Stay Ahead of Attackers, Maintain Good Cyber Hygiene: How To Strengthen Cybersecurity In Financial Services


23 March 2023

Experts from Akamai Technologies and Security Bank Philippines discussed the latest trends and threats in the financial services sector today.

Cyber attacks in the financial services sector are getting more sophisticated by the day, amidst the rising number of customers who are adopting the usage of digital banking platforms. Financial services institutions will continue to drive forward their agenda of digitalization but they also continue to be the biggest targets of cyber attacks like phishing, fraud and attacks targeting APIs.

In line with the cybersecurity concerns they face, it can go a long way for companies to discuss best practices that can help address these cyber threats.

Asian Banking and Finance, during its March 9 webinar “Cyber Leaders Dialogue for Financial Services” with Akamai Technologies, tackled how the financial services industry has become a primary target of cyber threats. The webinar featured Akamai’s Security Technology & Strategy Director Reuben Koh and Security Bank Philippines’ Chief Information Security Officer Albert Dela Cruz.

During the event, Akamai’s Koh shared findings from the company’s latest research on cyber trends and the major types of attacks impacting the financial services sector. Amongst its key takeaways, the Akamai research shows that investments in digital technologies have risen across the region and are now central to financial services. This is whilst customer expectations when transacting with such services also continue to increase. In addition to this, financial institutions continue to grapple with challenges around regulatory compliance, protecting customer privacy, and keeping data secure.

Security Bank’s Dela Cruz emphasised the importance of these kinds of research in creating more protected financial institutions, as such studies provide guidance to assess the best technology and security systems to implement as well as optimise a firm’s spending. He also stressed that telecommunications companies and governments have to be involved in measures that prevent cyber threats.

Today, financial institutions are primarily concerned with the following threats: ransomware, phishing, and attacks targeting web applications and APIs. In fact, finance has become a “benchmark” for cyber attackers because “if it works in finance, it’s going to work everywhere else,” Koh explained.

Expanding Visibility To Cybersecurity Threats

Given the prevalence of cyber attacks, financial services organizations need to constantly stay on top of all the evolving trends in cybersecurity to always be prepared if such instances arise. Koh noted that there are several ways to do this, including working with capable and specialized security providers who can offer actionable insights. “[They must give] data that you can consume and basically use to defend yourself better,” said Koh.

Koh also recommended attending briefings by local agencies and computer emergency response teams, as well as joining industry groups that focus on sharing and collaborating on track findings.

Security Bank’s Dela Cruz pointed out that the C-suite has fortunately been looking to be more involved in understanding cybersecurity threats, noting that they have been showing their support through logistics and budget for protecting their organisations against these kinds of attacks.

Dela Cruz and Koh were also asked about how to balance a financial institution’s security with clients’ convenience.

Though Koh and Dela Cruz admitted that there is no specific way to address friction in a customer’s journey, they emphasised that balancing security and convenience depends on a company’s own assessment of acceptable risks and the possible return on investment. “I think it also boils down to your level of risk appetite,” Koh added.

Ensuring Security Through Sound Cyber Hygiene

Amidst these various cyber threats, Koh highlighted that financial institutions—and even other organisations–have to make sure they have sound baseline cyber hygiene that helps maintain system health and improve online security.

“Sometimes we tend to look at these fancy new systems, fancy devices, or paradigms, but we fail to look at the basic cybersecurity hygiene. Do we have them in place right now? Because basic cybersecurity hygiene will constitute about 70 to 80% of protection,” Dela Cruz advised firms.

Additionally, companies must also look into areas that require more specialised focus or protection, which cannot be done with simple traditional firewalls and IPS.

Koh then laid out five key recommendations for financial institutions to improve their cybersecurity. First of all, organisations have to constantly update their incident response plans, especially since firms’ vulnerabilities can be exploited in less than 24 hours. Dela Cruz agreed with this and said that there must also be strategies in place to increase awareness of cyber threats.

Next, it is essential to understand the industry’s ever-expanding attack surface amidst continuous digitalisation. Koh’s third recommendation is the continuous review of risk models in terms of fraud management, customer-based threats, and account takeovers, amongst others. Fourthly, firms should also consider updating their phishing defences as more sophisticated techniques arise. Lastly, companies have to be prepared to adapt their risk and security strategies whilst the landscape of cyber threats continues to evolve. This can be done through various means, such as attending security advisories or connecting with peers in the industry.

As financial services institutions continue to push for digitization, it is essential for them to stay ahead of their attackers and anticipate anything that could pose a danger to their security. However, the best cybersecurity practices come with good cyber hygiene aided by advanced technologies and strategies. At the end of the day, companies must carefully consider the risks they are willing to take without sacrificing security and convenience.

Ensuring The Safety Of Company’s Financial Data


23 March 2023

Protecting financial data is essential for any organization that deals with sensitive financial information.

For the majority of businesses operating today, protecting financial data ranks among their top priorities. Financial information must be protected in accordance with international standards because it is extremely sensitive. Financial data protection is necessary for any business that processes payments from clients of any kind. None are exempt, including financial services, e-commerce websites, healthcare, and insurance. Any type of data loss exposes a company to harsh fines that can have an effect on their ability to continue doing business.

Financial Data: What is It?

Any information pertaining to a financial account or transaction is considered financial data by definition. They include customer account information, credit card numbers, transaction records, sales information, past purchases, credit information, and credit score data. The assets and liabilities of a corporation are also covered by financial data. It consists of real estate, tools, furnishings, computers, patents, and intellectual property.

Financial data can be found in numerous places. It can be found on balance sheets, in accounting software used by a business, or on servers located in a bank’s data center. Information on a company’s financial health or its compliance with legal requirements may be included. It may also be used to assess the company’s investment potential.

Organizations use a variety of ways to protect financial data in order to assure compliance. They consist of utilizing compliant software, enclosing data within firewalls and other endpoint security hardware and software, and following best practices for data backup, storage, and recovery.

Singapore’s Legislation On Financial Data Protection

Singapore has implemented several guidelines and policies to ensure the protection of financial data. Here are some of the key measures:

Monetary Authority of Singapore (MAS) Guidelines: The MAS has issued guidelines for financial institutions to manage their technology and operational risks. The guidelines require institutions to establish robust security measures and incident response plans.

Cybersecurity Bill: The Cybersecurity Bill, which came into effect in 2018, aims to strengthen the resilience of Singapore’s critical information infrastructure (CII) against cyber threats. The law requires CII owners to take proactive measures to prevent and respond to cybersecurity incidents.

Personal Data Protection Act (PDPA): The PDPA is the main legislation governing the collection, use, and disclosure of personal data in Singapore. The law requires financial institutions to obtain consent from individuals before collecting their personal data, and to protect such data with appropriate security measures.

