UPHOLDING STANDARDS: OVERCOMING THE MAJOR CHALLENGES IN FINTECH
UPHOLDING STANDARDS: OVERCOMING THE MAJOR CHALLENGES IN FINTECH
Built on a core of proprietary technologies and e-money apps, Uphold embraces a future where people and businesses around the world have access to safe, transparent, fair, and affordable financial services.
Celebrating 10 years in business in 2024, Uphold is considered the first in its sphere to truly offer a patented Anything-toAnything trading experience, allowing customers to trade directly between asset classes.
Voted best Crypto Exchange UK by Forbes Advisor July 2024, Uphold is a multi-asset digital money platform offering financial services globally.
UPHOLD
PROJECT
DIRECTED BY:
LISA MAXWELL
ARTICLE WRITTEN BY:
LAURA WATLING
Harness the expertise of 100,000+ security researchers to detect vulnerabilities as soon as they surface, avoiding the costly damage of breaches.
Uphold: Leading the way in proactive cybersecurity with Intigriti
Cyber threats are evolving rapidly, becoming more sophisticated and frequent by the minute. Additionally, the rise of hybrid work and increased digital dependence have expanded the attack surface, making it easier for cybercriminals to exploit weaknesses. To stay ahead, organizations must continually adapt their security strategies.
Uphold is going beyond traditional security testing measures by leveraging the collective expertise of Intigriti’s 100,000+ ethical hackers. This approach has significantly enhanced the bank’s operational security, ensuring that vulnerabilities are identified and remediated before cybercriminals have the chance to exploit them.
SymmetriQ is delighted about its work with Uphold, whose commitment to advanced security technologies makes them stand out. As experts in the field of crypto cyber-security SymmetriQ shares with Uphold a strong dedication to superior cyber-security standards.
At SymmetriQ, we safeguard your digital assets using innovative, quantum-resistant technologies. Our solutions ensure secure networks, custody, wallets, entropy, and more.
We stand at the forefront of crypto and cyber security, where threats evolve daily. Our solutions are designed to protect today’s infrastructures with futureproof strategies that require little or no change on the client side.
Our expertise in crypto infrastructure security ensures that our clients are equipped with the most robust protections available, keeping them one step ahead in a rapidly changing cyber landscape.
Choose SymmetriQ for a partnership that values resilience and proven innovation. Our services provide comprehensive security solutions tailored to the unique needs of each client, reinforcing your defences against the most sophisticated cyber threats.
With SymmetriQ, you secure not just your present operations, but also your future viability in the digital economy. Trust us to elevate your security to new heights, ensuring your assets are protected with the highest standards of excellence. www.symmetriq.io
Amidst this challenging landscape, Uphold stands out by taking a proactive approach to finding and surfacing vulnerabilities in its digital systems. Through its bug bounty program, launched on Intigriti’s platform, the digital bank is demonstrating a forwardthinking strategy that sets a standard for others to follow.
The partnership has strengthened Uphold’s security posture and established a robust framework for addressing vulnerabilities that might otherwise go undetected. Furthermore, Intigriti’s platform has been instrumental in uncovering hidden weaknesses, and by integrating Intigriti’s services into its continuous risk reduction strategy, Uphold is not just adapting—it’s leading the way in proactive cybersecurity. www.intigriti.com
“Our core mission as a web3 financial platform is to provide infrastructure for anybody building on the blockchain,” explained Chris Adjei-Ampofo, Chief Information Officer (CIO) of Uphold, “This includes licensing, the control framework, and access to a wide range of digital assets”.
With over 20 years of experience in the financial sector, including the development and sale of his own software company, Knowledgewire, Chris is at the forefront of fintech.
Since joining the firm, Chris has played a pivotal role in the cultural change of information security and data privacy at Uphold.
“Implementing security and fraud controls is only part of the toolset needed to company cyber risks. People are always the weakest link and changing the company culture in which everyone embraces our information security
obligations without it being burdensome is worth its weight in gold,” he highlighted.
Chris spoke with Business Enquirer about the challenges faced by CIOs in the fintech sector, and where financial institutions should be investing their focus in the ever expanding realm of emerging technologies.
Preparation is Key
Over the last 10 years, the fintech sector has evolved from a niche industry trend into a transformative force in the global financial landscape with just under 30,000 fintech businesses across the globe - and growing.
But what does this evolving sector look like in the coming ten years?
“CIO’s in this industry face several significant challenges over the next decade,” shared Chris, “these challenges can be broadly categorised into four areas:
technological advancements; regulatory compliance; cybersecurity; and talent management”.
