Why cybersecurity is a barrier to financial innovation

Money20/20 Middle East gets the region’s money ecosystem together in one place. Because when you get banks, fintechs, regulators and investors together, you accelerate the building of financial services that are useful, inclusive, and safe. 

But there’s a hard constraint running through every payments conversation right now: cybersecurity. New research from ACI Worldwide suggests it’s no longer a supporting issue. It’s the main thing slowing the industry down.

ACI’s report, based on a survey of 500 industry executives, found that 77% rank ‘cybersecurity and fraud risks’ as the biggest barrier slowing innovation and development in payments – ahead of regulatory complexity (63%) and legacy systems (44%).

That finding lands awkwardly in an industry that prides itself on speed. In the same research, the payments sector is perceived as one of the world’s fastest-moving industries – second only to information technology.

The confidence gap that makes security the bottleneck

The report also captures a gap between how the industry sees itself and how ready it is to execute. Of the organisations surveyed, 69% say they’re leaders in payments, and yet only 44% say payments innovation is a C-suite priority, and 55% admit they’re not making full use of the technology already available.

This is important, because modern payments innovation isn’t a neat, self-contained product launch. It’s infrastructure change: real-time rails, API connectivity, orchestration across networks, and always-on customer expectations. As that complexity continues to grow, security stops being a checkpoint and becomes the pacing factor.

Fraud scales with instant payments

ACI’s researchers are clear about what’s coming next: fraud pressure rising “at the same pace as instant payments expand”.

The report points to authorised push payment scams as a case study, citing an ACI projection that APP scams over instant networks will account for about 80% of all APP scam losses by 2028, reaching about USD $6.1 billion.

If you’re a bank or payments provider, that kind of forecast changes your appetite for shipping new features quickly. It’s hard to innovate confidently when the downside risk is both immediate and reputational.

Legacy infrastructure turns security into a drag

The other structural problem is ageing platforms. A significant 44% of respondents identify legacy systems and infrastructure as a major barrier to innovation, and the report describes how older environments become rigid, costly to maintain, and tangled with dependencies that make replacement risky.

It also warns that organisational capability is part of the risk picture: 74% admit they are not prioritising talent retention or actively retiring outdated systems, which can leave protection frameworks fragmented.

Why ‘security by design’ is now the innovation strategy

ACI’s researchers conclude that “security and compliance are table stakes in payments” – they’re requirements to stay in business. 

And the twist is that, in practice, whoever builds the strongest trust and protection model often ends up moving fastest, because they can launch without holding their breath.

This is where Money20/20 Middle East’s convening role becomes practical. Bringing banks, fintechs and regulators together is about aligning on what safe innovation actually looks like in a real-time economy.

And for the cybersecurity community, all of this means there’s work to do. The future of financial innovation will be decided by security; and by the organisations that can modernise payment systems while keeping fraud, identity, and resilience at the core. Because right now, cybersecurity is the barrier that sets the speed limit.