Payment services firms are prime targets for hackers, Karina McTeague, director of retail banking supervision at the U.K. Financial Conduct Authority, warned Oct. 4.
"At a time of heightened security threats, when even a fridge can be commandeered by hackers, payment firms are prime targets for cybercrime," she said at PayExpo Europe in London.
Because these companies hold vast amounts of consumer data and have the power to initiate payments, they are likely to attract the attention of fraudsters, she said.
"We expect firms to have robust systems, policies and process[es]. Firms must submit major incident reports to the regulator, and we will be reviewing each one carefully," she said.
But strong security alone is not enough, and fintech firms must work together with the government to share intelligence on financial crime, she added.
With the second European payments services directive, or PSD2, coming into force in January 2018, it is vital that the regulator stays up to date with developments in financial technology, McTeague said. PSD2 will allow fintech companies to plug into the infrastructure provided by traditional banks in order to initiate payments and provide other personal finance products and services that use consumer data.
But the FCA is eager to encourage the fintech industry rather than stifle it with excessive regulation, she said, adding: "I want to bust the stereotype of the regulator that only talks about risks and rules. We must recognize the potential for positive change, and not see only risks. The type of innovation that we are seeing in the U.K. has the potential to improve financial services, and to increase financial access."
McTeague said that she was hopeful that PSD2 would lead to a surge in new products and services offered by fintech companies.
She said: "Today is the 60th anniversary of the launch of Sputnik. I don't think that it is too much of a stretch to say that we could see a space race of our own in payments. I'm hoping for stratospheric levels of innovation."