Assignment-Week-10-Financial-Technology-Sultan-Chairul

Sultan Chairul – 2581484737

Answer : 

1. Why is a robust digital identity framework crucial for the fintech ecosystem?

A strong digital identity framework is essential because:

✔ Prevents fraud

Fintech services rely on online interactions, which makes them vulnerable to identity theft. A secure digital identity system helps verify that the person accessing an account is truly the real user.

✔ Builds trust

Customers will only use digital financial services if they trust that their data, money, and identity are safe. Strong identity verification increases user confidence.

✔ Enables smooth onboarding

With reliable digital identity, fintech companies can perform fast, low-friction onboarding (e.g., remote KYC) without compromising security.

✔ Supports regulatory compliance

Financial regulations (like AML and KYC rules) require accurate identity verification. A robust framework ensures fintech firms meet these requirements.

2. Methods for securing online transactions and their strengths

a. Multi-Factor Authentication (MFA)

What it is:

Requires more than one proof of identity (e.g., password + OTP + fingerprint).

Strengths:

Adds layers of protection; even if a password is stolen, the attacker still lacks the other factors.

Reduces unauthorized access significantly.

b. Encryption (e.g., SSL/TLS)

What it is:

Transforms sensitive data into unreadable code while it’s being sent over the internet.

Strengths:

Protects data during transmission (from login details to transaction info).

Prevents eavesdroppers from reading or modifying data.

Essential for secure communication between users and servers.

c. Tokenization (optional extra method)

What it is:

Replaces sensitive data (like card numbers) with random tokens.

Strengths:

Even if tokens are stolen, they are useless without the system that maps them to real data.

Commonly used in mobile payments (Apple Pay, Google Pay).

3. Difference between a phishing attack and a man-in-the-middle (MITM) attack

Phishing Attack

What it is:

A social engineering attack where the attacker tricks a victim into revealing personal information (passwords, bank details) through fake messages, emails, or websites.

Key point:

The victim voluntarily gives information because they are deceived.

Man-in-the-Middle (MITM) Attack

What it is:

An attacker secretly intercepts communication between two parties without them knowing.

Key point:

The attacker silently listens or alters the communication between user and server.

Summary

Phishing exploits human trust to obtain information.

Man-in-the-middle attacks exploit communication channels to intercept data.

Phishing targets people, while MitM attacks target networks and connections.

 

Previous Post Previous Post
Newer Post Newer Post

Leave a comment