MAS Technology Risk Management Guidelines: The MAS has also issued guidelines specifically for technology risk management, which includes guidelines on cybersecurity, data protection, and outsourcing arrangements.

Industry-specific regulations: Some industries in Singapore, such as banking and insurance, have specific regulations governing the protection of financial data. For example, the Banking Act requires banks to establish and maintain adequate systems of control over their operations, including those related to data protection.

Singapore has a robust framework for financial data protection, with laws and regulations covering a wide range of areas. Financial institutions are expected to take proactive measures to protect their data and to comply with relevant guidelines and regulations.

Financial Data Protection Best Practices

Financial data protection is a critical component of any organization’s cybersecurity strategy. With cyber threats becoming increasingly sophisticated, it is essential to implement best practices for safeguarding sensitive financial data. Here are some of the key best practices for financial data protection:

Conduct a risk assessment: The first step in protecting financial data is to conduct a risk assessment. This involves identifying potential threats and vulnerabilities to the organization’s financial data, such as cyber attacks, data breaches, and insider threats. Based on the risk assessment, the organization can implement appropriate security measures.

Implement strong access controls: Access controls are essential for ensuring that only authorized individuals can access sensitive financial data. This includes implementing password policies, multi-factor authentication, and role-based access controls. It is also important to regularly review and update access controls to ensure that they are still effective.

Encrypt sensitive data: Encryption is an effective way to protect financial data from unauthorized access. Encryption involves converting data into an unreadable format that can only be deciphered with a decryption key. This ensures that even if the data is stolen, it cannot be used without the decryption key.

Implement firewalls and intrusion detection/prevention systems: Firewalls and intrusion detection/prevention systems are critical components of any cybersecurity strategy. Firewalls are used to prevent unauthorized access to the organization’s network, while intrusion detection/prevention systems are used to detect and block cyber attacks.

Train employees on cybersecurity best practices: Employees are often the weakest link in an organization’s cybersecurity strategy. It is essential to train employees on best practices for protecting financial data, such as how to identify phishing emails, how to create strong passwords, and how to handle sensitive data.

Regularly update software and security patches: Cybercriminals are constantly discovering new vulnerabilities in software and operating systems. It is essential to regularly update software and security patches to ensure that known vulnerabilities are patched.

Implement a data backup and recovery plan: In the event of a cyber attack or data breach, it is essential to have a data backup and recovery plan in place. This involves regularly backing up critical financial data to ensure that it can be quickly restored in the event of a disaster.

Monitor network activity: Regularly monitoring network activity can help identify potential security breaches before they occur. This involves monitoring network logs, reviewing access control logs, and implementing intrusion detection systems.

In conclusion, protecting financial data is essential for any organization that deals with sensitive financial information. By implementing best practices for financial data protection, organizations can minimize the risk, protecting themselves and their customers from potential harm.

Building Digital Trust Amidst Rising Cyber Threats


Fatihah Ramzi, DigitalCFO Asia | 29 November 2022

Trust must be woven into the very fabric of organizations’ digital operations.

Embrace it or miss the next opportunity for digital growth – the trust dynamic that the digital era unleashes is enormous. In the digital era, companies have more potential than ever to be quick, flexible, and innovative. The only way to maintain competition is to seize the possibilities that are presented. Organizations are becoming more and more dependent on IT systems, therefore these systems cannot break down. The role of technology in a business’ success is crucial. However, businesses must have confidence in it, and their clients, shareholders, and regulators must also share the same confidence. 

Customers that trust businesses will purchase their products and services. It suggests that they have faith in the company’s ability to protect and safeguard their data. When a business has a supplier’s trust, the supplier knows that the business’ processes will not let them down. It also implies that the business has the confidence to advance their company by embracing technology and the chances it presents. 

Trust must be woven into the very fabric of organizations’ digital operations. Business owners will be able to embrace a digital future with confidence and take advantage of the exponential impact it has on the business’ growth if they have faith in their data and security, have resilience built into their systems, and know that their digital transformations will be successful.

Only the fit will survive and thrive in the decade of digital transformation. Businesses must also be digitally trusted by their clients, suppliers, and other stakeholders if they want to be digitally fit. The ability of an organization to adapt to the new trust dynamic is more important than ever for its development. There is seldom a week that goes by without a new illustration of how the power of digital technology is continuing to upend conventional business practices and provide creative opportunities to develop new methods of value creation.

Digital opportunities cannot be ignored any longer. However, taking risks by moving too quickly and without clear direction could hurt the business. To feel confident in their decisions, business executives need to manage risk and foster trust. There are seven significant technological advancements that are already transforming the way business is conducted and are essential to the success of any digital organization;

Social media – Businesses can utilize social media to gain knowledge and communicate with customers in novel ways. Businesses who have a well-defined social media strategy and apply governance will benefit. The connection on social media will become a bigger component of the trust between a company and its stakeholders. Companies need to  interact with them, listen to what they have to say, and set the agenda for managing their reputation.

Smartphones and mobile devices – Present new business options. From the palm of their hands, clients and users can consume information, make purchases, and communicate. The use of mobile devices has evolved into a daily necessity. The digital economy today is supported by mobile payments hence why, for consumers to feel secure utilizing it, they must have trust in the business.

Analytics – data is pervasive, and its importance to the company is rising. Get savvy with data and learn how to exchange, manage, and secure it to avoid falling behind. Business owners  must be aware of what they can use it for and what they cannot. The team must also be knowledgeable about their duties related to handling data. Management must have faith in the facts and analysis used to make business choices.

Cloud – By using cloud operators to store data and source services and apps, companies are giving up the feeling of security that comes with having a specific physical location. Cloud services will be adopted far more quickly than most businesses anticipate due to cost and simplicity. Users will migrate effortlessly and unknowingly between in-house and cloud-based applications thanks to the development of a cloud-based “internet of applications.” New methods of controlling and sourcing services are necessary when businesses trust suppliers to manage their data and services.

Hyper-connectivity – Live and work in a networked society. By sharing data, business partners can access systems, and transactions that go in and out almost completely unattended. This kind of collaboration requires a certain degree of trust and businesses  cannot afford to make a mistake.

Digital identity – Knowing who the business is dealing with is essential in the upcoming digital wave. As customers share their consumption data and do business online, they will also desire more access and control over their personal data, or their digital identity. This will move to the top of the agenda due to new data protection laws, rapidly expanding cyber security risks, and concerns about digital trust across international borders.

Speed of change – Businesses rely more and more on technology-driven transformation initiatives. They can only remain ahead of the competition and keep a competitive edge by looking for novel ways to provide goods and services. Organizations require a transformation process that will produce business results. Businesses who have confidence in their capacity to implement technology-enabled transformation will stand out in this environment.

