Connect with us

Banking

CRYPTOCURRENCY EXCHANGES MUST TACKLE THEIR CYBERSECURITY ISSUES

Published

on

By Andrew Shikiar, executive director of the FIDO Alliance

 

Cryptocurrencies are becoming mainstream. Despite recent dramatic price falls after bitcoin hit an all-time high of around $65,000 in April, interest in owning cryptocurrency has continued to grow this past year. A report from the Financial Conduct Authority released last month estimated that around 2.3 million UK adults now own some form of cryptocurrency, up 21% over 12 months, and that 78% of the population have now heard of cryptocurrency.

Andrew Shikiar

However, alongside this growing interest in cryptocurrencies is a significant increase in cybersecurity risks. Investors need to be aware of these risks and the industry must do all it can to make cryptocurrency safer.

The first main issue is rising crime, as new crypto investors are targeted by scam artists, fraudsters and cyber criminals.

Nearly $3.78 billion was stolen in 122 blockchain-related attacks throughout 2020, equivalent to $10 million a day. Meanwhile, according to the US Federal Trade Commission, nearly 7,000 people lost more than $80 million in scams between October 2020 and March 2021 — a 1,000% increase from the year before.

These scams range from fake currency exchanges to phoney giveaway websites offering free cryptocurrency. In March, scammers took advantage of the highly publicised appearance of Tesla CEO Elon Musk on US comedy show “Saturday Night Live” to steal around $10 million worth of various cryptocurrencies.

Investors are particularly vulnerable as there is virtually no way to protect their accounts from theft; in the world of cryptocurrency, there are no guarantees. Traditional banks will generally cover losses if you are the victim of fraud or identity theft, while the Financial Services Compensation Scheme will protect UK consumers when a financial firm fails, but there is no equivalent scheme protecting your crypto assets.

In order to prevent theft, it is essential to enable secure access to these cryptocurrency assets. However, this is where we encounter the other major cybersecurity issue concerning cryptocurrency: how do we enhance security while also that investors can always access their accounts?

 

Security issues and problematic passwords

Many accounts are initially set up using passwords or other knowledge-based authentication (KBA) – both of which are inherently unfit for purpose to protect high-value accounts.

Specifically, passwords simply aren’t suitable for securing high-value accounts, because they can be easily compromised, either through phishing attacks (a form of social engineering where a victim is tricked into divulging their personal information, such as login credentials) or outright theft by purchasing one of the 15 billion credential pairs that are readily available on the dark web.

Furthermore, if you forget your password, you may have trouble recovering access to your account. There are several high-profile news stories of cryptocurrency investors being locked out of a fortune after forgetting a crucial password, such as that of German bitcoin trader Stefan Thomas, who has lost the password to hard drive containing the key needed to access to a digital wallet containing 7,002 bitcoins, currently worth around $165 million.

Meanwhile, KBA suffers from several problems, such as a user’s inability to remember a key piece of information or the wide availability of personal information on the internet through social media or data leaks. It also is possible to buy huge amounts of personal data from the dark web for relatively little cost.

Even if an account is protected by traditional two-factor authentication, such as requiring a code sent via SMS, attackers use SIM swapping and other techniques to get the code sent to their phone instead of the intended recipient. These methods as well as dedicated authenticator apps are also vulnerable to replay attacks – where the cybercriminal injects themselves into the authentication flow, unbeknownst to the account holder.

Using these approaches, cryptocurrency account takeovers are occurring more and more frequently. Once inside an account, criminals can quickly empty its contents, as almost all transactions are finalised within minutes and not easily reversible. Cryptocurrency exchanges themselves are also commonly targeted; in 2020, there were 28 exchange breaches, totalling over $300 million in losses.

Unfortunately, there are few pre-established trust relationships between users and the exchange or wallet provider. Many users have experienced terrible customer support with these exchanges, often having to wait for weeks or even months to regain access to their accounts, simply because it is so difficult to prove that they are the rightful owner.

