Narendra Sahoo, Founder and Director of VISTA InfoSec
In recent years we have witnessed a major drift in the banking and financial industry with digitization and growing use of mobile technology. Customers are also embracing the digital means of financial services by moving away from physical cash to digital currency. Customers today seem more comfortable transacting digitally than ever before. But the digitization in the Banking and Financial Industry has also triggered huge cybersecurity challenges for Financial Institutes and Service Providers. It has opened up entry points for cybercriminals to stage attacks and get illegal access to critical data. Today, with digitization and technological advancements, the banking industry has grown out to be more vulnerable than ever before.
Facing numerous incidents of breach and theft every year, cybersecurity now becomes a major point of focus for the Banking and Financial industries globally. Especially, for the emerging new financial players like the Neobanks which runs entirely on a digital banking model, cybersecurity should be their topmost priority. Focusing on this area, we have today written an article listing out some of the potential cybersecurity challenges faced by Neobanks and the future that holds for these emerging financial players. But before that let us first understand what Neobanking is and how exactly does it operate in the industry? This will give us a better perspective of its operational challenges and risk exposure that they face in their business.
What is Neobanking?
Neobanks are virtual banking service providers operating digitally without having any physical infrastructure like their traditional counterparts. Their offerings are limited to internet-only financial services that focuses on providing its tech-savvy customers the convenience of their cutting edge and technology-driven digital banking services. Neobank offerings are slightly similar to those of traditional banks but limited to just opening saving accounts, payment, and money transfer services, loans, and budgeting, to name a few. The banking structure and business model of Neobanks are different from the traditional ones, eliminating physical infrastructure and automating banking processes. Given below are some of the key difference that will help you understand the concept of Neobanking a little better-
|Neobanks run on a digital platform and have no physical branch.||Traditional banks have physical banking service branches for operating their business.|
|Banking processes in Neobanks are easy, quick, and automated.||Banking processes in a traditional bank are usually lengthy, tedious, and involves partial manual and automated task.|
|Neo banks’ customer support relies on a combination of chatbots and AI providing flexible, virtual, online support.||Traditional banking relies on telephonic or in-person support.|
|Service offerings include- |
· Opening accounts
· Payment and money transfer services
|Service offerings include-|
· Opening accounts
· Payment and money transfer services
· Insurance services
· Wealth Management
· Merchant services
· Mobile banking services
So, while Neobanking helps in overcoming the traditional banking challenges with the ease and convenience of availing services, they also pose huge security challenges. Given below are some major cybersecurity challenges faced by Neobanks.
Cybersecurity Challenges faced by Neobanks
Without having a robust Cybersecurity measure in place, sensitive data may be at high-risk. For the size and business, they are into, Neobanks cannot afford to invest hugely in full-time security teams. They are dependent on third parties to level their security to the standards of the industry requirements. Given below are some major cybersecurity challenges that Neobanks may have to face
Cybersecurity requires huge amounts of investment. Neobanks are comparatively smaller than the traditional banks and often lack the budget for having a full-time cybersecurity team for monitoring all the activities. Their low investments and budget on cybersecurity may result in weak security measures leading to higher levels of risk exposure.
Neobanks work digitally and are heavily dependent on third-party services to serve their customers. So, with the dependency on the third-party, the risk exposure is significant. If the third-party vendors do not have a tight Cybersecurity measure it may possibly result in compromised security measures and lead to data breach incidents.
Malware- Since the entire banking process is online, a lot of sensitive data passes through the network and digital devices. Networks and devices should be appropriately secured to prevent any incidents of a breach. In case a device connected with a network is compromised with malware, it may pose a huge threat to your sensitive banking data and may result in compromised cybersecurity.
Spoofing is the latest form of cyber threat wherein the cybercriminals will impersonate the banking website’s URL with a website that is similar to the original one and functions the same way. So when the user enters his or her login credentials the sensitive data is stolen resulting in data theft and unauthorized access to critical information. It is a common practice adopted by most attackers to steal sensitive data. With Neobanks completely operating online the risk exposure to such scams are high.
Phishing is an attempt made by a hacker to get access to sensitive information such as credit card details by disguising as a trustworthy entity in an electronic communication. Today, online banking phishing scams have evolved significantly, resulting in high profile incidents of scams. With Neobanks completely operating online the risk exposure to such scams are high.
Almost all of the Neo banks would be required to comply with standards such as PCI DSS. This would be in addition to the local regulatory compliance such as those concerned with Privacy. In this virtualised environment with low budgets and manpower, adhering with these compliance requirements would possibly be the largest challenge faced by Neobanks.
What the future holds for Neobanks– Our Final thought
As the world goes completely digital, security measures need to be more complex and sophisticated. More so, they need to be updated from time-to-time. Implementing appropriate measures and adhering to industry best practices is one-way, Neobanks can get a grip over the cybersecurity challenges. Constantly educating customers about the evolving risk exposure and ensuring compliance to industry standards (PCI DSS) will go a long way in securing the environment and digital business operations. This brings us to recommending Neobanks to consult industry experts for implementing Cybersecurity measures that do not compromise the safety of customer’s and the institution’s data and money in any way.
