The news: Financial management app Money Lover’s recent data breach highlights financial institutions’ (FIs’) worst nightmare when partnering with third-party vendors.
What’s the risk? Ethical hackers from cybersecurity firm Trustwave—people whose job it is to test firms’ cybersecurity measures—were able to use tools available on all web browsers to easily access Money Lover consumers’ email addresses, digital wallet names, and transaction IDs.
Shady fix: Trustwave employees discovered the sensitive data on November 24. They say they promptly notified Finsify, the company that maintains the Money Lover app. What happened after is worrisome.
Though consumers’ accounts were arguably secure throughout the duration of the leak, the alleged lack of response and lengthy delay in patching the data leak should be a wake-up call for financial institutions partnering with third-party tech providers: They need to make sure they know who they’re doing business with.
Why is this important? As consumers’ financial lives become more digitized, they’re demanding a better customer experience that consolidates all of their financial accounts, products and services in one place. But this opens a can of cybersecurity worms for FIs.
Open banking is progressing due to consumers’ demands, and though regulators are working to implement it safely, it still raises concerns.
What should banks do? Bank-fintech partnerships have been top of mind recently. It’s the cheapest and fastest way for banks to upgrade their tech stack, but the details of the partnership must be iron-clad.
This article originally appeared in Insider Intelligence’s Banking Innovation Briefing—a daily recap of top stories reshaping the banking industry. Subscribe to have more hard-hitting takeaways delivered to your inbox daily.