 

How modern authentication can protect digital assets

So how do we address these issues? The answer lies in moving away from knowledge-based authentication to possession-based authentication. In this scenario, all cryptographic login credentials are stored on a physical device, like a smartphone or security key, that the account holder – and only the account holder – is in possession of.

This approach is proven to be resistant to phishing and account takeovers, and the technology is already embedded into billions of devices worldwide and available to anyone using a modern internet browser.

Crypto exchanges are already aware of these benefits and several have already added support for the FIDO(Fast IDentity Online) possession-based authentication protocols, including Coinbase, Binance, and STEX. Gemini was an early adopter of FIDO for both its smartphone app and web browser, with a growing percentage of its users protecting their accounts with FIDO authentication by purchasing FIDO Certified security keys.

However, standardised authentication alone cannot solve security issues unless it is adopted widely throughout the industry. A consistent approach to security and standardised authentication flows across exchanges, as well as for digital and physical cryptocurrency wallets, is desperately needed to protect investors and their assets – and these best practices should be universally encouraged to all users, across exchanges More can and needs to be done to take the onus of protection away from individuals and onto the institutions.

In conjunction with this push towards possession-based authentication, users should be required to have multiple authenticators to assist with account recovery for each cryptocurrency exchange – whether that is two security keys or a security key and a biometric authenticator. Having multiple account recovery keys for each exchange will reduce pressure on customer support and help users who lose a device. It would also offer users a choice of stronger authentication options.

Finally, exchanges should eliminate using less secure backup and recovery options such as using SMS or other knowledge-based factors. This will help improve overall security, especially for account recovery.

For the crypto industry to reach its full potential, exchanges must balance cryptocurrency’s anonymity and privacy with the security needed for accounts and assets. Following in the footsteps of exchanges like Gemini and enabling users to fully secure their accounts would help to protect customers from phishing attacks and account takeovers, without sacrificing convenience and privacy.

 

Banking

Augmented automated underwriting and the evolution of the life insurance market

Published

on

By Alby van Wyk, Chief Commercial Officer at Munich Re Automation Solutions

 

It’s almost inevitable. Spend your working life identifying, analysing, quantifying and ascribing monetary value to risk, and you’re likely to have a fairly strong aversion to it. Or more accurately, an aversion to undertaking new endeavours with inadequately understood consequences. The insurance industry is, on any number of levels, the very definition of risk-averse.

And yet, for all the commentary suggesting otherwise, insurance still has an appetite for innovation. If the insurtech sector is any indication, then an interest in and requirement for new solutions is being recognised and slowly addressed.

Declan O’Neill

It may not employ the language of disruption that runs through the wider fintech market, it may be short a few unicorns and unable to boast some of the record-breaking funding rounds, but a quiet tech evolution has been building in insurance nonetheless. Hence the advent of automated underwriting facilitated by more advanced algorithms and data analysis.

Where insurtech does overlap with its more vocal fintech counterparts is in the greater use of artificial intelligence (AI) and machine learning to solve age-old problems around data analysis and interpretation.

It’s about five years or so since AI first became a topic of conversation in insurance. Since then, despite the intensity of the debate, it has often felt like a reality that is always just over the horizon – a destination that kept moving even as more and more efforts were directed towards it.

But recent research suggests that the journeys made so far have not been in vain. We are at a point where embracement of AI is about to step up a gear. The global value of insurance premiums underwritten by AI have reached an estimated $1.3 billion this year, as stated by Juniper Research; but they are expected to top $20 billion in the next five years. As a destination, it is closer and more attainable than ever before.

However, AI is not an island. Its promise of $2.3 billion in global cost savings to be achieved through greater efficiencies and automation of resource-intensive tasks will not be achieved in isolation.

