While every industry must grapple with how new technologies, such as artificial intelligence, will affect the nature of their work, fintech firms face a special challenge. Companies like Flutterwave, Africa’s leading payments technology company, must anticipate how new breakthroughs might be used to commit cybercrimes.
Staying vigilant against potential threats means investing heavily in understanding cutting-edge technology while simultaneously monitoring the everyday scams and abuses from digital criminals.
“Bad actors never sleep. They’re always trying their best to compromise solutions,” explained Flutterwave’s founder and CEO Olugbenga “GB” Agboola. “People in the financial services industry, they know this too well. So what we do is that we do a mix of product-led and communications-led proofing of our system.”
Deterring criminals on two fronts requires keen focus. Companies with large footprints like Flutterwave, which operates in over 35 countries and has processed well over 890 million individual transactions, face an especially daunting task. Simply maintaining cybersecurity operations for a firm that spans continents requires diligent efforts. Predicting and responding to new threats adds a creative dimension to the job.
Understanding the Market
While sophisticated hackers target payment platforms using cutting-edge cyber tools, the most common forms of cyber theft aren’t attacks against fintech companies themselves. Instead, modern thieves train their focus on a different target: end users.
For many criminals, convincing customers to voluntarily provide account details, such as their login name and password, is the simplest way to access funds. Today’s hackers have gotten especially good at a variety of scams that range from simple email phishing attacks to detailed romance scams.
As hackers get better at their confidence schemes, they learn which scams work best on their targeted demographics. With a wide user base across the African continent, Flutterwave pays particular attention to attempts to manipulate users there into divulging their personal information or sending money to known scammers.
Agboola believes that cyber threats aimed at users are best countered not by a single company, but through the combined efforts of the business, government, and consumer protection sectors.
“Fraud prevention is key for any company expanding its business in Africa. Payments companies play a crucial role in preventing fraud as they utilize sophisticated tools to monitor transactions and manage risk. However, collaboration with other players, as well as sharing best practices is key,” he said.
That line of thinking would eventually spark the Cybercrime Research Centre in Nigeria, a partnership between the country’s Economic and Financial Crimes Commission and Flutterwave. The 2024 alliance led to the establishment of a dedicated Cybercrime Research Centre, which identifies threats as they happen and compiles resources for consumers to protect themselves.
By pooling their collective information together, the private and public sectors are more able to spot new schemes quickly and plan ways to deter them.
“As Africa’s largest payments infrastructure company, we promote safe and secure transactions,” Agboola said. “This initiative reaffirms our resolve to create a fraud-free financial environment and lead the charge in safeguarding transactions throughout the continent.”
The centre focuses on five distinct areas: detecting fraud, preventing fraud, policy development, youth empowerment, and technological advancement. But its real power comes from its novel approach to preventing digital malfeasance and its focus on helping Africans.
The Practicalities of Security
On a day-to-day basis, fintech startups like Flutterwave go through a lengthy list of procedures to keep their platforms safe. There are routine audits, security checks, employee education efforts, and more. Some of these efforts come from companies themselves, and some stem from national cybersecurity laws.
International firms often have to adhere to lengthy rules and requirements to ensure that their platforms are operating within the regulatory framework of many different countries at the same time. That can prove challenging for companies like Flutterwave, as they have to respond to dozens of different government authorities, each of which is trying to protect its citizens from constantly changing attacks.
“On the regulatory side, we mitigate many challenges by working with very strong in-country teams and very strong regulatory teams to ensure that we get all the needed requirements for us to be in various countries and enable emergence in those countries,” Agboola explained. “Every regulation is important to the regulator. And if you think that a market is important, then you have to treat every regulation, every policy, every rule as the beginning and the end, right? Because you can’t afford to say, ‘Oh, I’m taking this one really, really seriously. I’m not taking this one seriously because the regulator knows why they made such rules and they know their markets, they know their country more than you.’ And so that’s how we approach it.”
To make sure everything is in order, even startups have to install robust and well-trained security teams. Cybersecurity workers are sophisticated technologists who undergo near-constant training to keep up to date on the latest threats and hoaxes. Truly, stopping today’s most sophisticated criminals is a team effort.
“I am confident that building successful partnerships to create the best experience for customers is crucial for success in the vibrant and rapidly growing African market,” Agboola said. “That includes hiring the most experienced hands to manage these partnerships with a deep understanding of the nuances around optimizing the relationship and growing it over time.”
But that’s not all. Many companies like Flutterwave also dedicate significant time to working with their customer base to ensure that they don’t fall for cyber scams.
“Beyond building a robust and secure application, you also need to educate users about phishing scams, fraudulent activities, and other scheming tactics and the importance of protecting their personal information,” reads a blog on flutterwave.com. “Additionally, encourage your users to use unique passwords for their accounts and enable [two-factor or multifactor authentication] as an extra layer of security.”
