has driven a 72% rise in fintech app usage*, it hasn’t been a perfectly uphill rise. 
According to research from PYMNTS.com and Entersekt, 30% of US consumers still do not trust data security when using their mobile banking apps.
Earlier, a Nerdwallet survey from January 2020 already found that 21% of US adults do not use mobile payment apps with 42% of that group saying it’s because they don’t trust fintech app security.*
Getting a customer to place their private data — and their money — in your fintech app requires an incredible amount of trust on their part. For the convenience of being able to use your service, they hand over personally identifiable information such as payment information, financial history, bank account login details, Social Security numbers, and much more. In short, customers hand over the keys to their accounts.
In return, your company will know what the customer spends on or invests in, how much they save or consume, how often they get paid, and any number of variables depending on what type of fintech service your app provides. And depending on what software or SDKs are used in your app, that could mean customer data is shared with third-party services in order to score, rate, or rank customers in anything from loan applications to job interviews. 

Privacy Concerns: Phishing, Scams, Data Breaches 

There are a ton of horror stories out there, whether you’re looking for them or not. Everything from friends’ personal anecdotes about hacked accounts to news stories about the latest data breaches — whether these are fintech apps or other online services that handle a ton of customer data. 
There was already acute awareness of data privacy issues back in 2018, where a consumer research study found that 99% of users were “at least somewhat concerned” about data privacy.* And the attempts at grabbing that data are staggering.

  • Phishing is a huge concern, with scammers sending emails that lead unaware app users toward password reset pages that are ready to steal login information. In fact, 74% of organizations in the United States have experienced a successful phishing attack.
  • Scams are everywhere. In 2020, a wave of scammers preyed on US consumers who were expecting the release of their economic stimulus checks, using everything from emails to social media to coax private information from users.
  • And then of course, it seems like major data breaches are now a dime a dozen. Just this April 2021, the insurance provider GEICO filed a data breach notice that it had been hacked and driver’s license numbers were collected.* At the same time it was discovered that an unsecured Experian API allowed anyone to access the private credit scores of millions of Americans.*

How then is a fintech app supposed to safeguard the data privacy of its users and ensure that none of this information is compromised? 

How to Fix Data Privacy

1. Adhere to Security Best Practices

There are too many best practices to list in a high-level article like this. But those best practices had better include writing secure code, using encryption, using only authorized APIs, exercising caution in the usage of third-party code libraries, only storing crucial information, and forcing the use of complex passwords or 2-Factor Authentication.* The point being: data privacy begins with the first line of code written for an app and extends to how you store and access customer data. 

2. Educate Your Users & Give Them Control 

From a customer-facing standpoint, there has to be an increased effort to educate users and make them aware of how your fintech app works. In short: tell them how your app accesses, collects, stores, uses, and shares their personal and financial data. 
Sure, this is all laid out in your user agreement, privacy policy, terms of service, and security documents. But seriously, who reads those? Busy customers don’t have the time or the desire to do so. You’ll have to be purposeful about teaching them about what you do using slick marketing tactics and omnichannel strategies — content marketing, social media, emails, website, in-app notifications, and whatever other channels your audience uses.

Because for many regular users, financial technology is a mystery. But the fact that they’re using your app means they’re willing to step into your world and use your services, and may want to learn more about it. Use layman’s terms then to teach them about:

  • What they should do to keep their accounts safe and secure
  • What security you have in place to protect customer data
  • What type of data your fintech app collects
  • Whether their data is sold or shared with other companies, and why
  • What a user can do to control the collection of data 

Customers have pretty straightforward expectations when it comes to data privacy. Basically, they want to be able to control access to their information
A 2018 study by The Clearing House shows that 56% of respondents “would like to control which of my financial accounts and data types can be accessed by any third party.” And when presented with choices, 50% of respondents would prefer some sort of permissions dashboard within the application that allows them to control this.

3. Rally for Secure APIs

Within the fintech industry, there is room for better and more widespread usage of secure APIs (application programming interfaces). In simplest terms, instead of a user logging into his bank account in order to permit a fintech app to use it for payment, secure APIs could be set up between the bank and the fintech service allowing a user to control which apps can access their bank account. And therefore, no need to let yet another app know what your username or password combination is. 
But in order for these secure APIs to be created and work seamlessly, you will need a team effort from all involved, which brings us to the last element. 

4. Push for Better Industry Collaboration 

None of this will work without industry stakeholders teaming up to improve both the guidelines and the technical standards that govern the access and storage of consumer data in the financial services vertical. The idea is to build a more secure, more unified experience for the end-user — whether you’re their bank/neobank, insurance app, budgeting app, mobile payment service, stock trading app, or blockchain app.

More Resources

The Experience Optimization Pocket Guide

Discover how to delight users with an experience that satisfies customers… and your bottom line.

Download Ebook Now

Last updated on August 14, 2024