Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Fintech. Show all posts
Technology
AI Data data security Fintech India Technology

India's Fintech Will Focus More on AI & Compliance in 2026


India’s Fintech industry enters the new year 2026 with a new set of goals. The industry focused on rapid expansion through digital payments and aggressive customer acquisition in the beginning, but the sector is now focusing more towards sustainable growth, compliance, and risk management. 

“We're already seeing traditional boundaries blur- payments, lending, embedded finance, and banking capabilities are coming closer together as players look to build more integrated and efficient models. While payments continue to be powerful for driving access and engagement, long-term value will come from combining scale with operational efficiency across the financial stack,” said Ramki Gaddapati, Co-Founder, APAC CEO and Global CTO, Zeta.

India’s fintech industry is preparing to enter 2026 with a new Artificial intelligence (AI) emerging as a critical tool in this transformation, helping firms strengthen fraud detection, streamline regulatory processes, and enhance customer trust.

What does the data suggest?

According to Reserve Bank of India (RBI) data, digital payment volumes crossed 180 billion transactions in FY25, powered largely by the Unified Payments Interface (UPI) and embedded payment systems across commerce, mobility, and lending platforms. 

Yet, regulators and industry leaders are increasingly concerned about operational risks and fraud. The RBI, along with the Bank for International Settlements (BIS), has highlighted vulnerabilities in digital payment ecosystems, urging fintechs to adopt stronger compliance frameworks. A

AI a major focus

Artificial intelligence is set to play a central role in this compliance-first era. Fintech firms are deploying AI to:

Detect and prevent fraudulent transactions in real time  

Automate compliance reporting and monitoring  

Personalize customer experiences while maintaining data security  

Analyze risk patterns across lending and investment platforms  

Moving beyond payments?

The sector is also diversifying beyond payments. Fintechs are moving deeper into credit, wealth management, and banking-related services, areas that demand stricter oversight. It allows firms to capture new revenue streams and broaden their customer base but exposes them to heightened regulatory scrutiny and the need for more robust governance structures.

“The DPDP Act is important because it protects personal data and builds trust. Without compliance, organisations face penalties, data breaches, customer loss, and reputational damage. Following the law improves credibility, strengthens security, and ensures responsible data handling for sustained business growth,” said Neha Abbad, co-founder, CyberSigma Consulting.




Read more »
Theft
Banks Brazil Cyber Fraud Fintech Theft

Hackers Target Brazilian Payments Provider in Attempted $130 Million Theft

 



A concerning cyber incident has shaken Brazil’s financial technology sector after criminals attempted to steal nearly $130 million through the country’s real-time payments network, Pix. The breach was detected on August 29, 2025, when Sinqia S.A., a São Paulo-based financial software company owned by Evertec, noticed unauthorized activity in its systems.


What Happened

According to Evertec’s disclosure to the U.S. Securities and Exchange Commission, attackers gained entry into Sinqia’s Pix environment and tried to initiate unauthorized business-to-business transfers. Pix, operated by the Central Bank of Brazil, is an instant payments platform that has become the country’s most widely used method for digital transfers since its launch in 2020.

The attempted theft targeted two financial institutions connected to Sinqia’s services. Once the suspicious activity was detected, Sinqia suspended all Pix-related transactions and brought in external cybersecurity experts to investigate.


How the Attackers Broke In

Initial findings show that the hackers gained access by using stolen credentials belonging to an IT service provider. By leveraging legitimate login details, they were able to penetrate Sinqia’s Pix environment and attempt large-scale transfers. This method, often referred to as a supply chain or vendor compromise, has become increasingly common in financial cyberattacks because it exploits trusted third-party relationships.

So far, Evertec has found no evidence that the breach extended beyond Sinqia’s Pix systems or that customer data was exposed.