Businesses will be able to unleash their potential in these sectors thanks to digital trust and a fresh perspective on risk. By working with service providers to create a digital trust strategy for the company, decision-makers will get the confidence to act in the best interests of their organization and promote profitable expansion. The digital agenda is supported by risk management and trust-building as digital platforms take on a more vital role in the execution of company goals. Businesses must have faith in each of these five areas if they want to develop trust:

  • Confidence that identification and privacy issues have been addressed and that systems are secure to protect data.
  • Confidence in the accuracy of the data and in one’s capacity to take use of the information it can provide about a company.
  • Confidence that corporate systems, whether they are internal systems or cloud-based services, are monitored and controlled appropriately to make sure they perform as intended
  • Confidence that digital platforms will be accessible when needed (24/7) and that technology risks are recognized and effectively addressed.
  • Confidence to start and complete the following complicated digital transformation initiative in a way that produces the anticipated benefits, on schedule, and within budget.

Regulatory Challenges Businesses Faced In 2022


Fatihah Ramzi, DigitalCFO Asia | 29 November 2022

The three most significant problems that organizations have encountered in the year.

The difficulties faced by business owners never cease. To keep their businesses afloat and relevant to the situation of the market, they are always forced to come up with new strategies. The difficulties facing entrepreneurs in 2022 are considerably larger. Despite the pandemic’s slow economic recovery, it will take some time for businesses to fully bounce back. Numerous organizations continue to face challenges, including those related to recruitment, finances, and digital transformation.

However, business entrepreneurs have always been renowned for their tenacity and ability to consistently find solutions to any problems that arise. This is true whether we’re discussing businesses that are just getting started or ones that have been operating for a while. But what are some of the most urgent issues that entrepreneurs will deal with in 2022? In this post, we’ll take a look at the three most significant problems that organizations have encountered in the year.

1. Fairness & Inclusion 

Many businesses are being forced to increase their commitments to corporate social responsibility with an emphasis on equality and justice for underserved communities as a result of pressure from activist investors, the general public, and their own employees. Over the past two years, fairness issues have gone beyond DEI.

Through the use of regulations intended to eliminate unfair advantages in personnel decisions, businesses have historically attempted to promote fairness. To prevent hiring managers from judging candidates based on their supposed gender or race, recruiters, for instance, remove the prospects’ photographs from their resumes. To prevent employees from being paid more or less than their coworkers at the same level, a business may also establish stringent pay bands.

These regulations can reduce unfairness, but they are insufficient to produce a very fair working environment. And when employers paid more attention to where workers felt injustice occurred, they discovered that hiring, promotion, and pay accounted for only 25% of this view. The majority of these encounters take place during regular work hours. Organizations require new ideas, not simply rules, to handle these increasingly ubiquitous fairness concerns. Instead of eliminating unjust advantages, they ought to look for ways to lessen disadvantages so that most or all of the workforce benefits.

2. Climate & Sustainability

Simply put, many species won’t live through the 21st century if businesses do not behave responsibly as members of the global community. According to Environmental Sustainability, the rate of species extinction due to human activity now is hundreds of times higher than it was originally.

Given that corporations account for the majority of global emissions, sustainability has thus become a crucial problem for them. This is why companies will inevitably foster a dying planet if they do not contribute to the solution. The “Race to Zero” campaign, which aims to take strict and urgent action to halve global emissions by 2030 and deliver a healthier, fairer zero carbon world in time, has forced many businesses to make organizational changes in 2022 to implement effective sustainability strategy and initiatives.

In the long term, investors, clients, and consumers may be less eager to support businesses that do not make sustainable decisions in their processes. Sustainability must be prioritized if the company hopes to stay relevant in the long run.

3. Fraud & Financial Crimes 

As the globe recovered from COVID-19, criminals adapted and took advantage of possibilities. In 2022, supply chains are still disrupted, fraud is rising, ransomware assaults are commonplace, and digital payment systems are still under constant attack. The year also saw an increase in the amount of data breaches.

Among the most frequent outside offenders are hacker groups and organized crime networks. In the past two years, their activity significantly increased. With objectives, rewards, and bonus schemes, organized crime organizations are evolving to become more specialized and professional. Additionally, malicious actors are banding together, which raises the frequency and level of sophistication of attacks. Specialists in data breach, false ID creation, attack methods, and other complex areas may connect, coordinate, and transact inside a developing criminal economy thanks to chat rooms, the dark web, and cryptocurrency.

The use of new technology by businesses is widespread. Digital platforms like social media, services (like ridesharing or accommodation), and e-commerce provide hazards for fraud and economic crime that most businesses are only now starting to recognize. Four out of five businesses that experienced fraud in the past two years have a connection to the digital platforms they use. Undoubtedly, the pandemic increased vulnerability as organizations expedited the shift to digital operations; as a result, 2022 was a year in which many firms placed a high priority on cyber security activities.

In 2023, it is likely that these issues will still persist, but there will also be a new set of priorities. This is a result of the ongoing worldwide economic situation. The effects of high inflation and geopolitical concerns would be further issues of focus in 2023. In the face of unfavorable uncertainty, it is preferable for firms to maintain their flexibility and adaptability. Businesses should make continual infrastructure investments as 2022 draws to a close.

Top 5 Holiday Season Fraud Trends in APAC


Doriel Abrahams, Head of Analytics, Forter | 21 November 2022

With International Fraud Awareness Week and the holiday shopping season officially underway, analysts and retailers are diving into customers’ shopping habits.

November marks the beginning of a hectic shopping period in Singapore and across Asia with Single’s Day, Black Friday and Cyber Monday leading up to the festive season with more retail sales.  With International Fraud Awareness Week and the holiday shopping season officially underway, analysts and retailers are diving into customers’ shopping habits. But it’s not just legitimate customers retailers need to be aware of, as fraudsters are just as keen on holiday shopping — and they’re already hitting online stores.

Here are some of the top trends we’re seeing as we enter the peak of the holiday shopping season.

Trend 1: Amateur Fraudsters on the Rise

A growing number of customers that Forter recognises as legitimate shoppers from years of good purchases are suddenly going over to the dark side. 

These are not career fraudsters but ordinary consumers turning to fraud as supplementary income, almost like a new lucrative hobby. We’ve seen a 35% year-on-year increase in fraud committed by “non-professional” fraudsters across the regions.  

These amateurs are more likely than professional fraudsters to target items closer to a regular person’s wish list – phones, gaming consoles, luxury goods, etc. – as opposed to the strategic goods targeted by professional fraudsters. 

To be clear, just because these activities are conducted by formerly “good” shoppers, this isn’t considered friendly fraud — but rather standard credit card fraud using stolen card data. What gives them away to us as amateurs is their lack of technical sophistication. They’ll often use their own devices, and if they engage in obfuscation, it’ll be something basic like a VPN.

Trend 2: Increase in Coupon Use

Coupon usage is up this year as consumers are more conscious of their budgets than ever. Between 2020 and 2021, coupon use was fairly steady. But this year, we’re already seeing an ~11% increase globally. It’s a trend most marked in the U.S., but the trend is reflected globally. 

