Financial technology (FinTech) systems face escalating internal threats and advanced persistent threats (APTs), rendering traditional perimeter-based security models ineffective. To address this, this paper proposes a blockchain-enabled zero-trust security framework grounded in the principle of “never trust, always verify,” enabling dynamic access control and micro-segmentation. The framework innovatively leverages blockchain as a unified policy engine, enforcement point, and tamper-proof storage layer—thereby eliminating single points of failure. It integrates Ethereum smart contracts, multi-factor authentication (MFA), role-based access control (RBAC), and just-in-time (JIT) privilege management. Security validation of the decentralized application (DApp) is rigorously conducted using STRIDE threat modeling. Experimental evaluation on a 200-node network demonstrates significant security enhancement, bounded latency overhead, and native support for Layer-2 scalability optimizations.

Fintech provides technological services to increase operational efficiency in financial institutions, but traditional perimeter-based defense mechanisms are insufficient against evolving cyber threats like insider attacks, malware intrusions, and Advanced Persistent Threats (APTs). These vulnerabilities expose Fintech organizations to significant risks, including financial losses and data breaches. To address these challenges, this paper proposes a blockchain-integrated Zero Trust framework, adhering to the principle of "Never Trust, Always Verify." The framework uses Ethereum smart contracts to enforce Multi Factor Authentication (MFA), Role-Based Access Control (RBAC), and Just-In-Time (JIT) access privileges, effectively mitigating credential theft and insider threats, the effect of malware and APT attacks. The proposed solution transforms blockchain into a Policy Engine (PE) and Policy Enforcement Point (PEP), and policy storage, ensuring immutable access control and micro-segmentation. A decentralized application (DApp) prototype was developed and tested using STRIDE threat modeling, demonstrating resilience against spoofing, tampering, and privilege escalation. Comparative analysis with Perimeter-based systems revealed a trade-off: while the framework introduced a marginal latency increase (74.0 ms vs. 49.33 ms) and reduced throughput (30.77 vs. 50.0 requests/sec), it significantly enhanced security by eliminating single points of failure and enabling tamper-proof audit trails. Experimental validation on a 200-node simulated network confirmed the framework's robustness, with future optimizations targeting Layer-2 solutions for scalability. This work bridges the gap between Zero Trust theory and practical blockchain implementation, offering Fintech organizations a decentralized, cost-effective security model.