By Piers Wilson, Head of product management, Huntsman Security
In recent years we’ve seen a huge financial fallout for organisations that have suffered large-scale cyber attacks; from the £500,000 slapped on British Airways for the 380,000 compromised card payments of customers, to the possible $915m fine that Marriott may face following the enormous data breach last year. These repercussions are only likely to worsen as the volume and severity of attacks increases. For instance, the General Data Protection Regulation (GDPR)’s arrival last year means that companies now face fines of up to 4 percent of global revenues or €20 million, whichever is greater.
In light of these risks, cyber-insurance is emerging as a safety net offering businesses protection if the worst happens. Far from being a luxury, there is every possibility that cyber-insurance will soon become a necessity for any organisation storing personal data. In the same way that drivers are required by law to have motor insurance, businesses may be obliged to have measures in place to guarantee compensation for customers left at risk by any data breach.
Eligibility: Proof is Paramount
Unfortunately, as with motor insurance, even if cyber insurance becomes an obligation, getting insured may be difficult or expensive. Insurance companies will only provide policies to organisations that are insurable; either through low risk, or because they are prepared to pay significant premiums. To lower their premiums, organisations will have to prove they are a low risk by taking sufficient steps to protect their sensitive data. Just as home and contents insurers require policy holders to have locks on all the doors and windows, businesses must be able to demonstrate that they have the appropriate systems and processes in place to protect their data.
However, anyone who has taken out home insurance will testify that there’s a big difference in premium between having a simple lock on a door, and having multi-point locks and a burglar alarm. In an age of organised cybercrime, state-sponsored cyber-attacks and advanced cyber-threats, merely having anti-virus software and firewalls is unlikely to be enough. Organisations should therefore consider reinforcing their current defences and adopting a more progressive approach to cybersecurity; in turn encouraging insurers to offer more affordable policies.
Shaping your premium
As when taking out any insurance policy, the first thing organisations will need to do is establish the exact risk they face in order to determine their premium. This is critical for two reasons. First, a more accurate assessment will allow a more accurate, and ideally better-priced, premium. Second, by auditing their defences in this way, organisations will face less risk that their claims will be refused if the worst eventually happens. Much like a driver who states their car is always parked in a locked garage will have a hard time claiming if it’s stolen from the street outside their house, organisations that are found to have over-stated their security capabilities could be in for a nasty shock.
At its most basic, any risk assessment needs to consider the kind of data that is being stored, and what level of security it is defended by. Identifying where the most valuable data resides will help predict where attackers are most likely to strike, and to thereby assess whether current security measures are strong enough. As part of this, organisations should also consider whether appropriate access controls are in place. For example, there’s no need for a receptionist to have access to sensitive financial data, so their privileges should not extend to that information.
Organisations will also need to demonstrate their preparedness in the event of an attack. The faster an organisation can react, and the more it can minimise any potential damage, the lower its premiums will be. For instance, businesses must have the ability to monitor their systems for any suspicious behaviour that indicates data is being accessed or used in ways that it shouldn’t; whether that is by an employee or by an unknown party. This capability can prove particularly useful in identifying potential threats before real damage has been done, safeguarding company data and helping to bring down cyber-insurance premiums by reducing impacts. With attacks showing no signs of slowing down, these processes should be automated as much as possible, otherwise the potential savings will be offset by the fact that security teams are dealing with a blizzard of alarms, both false and all too real.
Given that cyber-risk is increasing continually, those that choose not to insure against it risk leaving themselves, and thereby their customers, vulnerable to potentially catastrophic consequences. Organisations must recognise that an ounce of prevention is always better than a pound of cure, and while an insurance policy provides an indispensable safety net, they must focus on doing all they can to avoid becoming a casualty in the first place.
DISPELLING BIOMETRIC MYTHS AND MISCONCEPTIONS
By Lina Andolf-Orup, Head of Marketing at Fingerprints
Gangsters cutting off enemies’ fingers to access secret locations and spies lifting fingerprints from martini glasses – the imagination of the entertainment world has been running wild ever since biometrics entered the scene.
Couple that with the limitations of some early biometric solutions from fifteen years ago, still anchored in the minds of many consumers, and you have the perfect recipe for an apprehensive and uncertain public.
Thawing lukewarm attitudes with a biometric touch
The biometrics industry has made great strides in the last few years – something particularly true for smartphones. Fingerprint authentication has replaced PINs and passwords as the most popular way to authenticate on mobile, with 70% of shipped smartphones now featuring biometrics.
And it doesn’t end there. Many adjacent markets are now eager to benefit from the secure and convenient authentication solutions that biometrics offer. Take the payments industry, for example, where biometrics payment cards are currently gathering real momentum.
However, some consumers are still uneasy about accepting biometrics. A recent study found that 56% of US and EU consumers are concerned about the switch to biometrics as it’s not enough understood to be trusted.
Although attitudes are shifting for the better, stats like this demonstrate there is still some work to do to disprove common biometric myths and showcase just how smart today’s solutions really are.