Fraudsters who follow trends in buyer behaviours as avidly as any retailer, have become aware that coupon use is increasing during the holiday season. They don’t need the coupons themselves, but they’re happy to use coupons to make their persona look more legitimate and convincing. 

Moreover, good customers aren’t above trying a bit of coupon abuse. They might try reusing or stacking coupons, sometimes setting up multiple accounts to get more than they’re entitled to. Ensure your company has clear policies about this and that your systems are configured to reflect those policies. If your policies will become a pain point this holiday season, now is the time to raise a flag with marketing and operations teams. If it’s too late to change things this year, make sure you bring it up early in the new year so there’s time to set new policies before the next coupon rush. 

Trend 3: Popularity of Gift Cards

During the holiday season, good customers turn to gift cards as an attractive option for giving loved ones a thoughtful but flexible present. But this uptick in good transactions means it’s easier for fraudsters to hide in a rush – and they know it. 

Gift cards are always popular with fraudsters because they’re anonymous, easy to resell, don’t require a shipping address, and can be used as part of a chain of fraudulent activity. Effectively, it’s free money for fraudsters!

Gift card purchases don’t generally start spiking until after Black Friday and Cyber Monday. After that, there’s a preliminary peak of gift card purchasing around mid-December. But the pinnacles come on Christmas Eve when consumers realise they are out of time and a gift card is the best option. Gift card purchases are usually 6x or 7x more frequent on Christmas Eve than in November, which is pretty striking and puts a lot of pressure on fraud teams. 

The trends show that this pattern repeats annually. But this year especially, fraudsters are getting in on the act much earlier, having already started doubling down on gift card attacks back at the end of October. This might be due to a trend in which fraudsters focus on attacking retailers selling gift cards instead of gift card-specific merchants. If they’ve found vulnerabilities there, it makes sense that they’d be attempting to exploit them during the extra vulnerable holiday season. 

Trend 4: Low-Tech Address Manipulation

Fraudsters have increasingly found sophisticated ways to get around Address Verification Systems (AVS) that verify physical addresses. However, keeping track of the simple tricks they exploit is just as important. It doesn’t matter how simple it is if it evades your checks and causes loss. 

This season, fraudsters are getting creative about tricking AVS systems in ingenious, low-tech ways. For example:

  • Instead of writing 1, they’ll write “one” because AVS famously only checks numbers, not words. So, it’s not a mismatch. 
  • Instead of writing the address in the address field, they’ll put it as part of the name field, so it doesn’t get checked. 
  • The shipping address can then be “see name,” which is understandable for the courier but doesn’t get flagged by the AVS or other checking systems. (Note: Forter’s Trust Platform does flag these types of circumventions – most other systems do not, so it’s vital to dig into your data and your platform to ensure you’re protected.)
  • Similarly, they’ll add some nonsense element to the address so the machine can’t see that it’s the same address used multiple times. Still, the human courier has no trouble making the delivery. 

This kind of trickery is happening a lot. And during the holidays, fraudsters know it is often harder for merchants who rely on manual review to catch this sort of thing.

Trend 5: Battling Bots

There’s been a significant uptick in bots in recent months, and it’s a trend that’s starting to impact industries that haven’t typically been primary bot targets. Our data shows that it is generally a large, professional operation utilizing sophisticated technology at extreme volumes. 

Bot attacks happen at checkout, of course – but are also happening increasingly at various points in the account journey, including account creation and login. Often, the sites attacked this way will all be in the same vertical, giving an interesting insight into the fraudster’s thought process.

Unfortunately, bots are another trend that fits well into the holiday season. When traffic is heavy, bots might find it easier to fly under the radar. Moreover, Forter’s data shows that apparel and footwear merchants that engage in limited stock drops or short time frame sales are good industries to focus on when looking at bot behaviours as they are particularly vulnerable – facing 5-6x more attacks than merchants who don’t engage in similar drops or sales.

Have a Fraud-Free Holiday Shopping!

The holidays are a stressful time for many online merchants. The potential of a rapid increase in revenue, combined with the potential for declining good customers, leaves teams overwhelmed when handling large volumes of orders.

It’s hard to keep track of evolving trends when you’re focused on ensuring that all good customers get their great deals and that bad actors don’t get through. I hope this article helps shed some light on how things are evolving this year and gives you some hints about what to check in your data to ensure your company is protected this holiday season.

Financial Inclusion – The Key To Preventing Financial Crime


Fatihah Ramzi, DigitalCFO Asia | 21 November 2022

DigitalCFO Asia spoke with Leslie Bailey, Vice President Of Financial Crime Compliance, LexisNexis® Risk Solutions to understand the key role of financial inclusion in preventing financial crime.

The financial services industry is changing rapidly—market trends come and go, yet threats are constantly evolving. To stay ahead, financial services organizations require innovative technologies that offer a holistic view of the customer, optimize resources, and mitigate risk. 

LexisNexis® Risk Solutions released its 2022 Financial Transparency and Inclusion Report, which shed light on the commitment of financial institutions to financial transparency and inclusion, the hurdles and compliance challenges of achieving the twin goals. The report revealed that institutions in APAC generally expressed greater support for financial inclusion, with Singapore achieving 98% of financial inclusion rate. 

To find out more about how financial inclusion plays a part in staying ahead of financial crime, DigitalCFO Asia spoke with Leslie Bailey, Vice President Of Financial Crime Compliance, LexisNexis® Risk Solutions

Lack Of Financial Transparency Affecting Business’ Ability To Stay Ahead Of Financial Crime

If companies want to succeed today, they must understand how important financial transparency regulations are. With the need for transparency extending from individuals to institutions and mounting demand on businesses to be honest with stakeholders including investors, employees, suppliers, governments, and customers, transparency has acquired a whole new meaning.

In addition to exposing hidden social and economic inequities, the epidemic sparked concerns about how businesses will address climate change in the race to NetZero. In response, businesses in the private sector will need to prove to investors that they can strengthen their resilience to crises in the future and to the general public that they are dedicated to long-term, sustainable value creation and a carbon-neutral economy.

Companies need to comprehend the nature and function of banking partnerships. This includes the capacity to confirm people’s identities and the ownership stakes they have in other businesses. The accuracy of that information must be regularly checked. There is a narrow window for evil actors to infiltrate the financial world undetected due to the speed at which information changes.

“Data and updates should be real time and accurate to help businesses stay ahead of financial crime,” says Leslie Bailey, Vice President Of Financial Crime Compliance, LexisNexis® Risk Solutions.

