In September, the president of the Dutch central bank wrote what may have been the most remarkable letter of his career: it said that the ECB’s interest rate hikes will lead to losses for De Nederlandsche Bank (DNB) for the first time since 1932. Several countries throughout the eurozone are facing a similar problem. To absorb the losses of their central banks, European taxpayers risk having to pay tens or even hundreds of billions of euros a year. Meanwhile private banks get that same amount of money without having to do anything in return. The ECB now stands ready to make a crucial policy decision to determine whether billions in taxpayer money will again flow to the banking sector.
The rise of financial technology (fintech) driven business models in banking poses a challenge for financial regulators. While the positive effects on the banking sector in terms of greater diversity and competition are generally recognized and encouraged by regulators, the nature of fintech business models may increase the risk of financial instability. Regulators are exploring ways to resolve this dilemma. The paper in hand makes a contribution to the literature by providing a framework for resolving the dilemma that is evaluated in the context of the regulatory response to the rise of fintech credit in the Netherlands. The semi-structured interviews which we conducted with four senior Dutch regulators resulted in three areas that–from their perspective–required urgent action: fintech credit companies need to lower the risk of overlending, increase pricing transparency, and improve lending standards. These findings were confirmed by the results of they survey among fintech credit clients. The current regulatory response to the rise of fintech in banking in the Netherlands provides an interesting case study that delineates the features of the future regulation of fintech in banking.
Today, embedded devices such as banking/transportation cards, car keys, and mobile phones use cryptographic techniques to protect personal information and communication. Such devices are increasingly becoming the targets of attacks trying to capture the underlying secret information, e.g., cryptographic keys. Attacks not targeting the cryptographic algorithm but its implementation are especially devastating and the best-known examples are so-called side-channel and fault injection attacks. Such attacks, often jointly coined as physical (implementation) attacks, are difficult to preclude and if the key (or other data) is recovered the device is useless. To mitigate such attacks, security evaluators use the same techniques as attackers and look for possible weaknesses in order to “fix” them before deployment. Unfortunately, the attackers’ resourcefulness on the one hand and usually a short amount of time the security evaluators have (and human errors factor) on the other hand, makes this not a fair race. Consequently, researchers are looking into possible ways of making security evaluations more reliable and faster. To that end, machine learning techniques showed to be a viable candidate although the challenge is far from solved. Our project aims at the development of automatic frameworks able to assess various potential side-channel and fault injection threats coming from diverse sources. Such systems will enable security evaluators, and above all companies producing chips for security applications, an option to find the potential weaknesses early and to assess the trade-off between making the product more secure versus making the product more implementation-friendly. To this end, we plan to use machine learning techniques coupled with novel techniques not explored before for side-channel and fault analysis. In addition, we will design new techniques specially tailored to improve the performance of this evaluation process. Our research fills the gap between what is known in academia on physical attacks and what is needed in the industry to prevent such attacks. In the end, once our frameworks become operational, they could be also a useful tool for mitigating other types of threats like ransomware or rootkits.
