Connect with us

Finance

CISOs IN FINANCE: HOW TO LEAD THE PRIVACY STRATEGY

Published

on

Sophie Chase-Borthwick, Director of Data Ethics and Privacy, Calligo

 

Privacy is essentially just a data security problem, right? Surely, the requirement to act more responsibly with personal and sensitive data equates to protecting it better, encrypting it and preventing hacks and leaks?

 

Many financial businesses assume exactly this, and that data privacy, whether GDPR or California’s new CCPA, is merely an IT security problem. However, it goes far wider than that.

 

For the chief information security officers (CISOs) that have been assigned responsibility for privacy within their organisation, it can often be seen as an unenviable task. Few boards and and executive teams understand the detail of what is required for GDPR adherence or Privacy by Design to assign enough or the right resource to the task.

 

In fact, we regularly hear stories from financial services organisations of all sizes about shoddy approaches to data privacy, especially GDPR, with some assuming that just because they have a data security function, adherence is a given.


However, as an experienced CISO, you will understand that privacy is not as simple as ring-fencing your data. You will appreciate that because GDPR in particular requires the responsible management and use of data, just as much as its responsible protection, that a privacy strategy needs involvement from every part of a financial organisation, including marketing, HR, sales etc.

 

But many businesses did not think like this. Or more accurately, many CISOs were fully aware of the extent of the task, but were not given the time or resource to address it appropriately. Many were forced to focus on the parts they could fix the fastest and the easiest, predominantly technology and data protection, leaving major gaps in processes and people – the two other equally-important pills of adherence.  

 

Others were bending over backwards to cover the basics of the new requirements, but saw their wider security strategies either derailed or delayed in the process, leaving many financial businesses more susceptible to security breaches than they were before. These are real scenarios that we have seen time and again amongst our clients.

 

So, how is it possible to balance data privacy with wider security strategy? Many argued when GDPR came into force that it represented a huge opportunity for those in CISO roles to change the perception of their input and value to a business; from simple data protection to instead safeguarding data across its entire lifecycle.

 

But how can you put this into practice? How can a CISO build the strategy that achieves the immediate data privacy goal, while enhancing – not weakening – wider data security initiatives, and their own standing?

 

Assess your business holistically

There are eight domains that require addressing for a successful privacy strategy: governance and accountability; risk management; security management; third party management; incident management; personal information management; rights of data subjects; and finally, understanding the scope of your organisation as it pertains to the relevant legislation.

The most obvious observation for many CISOs will be that many of these areas are outside their traditional scope. However, they all need equal attention and they are all unavoidably part of the project they are leading. The trick is to not let yourself focus on only the more easily-addressed “home turf” security areas, nor be drawn by the business too far into the non-security areas.

Ask for help

For some, this will be one of the hardest steps – either personally or politically – but it is essential. As mentioned above, there are eight areas that need addressing equally. This means that assistance from experts across the wider business is vital. No one expects a CISO to be well-versed in the legal rights of data subjects, or in how to build a perfect Privacy Policy, but you will need to recruit support from the internal subject matter experts who are, then act as the intermediary between them all, and lead from the front.

Perform a GAP analysis

Before you can even think about aligning your organisation to a privacy strategy, you must identify your baseline and areas of improvement. What are the minimum requirements within each of the eight areas for your business to be in line with the legislation facing you? And, what constitutes particularly robust observance? Finally, where on this spectrum are you aiming for and how does that compare to your current state?  

Present your action plan

The GAP analysis will have provided you with a starting point and a series of non-conformances to address. The next step is to prioritise the remedial tasks required and plan how they will be executed. It is however imperative to demonstrate that the plan is tied to, but not wholly based on, the security strategy. Sales, marketing, HR, IT etc. must all understand that they have equal parts to play, and be equal in their accountability.


Secure wider resource

The final part of the process is to identify the most suitable individuals to assist. This controlled delegation maintains the CISO’s position as the lead on the project, ensures good project management and execution, while also safeguarding the security team’s resources.

 

It’s clear that a privacy strategy is an organisation-wide initiative and encompasses all areas of technology, people and processes. It requires far more than building higher walls around your data, or simply gaining renewed consent from customers. However, it’s important to remember that this will not be widely understood, and given it is commonplace post-GDPR for CISOs to be handed responsibility for privacy, you will need to take the initiative on a whole host of procedures and processes that span your entire enterprise – and may not be within your comfort zone.

However, get it right and you will engender more trust from within your customer base – an important commercial outcome that you can take no small amount of credit for.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

HOW MERCHANTS CAN IMPROVE THE ONLINE PAYMENTS EXPERIENCE

Published

on

By

By Alan Irwin, Senior Director of Product at Global Payments UK

 

The dramatic increase in online shopping over the past 18 months has encouraged many businesses to invest in developing their omnichannel shopping experiences. The reasons vary – some are keen to capitalise on the trend of older shoppers migrating towards ecommerce and some are trying to make up for loss of sales in brick-and-mortar stores during the pandemic. It is also true that many businesses are shifting their models to sell direct to consumers to avoid high marketplace fees and are therefore building their ecommerce channels for the first time.