Steps Companies Can Take To Improve Their Ability In Identifying Customers And Their Risk Profiles

When onboarding new clients, a customer risk assessment is essential. It makes sure that high-risk persons are located and that the proper cyber security precautions are implemented. A customer risk assessment should take into account a number of criteria in order to comprehend the dangers that each client poses. These include confirming a customer’s identification, taking into account how to interact with them (the products and services they use, the kinds of transactions they do, and how frequently), and taking into account the locations the customer is connected to.

Finding the risks to which a company may be exposed during a business relationship or a one-time transaction is the assessment’s primary goal. A customer risk assessment ought to be thorough the more complicated this interaction is. Businesses will be better able to choose the appropriate level of customer due diligence (CDD) if they are well-informed. A customer’s behavior should be periodically reviewed, especially if it departs from their risk profile. Businesses should avoid entering into business relationships or should end such relationships if they are unable to apply the proper amount of CDD.

“To better identify true risks, companies can look at combining physical data, which has been the  traditional method of customer identification, with digital insights or information,” says Leslie Bailey, Vice President Of Financial Crime Compliance, LexisNexis® Risk Solutions.

This way companies open the aperture on the networks of associated individuals and entities and offer themselves the opportunity to better identify risks. 

The Primary Cause Of Businesses Not Being Able To Achieve Their Financial Inclusion Objectives

“Organizations need the buy-in of their executive leadership and a commitment to financial  inclusion,” says Leslie Bailey, Vice President Of Financial Crime Compliance, LexisNexis® Risk Solutions.

That means that an organization may have to expand its risk appetite in some  circumstances to promote the desired level of inclusion. Beyond that, access to data on  individuals who may not have a traditional history inhibits financial inclusion in some ways. For  example, consumers or small businesses may have a thin credit file. This limited information  pushes financial institutions to balance their desire to be inclusive with meeting their regulatory requirements.  

If APAC Continues To Not See An Urgency To Make Digital Financial Inclusion A Top Priority, What Will Happen To Businesses In The Next 5 Years? 

Digital adaptation is non-negotiable for financial businesses; certain APAC markets have led the  way in adapting. The time is now for APAC businesses to seize the opportunity that this presents to ensure that what was once viewed as an alternative method becomes standard  practice. 

Significant consideration of how to integrate digital insights into processes that help strengthen transparency around existing customers widens the doorway for those who may not have otherwise had access. As a result, businesses expand their own potential to contribute to  a more inclusive society as well as capture more share of the market and evolve their business  as the world evolves.

Unto The (Data) Breach – The Best Defense For SMEs & Startups


Fatihah Ramzi, DigitalCFO Asia | 21 November 2022

Kevin Foo, Head of Cybersecurity at Exabytes

According to a survey conducted by the CyberRisk Alliance’s Business Intelligence Unit, about 2 out of 3 businesses in Singapore experienced at least 6 cyberattacks in 2021, with almost half of businesses not being able to respond within 24 hours. That delay in response is major too, as that delay caused these incidents to evolve into full on data breaches in almost 3 out of 4 cases.

As the world becomes more and more dependent on technology and information systems, cybersecurity has become critical for anyone to carry on with their daily lives. Despite that, most corporations are still clueless on how to manage cybersecurity, and are scrambling to prepare their defenses. Even big companies, such as Starbucks, Sembcorp Marine, and Samsung, are no longer safe from data breaches. And if these players, with their massive capital and resources, are having a hard time, what hope do small online businesses have?

To find out more about how SMEs’ can safeguard their data from cyber attacks, DigitalCFO Asia spoke with Kevin Foo, Head of Cybersecurity at Exabytes who believes that the best defense is to educate the public on cybersecurity and how to safely conduct business online. Hence, Exabytes wants to educate both its users and SEA as a whole on the dangers of cyberattacks, and what small startups, SMEs, and businesses can do to protect themselves.

Common Types Of Cybersecurity Threats That SMEs Encounter

SMEs commonly encounter cyber threats that hinder their ability to conduct business online, and can lead to severe disruptions of services. These types of cyber threats include:

  • Malware Attacks, where malicious software (i.e. including worms, spyware, adware, and trojans) is uploaded into your system.
  • Phishing attacks, wherein an attacker impersonates a contact and sends the victim fake mails to steal credentials, confidential information or trick victims to install malware.
  • Ransomware attacks, where a type of malicious software is used to encrypt the victim’s files or disables basic system functions. Threat actors will then extort ransom payments in exchange for encryption keys to decrypt files or restore system functions. 
  • Distributed Denial-of-Service (DDoS) attacks, where attackers target systems, servers, or networks, flooding them with volumetric traffic to exhaust their resources and bandwidth. When this happens, online servers get overwhelmed, resulting in the business website either shutting down or slowing down.

Strengthening An SME’s Cybersecurity With All-In-One Business Cloud

As enablers for online businesses, it is crucial that service providers like Exabytes understand the cybersecurity needs of both users and the broader startup/SME community to develop solutions that can assist them, especially in this more tech dependent age. Exabytes, as an All-in-one Business, Cloud, Digital and Ecommerce solutions provider, has experience with cybersecurity products such as:

  • Acronis Cyber Protect, 
  • Sucuri Website Security,
  • SSL Certificate,
  • SpamExperts

“We believe, with the right solutions and support, SMEs can be better protected against cyberattacks,” says Kevin Foo, Head of Cybersecurity at Exabytes.

It is essential that newer and smaller companies have the assurance to do their business online effectively and safely, without the threat of cyberattacks happening to them.

SMEs: Safeguarding Their Infrastructure & Continuity Of Operations With Minimized Threats

Regardless of market conditions, there are 2 important aspects of Cybersecurity that SMEs can look into to safeguard their infrastructure and ensure continuity of their business operations – human and technology.

Humans are always considered the weakest link in Cybersecurity. Considering that some cyberattacks hinge on social engineering, it is important to educate employees to create a risk-aware culture within the workplace and basic skills on Cybersecurity to protect themselves.

  • Conducting training sessions will ensure that employees use only approved software and do not click a link directly from the email.
  • Employees should not visit suspicious websites and always verify their legitimacy of a website by checking TLS certificate information.
  • Ensure VPN is used whenever accessing company infrastructure.

SMEs can better protect themselves by adopting security technologies.  Companies can enforce strong passwords with Multi-Factor Authentication (MFA) to further secure business accounts. On top of that, they should regularly update operating systems and applications, as that will eliminate vulnerabilities that hackers can exploit. 

Additionally, they should implement layered protections to software and systems, such as endpoint protection software, firewalls, Web Application Firewalls (WAFs), intrusion prevention systems (IPS), email protection, access control, application security, etc. Companies should also consider deploying a data backup and recovery strategy and regularly testing on restoration to ensure business operational resilience. Protect data in transit with the use of encryption such as Transport Layer Security (TLS).

The First Line Of Action For SMEs Who Are Facing Security Breaches

A security breach occurs whenever any unauthorized user circumvents security control measures to access restricted systems or data. 