The rapid pace of innovation with advancements in technologies like blockchain, artificial intelligence (AI), machine learning (ML), and quantum computing all pose a risk to businesses if they are not prepared to implement these quickly and correctly.
“Many financial institutions still rely on legacy systems. Integrating new technologies with these outdated systems without disrupting services is a complex task” said Chris. “CIOs must ensure their organisations stay ahead by continually adopting and integrating these technologies,”.
Meanwhile, the regulatory landscape for fintech is continuously changing, and it is CIOs responsibility to ensure that their systems and processes comply with new and existing regulations such as data privacy laws (for example GDPR, and CCPA) and financial regulations (such as the EU’s Digital Operational Resilience Act (DORA), FCA and PRA Operation Resilience policy, PSD2, and MiFID II).
While businesses can control regulatory compliance in-house, particular attention must also be paid by CIO’s to ensure the protection against increased cyber threats, with cyber criminals taking advantage of evolving technology.
“As fintech becomes more prevalent, the sector becomes a more attractive target for cybercriminals. CIOs must invest in advanced cybersecurity measures to protect sensitive financial data and maintain customer trust,” added Chris.
“Preparation is key” says Chris, with some businesses being too reactive, allowing leaky holes in the proverbial bucket.
“Preventing data breaches and financial fraud is critical. This requires robust security protocols, continuous monitoring, and rapid response capabilities,” he said, “its also key that businesses ensure the
privacy of customer data in compliance with stringent regulations. This requires sophisticated data management and security strategies but is crucial to building customer confidence”.
Finally, a sector which is introducing everevolving technology, Chris highlighted the high demand for skilled professionals in areas such as AI, cybersecurity, and blockchain, for which many businesses are having to back-fill.
“CIOs need to take steps to attract, retain, and continuously up-skill their workforce to keep pace with technological advancements,” Chris said, “Additionally, Implementing new technologies often requires significant cultural and organisational change. CIOs must foster an innovation-friendly culture and manage resistance to change within their organisations”.
Along with this culture shift, the desire from employees for hybrid working, accelerated by the COVID-19 pandemic, presents challenges in maintaining productivity, collaboration, and cybersecurity.
How to Secure Trust
One of the biggest challenges faced by businesses in the fintech sphere is securing customer trust.
Guided by Chris, Uphold has implemented its Zero Trust security model across the organisation to enhance overall security and minimise internal and external threats.
Within this model, Uphold’s governance controls ensure access to information is granted on need-to-know basis after infosec approval, and segregation of duties means access to critical assets and customer data is only available for the purpose of the roles for a time limited period.
“We use a zero trust browser isolation with security policies for third party contractors, and only company issued devices are
Chris Adjei-Ampofo, Chief Information Officer (CIO) of Uphold
Veriff is the preferred identity verification partner for the world’s biggest and best digital companies, including pioneers in fintech, crypto, gaming and the mobility sectors. We provide advanced technology, deep insights and expertise from our foundation in digital-first Estonia and honed in leading the digital identity revolution.
The partner of choice for businesses who need to rapidly and effortlessly verify online users from anywhere in the world, Veriff delivers the widest possible identity document coverage. By supporting government-issued IDs from more
than 230 countries and territories and with our intelligent decision engine which analyzes thousands of technological and behavioral variables Veriff enables trust from the first hello.
With 400 people in the United States, United Kingdom, Spain, and Estonia, as well as robust backing and funding from investors including Accel, Alkeon, IVP, Tiger Capital, and Y Combinator, we’re dedicated to helping businesses and individuals build a safer and more secure world.
permitted to access our infrastructure,” explained Chris.
Additionally, Uphold implements regular audits, continuously monitors for suspicious activity, and runs annual security penetration tests to validate its external preventative controls. This aims to protect the platform's infrastructure and software from security vulnerabilities and hackers.
To further build customer trust, the multiasset digital money platform is always 100%+ reserved, and is the only financial platform to publish our assets and liabilities in real-time.
“At least 90% of our customer assets are stored in cold storage protected from external threats,” shared Chris”
Finally, Uphold is SOC 2 Type 2, ISO 27001, PCI DSS Level 1 compliant to certify the robustness of our security, fraud, and payment controls.
“Ultimately, our customers want to feel confident that their money is safe - we strive to continually validate that confidence,” he said.
A Problem Shared
Supporting Uphold's sustainable growth and ongoing evolution, industry partnerships have played a pivotal role in shaping the platform's approach to cybersecurity and digital transformation.
