Products

EMARKETER delivers leading-edge research to clients in a variety of forms, including full-length reports and data visualizations to equip you with actionable takeaways for better business decisions.
PRO+
New data sets, deeper insights, and flexible data visualizations.
Learn More
Reports
In-depth analysis, benchmarks and shorter spotlights on digital trends.
Learn More
Forecasts
Interactive projections with 10k+ metrics on market trends, & consumer behavior.
Learn More
Charts
Proprietary data and over 3,000 third-party sources about the most important topics.
Learn More
Industry KPIs
Industry benchmarks for the most important KPIs in digital marketing, advertising, retail and ecommerce.
Learn More
Briefings
Client-only email newsletters with analysis and takeaways from the daily news.
Learn More
Analyst Access Program
Exclusive time with the thought leaders who craft our research.
Learn More

About EMARKETER

Our goal is to unlock digital opportunities for our clients with the world’s most trusted forecasts, analysis, and benchmarks. Spanning five core coverage areas and dozens of industries, our research on digital transformation is exhaustive.
Our Story
Learn more about our mission and how EMARKETER came to be.
Learn More
Methodology
Rigorous proprietary data vetting strips biases and produces superior insights.
Learn More
Our People
Take a look into our corporate culture and view our open roles.
Join the Team
Contact Us
Speak to a member of our team to learn more about EMARKETER.
Contact Us
Newsroom
See our latest press releases, news articles or download our press kit.
Learn More
Advertising & Sponsorship Opportunities
Reach an engaged audience of decision-makers.
Learn More
Events
Browse our upcoming and past events, recent podcasts, and other featured resources.
Learn More
Podcasts
Tune in to EMARKETER's daily, weekly, and monthly podcasts.
Learn More

A consumer data leak involving Money Lover brings cybersecurity front and center for FIs

The news: Financial management app Money Lover’s recent data breach highlights financial institutions’ (FIs’) worst nightmare when partnering with third-party vendors.

What’s the risk? Ethical hackers from cybersecurity firm Trustwave—people whose job it is to test firms’ cybersecurity measures—were able to use tools available on all web browsers to easily access Money Lover consumers’ email addresses, digital wallet names, and transaction IDs.

  • According to American Banker, the email addresses belonged to customers who shared digital wallets to manage shared expenses between peers. No passwords or login credentials were found in the leaked information, so customers’ accounts were not accessible.
  • But the sensitive information made consumers more vulnerable to attacks like spear-phishing, in which hackers use legitimate-looking emails to entice consumers to click a malicious link or engage in other financially risky behaviors.

Shady fix: Trustwave employees discovered the sensitive data on November 24. They say they promptly notified Finsify, the company that maintains the Money Lover app. What happened after is worrisome.

  • Finsify didn’t respond initially, Trustwave says, so Trustwave employees reached out again to the app manager via Facebook Messenger. Finsify finally responded on Facebook, and Trustwave shared the technical details.
  • After explaining how the information was accessible, Trustwave says it didn’t receive any progress update on remediation. Trustwave began preparing a statement to share with Money Lover users to let them know their personal data wasn’t safe.
  • It wasn’t until January 27 that Trustwave was no longer able to access the sensitive information. It still hasn’t received any word from Finsify.

Though consumers’ accounts were arguably secure throughout the duration of the leak, the alleged lack of response and lengthy delay in patching the data leak should be a wake-up call for financial institutions partnering with third-party tech providers: They need to make sure they know who they’re doing business with.

Why is this important? As consumers’ financial lives become more digitized, they’re demanding a better customer experience that consolidates all of their financial accounts, products and services in one place. But this opens a can of cybersecurity worms for FIs.

Open banking is progressing due to consumers’ demands, and though regulators are working to implement it safely, it still raises concerns.

  • FIs are hesitant to share their customers’ financial data, not only because of its business value, but also because they can’t control where it ends up.
  • Ensuring consumers have complete control over data sharing is one way to rectify this, but still puts consumers at risk. Many don’t have the time and resources to investigate third-party vendors themselves—they trust their FI to do that.

What should banks do? Bank-fintech partnerships have been top of mind recently. It’s the cheapest and fastest way for banks to upgrade their tech stack, but the details of the partnership must be iron-clad.

  • Banks should conduct intense due diligence checks before partnering and during the relationship to ensure API connections are air-tight.
  • They should also clearly delineate responsibilities between themselves and the fintech partner to prevent a blame game from happening if something goes wrong.

This article originally appeared in Insider Intelligence’s Banking Innovation Briefing—a daily recap of top stories reshaping the banking industry. Subscribe to have more hard-hitting takeaways delivered to your inbox daily.