There is a rush to improve speed, convenience and user experience in financial interactions, but at what cost to security?
While for the most part bankers are positive about their ability to improve their financial performance in 2018 and beyond, evolving risks – particularly cyber risk – are no doubt preoccupying their thoughts. A recent report by professional services firm, EY, puts cybersecurity as the number one priority for banks in the coming year, and it comes as no surprise, especially with Britain’s National Cyber Crime Unit data showing 68% of large UK businesses across sectors were subject to a cybersecurity attack or breach in the past 12 months.
It’s a mounting problem, and the financial services industry needs to fight back. Here are the four key ways of countering the continuing threat to banks’ cybersecurity – and it’s a case of fighting cyber with cyber.
1. Artificial intelligence
Like it is in retail and manufacturing, for example, artificial intelligence (AI) and advanced analytics will play a key role in banking moving forwards.
And the financial services industry is looking to this technology to play a major part in the prevention of cyberattacks, reducing conduct risk and improving monitoring to prevent financial crime. Mitigating such external and internal threats is critical to both business continuity and limiting operating losses, and so AI shouldn’t be overlooked as a key tool in reaching this goal.
2. Electronic identification
In order to meet the regulatory technical standards, which will be enforced in September 2019 as part of the European Union’s PSD2 payments legislation, the number of transactions requiring two-factor authentication will rise in the coming months.
What has been deemed by the industry as “Strong Customer Authentication” will be required, and this should result in payments and account access relying on customers providing and using a combination of the following: something they know, like a password; something they have, like a phone or card; and something they are, such as a fingerprint.
More factors equals more security is the industry theory here.
Which leads us neatly on to point three: biometrics. This push for two-factor authentication and new electronic identification will pave the way for more biometrics use. With some of the largest players in card payments, including Mastercard, investing heavily in such solutions, we expect others to start to follow suit.
As Ajay Bhalla, president for global enterprise risk and security at Mastercard, puts it: “The use of passwords to authenticate someone is woefully outdated, with consumers forgetting them and retailers facing abandoned shopping baskets.
“In payments technology this is something we’re closing in on as we move from cash to card, password to thumbprint, and beyond to innovative technologies, such as AI.”
According to the EY research report, 20-40% of financial service providers are investing in blockchain now and are planning to increase investment, while approximately the same percentage are investing now but planning to reduce expenditure.
Either way, it shows that Blockchain is very much on the agenda for banks. The main attraction of blockchain is that it creates an indelible audit trail which is distributed across multiple servers, so there’s no single weak link for cyber attackers to target. This provides banks with unparalleled transparency and increases trust.
Blockchain also has the potential to make a complex global financial system less complicated and reduce the number of middlemen involved in the transferring of money.
So, that’s the technology on offer, but what are the next steps?
Unless banks collaborate more with their peers, or improve their use of the wider ecosystem, the required investment in advanced technologies to address issues of growing cybercrime will be substantial and could strain their ability improve financial performance and grow their businesses.
And, as bank leadership teams focus on investing in the relevant people and technology – and it is the combination of both that’s crucial here – to enhance cybersecurity, they may struggle to find the right skillsets or the right methods for integrating cyber experts into their organisations.
Raising their knowledge of the technology available to help stem the tidal wave of cyber threats is a key requirement for banks, if they don’t want to end up washed up on the shore as a result of their defences being breached.