Response and Recovery

As a precaution, the Central Bank of Brazil revoked Sinqia’s access to Pix until it can confirm the environment is secure. This suspension directly affects 24 financial institutions that rely on Sinqia to process instant transfers. The company has stated that some of the stolen funds have already been recovered, though it has not disclosed the amount. Recovery efforts are still underway, and the overall financial and reputational impact remains uncertain.

Evertec acknowledged that the consequences could be “material,” particularly in relation to customer trust and the company’s internal controls. Investigations are ongoing, and Sinqia continues to work with regulators and forensic experts to restore secure access to Pix.


Why This Matters

The case stresses upon the risks facing modern payment systems that operate at high speed and high volume. Pix is widely used in Brazil for everything from personal transfers to business payments, making it an attractive target for cybercriminals. By exploiting vendor credentials, attackers can bypass traditional defenses and reach critical financial infrastructure.

For banks, service providers, and regulators, the incident underscores the importance of constant vigilance, strict vendor oversight, and layered defenses against credential theft. For users, it is a reminder of both the convenience and the risks that come with instant payment systems.

Investigations are still unfolding, and more details are expected in the coming weeks as Evertec and Brazilian authorities work to close the breach and strengthen protections.



Read more »
Security
AI Banking Biometrics Cyber Crime Fintech Fraud identity Payments Scams Security

Account Takeover Fraud Surges as Cybercriminals Outpace Traditional Bank Defenses

 

As financial institutions bolster their fraud prevention systems, scammers are shifting tactics—favoring account takeover (ATO) fraud over traditional scams. Instead of manipulating victims into making transactions themselves, fraudsters are bypassing them entirely, taking control of their digital identities and draining funds directly.

Account takeover fraud involves unauthorized access to an individual's account to conduct fraudulent transactions. This form of cybercrime has seen a sharp uptick in recent years as attackers use increasingly advanced techniques—such as phishing, credential stuffing, and malware—to compromise online banking platforms. Conventional fraud detection tools, which rely on static behavior analysis, often fall short as bad actors now mimic legitimate user actions with alarming accuracy.

According to NICE Actimize's 2025 Fraud Insights U.S. Retail Payments report, the share of account takeover incidents has increased in terms of the total value of fraud attempts between 2023 and 2024. Nevertheless, scams continue to dominate, making up 57% of all attempted fraud transactions.

Global financial institutions witnessed a significant spike in ATO-related incidents in 2024. Veriff's Identity Fraud Report recorded a 13% year-over-year rise in ATO fraud. FinCEN data further supports this trend, revealing that U.S. banks submitted more than 178,000 suspicious activity reports tied to ATO—a 36% increase from the previous year. AARP and Javelin Strategy & Research estimated that ATO fraud was responsible for $15.6 billion in losses in 2024.

Experts emphasize the need to embrace AI-powered behavioral biometrics, which offer real-time identity verification by continuously assessing how users interact with their devices. This shift from single-point login checks to ongoing authentication enables better threat detection while enhancing user experience. These systems adapt to variables such as device type, location, and time of access, supporting the NIST-recommended zero trust framework.

"The most sophisticated measurement approaches now employ AI analytics to establish dynamic baselines for these metrics, enabling continuous ROI assessment as both threats and solutions evolve over time," said Jeremy London, director of engineering for AI and threat analytics at Keeper Security.

Emerging Fraud Patterns
The growth of ATO fraud is part of a larger evolution in cybercrime tactics. Cross-border payments are increasingly targeted. Although international wire transfers declined by 6% in 2024, the dollar value of fraud attempts surged by 40%. Fraudsters are now focusing on high-value, low-volume transactions.

One particularly vulnerable stage is payee onboarding. Research shows that 67% of fraud incidents were linked to just 7% of transactions—those made to newly added payees. This finding suggests that cybercriminals are exploiting the early stages of payment relationships as a critical vulnerability.