Chris emphasised the importance of collaborating with specific providers in areas such as Know Your Customer (KYC), threat and vulnerability detection, financial crime prevention, regulatory compliance, fraud management, and the future-proofing of cryptographic measures to protect critical assets and payment processes.
Uphold’s ecosystem includes several key partners essential for safeguarding its assets and customers. Among these, Veriff, Intigriti, Unit21, and SymmetriQ stand out.
FINANCE UPHOLD
“First and foremost, Veriff, a leading KYC provider, ensures that Uphold complies with regulatory anti-money laundering (AML) requirements and actively prevents fraud,” shared Chris. Veriff's robust verification processes authenticate user identities, minimising the risk of identity theft and fraud while streamlining customer onboarding. This KYC provider has been instrumental in Uphold's efforts to combat prevalent customer fraud, particularly Account Takeover (ATO) and Pig Butchering schemes.
The latter involves sophisticated social engineering tactics to manipulate victims into trusting the fraudster before ultimately defrauding them.
By integrating Veriff’s biometric authentication and fraud risk scoring with Uphold's fraud detection tools, the platform has effectively implemented preventative measures to protect its customers, achieving a remarkable 80% reduction in total fraud within a year.
“Not only is Veriff efficient and secure, but it also enhances the user experience while maintaining essential security standards, which is crucial for showcasing the value our platform offers to customers,” Chris added.
Unit21 plays a critical role in Uphold's global compliance team, streamlining operations related to financial crime, regulatory compliance, and fraud detection. As a nocode, AI-driven platform, Unit21 empowers the team to create and test custom rules, risk models, and workflows with ease.
Utilising AI, Unit21 prioritises alerts and surfaces pertinent information for investigations, thereby increasing efficiency and programme health. Its rules engine, risk rating, and case management features enable Uphold to effectively prevent, detect, investigate, and report suspicious activities and fraudulent transactions.
Additionally, Uphold's partnership with Intigriti, a trusted leader in crowdsourced security, is vital for continuously detecting and mitigating evolving threats and vulnerabilities in the industry.
While many companies still rely on annual penetration tests to identify security weaknesses, Chris points out that such time-limited assessments can offer a false sense of security. Given the rapid emergence of new threats and vulnerabilities, it is essential to engage a broad community of ethical hackers and researchers dedicated to continuously identifying potential risks within Uphold’s ecosystem.
“By collaborating with Intigriti’s global community of security researchers, we leverage their expertise to enhance our platform's security posture, reinforcing our commitment to safeguarding our customers' assets and maintaining their trust,” said Chris.
Lastly, advancements in quantum computing and AI present both benefits and risks. The computational power of quantum computers far exceeds that of classical computers, posing a direct threat to current encryption methods like RSA and ECC, which are foundational to digital security.
These algorithms could be easily compromised by quantum technology, undermining the integrity and trustworthiness of blockchain systems. To address this challenge, Uphold has partnered with SymmetriQ, a specialist crypto cybersecurity firm co-founded by Dr. Barry Childe, a leading expert in quantumresilient networks.
This partnership enables Uphold to assess the threats posed by quantum computers, evaluate the feasibility and costs of implementing quantum-resistant algorithms, quantum key distribution (QKD), and post-quantum blockchain solutions. Together, they have devised a strategic plan for integrating quantum encryption into Uphold's existing security infrastructure, thereby safeguarding critical assets against quantum computing threats.
While Uphold recognises the immense value of its partnerships, it is equally committed to optimising its clients' platforms. Recently, Uphold launched its latest innovation, Topper—a user-friendly fiat on-ramp that boasts high approval
rates and serves as a simple-to-implement Web3 payment tool.
“Topper empowers crypto projects to seamlessly process a broader spectrum of customer payments,” explained Chris. “Furthermore, it supports a wider range of digital assets than our competitors, providing end consumers with more choices.”
Plan of Attack
As mentioned by Chris in his comment on challenges to CIOs, preparation is key. From his perspective there are several emerging technologies which he feels will significantly impact the fintech space in the coming years.
Chris believes AI and Machine Learning will continue to have purpose in its developing analytic credentials.
“As this technology evolves it will be able to analyse vastly more amounts of data to predict customer behaviour, credit risk, market trends, and enable more informed decision-making by fintechs,” Chris explained.