Dispel, adopt, repeat
The evolution in consumer biometrics in the last two decades has been phenomenal. And today’s solutions are far more advanced and safe than many may think.
To help bring an end to the myths, let’s expose some of the most common misconceptions around biometrics.
Myth: Biometric data is stored as images in easy-to-hack databases.
A leading myth about biometrics is that when a fingerprint is registered to a device, it is stored as an image of the actual fingerprint. This image can then be stolen and used across applications. In reality, the biometric data is stored as a template in binary code – put simply, encrypted 0s and 1s. Storing a mathematical representation rather than an image makes hacking considerably more challenging. In most consumer applications, this template is also not stored in a cloud-based location, its securely hosted in hardware on the device itself for example in the smartphone, in the payment card. Thus, it stays privately with its owner.
Myth: Fingerprints can be easily replicated to ‘trick’ devices.
The internet is full of articles and videos that claim it is possible to use materials from cello tape to gummy bears to craft fingerprint spoofs and access biometric systems. Although there may have been a time where gummy bear spoofing was the go-to party trick, todays’ consumer biometric authentication solutions have too many technological defences, such as improved image quality and matching algorithms, to simply ‘trick’ devices. Plus, on top this, the criminal needs to have access to the person’s device where this fingerprint is enrolled e.g. smartphone, payment card, before he/she notices and blocks it. This is not scalable nor common, in comparison to gaining access to someone’s PIN code or skimming a contactless card.
Myth: Physical change will prohibit access to my device.
Although our irises don’t change as we age, our fingerprints can and our faces will. Does that mean we have to update our biometric devices every few months to capture these changes? Not quite! Unless there are drastic, sudden changes, the ‘self-learning’ algorithms in modern-day biometric systems are able to keep up with our developing looks.
Who you gonna call? Mythbusters!
These are just some of the common biometric myths and misunderstandings perpetuating in consumer mindsets. Thankfully, though, while we’re working hard to rid the world of the myths, belief in the value of biometrics is only expected to grow. But as solutions expand and diversify, the myth-busting fight will continue.
Fingerprints has been a leader of innovation in biometrics for the last two decades. We’re proud of the expertise and R&D we’ve been able to pour into our biometrics solutions to deliver stronger security and a better user-experience. To learn more about the most common biometric misconceptions and the modern-day technology that allows us to dispel them, download our eBook here.
WHAT EVOLUTIONARY AI MEANS FOR FINANCIAL SERVICES
by Babak Hodjat, VP of Evolutionary AI at Cognizant
Many banks and other financial services institutions (FIs) are beginning to recognise the benefits of AI-driven solutions as a way to get ahead in the market and challenge the competition. Amongst many other benefits, the technology enables organisations to offer hyper-personalised customer experience, dramatically improve internal decision making, and drive operational efficiency. However, many businesses are struggling to move beyond the experimental phase and reach actual AI deployment. It is those organisations that are at risk of being left behind.
The financial world has already been transformed by AI, and this transformation is continuous. A new breed of AI, known as ‘evolutionary AI’ has begun to further accelerate innovation. It is capable of automatically designing itself with little need for explicit programming by humans – innovatively creating complex AI models, and optimising decisions considering multiple scenarios.
This technology is revolutionary for industries across the world, but in particular it is set to transform the financial services sector. Enabling businesses to spot novel strategies that would never have been identified by human data scientists, and, in turn, allowing companies to take full advantage of today’s massive data sets – evolutionary AI will soon be a vital tool in all FIs’ arsenals.
The nuts and bolts of evolutionary AI
Emerging technologies that enable AI algorithms to design themselves are allowing organisations to transcend human limitations. Evolutionary AI operates iteratively. Firstly, it randomly generates a set of potential solutions to form an initial population and assigns a score to each solution based on how well it performs relative to other solutions. In the second round, it retains the solutions that performed best, perhaps only 5% of the total, and recombines their components, sometimes “mutating” them to create a new population. This new population is then tested, and the process begins again. Over multiple generations, the appropriate components of the more successful solutions become increasingly prevalent in the population, and eventually a solution is discovered that yields the best outcomes.
Advantages and use cases
Compared to human design, evolutionary AI can be deployed far more quickly, avoids biases and preconceptions, and typically performs better. Furthermore, the chosen model will evolve and improve over time based on new data.
Evolutionary AI can be applied in a wide variety of areas at FIs. Some examples include designing quantitative trading strategies to maximise returns while minimising risk and loan underwriting. Rather than relying on human analysis, evolutionary AI solutions can quickly analyse all the combinations of relevant variables to create models that more accurately assess the risk of default by a potential borrower.
A recipe for success
In order to reap the benefits of the technology, FIs should focus on the following:
- Responsible AI – Behave in ways that make customers and employees comfortable, i.e. not making decisions that are unethical or exhibit bias. Companies need to monitor them to ensure they continue to act appropriately, as they learn and evolve.
- Viewing AI through a business lens – Having AI projects managed by cross-functional teams with business executives in the lead is a good place to start. Companies also need to look across their organisations to identify opportunities to generate concrete business value from AI — not only in reduced costs but also in boosting revenues by delivering enhanced customer experiences and through improved decision-making.