WHAT BANKS NEED TO KNOW ABOUT OBSERVABILITY
By Abdi Essa, Regional Vice President, UK&I, Dynatrace
More aspects of our everyday lives are taking place online – from how we work, to how we socialise and, crucially, how we bank. To keep pace, financial organisations have stepped up their digital transformation efforts, supported by a shift to dynamic multicloud environments and cloud-native architectures. However, traditional monitoring solutions and manual approaches cannot keep up with these vast, highly complex environments. As a result, many banks are turning to new, observability-based approaches to understand what is happening in their digital ecosystems. These approaches, however, bring new challenges to overcome.
Here are six things banks need to know about observability to ensure they can gain true value, combat the complexities of their modern multicloud environments, and drive digital success in 2021 and beyond.
- Most banks have very limited observability
The scale, complexity, and constant change that characterises hybrid, multicloud environments presents a real challenge to banks’ IT teams. Our research found that, on average, banking digital teams have full observability into just 11 percent of their application and infrastructure environments – not nearly enough to understand what is happening, and why, across the digital ecosystem. Additionally, 87 percent said there are barriers preventing them from monitoring a greater proportion of their applications – including limited time and resources. Without improving observability across the entire cloud environment – by drawing in metrics, logs, and traces from every application – banks’ IT teams are limited in the success they can have driving initiatives to deliver the new banking products and quality user experience customers want.
- You can’t bank on manual approaches
With many banks beginning to rely on more dynamic, distributed multicloud architectures to deliver new services, IT teams are stretched further than ever. More than a third of financial services organisations say their IT environment changes at least once per second, and 65 percent say it changes every minute or less. This rate of change creates a volume, velocity, and variety of data that has gone beyond banks’ IT teams’ ability to handle with traditional approaches – there’s no time to manually script, configure, and instrument observability and set up monitoring capabilities. The need for automation is therefore critical. By harnessing continuous automation assisted by AI in place of manual processes, teams can drastically improve observability to automatically discover, instrument, and baseline every component in their bank’s cloud ecosystem as it changes, in real-time.
- Cloud native adoption is obfuscating observability
To remain agile and keep up with the rapid pace of digital transformation, banks are increasingly turning to cloud-native architectures. Our research found 81 percent of them are using cloud-native technologies and platforms such as Kubernetes, microservices and containers. However, the complexity of managing these ecosystems has made it even harder for banks’ IT teams to maintain observability across their environments. Nearly three-quarters of banking CIOs say the rise of Kubernetes has resulted in too many moving parts for IT to manage, and that a radically different approach to IT and cloud operations management is needed. Such an approach should be based on a solution that is purpose-built to auto-discover and scale with cloud-native architectures.
- Data silos result in tunnel vision
To boost observability, many banks have simply thrown more tools at the problem. Our research found that most organisations use an average of 11 monitoring solutions across the technology stack. However, more isn’t always better, and multiple sources of monitoring data can result in fragmented insights. This fragmentation makes it harder to understand the full context of the impact that digital service performance has on user experience and unravel the nearly infinite web of interdependencies between banks’ applications, clouds, and infrastructure. Instead, financial organisations should seek a single platform with a unified data model to unlock a single source of truth. This will be integral to ensuring that all digital teams are on the same page, speaking the same language, and collaborating effectively across silos to achieve business goals.
- Observability alone is not enough
Simply having observability doesn’t help banks achieve tangible benefits or reach their business goals. To get true value, the data processed must be actionable in real-time. As such, observability is most effective when paired with AI and automation. This observability enables teams to instantly eliminate false positives, prioritise problems based on the impact it will have on the wider organisation, and understand the root cause of any problems or anomalies so they can resolve them quickly. The alternative is to manually trawl through dashboards and data to find insights, which is incredibly time-consuming and makes it almost impossible to act in real-time. Our research found that 94 percent of CIOs think AI-assistance will be critical to IT’s ability to cope with increasing workloads and deliver maximum value to the organisation. AI is clearly no longer just a ‘nice to have,’ but a business imperative.
- Observability isn’t just for the back end
Far from just having observability of their multicloud environments, banking IT teams also need to be able to see how the code they push into production impacts the end-user experience, and how that in turn affects outcomes for the business. This is a major goal for many CIOs, with 58 percent citing the ability to be more proactive and continuously optimise user experience as a benefit they hoped to achieve from increased use of automation in cloud and IT operations. By harnessing automatic and intelligent observability, banks’ digital teams can unlock code-level insights and precise answers to their questions about user experience and behaviour, so they can continuously optimise their banking services.
Observability is key for modern financial organisations looking to accelerate their digital transformation. By understanding these six key things about observability, IT teams will be better placed to master dynamic, multicloud ecosystems, and drive better digital banking services for the business and its customers.
