Abstract
Financial technology (FinTech) as part of financial inlcussion changes conventional business models to be information technology minded. The presence of FinTech in the wider community makes it easy for access to financial service products and transactions and payment systems more practically, efficiently, and economically. Unfortunately, as the security risk in transacting increases, cyber security in the financial services industry and FinTech service providers is considered a major target by cybercriminals. This study proposed a security management approach through hybrid blockchain method implemented through flask framework and encryption to protect transaction data. The results are promising. Referring to accuracy, this study successfully reduces data leakage and misuse of personal data and financial data in FinTechs.
TopIntroduction
Financial technology or FinTech is a merger of financial services with technology that changes conventional business models to be based on information technology. FinTech is present in the wider community because of people's lifestyles which are currently dominated by the use of information technology and the demands of a fast-paced life. With FinTech, all problems related to financial product services and buying and selling transactions are made easier because people do not need to look for goods in shopping places and transfer funds at banks or ATMs or in other words, the presence of FinTech in the wider community makes it easy for the public to access financial service products so that transactions, and payment systems can be done more practically, efficiently and economically. The presence of FinTech in the community is caused people's lifestyles which are currently dominated by the use of information technology and the demands of a fast-paced life. Here, the FinTech may lead to adoption and implementation of financial inclusion for stakeholders such as financial services, buying and selling transactions become easier, single click and 24/7 services. From the customer point of view the existence of financial inclusion provides several benefits such as; cheaper services, more choices and lower prices. In other hand, fintech service providers, take advatages through simplifies the transaction chain, reduces capital-operational costs, and protected the information flow. FinTech as a tools of financial inclusion can replace the role of formal financial institutions such as banks. In the case of payment systems, FinTech has a role in providing markets niche for business players as well as being a tool for payment, settlement and clearing. FinTech can help the implementation of more efficient investment services, minimize the risks of conventional payment systems, and help those who need to save, borrow funds and participate in capital. The ease of access to financial product services and buying and selling transactions at FinTech poses a security risk in the case of transactions. Leakage and misuse of personal data and financial data by unauthorized parties is one of the main issues.
Although FinTech is easy access of financial product services, unfortunately the security risk in transacting increases. Cyber security in the FinTech service providers is considered a major target by cybercriminals. Leakage and misuse of personal data and financial data by irresponsible parties, and the lack of public knowledge about the processes that occur within FinTech are the main problems that occur in FinTech technology. Although most ICT (Information and Communication Technology) systems are designed to have a considerable amount of strength in order to sustain and assist organisations in protecting information from security threats, they are not completely immune from the threats. Organisations pay increasing attention to information protection as the impact of information security breaches today have a more tangible effect. Information security contributes to the success of organisations, as it gives a solid foundation to increase both efficiency and productivity. Many Fintech business organisations realise that compliance with the information security will affect their business prospects. Securing information resources from unauthorised access is extremely important. Information security needs to be managed in a proper and systematic manner as information security is quite complex. One of the effective ways to manage information security is to comply with an information security through blockchain approach. G. Zyskind et all., (2015) stated that decentralized platform using the blockchain to change the protocol into an automated access-control manager and did not require trust from third parties. Third parties defined by digital authored monetary financial transaction, such as; visa, mastercard, paypal, WePay. Transactions through this approach acquire pointer data ledger to construct hashing SHA-256 schema. In other hand, Kosba et all., (2016) reveal decentralized smart-contract-system (SMS) that hiding and encryptics financial transactions information through blockchain. However, The SMS emerged from decentralized cryptocurrency that allows parties unrecognized each other to make transactions safely without the involvement of a third party. The new technology on Bitcoin, known as pegged sidechains, which allows bitcoin to be transferred through many blockchain, that gives users access to new and innovative cryptocurrency systems.
Key Terms in this Chapter
Cybercrime or Computer-Oriented Crime: Is a crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Cybercrimes can be defined as: “Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm, or loss, to the victim directly or indirectly, using modern telecommunication networks such as Internet (networks including chat rooms, emails, notice boards and groups) and mobile phones (Bluetooth/SMS/MMS)”. Cybercrime may threaten a person or a nation's security and financial health. Issues surrounding these types of crimes have become high-profile, particularly those regarding hacking, copyright infringement, unwarranted mass-surveillance, sextortion, child pornography, and child grooming.
Cryptography or Cryptology: (From Ancient Greek: ???pt?? AU92: Anchored Object 35 , romanized: kryptós “hidden, secret”; and ???fe?? AU93: Anchored Object 36 graphein, “to write”, or -????a AU94: Anchored Object 37 -logia, “study”, respectively), is the practice and study of techniques for secure communication in the presence of third parties called adversaries. More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages; various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation are central to modern cryptography. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, electrical engineering, communication science, and physics. Applications of cryptography include electronic commerce, chip-based payment cards, digital currencies, computer passwords, and military communications.
Blockchain: Can be defined as a shared ledger system or an established record of data not owned by a single entity and is used to record data transactions across multiple computers. Other than bitcoin which propagated the idea of Blockchain, the factors as to why the technology has gained popularity are that any digital asset or transaction can be inserted as a block of data (e.g. block) which are securely bound to each other using cryptography (e.g. chain), the industry does not matter. The block is made up of data, hash (A cryptographic fixed output through a mathematical algorithm from an input of any length) and previous hash. Every other member of the network is responsible for verifying the data being added to the Blockchain is real. This is done using a system of three keys (private, public, and the receiver's key) that allow members to check the veracity of the data while also confirming whom it comes from.
Encryption: Is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Only authorized parties can decipher a ciphertext back to plaintext and access the original information. Encryption does not itself prevent interference but denies the intelligible content to a would-be interceptor. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. It is possible to decrypt the message without possessing the key, but, for a well-designed encryption scheme, considerable computational resources and skills are required. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients but not to unauthorized users. Historically, various forms of encryption have been used to aid in cryptography. Early encryption techniques were often utilized in military messaging. Since then, new techniques have emerged and become commonplace in all areas of modern computing. Modern encryption schemes utilize the concepts of public-key and symmetric-key. Modern encryption techniques ensure security because modern computers are inefficient at cracking the encryption.