A Low-Latency Zero Trust Framework for Cloud- Based FinTech Systems Using Risk-Based IAM and Selective MFA | IJCT Volume 13 – Issue 3 | IJCT-V13I3P52
International Journal of Computer Techniques
ISSN 2394-2231
Author
Nishant Gaur, Ms. Neetu Kumari Rajput
Abstract
Cloud-based FinTech systems need strong security mechanisms to protect confidential financial operations at the same time it has to maintain low-latency transaction processing. Zero Trust Architecture (ZTA) has emerged as an effective cloud security model based on continuous authentication, authorization, and least- privilege access control to users. However, ordinary Zero Trust implementations sometimes introduce authentication latency and computational overhead due to repeated token validation, mandatory Multi-Factor Authentication (MFA), and continuous access verification.
This paper showcases a low-latency framework based on Zero Trust architecture for cloud-based financial systems using risk-based Identity and Access Management (IAM) and selective Multi-Factor Authentication (MFA). The approach dynamically classifies user requests into different risk categories and applies MFA only to high- risk operations such as money transfer and password alteration and low-risk requests are handled using lightweight token-based authentication.
A prototype implementation was developed using Spring Boot, JWT, MySQL, and Role-Based Access Control (RBAC). Experimental evaluation was conducted by comparing the model with a standard Zero Trust model using authentication latency, computational overhead, and security performance as evaluation metrics.
Prototype results showed that the suggested model reduced response delay, decreased unnecessary MFA prompts, reduced computational overhead, and improved system overall performance while maintaining equivalent security effectiveness.
The finding recommends that adaptive authentication strategies based on risk-aware IAM can highly optimize the security- performance trade-off in cloud-based FinTech systems.
Keywords
Zero Trust Architecture, Cloud Computing, Cloud Security, FinTech, Identity and Access Management, Multi-Factor Authentication, Risk-Based Authentication, Authentication Latency.
Conclusion
This research proposed a low-latency Zero Trust framework for cloud-based FinTech systems using risk- based Identity and Access Management (IAM) and selective Multi-Factor Authentication (MFA).
Standard Zero Trust implementations improve cloud security by enforcing continuous verification, strong authentication, and least-privilege access control. In contrast, existing studies and practical implementations shows that these methods introduce response delay and computational overhead, which is not good for real-time FinTech applications.
To address this issue, the suggested framework introduced:
risk-aware access evaluation,
selective MFA for high-risk operations,
lightweight token-based authentication for low-risk requests.
Experimental evaluation demonstrated that the proposed framework:
reduced authentication latency,
lowered computational overhead,
decreased unnecessary MFA invocations,
maintained equivalent security effectiveness compared with standard Zero Trust implementations.
The findings suggest that adaptive authentication strategies can highly optimize the security-performance trade-off in cloud-based financial systems.
Therefore, the proposed model provides a practical and efficient approach for implementing Zero Trust security model in latency-sensitive FinTech systems.
References
[1]J. J. Diaz Rivera, A. Muhammad, and W.-C. Song, “Securing Digital Identity in the Zero Trust Architecture: A Blockchain Approach to Privacy-Focused Multi-Factor Authentication,” IEEE Open Journal of the Communications Society, vol. 5, May 2024, doi: 10.1109/OJCOMS.2024.3391728.
[2]I. Lee and Y. J. Shin, “Fintech: Ecosystem, business models, investment decisions, and challenges,” Business Horizons, vol. 61, no. 1, pp. 35–46, 2018.
[3]V. Prajapati, “Role of Identity and Access Management in Zero Trust Architecture for Cloud Security: Challenges and Solutions,” International Journal of Advanced Research in Science, Communication and Technology (IJARSCT), vol. 5, no. 3, Mar. 2025.
[4]A. M. Mostafa, M. Ezz, M. K. Elbashir, M. Alruily, E. Hamouda, M. Alsarhani, and W. Said, “Strengthening Cloud Security: An Innovative Multi-Factor Multi-Layer Authentication Framework for Cloud User Authentication,” Applied Sciences, vol. 13, no. 19, p. 10871, 2023, doi: 10.3390/app131910871.