The checkout experience is arguably the most important and delicate part of the ecommerce transaction, as it can make the difference between a happy customer likely to return, and a shopping cart abandoned out of frustration and confusion. A survey from March 2020 suggested that 88% of online shopping orders were abandoned, i.e. not converted into a purchase. A seamless, customer-centric online payment experience is therefore critically important in ensuring completed transactions. But with so many payment providers available, what should businesses be looking for when trying to keep friction to a minimum?

 

Keep clicks to a minimum

Less touchscreen interaction equals less abandonment. Adapting the payment page to fit any device and supporting popular mobile digital wallets like Google Pay ensures a seamless, stress- and hassle-free checkout experience for the customer and keeps clicks to a minimum. Friction can present itself in the most minor features – for example, when the customer is navigating the payment form, the appropriate keypad should be shown to the customer when required. It’s much easier to enter a card number using the dial pad instead of switching between QWERTY keypad layouts.

Simplifying online forms with autofill and tokenisation also significantly reduces friction at checkout and shortens necessary time taken. Ensuring checkout forms are tagged correctly for “autofill” is a great way to offer customers a single-click to input the payment, shipping, and billing data that they have stored in their browser profile. Similarly offering a guest checkout option will help convert customers who are in a hurry or looking for a one-off purchase. This can also be achieved by offering to store the payment details (called ‘tokenisation’) for express repeat and one-click purchases.

 

Make it easy to understand

A tailored payments approach can increase both domestic and international global sales. By offering a checkout experience in the customer’s language, the option to pay in their currency of choice, and use their preferred method of payment (whether it’s PayPal, Alipay or card), businesses can build loyalty quickly and put customers at ease. It is equally important for merchants to ensure they always display simple direction and information about next steps to instil confidence and prevent customer drop-off. The customer should be informed of what is happening at every stage in the process, for example, whether they will proceed to SCA (Secure Customer Authentication) next or go straight through to completion.

In addition, validating forms in real-time means merchants can highlight potential errors to the customer early on, and payment providers should provide this functionality. This could be an invalid expiry date, an incorrect digit in the card number or incorrect CVV number based on card type. When issues are only flagged at the end of the process, this forces the customer to go back through the steps to figure out the error. Real-time signposting of problems removes this potential friction and reduces the potential for a declined transaction.

 

Ensure seamless security

Merchants should work with a payment partner who offers the right blend of security and compliance management without it coming at a cost to the end-to-end checkout experience for the user. Instilling trust and security in your checkout flow while utilising the right solutions to drive seamless authentication flows will increase customer confidence and help prevent drop-off.

The greatest level of security and control comes from either utilising hosted payment fields that the
merchant can natively integrate into their checkout flow, or a hosted payment page where they can
manage the look and feel. Showcasing your brand on the checkout page with trust signals and logos also adds to building trust with the customer.

Staying ahead of regulations is also important. Secure Customer Authentication (SCA) will soon be mandatory in the UK for all eligible digital transactions, and this doesn’t have to be a friction-full process. Tools like Transaction Risk Analysis (TRA) and Exemption Optimisation Service (EOS) can quickly score transactions and drive exemptions where there is the right blend of transaction risk.

 

The devil is in the details

These three rules for successful ecommerce checkout experiences may seem straightforward, but it is important to apply them at a micro level. It can take only one minor point of friction to cause a customer to abandon their cart, and this will inevitably be replicated across other similar customers. It is critical to identify friction points early on and anticipate customer needs throughout the process. Discussing these points and any opportunities to improve customer checkout experience with your ecommerce team and payment provider is an important first step towards ensuring your entire shopping experience remains competitively seamless and loyalty is won. It may be that your payment provider cannot address them, in which case it could be time to move on in order to stay competitive.

 

Continue Reading

Finance

NAVIGATING FINANCIAL SERVICES IN 2021: LOW-CODE TO THE RESCUE

Published

on

By

Nick Ford, Chief Technology Evangelist, Mendix

 

Financial services are the poster child of great digital transformation: today, Britons can pay from their watches, check their balance directly from their phone at any time and even automate trading. This level of innovation isn’t only about customers: traders are able to operate faster than ever before thanks to better predictive analysis and forecasting tools, and finance teams are able to collaborate from anywhere in the world.

While we embrace all this innovation, it’s easy to forget that the reality of the sector is incredibly complex. The radical changes induced by COVID-19 have highlighted how challenging maintaining innovation today really is, while putting more pressure on IT teams to accelerate the digital transformation of the sector even further.