AI remains part of a more complex ecosystem of data gathering and analysis. It can apply new technologies to get the best out of the already established and still-emerging data sources that feature in underwriting offices around the world. It emphatically does not require these existing investments to be ripped out, replaced or downgraded.

It is more helpful therefore to see AI as the differentiating factor in the latest generation of insurance IT: augmented automated underwriting, or AAU for short.

AAU gives underwriters the ability to spot patterns and connections that are, frankly, either invisible to the human eye or which take normal, human-assisted processes unfeasible amounts of time and resource to identify.

Whereas earlier generations of automation were able to pick up the low-hanging fruit of insurance markets – the individuals whose driving history fit into clearly delineated boxes, for example – AAU can take into account all of the rich complexity of the human experience. It can spot the nuances and individualities that populate the life market, for example, and translate those into accurate policies.

That’s good news for both underwriters and their customers. AAU can significantly reduce the need for separate medicals, repeated questions, lengthy decision-making processes, and drastically increase the speed at which a potential insurer can get a quote and cover – while continually improving the way risk is calculated and managed.

It can make sure the decision-making process remains in the hands of underwriters rather than IT departments, enabling them to set and update the rules and parameters as befits their preferred business model. It consequently makes advanced, complex and precise decision-making available to a broader range of underwriting businesses – which is good for those businesses, good for customers and ultimately good for the entire industry.

AAU – augmented automated underwriting – is an example of the realisation of AI’s promise. As such, it’s set to become one of the key talking points and disruptive technologies of the insurance industry. And this time, AAU is both a journey and destination that all progressive insurance organisations need to be considering for their future operations.

 

 

Continue Reading

Banking

ESG in the finance and banking industry – are you ready?

Published

on

By Julian Moffett, CTO BFSI, EDB

 

Environmental, Social and Governance (ESG) has soared towards the top of banking, financial services, and insurance (BFSI) and other boardroom interests. Organisations everywhere know they need to take ESG and greenhouse gas emissions (GHGs) seriously not only because it is the right thing to do for the future of the planet or because it can help attract and retain talent, but also, because failing to do so may pose a risk to the economic value of their businesses and encourage probes by governments, watchdogs and non-execs. However, complying with complex reporting and going the extra mile to actually deliver on the goals of the rules is a challenge in many ways, not the least of which is in achieving the required excellence in data management to underpin strong reporting on ESG.

 

What is ESG? 

Julian Moffett

ESG is an umbrella term that covers a broad gamut of activities. Gartner defines ESG as “…a collection of corporate performance evaluation criteria that assess the robustness of a company’s governance mechanisms and its ability to effectively manage its environmental and social impacts.”

The CFA Institute describes the environmental element as focusing on “the conservation of the natural world” and includes measuring “climate change and carbon emissions,” “air and water pollution” and “biodiversity” among many other measures. Social considers “people and relationships” looking at areas including “customer satisfaction,” and “gender and diversity.” Governance covers “standards for running a company” and analyses factors such as “board composition,” “audit committee structure” and “audit committee structure.”

 

Status of the current regulatory environment

There are many bodies proposing rules to formalise ESG monitoring and seeking to ensure corporate compliance. Some example groups, frameworks and bodies:

  • The Task Force on Climate-related Financial Disclosures (TCFD)
  • Streamlined Energy and Carbon Reporting (SECR)
  • The International Regulatory Strategy Group (ISRG)
  • The Sustainability Finance Disclosure Regulation (SFDR)
  • The International Sustainability Standards Board (ISSB)
  • The Sustainability Accounting Standards Board (SASB)
  • Sustainable Development Goals (SDGs), the Global Reporting Initiative (GRI) support efforts such as the US SEC’s Climate and ESG Task Force.

Financial services organisations are very aware that the current regulatory landscape is far from mature (and will continue changing) both in terms of alignment between bodies and also with regard to when the new rules will come into effect. At the of time of writing:

  • The requirement for Scope 2 disclosures (see below for description) for the Sustainable Finance Disclosure Regulation (SFDR) will likely come into effect in 2023
  • A proposed Corporate Sustainability Reporting Directive (CSRD) should be agreed by the European Parliament this year for implementation in 2024 to report on performance in 2023.
  • Meanwhile, the SEC has just released its proposed rules for climate-related disclosures, which,if passed in legislation, may come into effect as early as year end 2022.

 

Reporting Obligations 

Reporting can cover a wide range of areas covering energy consumption, GHG emissions, water consumption and waste management to health and safety, labour rights, diversity and inclusion to ethical conduct, and even areas such as appropriate executive compensation.

While the regulatory reporting obligations are not yet finalised, the expectation is that compliance may prove to be an onerous task. For example, organisations are under pressure to monitor carbon emissions but even so-called Scope 1 emissions (those that come from owned or controlled emissions) can be hard to track. Factor in Scope 2 (indirect emissions such as purchased power) as well as Scope 3 emissions from up and down value chains, and the reporting task at hand is difficult indeed.

To measure, monitor and manage in addition to staying on the right side of rules, organisations need to have excellent data management fundamentals, strong reporting tools and a new class of applications, which also have the agility to adapt to rapidly changing regulatory demands. Data will be used both to support decarbonisation measures but also to identify where there are disclosure gaps. It was telling that when the SEC issued a press release on its Enforcement Task Force, it specifically referred to data:

“The task force will also coordinate the effective use of Division resources, including through the use of sophisticated data analysis to mine and assess information across registrants, to identify potential violations.”

Having reliable data comply with emerging rules isn’t the only essential requirement for organisations. Institutions need such data to understand where they are in their journey to sustainability, so that they can set sensible targets and track progress against them. Organisations will have to cover the data trifecta of availability, management and transparency. Many organisations may be stuck in the early stages of managing ESG, overly relying on manual processes, spreadsheets and email. But their target should be to get to real-time data insights that are easily visualised, understood and shared. As a foundation, BFSIs need to capture, manage and securely share data reflecting consumption and safety to emissions, financials and data from surveys measuring results against ESG targets. Data emanating from ERP and other back-office systems, performance data from third-party associates, media and social network coverage, spatial/geolocation systems and beyond should also be factored in.

 

Actually reducing GHGs

Organisations are using a wide variety of ways to reduce emissions and improve their footprints from using renewable energy sources to making secondary use of energy; for example, in the case of one university, this is done through capturing data centre heat in hydroponics. For IT, making broader use of multitenancy in cloud computing and hosting services is a popular way to reduce emissions. Not only do these large data centres offer an economy of scale, they also tend to be state of the art in their use of renewables and highly efficient hardware and other infrastructure. Gartner, in an article titled The Data Centre Is Almost Dead, says it expects 80 percent of enterprises will close in-house datacenters by 2025. For me, the jury is out on this one but an interesting one to monitor going forward.

 

Conclusion

We are at the start of a very significant inflection point in regulatory and consumer expectations around ESG. BFSIs should be under no illusion that momentum is building rapidly in terms of having to address strict reporting requirements and implement strategies to reduce GHGs.

However, we also see this as a time of positive change. As the leading provider of Postgres, EDB is excited to help organisations further their ESG goals as the journey unfolds. We are closely monitoring the implications of ESG regulations as they will give rise to a new class of applications and drive adoption of green data centres. We see OSS, including Postgres, as playing a key role in this shift as often the movement to private and public cloud helps accelerate application modernisation and enables displacement of outdated incumbent technology (including database) platforms. As the leading provider of Postgres, EDB is excited to help organisations further their ESG goals as the journey unfolds.

 

Continue Reading

Magazine

Trending

Business2 days ago

Financial Stability Board Gives Full Support to Wide LEI Use in Global Payments

Clare Rowley, Head of Business Operations at the Global Legal Entity Identifier Foundation The strongest recommendation yet by the Financial...