[5]S. Potluri, “A Zero Trust-Based Identity and Access Management Framework for Cross-Cloud Federated Networks,” International Journal of Emerging Research in Engineering and Technology, vol. 5, no. 2, pp. 28–40, 2024, doi: 10.63282/3050-922X.IJERET-V5I2P104.
[6]S. O. Olabanji, O. O. Olaniyi, C. S. Adigwe, O. J. Okunleye, and T. O. Oladoyinbo, “AI for Identity and Access Management (IAM) in the Cloud: Exploring the Potential of Artificial Intelligence to Improve User Authentication, Authorization, and Access Control within Cloud- Based Systems,” Asian Journal of Research in Computer Science, vol. 17, no. 3, pp. 38–56, Jan. 2024.
[7]A. Mosayyebzadeh et al., “A Secure Cloud with Minimal Provider Trust,” arXiv preprint arXiv:1907.07627, Jul. 2019.
[8]
S. Rodigari, D. O’Shea, P. McCarthy, M. McCarry, and S. McSweeney, “Performance Analysis of Zero-Trust Multi-Cloud,” arXiv preprint arXiv:2105.02334, May 2021.
[9]A. Singh, “Blockchain-Enabled Zero Trust Framework for Securing
FinTech Ecosystems Against Insider Threats and Cyber Attacks.”
[10]H. Kumar, “AI and Machine Learning Integration into Cloud-Based Fintech Platforms,” International Journal of Scientific Research in Engineering and Management (IJSREM), vol. 8, no. 10, Oct. 2024.
[11]Amazon Web Services, “Multi-Factor Authentication in IAM.”
[Online]. Available: link
[12]National Cyber Security Centre, “Zero Trust Architecture Design Principles,” Jan. 16, 2026. [Online]. Available: link
[13]National Institute of Standards and Technology, “NIST Special
Publication 800-207: Zero Trust Architecture,” Aug. 2020. [Online].
Available: link
[14]National Institute of Standards and Technology, “NIST SP 800-207A: A Zero Trust Architecture Model for Access Control in Cloud-Native Applications in Multi-Location Environments,” Sep. 2023. [Online].
Available: link
[15]National Cyber Security Centre, “Recommended Types of Multi-
Factor Authentication,” Sep. 26, 2024. [Online]. Available: link
[16]OWASP Foundation, “OWASP API Security Top 10,” 2023. [Online].
Available: link
[17]Reserve Bank of India, “Master Direction on Digital Payment Security Controls,” Feb. 18, 2021. [Online]. Available: link
[18]European Banking Authority, “Regulatory Technical Standards on Strong Customer Authentication and Secure Communication under PSD2,” Apr. 5, 2022. [Online]. Available:link
[19]International Organization for Standardization, “ISO/IEC 27001: Information Security Management Systems — Requirements,” 2022. [Online]. Available: link
[20]International Organization for Standardization, “ISO/IEC 27017: Security Techniques for Cloud Services,” 2015. [Online]. Available: link
[21]Amazon Web Services, “Security Best Practices in IAM.” [Online].
Available: link
[22]Google Cloud, “BeyondCorp Zero Trust Security Model.” [Online].
Available: link
[23]Accenture, “How Security Helps Banking Bridge Modernization Gaps,” Apr. 6, 2026. [Online]. Available: link
[24]Okta, “Risk-Based Authentication: What You Need to Consider,” Sep.
14, 2024. [Online]. Available: link
[25]Verizon, “Data Breach Investigations Report,” 2026. [Online].
Available: link
How to Cite This Paper
Nishant Gaur, Ms. Neetu Kumari Rajput (2026). A Low-Latency Zero Trust Framework for Cloud- Based FinTech Systems Using Risk-Based IAM and Selective MFA. International Journal of Computer Techniques, 13(2). ISSN: 2394-2231.
A Low-Latency Zero Trust Framework for Cloud- Based FinTech Systems Using Risk-Based IAM and Selective MFADownload
Related Posts:
