PROBLEM STATEMENT

IDEAL:

The development of Fintech solutions is on the rise, providing innovative solutions to financial services customers in a way not hitherto possible by the incumbent. Users access these solutions through their mobile phones. However, the rise in fintech comes with a secondary risk of cybersecurity, leading to loss of funds by users in some instances and affecting trusts in fintech. To address the problem of cybersecurity in fintech, strong technical countermeasures have been deployed. Unfortunately, the usability of security mechanism by the users leads to some human element concerns. To address this, some usable security heuristic have been developed. This hackathon seeks to apply these heuristics in the design of Fintech solutions to reduce cybersecurity concerns in Fintech associated with the human element.

REALITY:

Globally, over 1.7b people do not have access to financial services. With a penetration of rate of 5.2b of which 4.2b have internet access and 68% are smart phones, the mobile phone is the realistic opportunity of providing financial services to the unbanked. In recognition of that, financial services providers have developed Mobile Financial Services solution to reach this segment or to provide an alternative channel for its existing customers. However, adoption has been slow due to cybersecurity concerns.

CONSEQUENCES:

• New users remain at the risks of cybercrime
• Adoption of Fintech amongst the unbanked is hindered by lack of trust due to cybercrime
• Strong technical countermeasures have not eliminated these concerns
• Usable security concerns lead to cybersecurity breaches in Fintech

PROPOSAL:

To address this problem, experts have developed and validated 12 heuristics. These heuristics when applied during the design of Fintech solutions will improve cybersecurity in Fintech through improving the usability of security controls of the solution. These heuristics include:

1. Integrity: What usable secure controls should be put in place against unauthorized modification of transaction data, data protection, and privacy?
2. Proportionality: Not all users have the same knowledge level of the use of Fintech, time to execute a transaction, cognitive ability and not all transaction types have the same level of sensitivity. What usable security controls should be designed into a solution to chatter for proportionality?
3. Transparency: How do we ensure security controls and practises are comprehensible, verifiable and accessible to the user?
4. Empowerment: How can users be enabled to express their system's security needs in the most efficient way? For example, customizing security preferences and reversing certain security choices
5. Identity: How do we ensure users can be uniquely identified and verified with a high level of assurance throughout a transaction life cycle?
6. Reliability: What measures should be put in place to keep users informed of the status of their transactions throughout the life cycle of that transaction and not leave users guessing?
7. User Support: How can users be enabled to be effective in using the system without adding additional cognitive workload on them?
8. Accessibility: Ensure the system and security control do not discriminate against any user. For instance, how do we make security controls suitable for the visually impaired user?
9. Authenticity: What controls can be put in place to help users differential rogue applications from real ones? And how does a user know from glancing at an app that it is secure just as it is currently possible on websites by SSL lock?
10. Compliance: What controls can be put in place to provide the assurance that the security controls in a system complies with extant policies, guidelines?
11. Alignment: How can a system ensure security mechanisms aligns with the usual flow of user activities, mental model and cognitive ability?
12. Freedom: How can we ensure security mechanisms guarantee a certain degree of freedom to the user

PROBLEM STATEMENT

IDEAL:

The development of Fintech solutions is on the rise, providing innovative solutions to financial services customers in a way not hitherto possible by the incumbent. Users access these solutions through their mobile phones. However, the rise in fintech comes with a secondary risk of cybersecurity, leading to loss of funds by users in some instances and affecting trusts in fintech. To address the problem of cybersecurity in fintech, strong technical countermeasures have been deployed. Unfortunately, the usability of security mechanism by the users leads to some human element concerns. To address this, some usable security heuristic have been developed. This hackathon seeks to apply these heuristics in the design of Fintech solutions to reduce cybersecurity concerns in Fintech associated with the human element.

REALITY:

Globally, over 1.7b people do not have access to financial services. With a penetration of rate of 5.2b of which 4.2b have internet access and 68% are smart phones, the mobile phone is the realistic opportunity of providing financial services to the unbanked. In recognition of that, financial services providers have developed Mobile Financial Services solution to reach this segment or to provide an alternative channel for its existing customers. However, adoption has been slow due to cybersecurity concerns.

CONSEQUENCES:

• New users remain at the risks of cybercrime
• Adoption of Fintech amongst the unbanked is hindered by lack of trust due to cybercrime
• Strong technical countermeasures have not eliminated these concerns
• Usable security concerns lead to cybersecurity breaches in Fintech

PROPOSAL:

To address this problem, experts have developed and validated 12 heuristics. These heuristics when applied during the design of Fintech solutions will improve cybersecurity in Fintech through improving the usability of security controls of the solution. These heuristics include:

1. Integrity: What usable secure controls should be put in place against unauthorized modification of transaction data, data protection, and privacy?
2. Proportionality: Not all users have the same knowledge level of the use of Fintech, time to execute a transaction, cognitive ability and not all transaction types have the same level of sensitivity. What usable security controls should be designed into a solution to chatter for proportionality?
3. Transparency: How do we ensure security controls and practises are comprehensible, verifiable and accessible to the user?
4. Empowerment: How can users be enabled to express their system's security needs in the most efficient way? For example, customizing security preferences and reversing certain security choices
5. Identity: How do we ensure users can be uniquely identified and verified with a high level of assurance throughout a transaction life cycle?
6. Reliability: What measures should be put in place to keep users informed of the status of their transactions throughout the life cycle of that transaction and not leave users guessing?
7. User Support: How can users be enabled to be effective in using the system without adding additional cognitive workload on them?
8. Accessibility: Ensure the system and security control do not discriminate against any user. For instance, how do we make security controls suitable for the visually impaired user?
9. Authenticity: What controls can be put in place to help users differential rogue applications from real ones? And how does a user know from glancing at an app that it is secure just as it is currently possible on websites by SSL lock?
10. Compliance: What controls can be put in place to provide the assurance that the security controls in a system complies with extant policies, guidelines?
11. Alignment: How can a system ensure security mechanisms aligns with the usual flow of user activities, mental model and cognitive ability?
12. Freedom: How can we ensure security mechanisms guarantee a certain degree of freedom to the user