Business2 days ago

On-demand pay: why payroll needs a modern approach

Byline:  Paul Bartlett, CEO, CloudPay   While the world of work has evolved drastically over the last decade, payroll has...

Business2 days ago

 ‘What should real estate investors be doing now – has the market hit rock bottom or is now the time to buy?’

Following many years of housing prices soaring and competition steadily increasing, real estate growth has finally started to slow, likely...

Business3 days ago

Expert Guide for Email Marketing to Improving Your Conversion Rates

If you talk about email marketing campaigns, it would seem like an old-fashioned advertising style. But it is still an...

Banking5 days ago

Augmented automated underwriting and the evolution of the life insurance market

By Alby van Wyk, Chief Commercial Officer at Munich Re Automation Solutions   It’s almost inevitable. Spend your working life...

Banking6 days ago

ESG in the finance and banking industry – are you ready?

By Julian Moffett, CTO BFSI, EDB   Environmental, Social and Governance (ESG) has soared towards the top of banking, financial...

Top 107 days ago

An Entrepreneur’s Guide to Investing in Bitcoin

Marcus de Maria, Founder and Chairman of Investment Mastery.   Over recent years, Bitcoin has been steadily growing in popularity...

Business7 days ago

Overcoming macroeconomic challenges

By Mike Chambers, formerly CEO of Bacs and a consultant at Access PaySuite.   For businesses offering a subscription-based service, the...

Banking1 week ago

How unlocking the potential of tokenised markets can help banks keep pace with the digital economy

Giulia Secco is the Strategic Partnership & Ecosystem Manager at Fnality International.   In the aftermath of the 2008 financial...

Banking1 week ago

The role of Artificial intelligence in compliance at banks

Sujata Dasgupta, Global Head – Financial Crime Compliance Advisory, Tata Consultancy Services   There’s not a financial institution across the...

Technology1 week ago

Scaling securely in the automation-first era

By Brandon Traffanstedt, Sr. Director, Field Technology Office at CyberArk   Robotic process automation (RPA) has been one of the...

Business2 weeks ago

Putting technology to work on entrepreneur fund-raising

By Simon Glass, CEO, Qodeo   Human relationships are behind the most successful venture capital deals. The chemistry between an...

Finance2 weeks ago

Why leveraging strong identity verification is the key to remaining competitive for financial services

By Philipp Pointner, Chief of Digital Identity at Jumio   With the recent revelation that Facebook is allowing sales of...

Business2 weeks ago

AI and Super Apps to BNPL : How fintech can help the cost-of-living crisis

By Anna Porra, European Strategy Director at Marqeta   As the cost-of-living continues to increase, financial wellbeing is becoming a...

Interviews2 weeks ago

Interview with Devin de Vries, founder and CEO at WhereIsMyTransport

Where did the idea for WhereIsMyTransport come from? At WhereIsMyTransport, we are working to ensure that better data and technology...

Business2 weeks ago

Tips to Overcome ESG Data Selection Challenges

Gediminas Rickevičius, VP of Global Partnerships at Oxylabs   Environmental, Social, and Governance (ESG) guidelines promise better investment outcomes with...

Business2 weeks ago

The payments boom explained…  

Kosta Du   It has been clear for a while that we are quickly moving into a cashless society –...

Business2 weeks ago

Automation – the key to ensuring your organisation survives tough times and thrives

By Paul Sparkes, Commercial Director   Business is going to get tougher Your cashflow is under increasing pressure. The very...

Business2 weeks ago

How automated Digital Adoption Platforms (DAPs) improve customer engagement within financial services

By Khadim Batti, Co-founder and CEO of Whatfix   Automation is everywhere across financial services;. McKinsey notes that up to...

News2 weeks ago

Why Anti-Money Laundering is no longer just a tick box exercise

Tremors following Russia’s invasion of Ukraine have been felt around the world. At a time when customers are already demanding...

Trending