Looking ahead, integrating multi-modal behavioral signals with AI-trained models to detect sophisticated threats will be key. This hybrid approach is vital for identifying both human-driven and synthetic fraud attempts in real-time.
Read more »
OpenAI partnership
AI capabilities AI Systems AI technology AI Tool Customer Service Cyber Security Fintech OpenAI OpenAI partnership

Klarna Scales Back AI-Led Customer Service Strategy, Resumes Human Support Hiring

 

Klarna Group Plc, the Sweden-based fintech company, is reassessing its heavy reliance on artificial intelligence (AI) in customer service after admitting the approach led to a decline in service quality. CEO and co-founder Sebastian Siemiatkowski acknowledged that cost-cutting took precedence over customer experience during a company-wide AI push that replaced hundreds of human agents. 

Speaking at Klarna’s Stockholm headquarters, Siemiatkowski conceded, “As cost unfortunately seems to have been a too predominant evaluation factor when organizing this, what you end up having is lower quality.” The company had frozen hiring for over a year to scale its AI capabilities but now plans to recalibrate its customer service model. 

In a strategic shift, Klarna is restarting recruitment for customer support roles — a rare move that reflects the company’s need to restore the quality of human interaction. A new pilot program is underway that allows remote workers — including students and individuals in rural areas — to provide customer service on-demand in an “Uber-like setup.” Currently, two agents are part of the trial. “We also know there are tons of Klarna users that are very passionate about our company and would enjoy working for us,” Siemiatkowski said. 

He stressed the importance of giving customers the option to speak to a human, citing both brand and operational needs. Despite dialing back on AI-led customer support, Klarna is not walking away from AI altogether. The company is continuing to rebuild its tech stack with AI at the core, aiming to improve operational efficiency. It is also developing a digital financial assistant designed to help users secure better interest rates and insurance options. 

Klarna maintains a close relationship with OpenAI, a collaboration that began in 2023. “We wanted to be [OpenAI’s] favorite guinea pig,” Siemiatkowski noted, reinforcing the company’s long-term commitment to leveraging AI. Klarna’s course correction follows a turbulent financial period. After peaking at a $45.6 billion valuation in 2021, the company saw its value drop to $6.7 billion in 2022. It has since rebounded and aims to raise $1 billion via an IPO, targeting a valuation exceeding $15 billion — though IPO plans have been paused due to market volatility. 

The company’s 2024 announcement that AI was handling the workload of 700 human agents disrupted the call center industry, leading to a sharp drop in shares of Teleperformance SE, a major outsourcing firm. While Klarna is resuming hiring, its overall workforce is expected to shrink. “In a year’s time, we’ll probably be down to about 2,500 people from 3,000,” Siemiatkowski said, noting that attrition and further AI improvements will likely drive continued headcount reductions.
Read more »
Security Incident
Data Breach Data Leak Financial Data Fintech Security Incident

Fintech Giant Finastra Breach Exposed Private Data, Company Notifies Victims

 

The financial technology behemoth Finastra is alerting victims of a data breach after unidentified hackers initially gained access to its networks in October 2024 and took their personal data. More than 8,100 financial institutions in 130 countries, including 45 of the top 50 banks in the world, rely on London-based Finastra to supply financial services software applications.

The security incident was discovered on November 7 after Finastra detected malicious activity on some of its systems, as the business warned in breach notification letters given to those impacted by the breach. 

"Our investigation revealed that an unauthorized third party accessed a Secure File Transfer Platform (SFTP) at various times between October 31, 2024 and November 8, 2024. Findings from the investigation indicate that on October 31, 2024, the unauthorized third party obtained certain files from the SFTP," the fintech giant noted. 

"Finastra has no indication the unauthorized third party further copied, retained, or shared any of the data. We have no reason to suspect your information has or will be misused. As a result, we believe the risk to individuals whose personal data was involved is low.” 

At least 65 people in the state whose financial account information was stolen received breach notification letters from Finastra last week, although the company has not yet disclosed the number of victims or the type of data that was compromised (apart from the names of the victims), according to filings with the Massachusetts Attorney General's office. 