“No one is spared from a security breach, no matter how strong your defenses are,” says Kevin Foo, Head of Cybersecurity at Exabytes.

Thus, it is important to learn how to handle security breaches. Below are just simple steps for reference:-

  1. Keep Calm

It is stressful handling security breaches, as there are stakeholders to be managed, and may potentially lead to financial losses for the company as a whole. Nonetheless, the incident should be managed in a calm and professional manner. Panicking will only make the situation worse.

  1. Identify what was breached and eliminate threats

When did the security breach happen? How did the threat actor get into the system? Was it financial data? Was it customer data?

These are some questions SMEs should ask after a security breach. It is essential to assess which system or data was breached. Systems should be secured or taken offline to prevent further security breaches. Remote access should be restricted and credentials should be changed. 

  1. Keep information transparent

When a security breach happens, SMEs should not keep the breach a secret. Instead, it is critical to provide transparency on the breach. If notification to authority is required, SMEs should provide all the relevant information. Ideally, they should also create a team to handle the incident. This may involve lawyers, members of their human resources team, members of their communications department, as well as the SME’s management team.

  1. Get expert’s help or follow incident response plan

Typically, SMEs and startups have fewer resources and less sufficient technical expertise in handling security breaches. Thus, it is a good idea to seek external expert help (i.e. an Incident Response service) for proper incident handling. If an SME has an incident response plan, it is the time to put it into practice and update the plan accordingly as it will be a guide in the future.

  1. Enhance security controls

Restore the service with the vulnerability fixed, and work to continuously improve security controls or add layers of defense to better protect the system and data. This can further minimize the cyber threats.

Vulnerabilities That Companies Face In The Digital Age


Fatihah Ramzi, DigitalCFO Asia | 16 November 2022

Every company faces ongoing threats from a wide range of sources and there are simply too many threats in the world to adequately thwart them all.

A weakness, mistake, flaw, or bug is referred to as a vulnerability when it compromises the accessibility, privacy, and authenticity of data stored within a data system. Because they can be used to infiltrate the systems on which they dwell in, hardware, software, and firmware vulnerabilities are sought after by adversaries. 

Researchers and others with a stake in cybersecurity are encouraged to report vulnerabilities as soon as they are identified and shared with the affected vendor because vulnerabilities can only be fixed once it is known.Every system that has not been updated will continue to face ongoing threats and remain susceptible to getting compromised.

The associated hazards brought on by vulnerabilities can be addressed more effectively when more suppliers, security groups, and individual researchers participate in the vulnerability identification and remediation process. These vulnerabilities have a wide range of potential effects; some (with little to no impact) are merely bothersome, while others are severe enough to have disastrous effects on the company’s systems, their employees and their clients.

Security Vulnerabilities

While innumerable new threats are created every day, many of them rely on outdated security flaws to function. One of the biggest dangers a corporation can face is failing to fix those vulnerabilities after they are detected because so many malwares attempt to repeatedly exploit the same few flaws.

In order to avoid losing the 5–10 minutes of productive time required to execute the update, it’s all too usual for businesses—or even simply individual users on a network—to ignore the “update available” warnings that appear in some programmes. Most users find updating to be a pain. It is a “nuisance,” but one that might later save a company a staggering amount of time, resources, and lost revenue.

The simple solution is to keep a regular updated schedule—a day of the week when your IT team examines for the most recent security patches for the software used by the organization and ensure they are applied to all of its systems.

Admin Account Privileges

Limiting program users’ access privileges is one of the simplest principles of mitigating software vulnerabilities. The less data/resources a user can access, the less harm a compromised user account can cause.

However, a lot of companies don’t manage user account access privileges, which means that practically every user on the network has “Superuser” or administrator-level access. Admin-level user accounts can sometimes be created by non-privileged users due to security configuration flaws in some computer systems.

Managing computer security vulnerabilities requires making sure that user account access is limited to only what is required for each user to perform their job. Additionally, it’s crucial to make sure that newly-created accounts cannot have admin-level access to stop less privileged users from just creating more privileged accounts.

Phishing Attacks

In a phishing attack, the attacker tries to persuade a victim, usually an organization’s employee, to download malware or to divulge important information and account passwords. The most typical way that this attack is launched is through an email that pretends to be from a vendor of your business or from a high-ranking employee.

Saying something like, “This is Mark from IT, your user account displays suspicious behavior. Please click this link to reset and protect your password,” is an example of an attacker’s line of attack. Such emails frequently contain links that take users to websites where they can install malware that will compromise the system. Other phishing scams may request user account details from victims in order to resolve a problem.

This tactic’s main objective is to use an organization’s employee to get around one or more security measures and gain easier access to data.

There are several ways to defend against this attack strategy, including:

  • Tools to identify email viruses by scanning email attachments for malicious software that could damage your network.
  • Multi-factor authentication (MFA). It is more difficult for cybercriminals to take control of user accounts using just the login and password when you use various authentication methods (such as biometrics, one-use texted codes, and physical tokens) to grant users access to the network.
  • Cybersecurity awareness training for employees. A knowledgeable employee is less likely to fall victim to phishing scams than one who is unfamiliar with fundamental cybersecurity procedures. Employees who receive cybersecurity awareness training are better equipped to recognize and resist phishing scams.
  • A defense-in-depth strategy for network security adds additional layers of security between each of the network’s constituent components. By doing this, additional layers of security will exist between the compromised asset and the rest of the network in the event that attackers manage to get beyond the network’s outermost protections.

Every company faces ongoing threats from a wide range of sources. No company is 100% protected from an assault, not even the largest Fortune 500 firms or SMEs. There are simply too many threats in the world to adequately thwart them all. Malicious actors may take advantage of network weaknesses and cybersecurity issues to steal data from businesses or harm them. As businesses continue to go digital, it’s critical that they keep informed on the vulnerabilities that they currently face.

The Race Against Time To Outsmart Cybercriminals


Fatihah Ramzi, DigitalCFO Asia | 10 November 2022

Businesses are in an ongoing race with cybercriminals and many are finding it difficult to keep up.

Nation-state organizations and cybercriminal gangs, whose operational components increasingly mimic those of for-profit businesses, are part of the present danger scenario. The existing danger scenario is likely to persist into the near future, if not forevermore, thanks to professional hackers, syndicates, businesses, and nation-states.

“Lapsus$” is one such organization that demonstrated the extent of the harm a very inexperienced attacker can cause by purchasing stolen credentials and indiscriminately spamming MFA prompts. Even actors at the level of wealthy nation-states frequently use freely accessible open-source and commercial tools as part of their operations. After all, why create anything from scratch when an established tool already exists, plus there’s the added benefit of avoiding detection by using the same tools and procedures as standard cybercrime syndicates.

“Lapsus$” has the potential to do serious harm to large companies such as Samsung, Microsoft and even government bodies. The amount of money that cybercrime syndicates routinely extort from their victims has significantly increased over the past few years.