FINANCE
At Unit21, we recognize that the challenges in the fintech industry—rapid technological advancements, increasing regulatory demands, and evolving fraud threats—require a proactive, data-driven approach. Our Risk & AML Compliance platform empowers institutions to face these challenges head-on. With a flexible risk engine and an intuitive case manager, teams can harness real-time data insights without relying on heavy engineering support.
In 2023 alone, Unit21 processed over $2.77 trillion in transactions, thwarting more than $4.3 billion in fraud attempts. These achievements are a testament to our commitment to providing secure, efficient solutions for the financial services industry.
We stand ready to support your organization in safeguarding against fraud and ensuring regulatory compliance with minimal friction. As the fintech landscape continues to evolve, so too must your risk management strategies. Unit21 offers the infrastructure to stay ahead of threats, streamline workflows, and reduce the administrative burden on compliance teams.
Let us show you how Unit21 can transform your risk and compliance programs. Schedule a custom demo today and join the fight against financial crime with confidence and precision.
When
will
quantum computers
become a threat?
The timeline for quantum computers depends on several factors, including the development of largescale, fault-tolerant quantum computers and advancements in error-correction techniques. While quantum computers today are still in their early stages, experts predict that breaking RSA could happen within the next 10 to 30 years, depending on progress in quantum computing technology. The Research and Advisory firm Gartner makes the strategic planning assumption that by 2029 advances in quantum computing will make conventional asymmetric cryptography unsafe to use.
How to prepare and defend against the attack.
The National Institute of Standards and Technology (NIST) offers several key recommendations for preparing for the risks of quantum computing.
2. Develop a Transition Strategy
NIST recommends that organisations establish a clear plan for migrating to quantum-safe cryptographic systems, often known as Post-Quantum Cryptography (PQC). This strategy should:
• Prioritise the most critical and vulnerable systems.
• Define timelines and milestones for adopting quantum-safe algorithms.
1. Identify and Document Vulnerable Cryptographic Systems
Organisations are advised to begin by assessing their current cryptographic infrastructure to identify systems that rely on algorithms susceptible to quantum attacks, such as RSA and Elliptic Curve Cryptography (ECC).
Strategic Planning Assumptions
Gartner predicts the following assumptions:
By 2029, advances in quantum computing will make conventional asymmetric cryptography unsafe to use.
By 2026, advances in quantum and cloud computing will require classic symmetric algorithms to support larger key sizes.
By 2025, post quantum encryption algorithms will see more use for their secondary properties like privacy enhanced computation, than they will as replacements for existing cryptography.
3. Test and Implement Cryptographically Agile Solutions
Organisations are encouraged to test quantumresistant algorithms and adopt “cryptographically agile” systems. This agility allows organisations to switch between different encryption methods as technology evolves, easing the transition to PQC.
By partnering with SymmetriQ and following the NIST recommendations, Uphold has developed mitigating strategies including implementation of quantum-resistant cryptography technology within our infrastructure to secure our critical assets against the threat of quantum computing and stay ahead in the rapidly evolving field of cybersecurity.
In addition, Chris foresees a positive impact from AI’s ability to automate repetitive and mundane tasks such as data entry, account reconciliation, and compliance checks, freeing up human resources for more strategic activities.
Meanwhile, CIO Chris believes that quantum computing will support enhanced data processing, which will significantly improve data analysis, risk management, and optimisation processes for fintech’s and beyond.
“Quantum computing poses both a threat and an opportunity for cyber security. It could break traditional encryption methods but also enable the development of more secure cryptographic techniques,” Chris highlighted.
As with all enhancing technology, Chris highlighted the current key areas where quantum computing poses a threat.
“‘Harvest Now, Decrypt Later’ indicates that adversaries can intercept and store encrypted data now, with the intention of decrypting it once quantum computers become powerful enough,” explained Chris.
The implications of this means that sensitive data, including personal information, financial records, and intellectual property, could be exposed in the future, leading to severe breaches and loss of confidentiality.
Secondly, quantum computers have the potential to break the cryptographic algorithms used by the blockchain for security. “This could undermine the integrity and trustworthiness of blockchain systems,” said Chris.
Ultimately, compromised blockchains could lead to financial fraud, loss of digital assets, and erosion of trust in decentralised systems.
“The threat of quantum computing to traditional encryption technologies and blockchain security is imminent and requires immediate action,” added Chris “By exploring quantumresistant encryption algorithms, quantum key distribution, and postquantum cryptographic solutions for blockchain, and engaging with expert solution providers, we can develop a robust security strategy to protect our organisation against future quantum threats”.
www.uphold.com