Additionally, the financial services organisation offers those whose information was compromised or stolen in the incident two years of free credit monitoring and identity restoration services through Experian.

The hack is believed to be connected to a (now-deleted) post on the BreachForums online cybercrime community by a threat actor called "abyss0" who claimed to sell 400GB of data allegedly stolen from Finastra's network, despite the fact that Finastra only revealed a very small amount of information in filings with Attorney General offices.

Last year in November, when a local media outlet enquired about the forum post, a Finastra spokesperson declined to confirm or deny ownership of the data, stating that the company experienced a limited-scope security incident and is assessing its impact.

"On November 7, 2024 Finastra's Security Operations Center (SOC) detected suspicious activity related to an internally hosted Secure File Transfer Platform (SFTP) we use to send files to certain customers," Finastra added. 

Finastra was also forced to shut down parts of its systems in March 2020 to combat what Tom Kilroy, the company's Chief Operating Officer at the time, described as a ransomware attack. While the company did not disclose how the attackers got access to its systems, cyber threat intelligence firm Bad Packets discovered that Finastra had many unpatched Pulse Secure VPN and Citrix ADC (NetScaler) servers prior to the attack.
Read more »
tokenization
Banking Biometrics contactless Cyber Security Fintech Fraud mobile wallet Payments Security tokenization

Mastercard to Eliminate 16-Digit Card Numbers by 2030 for Enhanced Security

 

In a strategic move to combat identity theft and fraud, Mastercard has announced plans to remove the traditional 16-digit card number from credit and debit cards by 2030. Instead, the company will implement tokenization and biometric authentication to enhance security.

Mastercard has been integrating biometric authentication into its payment ecosystem since 2022, allowing transactions to be completed with a smile or a hand wave. Now, the next phase involves replacing card numbers with tokens, which transform the 16-digit identifier into a unique digital code stored on devices. This ensures that card details are never exposed during online or contactless transactions.

The initial rollout of these numberless cards will be in collaboration with AMP Bank, with additional financial institutions expected to adopt the technology in the coming year.

Receiving a suspicious transaction alert from the bank can be alarming, and for good reason—payment fraud has been on the rise. In Australia, fraudulent card transactions amounted to A$868 million in 2023-24, up from A$677.5 million the previous year.

Data breaches continue to expose sensitive financial information, with major incidents involving Marriott, Starwood Hotels, and Ticketmaster affecting hundreds of millions of customers worldwide. In Australia, card-not-present fraud—where transactions occur without the physical card—accounts for 92% of all card fraud, increasing by 29% in the last financial year.

Although the Card Verification Value (CVV) was introduced to verify physical card possession, its effectiveness has diminished over time.

By removing the card number, Mastercard aims to reduce unauthorized transactions and minimize risks associated with data breaches. Without stored payment details, compromised databases will no longer expose customers’ financial information.

This move aligns with broader industry concerns about data storage and privacy, highlighted by incidents such as the 2022 Optus data breach, which leaked historical customer data. Eliminating stored card details prevents future attacks from leveraging outdated information.

Challenges in Adopting the New System

While digital banking users may find the transition seamless, concerns arise regarding accessibility. Elderly consumers and individuals with disabilities who rely on traditional banking methods might struggle with the shift to mobile authentication.

Additionally, shifting security reliance from physical cards to mobile devices introduces new risks. SIM swapping and impersonation scams already enable criminals to take over victims' phone accounts, and these tactics could escalate as digital payment systems evolve.

Biometric authentication presents another challenge—unlike credit card details, biometric data is immutable. If compromised, it cannot be changed, increasing the stakes of potential identity theft. Previous breaches, such as the BioStar 2 security lapse and Australia’s Outabox facial recognition exposure, highlight the risks of biometric data leaks.