On top of this, the sector is one of the most affected by Brexit. Mendix’s Navigating the UK Landscape research found that businesses in the financial services sector have serious concerns about the impact of Brexit on their industry. Many believe that Brexit has damaged the reputation of the UK as a centre of finance (67%) – as well as creating functional challenges for businesses in the country.

Many financial services organisations are turning to technology, and specifically low-code, to deal with these challenges. This piece will look at how firms in the sector can use low-code to navigate the new world.

 

A sea of challenges

Financial services are complex: there are thousands of products to choose from, from savings to investment and mortgages. These services are then managed by lots of different companies, creating an additional level of complexity: banks, fintechs, brokers, wealth management specialists, government bodies… the list goes on. To add yet another layer, there’s a network of regulations, which change over time, forcing IT leaders to constantly keep on top of the latest evolution in the sector. Knowing these is only the first step: every time new laws are implemented, the sector needs to adjust to them, and that can mean anything from revising security protocols to radically changing the way information is processed, transmitted or audited.

This may already look complicated, but the real complexity starts underneath, in the realms of processes that the IT manages to keep the company operating as normal. It would be fair to say that the mission of financial IT leaders is often underrated: they deal with antiquated systems dating back decades, inadequate data management processes and minute security and compliance considerations every day, simply to keep the business afloat. Add to this the need to get all staff to work remotely during the lockdown, and the already time-poor IT leaders are now completely swamped.

Brexit also makes things difficult for financial services organisations. Two thirds anticipate costly and complicated processes for crossborder payments and investments, while 59% believe it will be harder to attract foreign investments. Ultimately, 61% admit they will no longer be able to support some of their customers because of the transition.

 

Tech as a raft

While the sector is mired down with complex processes and inadequate tools, it also needs to deal with a major challenge: fierce competition for tech-savvy customers. Now, all banks, investment firms and wealth management companies are investing in tech to help them cope with new customer demands for easier access to their capital and increased transparency. Two thirds have deployed digital projects to make the business more flexible as a result of Brexit, with data management (62%) and digital processes (62%) particular focal points.

And this is not just about pleasing digitally minded customers: it’s also about improving productivity and operational efficiency, harnessing data, and solving compliance challenges. This balancing act between priorities is gathering pace and spreading across the business: today, IT teams must deliver innovation that’s fast, reliable and secure, and that supports many divisions — all at once. It’s a big challenge, but it’s one that IT leaders are willing to tackle head on: two thirds of IT leaders believe the value of digital transformation initiatives outweighs their inherent risk. Yet, IT leaders know that rushing would be a mistake: although IT teams face high demand for their support, most would not prioritise speed over caution, even if they could innovate faster. This measured pace ensures that financial organisations are delivering the right solutions at the right time, reducing the risk of service disruption and security challenges.

 

Low-code to the rescue

To manage all these priorities, the IT team needs to look beyond its own team to create revenue-generating services that truly answer the clients’ needs – and it needs to empower all developers with the right tools to do so. This improves collaboration between IT and customer-facing staff to design services that suit the needs of the customer base, while reducing the pressure of an already-stretched IT team. Enter low-code: most leaders (58%) say that low-code has enabled the development of new applications to support their companies post-Brexit.

One example of this is a Financial Institution, which perceived its digital user experience lacking and engaged low-code to install a new user experience for its portal, consumer and wholesale digital services. It was able to do this in just eight months, providing numerous benefits to stakeholders.

Low-code software development provides a simple solution to address these constraints and challenges: based on a visual approach for building applications using drag-and-drop components, it enables non-technical staff to participate in creating business applications, even if they have little to no coding experience. Working separately or in close collaboration, professional developers and business-side “citizen developers” can create, iterate, and release applications in a fraction of the time it takes with traditional methods, all under the watchful governance of IT to ensure their applications comply with enterprise standards and architecture.

A low-code approach allows for flexible, iterative app development for many use cases in the financial services sector, including legacy application upgrades to comply with new regulations, apps supporting smart banking or portfolio management, and mortgage application management. With low-code, the financial services industry has the right tools to untangle its complex processes, simplify its evolution and focus on its core mission: keeping the economy thriving.

 

Continue Reading

Magazine

Trending

News19 hours ago

FINTECH COMPANY PAYEN CHOOSES AQILLA FOR ITS LIMITLESS SCALABILITY AND SUPERIOR MULTI-CURRENCY FEATURES

Payen is a fast-growing FinTech company that provides gateway Payment and FX services to online merchants. Having launched in 2010,...

Business19 hours ago

THE ACCELERATION TOWARDS A MOBILE FIRST ECONOMY

By Brad Hyett, CEO at phos   Over the last year, we have seen a big shift towards contactless payments....