As a result, every organization that is simple to break into becomes the target of attacks from new syndicates and persons with hacking skills. Particularly in regions of the world where criminal penalties are unlikely to be applied, the incentives (of hacking) are simply too compelling.

Therefore, these are some of the key elements that businesses will want if they wish to keep ahead of such well-organized cybercrimes:

1. Securing Network Access

All the measures taken to safeguard a computer network’s integrity and the data on it are collectively referred to as network security. Network security is crucial because it protects sensitive data from online threats and guarantees the network’s dependability. Multiple security measures are used in successful network security plans to shield users and companies from malware and online threats like distributed denial of service.

Network security is important because it keeps hackers from accessing sensitive data and valuable data. When hackers gain access to this data, they may cause a number of issues, such as asset theft, identity theft, and reputational damage.

  • Access control. This approach restricts a certain set of users and devices’ access to network systems and apps. These solutions prevent unauthorized people and devices from accessing the network.
  • Data loss prevention (DLP). To identify and stop data breaches, these tools keep an eye on data when it is in use, in motion, and at rest. DLP frequently categorizes the most crucial and vulnerable data and instructs staff on best methods for protecting that data. One such recommended approach is to avoid including sensitive items as attachments in emails.
  • Firewall. To stop unwanted network access, software or firmware will examine every incoming and outgoing traffic. One of the most popular security tools is the firewall. They are spread out around the network in various locations. With integrated deep packet inspection, next-generation firewalls provide improved security against application-layer attacks and sophisticated malware protection.

2. Plugging Internal Threats

Any person within an organization who has access to sensitive information and IT systems that could harm the company is considered an insider threat. Policies, processes, and technology that help prevent privileged misuse or lessen the harm it can do can be used to mitigate insider risks. Companies  may reduce the likelihood of their sensitive data being compromised by using these insider threat prevention practices:

  • Carry out an overall risk analysis for the company. Know your most important assets, their weaknesses, and the potential threats to them. Include all of the hazards brought on by insider threats. Then, in accordance with the risk priority, focus on the key risks and continuously improve your IT security infrastructure.
  • Policies and controls should be well-documented and regularly followed. Each piece of security software, including appliances, needs its own administrative policy and configuration documentation. Create policies concerning practically every employee interaction with the IT environment by working diligently with HR.
  • All endpoints, including mobile ones, are under the supervision and control of remote access. Install and correctly install mobile data interception equipment as well as wireless intrusion detection and prevention systems. Regularly assess if employees still need a mobile device or remote access. Make sure that all remote access is turned off when a worker departs the company.

3. Vulnerability Management 

The continual, routine process of discovering, analyzing, reporting on, managing, and resolving cyber vulnerabilities across endpoints, workflows, and systems is known as vulnerability management. A security team often uses a vulnerability management technology to find vulnerabilities and then applies various patching or remediation procedures to close them.

A vulnerability manager’s main duty is to control exposure to known vulnerabilities. A high-quality vulnerability tool or toolset can significantly increase the adoption and overall success of a vulnerability management program, even though vulnerability management entails more than just running a scanning tool.

The market is flooded with alternatives and fixes, all of which tout superior attributes. Keep the following in consideration while considering a vulnerability management solution:

  • The effect on an endpoint’s performance is crucial. Vendors who offer vulnerability scanning say more often now that their products are agent-based. Unfortunately, because most of these agents are so large, their performance has a negative influence on endpoints. In order to minimize any impact on productivity, seek for an agent-based solution with a lightweight agent—one that takes up very little space on an endpoint.
  • Visibility that is complete and in real-time is essential. What is vulnerable ought to be immediately obvious to you. Legacy vulnerability tools can make it difficult to see vulnerabilities; for example, network scans taking a long time and producing stale findings and large reports offering little assistance in addressing issues quickly.  Businesses can take quick action to close potentially harmful vulnerabilities in their organization’s security with the use of a single interactive dashboard that includes search and filter options. It is a scan-less solution that is continually active and scanning for flaws as well as vulnerabilities.

Whether they like it or not, businesses are in an ongoing race with cybercriminals, and many are finding it difficult to keep up. Businesses must acknowledge that they are under attack right now and that, if it hasn’t already happened, they will most likely experience a breach in the future. In light of this, it’s critical to be able to identify the breach and be prepared to act when it occurs. The secret is to implement the ideal mix of preventative, detection, and remedial procedures to safeguard your company before a breach occurs. This begins with a thorough, objective evaluation of the existing state of preparedness in comparison to the desired degree of preparation for the future and the formulation of an improvement program that can be monitored over time.

OpenWay To Share Expertise On Digital Economic Security and Resilience In Indonesia


DigitalCFO Newsroom | 8 November 2022

The G20 Summit will include an official forum for the dialogue between the leaders of the G20 member states and the global business community. 

OpenWay, a leading global developer of digital payment software platforms, today announced that its CEO Pavel Gubin will join the G20 Summit 2022 in Bali, Indonesia, on November 13-16.

The G20 Summit will include an official forum for the dialogue between the leaders of the G20 member states and the global business community. Pavel Gubin will be among a select group of CEOs from the world’s leading companies who will join the G20 Summit to discuss the most significant challenges and opportunities of our time, share their insights and discuss future international policies and initiatives with the participating Heads of State. This year’s summit program includes sessions, conversations and discussions with U.S. President Joe Biden, Indian Prime Minister Narendra Modi, German Chancellor Olaf Scholz, French President Emmanuel Macron, and other Heads of G20 member nations.

The G20 is the foremost intergovernmental forum that gathers the leaders of 19 of the world’s largest economies and the European Union to address major issues related to the global economy, such as international financial stability, climate change mitigation, and sustainable development. The G20 plays a strategic role in securing future global economic growth and prosperity. Together, the G20 member nations represent more than 80 percent of the world’s GDP and 75 percent of international trade.

Pavel Gubin, CEO of OpenWay, said: “I am honored to represent OpenWay at the world’s most important intergovernmental forum that brings together the leaders of the world’s largest economies. G20 helps create greater prosperity for the whole world by accelerating global economic growth and integration. 

Digital payments have become the lifeblood of the global economy and are considered critical infrastructure by all nations today. Over the years, our global team of world-class professionals has amassed a wealth of expertise in digital payments and other areas of the digital economy, while powering and enabling some of the largest and most advanced payment systems all over the world. That’s why OpenWay is regularly asked to advise and consult policymakers, state leaders and governmental organizations on matters of national economic security and financial resilience. 

I look forward to sharing the knowledge accumulated by our global team of experts and exchanging ideas and best practices with the attending Heads of State and other participants of the G20 Summit later this month.”