As contactless payments continue to grow, physical cards may soon become unnecessary. In 2023, mobile wallet transactions in Australia surged 58%, reaching $146.9 billion. By October 2024, nearly 44% of transactions were conducted via mobile devices.

Retail innovations like Amazon’s Just Walk Out technology are accelerating this trend. Currently deployed across 70 Amazon-owned stores and 85 third-party locations, the system uses AI-powered cameras and weight sensors to enable checkout-free shopping. Companies like Trigo, Cognizant, and Grabango are also developing similar smart retail solutions, with trials underway in major supermarket chains like Tesco and ALDI.

However, even in frictionless shopping experiences, consumers must initially enter card details into payment apps. To eliminate the need for cards and numbers entirely, biometric payments—such as facial recognition transactions—are gaining traction as the next frontier in secure digital commerce.
Read more »
Transactions
Cyber Fraud Digital Payment Financial Fraud Fintech RBI Transactions

Fintechs Encouraged to Join National Cyber Fraud Reporting System


The Fintech Association of India (FACE) has urged its members to register on the Citizen Financial Cyber Fraud Reporting and Management System (CFCFRMS). This platform, part of the broader National Cybercrime Reporting Portal, facilitates the reporting and management of financial cyber frauds. By joining, fintech companies can better handle customer complaints and collaborate with law enforcement to prevent fraud.

This initiative by FACE is noteworthy, especially as it seeks approval to become a self-regulatory organisation (SRO) for fintech lenders. The Reserve Bank of India (RBI) is expected to announce its decision soon, with FACE and the Digital Lenders’ Association of India both in the running to be recognised as an SRO. The establishment of an SRO will likely lead to more stringent industry oversight, promoting higher standards of operation and better consumer protection within the fintech sector.

The push for fintechs to join the CFCFRMS comes at a critical time. As digital transactions grow more common, the opportunities for cyber fraud have increased. The convergence of various financial entities— such as banks, non-banking financial companies, insurance providers, and payment services—has created more potential points of vulnerability. The CFCFRMS is designed to coordinate the efforts of all stakeholders, enabling action to block fraudulent transactions before they can be completed.

RBI’s New Platform to Combat Payment Frauds

In a parallel effort to bolster cybersecurity, the RBI is developing the Digital Payments Intelligence Platform (DPIP). This platform aims to use cutting-edge technology to detect and prevent payment fraud. A committee led by A P Hota, former CEO of the National Payments Corporation of India, is currently formulating recommendations for the DPIP, which is expected to upgrade the ability to share real-time data across the payment ecosystem. This initiative is especially important in addressing frauds where victims are tricked into making payments or divulging sensitive information.

Alarming Increase in Cyber Fraud Losses

The importance of these measures is empathised by recent statistics from the Ministry of Finance. Financial losses due to cyber fraud have more than doubled in the last fiscal year, rising to Rs 177.05 crore in FY24 from Rs 69.68 crore in FY23. This sharp increase underlines the growing threat posed by cybercriminals and the need for more robust security measures.

Public Awareness and Digital Payment Safety

While the rise in cyber fraud is concerning, a survey by the RBI offers some reassurance. According to the survey, 94.5% of digital payment users have not experienced fraud. However, the risk remains, especially in semi-urban areas, where fraud attempts are slightly more common than in metropolitan regions. The most prevalent form of fraud is vishing, or voice phishing, where criminals trick individuals into revealing sensitive information over the phone. Other common tactics include phishing emails, misuse of payment requests, and remote access scams.

As digital payments become increasingly integrated into everyday life, ensuring their safety is crucial. Initiatives like CFCFRMS and DPIP are essential in building a secure and trustworthy digital financial environment. By building up on fraud prevention measures, these platforms can help maintain public confidence and encourage wider adoption of digital payment systems.