News19 hours ago

NEW RESEARCH REVEALS KEY ROLE OF KYC COMPLIANCE IN DRIVING CUSTOMER LOYALTY, ADVOCACY AND NEW BUSINESS

The impact of financial crime for institutions goes beyond crippling fines   A piece of original research conducted by RegTech...

Business19 hours ago

HOW MERCHANTS CAN IMPROVE THE ONLINE PAYMENTS EXPERIENCE

By Alan Irwin, Senior Director of Product at Global Payments UK   The dramatic increase in online shopping over the...

Business20 hours ago

JUMP-STARTING PROCUREMENT TRANSFORMATION WITH A CLEAR AND REALISTIC PLAN

by Alex Klein, COO at Efficio Consulting   Following a period of ongoing economic uncertainty, business spend has risen high...

Finance20 hours ago

NAVIGATING FINANCIAL SERVICES IN 2021: LOW-CODE TO THE RESCUE

Nick Ford, Chief Technology Evangelist, Mendix   Financial services are the poster child of great digital transformation: today, Britons can...

News20 hours ago

PAYSAFECARD AND NEO EXTEND THEIR SUCCESSFUL PARTNERSHIP

paysafecard, a market leader in eCash payment solutions, and NEO, one of the most successful FIFA teams in the world,...

Finance20 hours ago

WHY THE NORDICS WILL CONTINUE TO LEAD THE WAY IN DIGITAL PAYMENTS

Kriya Patel, CEO, Transact Payments   While the recent introduction of PSD2 — the second iteration of the EU’s Payment...

Banking1 day ago

COMBINED RISE OF M&A AND CYBER RISK CREATES STORMY SEAS FOR INVESTORS

UK organisations carrying out merger and acquisition (M&A) activities must improve pre-acquisition due diligence of software vulnerabilities By Philippe Thomas,...

News1 day ago

PPRO CLAMPS DOWN ON FINANCIAL CRIME RISKS, PARTNERING WITH AND INVESTING IN AI-DRIVEN TRANSACTION MONITORING STARTUP SENTINELS

PPRO, the leading local payments infrastructure provider, has today announced a strategic partnership and minority investment in Sentinels, Europe’s leading transaction...

Business2 days ago

EMV® IN TRANSIT: WHY AND HOW?

Taoufik Sakhi, Smart Mobility Technical Advisory Director at Fime   Today, contactless cards provide a fast and frictionless payment experience,...

News2 days ago

INSTANDA ENTERS THE MIDDLE EASTERN MARKETPLACE

INSTANDA expands global footprint by working with new client, NewTechMe  First product distributed in the Middle East  Announcement signals INSTANDA’s understanding of NewTechMe’s vision to drive digital transformation in UAE...

News2 days ago

RGU LEADS EUROPEAN INTER-REGIONAL NORTH SEA PARTNERSHIP TO HELP HOMEOWNERS IMPROVE ENERGY EFFICIENCY

NB: Image from left to right includes:   Mike Bauermeister, Kishorn Insulations, Jamal Alabid, RGU, Amar Bennadji, RGU, Richard Laing, RGU,...

News2 days ago

JUMIO APPOINTS JENNIFER N. HARRIS TO BOARD OF DIRECTORS

Addition of veteran CFO comes amid period of record growth and product expansion at Jumio   Jumio, the leading provider...

News2 days ago

WISE LAUNCHES ASSETS, YOUR WISE ACCOUNT INVESTED IN THE WORLD’S LARGEST COMPANIES

Assets offers current account flexibility, with the potential for investment returns Wise, the global technology company building the best way...

Finance2 days ago

A CHECKLIST FOR RETRENCHMENT READINESS

By Shelley van der Westhuizen, head of financial well-being strategy & applied research at Alexander Forbes   Your health may not...

News2 days ago

EQUIDUCT LAUNCHES TRADING IN EXCHANGE TRADED FUNDS FOR RETAIL INVESTORS IN EUROPE

Equiduct will offer 436 ETFs and ETPs for trading through Apex   Equiduct, the pan-European retail exchange, announced today that...

Finance4 days ago

THE IMPORTANCE OF MANAGING DATA RISK IN THE FINANCE FUNCTION 

Written by Steph Charbonneau, Senior Director of Product Strategy, Vera by HelpSystems     CFOs and financial controllers play a pivotal role in how organisations evaluate and manage...

Business4 days ago

THE DEMAND FOR BETTER B2B PAYMENTS

By Brandon Spear, CEO, TreviPay   Business-to-consumer (B2C) payments started adapting to digital processes when consumer shopping habits began shifting...

Finance4 days ago

HOW TO BUY USDT AND AVOID THE HIGH VOLATILITY OF CRYPTO

Understanding and breaking down all the different types of crypto can feel like a huge task—there are so many variations...

Trending