Neo-banks or digital banks are online-only fintech platforms that operate solely or via mobile apps, without any physical branches. A neobank primarily positions itself on customer experiences and innovation in product construct.
While they aim at making banking easier and razor-speed fast, they open more attack avenues for the attackers. Their digital channels are an open invitation to money-motivated cyber criminals, and this adds to the concerns of all the stakeholders in the ecosystem.
In Kenya, a number of digital lenders are facing hefty penalties after the data regulator opened investigations following mounting complaints from consumers.
In October, Kenya’s Data Protection Commissioner Immaculate Kassait said that a preliminary audit on the unregulated digital credit providers (DCPs) is underway to ascertain whether the lenders misused creditor’s data to their advantage.
The probe, the agency said, was opened following complaints over digital lenders who have breached the confidentiality of personal information.
“The office of the Data Protection Commission wishes to notify the public that it is conducting preliminary document assessment and audit on 40 Digital Credit Providers whose practices regarding the processing of personal data has been raised to the Data Commissioner as complaints by various members of the public,” said Ms Kassait at the time.
This includes the use of debt collection agents pursuing borrowers either by informing their friends and family or by threatening to tell their employers. The Data Protection Regulations, 2021, which took effect in February 2022, bars sharing of data with third parties without consent and gives individuals the right to be told when their data is being shared and for what purposes.
“As of September 30, 2022, ODPC had received 1030 complaints, the office admitted 555 of these cases including 299 which were on digital lending, representing 54 percent of all cases admitted,” Ms Kassait said.
Branch International Case Study
But as with any new technology, particularly one that deals with precious financial data, there is the question: just how secure is my data?
Branch International recently became the first Fintech to acquire a regulated financial institution following the company’s majority acquisition of a microfinance institution regulated by the Central Bank of Kenya.
With this acquisition, Branch now differentiates itself from other digital lenders as it is able to protect its customer’s precious personal details more securely in addition to offering additional services such as savings accounts and payment features.
These services are all provided within a completely virtual environment, and the fintech doesn’t have to spend money maintaining a physical presence. Building and maintaining brick-and-mortar branches isn’t cheap. So Neobanks like Branch try to disrupt traditional institutions by passing on those savings to your account with lower fees and higher interest rates.
Branch International also offers loans to first-time borrowers and customers without bank accounts in Africa by assessing users’ creditworthiness using smartphone data. After a potential borrower downloads the app and verifies their identity, Branch’s machine learning algorithms determine their creditworthiness and can grant loan approval within minutes. Of course, this quick and easy process comes with a price: data. The branch uses smartphone data like text messages, call logs, contacts, and GPS alongside a borrower’s loan repayment history to make its determinations.
Compliance with Regulations Since Its Now A bank
Unlike other unregulated rogue players, Branch never shares customer information with third parties unless it is for dedicated business purposes, such as reporting defaulted loans to authorized credit bureaus. The company does not sell customer data or credit profiles.
Since acquiring a regulated financial institution, Branch would have to comply with general regulations, including the Kenya Personal Data Protection Act, a new law that was passed in 2019 and came into effect in 2020.
Compliance is a critical pillar on which the success of fintechs will depend. With neobanks like Branch operating sensitive consumer data, they need to stick to compliance regulations that could be extended as the fintech sector grows.
Conclusion
There will always be some data privacy and security concerns with online banking, as even the tightest of security measures can be breached by some cyber criminals. One major advantage neobanks like Branch have over traditional banking institutions is that they don’t rely on old legacy systems for functionality and security purposes.
While designing their platforms, security is at the forefront, with Branch using two-factor authentication for all banking processes and data localisation norms. Data encryption is so defined and strong within Fintech that no one can understand the data other than you and your bank.