Strategic Partnership Formed At Singapore FinTech Festival 2022 To Help Digital Financial Firms Strengthen Cybersecurity


DigitalCFO Newsroom | 3 November 2022

FinTech Alliance Philippines will leverage CYFIRMA’S external threat landscape insights and digital risk monitoring platforms to help fast-growing FinTech startups protect their intellectual property and customer data from cyberattacks.

CYFIRMA, the industry’s first external threat landscape management platform company, and FinTech Alliance Philippines, the country’s leading and largest digital trade organization, today announced a partnership to help elevate cybersecurity maturity while promoting digital innovation to create growth opportunities and accelerate financial inclusion.

The Philippines’ financial landscape is rapidly evolving with the rise of digital banks, open finance, and other financial technology revolutionizing the design, delivery, and consumption of financial products and services. With increased digitalization, there is also added pressure on consumer protection capabilities and resources. According to Statista, a company that specializes in market and consumer data, the number of cyberattacks in the Philippines has exponentially grown during the first quarter of the year, reaching as much as around 1.76 million. The country, however, remains at a low ranking of 82nd when it comes to cybersecurity readiness, according to a global security index.

The pandemic has seen an unprecedented increase in online scams and the low cybersecurity maturity among businesses could reverse gains from promoting trust and confidence in the use of digital platforms. The pandemic’s disproportionate impact on the poorest and most vulnerable combined with the lack of cyber-safe habits and know-how will exacerbate income and wealth inequality. This collaboration between FinTech Alliance Philippines and CYFIRMA is designed to build a digital finance ecosystem that is resilient to cyberthreats and digital risk, and it lays the groundwork for a sustainable, inclusive and thriving FinTech industry.

In this collaboration, CYFIRMA and FinTech Alliance Philippines will advocate for a security-by-design approach in software development where security practices are applied at the earliest stage of the development lifecycle, and this underscores the importance of identifying security vulnerabilities through real-time and continuous monitoring. 

CYFIRMA and FinTech Alliance will also work together to uplift the cybersecurity readiness amongst members of the Alliance. This includes ensuring members are equipped with digital risk protection tools to help them stay safe from cyber risks such as phishing, ransomware, and identity and data theft.

To improve digital and cyber literacy among the community as well as to address the lack of cybersecurity awareness, CYFIRMA will also extend its cyber education mobile application, DeFNCE, to all members of the alliance.

CYFIRMA and Fintech Alliance will also explore other collaborations such as joint training programs with academic institutions and regulatory engagement with government agencies.

“We are excited to extend our market-leading cybersecurity capabilities, which we have used in service of enterprise customers, to the vibrant FinTech community in the Philippines. We know the unbanked and underbanked have security concerns around digital finance services, particularly around identity theft, scams and fraud. We are honored to be given the opportunity to use our knowledge of digital risk monitoring and protection to help up-and-coming FinTechs build ground-breaking products that are cyber-secured and ready to be deployed at scale to serve millions of Filipinos,” said Anna Koh, Chief Marketing Officer, CYFIRMA.

“Consumer education is also key in cyber defense against identity theft and security breaches. Ensuring our customers’ security, safety, and confidence in digital financial services must be primordial. Stakeholders must strengthen constructive dialogue in cyber and vulnerability intelligence, attack discovery, and increase digital risk protection, among others. Our partnership with CYFIRMA is pivotal in support of this strategic initiative,” said Lito Villanueva, Founding Chairman of FinTech Alliance Philippines.

SEA’s US$300 Billion Digital Economy Creates Vast Growth Opportunities for Businesses, But Also Risks


DigitalCFO Newsroom | 1 November 2022

With Southeast Asia’s booming digital economy projected to surpass the US$300 billion mark by 2026, digital payments continue to present tremendous growth opportunities for businesses.

With Southeast Asia’s booming digital economy projected to surpass the US$300 billion mark by 2026, digital payments continue to present tremendous growth opportunities for businesses, according to a new IDC report commissioned by global payments platform 2C2P and global membership association for payments and fraud prevention professionals Merchant Risk Council (MRC).

On the flip side, emerging threats and vulnerabilities create heightened fraud risks. Navigating this fast-evolving space requires companies to tap into the appropriate payments technology and security innovations to optimise growth and protect themselves and their customers from fraud.

The IDC Infobrief, “How Southeast Asia Buys and Pays 2022: New Opportunities, Connectivity, and Risks”, unravels the emerging opportunities and risks across Indonesia, Malaysia, the Philippines, Singapore, Thailand, and Vietnam.

Key payments highlights:

  • Digital economy spending will rise by 121% by 2026, and digital payments will grow to 92% of total digital economy payments by 2026, up from 80% in 2020.
  • 426 million users in Southeast Asia will use mobile wallets by 2026, representing 62% of the total population.
  • Buy Now Pay Later (BNPL) continues to grow in importance, with BNPL spending expanding by $9.8 billion, a 3.5X increase from 2021.
  • Real-time-payments (RTP) will shape the future Southeast Asian payments landscape, with transaction values climbing 8X from US$1.428.6 billion to US$12,978.7 billion between 2021-2026.
  • One in four Southeast Asia internet users were victims of fraud in 2021.

The need for businesses to support new payment methods, such as mobile wallets, RTP and BNPL, continues to create complexity in payments management and operations. How payments are used in each Southeast Asian market also has its unique characteristics and, correspondingly, its unique vulnerabilities. Any business operating in the region requires a high degree of localisation and understanding to offer its customers the right payment options. At the same time, given the diversity of these markets and their different levels of risk, bad actors have fine-tuned their own activities to match the weaknesses.

The IDC Infobrief makes five recommendations for selecting a payments partner in 2022:

  • Superior intra-ASEAN support, especially for cross-border payments
  • Familiar with the intricacies of the region
  • Ability to recognise and counterattack new threats
  • Offers technology for more accurate authentication
  • Global insight to stay on top of the latest threats and best practices

Julie Fergerson, CEO of the MRC, said, “Southeast Asia is full of exciting promise as its digital economy continues to soar to new heights. However, with the growth comes the emerging fraud menace threatening businesses and consumers across the region. Companies urgently need to develop resilient measures to counter the threat of fraudsters. This timely IDC Infobrief highlights suitable ways for businesses to reduce the risk of fraud by identifying the best payments partner to support their growth journey.”

“2C2P is delighted to partner with the MRC to commission this valuable report, and we hope it supports more secure and risk-free growth for businesses across Southeast Asia. As we continue to see the region’s digital economy expand and become more complex, businesses are inevitably exposed to new fraud and vulnerabilities. 2C2P is determined to keep payments seamless and secure in this diverse region, ensuring we make digital payments easy while keeping our customers and merchants safe,” said Aung Kyaw Moe, Founder and Chief Executive Officer of 2C2P.

The MRC launched in 2000 and continues to be at the forefront of industry evolution and the ongoing fight against eCommerce fraud.

1 2 3 7