Read more »
Fintech Frenzy
Cyber Victim Cyberattacks CyberCrime Data Breach Evolve Breach Fintech Fintech Frenzy

Fintech Frenzy as Affirm and Others Emerge as Victims in Evolve Breach

 


The recent attack on one of the largest financial services providers has led to a problem for many companies that work with the provider, two of which have already alluded to possible negative implications for customer data due to the attack. There has been a strong rumour that the LockBit group successfully hacked the US Federal Reserve earlier last week, which has caused the group to receive some undue attention. A breach had also occurred at the far lesser Evolve Bank & Trust, a far less serious breach. Memphis-based Evolve has released a statement regarding the incident. 

According to the statement, the attack was triggered by an Evolve employee clicking on a malicious phishing link sent to him in late May. Even though the attackers did not access most of the cash that customers had in their accounts, the hackers had access to and downloaded their personal information from databases and a file share. Furthermore, the company encrypted some of its data, but since backups were made, the company had to deal with limited loss of data and impact on its operations. Several days ago, the Federal Reserve Board announced that it would enforce the anti-money laundering, risk management, and consumer compliance programs of Evolve Bank & Trust. It accused the company of deficiencies in these areas, as well as other areas. 

In a statement the Federal Reserve published in February 2023, the Fed noted that examinations conducted in 2023 found that Evolve had a risk-management program and controls that were not adequate to comply with anti-money laundering laws and consumer protection laws. According to Stephen Gates, principal security SME for Horizon3.AI, the biggest decision any organization needs to make once they have experienced a breach is what to do about what they are going to do next once the smoke begins to clear. 

A regulated bank, Evolve Bank & Trust, provided USD account details, between 2020 and 2023 as part of the contract with the bank. Recently, Wise has been the victim of a data breach involving the personal information of perhaps some of the company's customers. Wise customers need identifying information for Evolve Bank & Trust to provide USD account details. Information that the company shared with Evolve Bank & Trust to provide USD account details, such as names, addresses, dates of birth, contact info, SSNs or EINs for US customers, or another document number for non-US customers. Neither Evolve nor the company has confirmed what data was affected. 

The LockBit ransomware group recently attacked Evolve Bank, an Arkansas-based financial institution. The attack resulted in data leaks on the Dark Web. After claiming to have hacked the US Fed earlier this week, LockBit got a lot of attention. When LockBit posted a threat to release "33 terabytes of juicy banking information containing Americans' banking secrets" if a ransom was not paid, it released some of the stolen data. At the end of the month, LockBit was kicked out of Evolve's system. 

As soon as the victim wouldn't pay the ransom, the group leaked the information. It's also a payments processor, and it offers business-to-business (B2B) banking-as-a-service (BaaS) and business-to-consumer (B2C) banking-as-a-service. More victims are coming forward of the breach, which has affected more than just its direct customers. The multibillion-dollar London-based fintech company Wise, according to a statement released last week, disclosed its partnership with Evolve Bank & Trust from 2020 to 2023. 

During this period, Wise collaborated with Evolve to "provide USD account details" to its customers. To facilitate this service, Wise shared sensitive customer information with Evolve, including names, addresses, dates of birth, contact details, and identification numbers, such as employer identification numbers and Social Security numbers. Wise indicated that this data "may have been involved" in Evolve's recent security breach. Similarly, the buy now, pay later (BNPL) company Affirm, which utilizes Evolve for the issuance and servicing of its Affirm Cards, reported potential exposure of customer information. 

Although Affirm clarified that customers' cards remained unaffected, the personal data shared with Evolve posed a significant concern. In an 8-K filing with the Securities and Exchange Commission (SEC), Affirm stated, "The full scope, nature, and impact of the incident on the Company and Affirm Card users, including the extent to which there has been unauthorized access to Affirm Card user Personal Information, are not yet known." Evolve's breach has prompted many of its other prominent partners in the financial services industry, including Stripe and Shopify, to investigate the potential impact on their customers' data. The situation remains under scrutiny as these companies assess whether their customers' sensitive information has been compromised.
Read more »
Subscribe to: Comments (Atom)