Page 51 - CMA Journal (July-August 2025)
P. 51
Focus Section
Table 3: Cybersecurity Risks in Financial Technology
g
Category Description Exammple in Finteech Potential Imppact
t
User-Centric Phishing, social eengineering annd, Fake SMSS scams via JazzzCash Account takeoverrs,
Attacks identity theft targgeting / EasyPaisa; synthetic frauudulent loans, loss
cusstomers’ credeentials and identitiess on BNPL plattforms of trrust
r
personal data
c
Authentication Weak or spoofed biometric Deepfakees bypassing ee-KYC; Unaauthorized acccess,
& Data Risks systtems, poor encryption, and unencryppted CNIC storrage; algoorithmic bias,
s
t
l
data poisoning of AI/ML models manipulaated credit scooring commpliance breacches
inputs
c
Infrastructure Expploits in APIs, ccloud Poorly seecured AWS buuckets Dataa breaches,
Vulnerabilities misconfigurations, and exposingg fintech user ddata repuutational damage,
n
s
i
g
s
unsecured storage systtemic risk
b
n
Operational DDoS attacks, rannsomware, andd Fintech aapp downtimee due to Servvice unavailability,
Disruptions thirrd-party vendoor breaches DDoS; ransomware cripppling financial losses,
d
v
undermining services back-office servers reguulatory penalties
Human & Insiider threats, pooor Employeees leaking datta; Legal liability, liceense
a
b
Regulatorry Gaps cybersecurity awareness, and users shaaring OTPs witth susppension, invesstor
weak compliance culture fraudsterrs; lack of distrust
a
e
penetration testing
Source: Author
Cybersecurity Risk: More Data, time, financial institutions are increasingly adopting
More Exposure emerging technologies, and their dependence on
external service providers, such as cloud operators and
The consequences of a cyberattack on a fintech firm can fintech platforms, further complicates risk management,
be severe, ranging from financial loss to identity theft and as these entities frequently fall beyond the direct
damage to reputation. Worldwide patterns support this purview of financial regulators.
urgency: in 2024, 64% of financial institutions reported
an increase in cyberattacks, and over 70% of market The State Bank of Pakistan, through its first survey—the
leaders anticipate a rise in financial crime risks in 2025 as Systems Risk Survey—reported that risks related to
technological change accelerates. 5,6 cybersecurity are among the ten key risks to the financial
system. Although the legal framework has been
Currently, Pakistan lacks a comprehensive data strengthened through the enactment of the PECA Act
protection system, which creates considerable loopholes (2016), which formulated a legal process for investigation
in the protection of financial data. The pre-existing and prosecution, implementation has been fragmented.
Electronic Transactions Ordinance (2002) and Prevention The National Response Center for Cyber Crime (NR3C),
of Electronic Crimes Act (PECA, 2016) provide limited established under the Federal Investigation Agency (FIA),
action against the misuse of sensitive data. It is this has been mandated to combat technology-related
regulatory vacuum that is especially troubling to fintech crimes at the institutional level. 7
startups, which often conduct business in experimental
sandboxes and rely heavily on third-party
cloud-based infrastructure systems and Figure 1: Consequences of Cyber Attacks in FinTech
open Application Programming Interfaces
(APIs), which have been shown to offer Financial repercussions Reputational damage
attractive points of entry to cybercriminals. 5
The cybersecurity risk in Pakistan's financial
industry has escalated to a systemic Operational disruptions Legal consequences
challenge due to several factors, such as the
ubiquity of digital technology among
institutions and consumers, the
entrenchment of interconnected financial Intellectual property theft Supply chain vulnerabilities
platforms, the intense dependence on data,
and the complexity of cyber-attacks. Over Source: https://www.apriorit.com/dev-blog/cybersecurity-risks-in-fintech-software
ICMA’s Chartered Management Accountant, Jul-Aug 2025 49