- Enhance data management – AI applications depend on access to timely and accurate data, which is a challenge for many FIs that have fragmented data architectures with multiple legacy systems. Companies need to identify which types of data are required for each AI project and ensure they can be captured in an appropriate format.
- Approach with speed and caution – AI projects need to be rolled out quickly, while at the same time be rigorously measured, so failures are terminated promptly while successes are moved into production.
The sophistication of AI technology is set to significantly improve over the coming years as it continues to design and test itself. As a result, it will become more critical to the productivity of FIs, and soon businesses will recognise it as a vital tool for consulting on important business decisions. It will not be long before humans and AI are working alongside each other, with robots handling routine tasks, enabling employees to focus on more complex and sensitive activities. Delivering more value together than either could on their own.
ENTERPRISE BLOCKCHAIN: DRAGGING INSURANCE OUT OF THE DARK AGES
Ryan Rugg, Global Head of The Industry Business Unit at R3 The history of insurance traces back to the development...
DISPELLING BIOMETRIC MYTHS AND MISCONCEPTIONS
By Lina Andolf-Orup, Head of Marketing at Fingerprints Gangsters cutting off enemies’ fingers to access secret locations and spies lifting...
FUTURE FX PROMO
FOUR WAYS OPEN BANKING AND AI WILL REVOLUTIONISE ACCOUNTANCY
Ed Molyneux, CEO and co-founder of cloud accounting software company, FreeAgent It’s been just over two years since the...
HOW FINANCIAL SERVICES CAN GET TO GRIPS WITH RISING SUPPLY CHAIN RISK
By Alex Saric, smart procurement expert, Ivalua UK businesses have never been more dependent on their suppliers to help...
TWO TO TANGO? MARKET DATA AND OPINIONS IN INVESTMENT MANAGEMENT
Sebastien Lleo is Associate Professor of Finance at NEOMA Business School (France) Analyst views and expert opinions matter. They...
AN ULTIMATE GUIDE TO TURNING YOUR EARLY RETIREMENT DREAM INTO A REALITY
Rick Pendykoski is the owner of Self Directed Retirement Plans LLC, a retirement planning firm based in Goodyear, AZ. ...
WHAT EVOLUTIONARY AI MEANS FOR FINANCIAL SERVICES
by Babak Hodjat, VP of Evolutionary AI at Cognizant Many banks and other financial services institutions (FIs) are beginning...
HARNESSING ANALYTICS IN THE FIGHT AGAINST FRAUD
By Anna Lykourina, EMEA Fraud Analytics Expert at SAS In the past, the fight against fraud has been a...
ERSTE BANK HUNGARY IMPROVES AND SECURES THE REMOTE BANKING EXPERIENCE WITH ONESPAN MOBILE SECURITY
Leading Hungarian bank deploys OneSpan’s Mobile Security Suite to one million customers to make mobile banking convenient while fighting fraud...
HOW WILL LENDERS TREAT THE FINANCIAL SYMPTOMS OF COVID19?
COULD the coronavirus pandemic spark a financial crisis similar to that which was seen in 2008? Tim Kirby, Group Commercial...
ISO 20022 – THE BEDROCK FOR PAYMENTS TRANSFORMATION
Lauren Jones, Global Payments Ambassador, Icon Solutions The financial services industry has seen ISO 20022 grow firmly over the...
2020 VISION: TRANSFORMING THE LEGAL DOCUMENTATION LANDSCAPE THROUGH STRUCTURED DATA
Jason Pugh, Managing Director, D2 Legal Technology The derivatives industry has been transformed by the proactive engagement of its...
WHY LANDLORDS SHOULD MAKE THE MOVE TO THE ALTERNATIVE PROPERTY INVESTMENT SECTOR IN 2020
Reece Mennie, CEO of leading UK investment introducing firm, Hunter Jones The new decade is expected to bring with...
PROTECTING YOURSELF AGAINST LOSS OF FUTURE INCOME IN A RECESSION
By Gerard Visser, Financial Planning Consultant at Alexander Forbes Financial Planning Consultants. With low GDP growth, credit ratings downgrades and the COVID-19 pandemic,...
MOBEY FORUM TO ADDRESS DATA PRIVACY AND INNOVATION IN THE AGE OF AI WITH NEW EXPERT GROUP
Mobey Forum, the global industry association empowering banks and financial institutions (FIs) to shape the future of digital financial services, today announces...
HOW TO MANAGE YOUR SMALL BUSINESS’S FINANCES
There are a lot of fantastic business ideas that end up failing during the early years. Why? A lack of...
THE EVOLUTION OF THE TECH CFO
Gavin Fallon,General Manager, UK, Nordics & South Africa Board International Chief Financial Officers (CFOs) have traditionally been seen as...
IS FRAUD PREVENTION CONVERGING WITH REGULATORY COMPLIANCE?
By Manuel Rodriguez, Fraud Solutions Manager at SAS Several relevant reports show how the world of fraud and financial crimes is mutable...