NEARLY HALF OF BUSINESSES NEED MORE ASSURANCE ON DATA SECURITY TO ADOPT OPEN BANKING
- Financial services businesses in the UK and Netherlands call for better education, training and increased guidance on data security issues to propel adoption
- Study of 800 senior professionals from banks, lenders, personal finance management tools (PFMs) and retailers, in the UK and Netherlands
42% of financial services businesses want better support and guidance on data security in relation to open banking, according to the latest research by open banking provider YTS.
The survey of financial professionals including banks, lenders and retailers, revealed businesses want better education and training, alongside increased guidance, to help reduce fears around the security risks of open banking adoption. Respondents also stated that they wanted this support to come primarily from regulators.
This ranked higher than taking a ‘wait and see’ approach by allowing more time for open banking technology to develop (39%), which has often been cited as a way to assuage data security concerns, but as YTS’ data demonstrates, won’t solve the issues businesses are facing.
Lack of customer and business willingness to accept risks around data security were the second and third most cited factors threatening the progress of widespread open banking adoption, on 27% and 25% respectively. Over a third of respondents (35%) also believe that an ‘unfriendly’ regulatory environment is threatening the progress of widespread open banking adoption.
YTS is calling for the entire open banking and financial services industry to do more to empower businesses to adopt open banking technology, creating a more nurturing environment for the technology to thrive. This can primarily be achieved by introducing better education and accessible, transparent support for businesses looking to adopt the technology. This must be the spearhead of an industry-wide effort to banish myths and create more solid foundations for growth.
Roderick Simons, Chief Technology Officer at Yolt Technology Services comments:
“To fully maximise open banking’s potential, we must all do more to educate businesses and consumers about its security foundation . Open banking means their financial data is more protected than ever, with the individual in charge of whether their data is shared or not and secure APIs preventing risks from unwanted third-party access. We want to work with regulators, financial services institutions, and businesses themselves to lead the way in educating, training, and supporting businesses to overcome misperceptions of open banking. Doing so will unleash the power of open banking and create huge opportunities for both consumers and businesses.
“Once there is widespread adoption and trust in open banking technology, stakeholders across the open banking ecosystem can then turn their attentions to creating an open finance framework that gives consumers the ability to access their entire financial footprint in one place.”
WHAT BANKS NEED TO KNOW ABOUT OBSERVABILITY
By Abdi Essa, Regional Vice President, UK&I, Dynatrace More aspects of our everyday lives are taking place online –...
FINANCIAL SERVICES MUST FIX THEIR MISSED OPPORTUNITY AS CONSUMERS DEMAND MORE ENGAGING DIGITAL EXPERIENCES
Less than one-third (30%) of consumers believe the Financial Services firms they interact with now deliver a better digital experience...
FINANCIAL INCLUSION WITHIN DIGITAL PAYMENTS
NICK FISHER, GENERAL MANAGER, SALES AND MARKETING UK, JCB INTERNATIONAL (EUROPE) LTD. The shift towards an economy that removes...
THE EFFECTS OF JOB HOPPING ON YOUR RETIREMENT OUTCOME
By Neli Mbara, Certified Financial Planner at Alexander Forbes Job hopping – defined as spending less than two years...
VIRGIN MONEY EXPANDS PARTNERSHIP WITH FINTECH LIFE MOMENTS
Virgin Money is expanding its partnership with FinTech data expert company, Life Moments, to focus on the development of the...
THE MAJOR CHANGES SET TO RESHAPE THE WORLDS OF FINANCE AND FINTECH IN 2021
By Michael Magrath, Director of Global Regulations & Standards at OneSpan 2020 was a formative year for the world of...
FORMER HSBC COO JOINS BOARD AT REGTECH DISRUPTER
Andy Maguire takes seat on Napier’s Advisory Board Fast growing RegTech company, Napier, which provides next-generation anti-money laundering (AML)...
DISRUPT TO SURVIVE IN FINANCIAL SERVICES, BUT BEWARE: YOUR TEAM MUST BE IN SHAPE FIRST
Michael Chalmers, MD EMEA at Contino COVID is forcing extraordinary change in the financial services industry. It’s happening fast, already...
NEARLY HALF OF BUSINESSES NEED MORE ASSURANCE ON DATA SECURITY TO ADOPT OPEN BANKING
Financial services businesses in the UK and Netherlands call for better education, training and increased guidance on data security issues...
THE FUTURE OF THE UK’S FINANCE FUNCTION
By Ryan Demaray EMEA MD for SMBs at SAP Concur With businesses feeling the pressure of both the pandemic...
BUDGET 2021: PREDICTIONS
The spring Budget announcement is next week, with the Chancellor Rishi Sunak set to reveal new measures on March 3. After...
CAN SELF-SERVICE BANKING SAVE THE BANKING INDUSTRY?
Mark Aldred, Banking Specialist at Auriga 2021 should be about making the lives of customers easier by tailoring the...
FINANCIAL HEALTH PLATFORM LEVEL SECURES LANDMARK ESG DEAL WITH TRIPLE POINT
First-of-its-kind credit facility will incentivise Level to drive positive financial behavioural change for UK employees Level Financial Technology has...
FORECASTING FINTECH IN 2021
Fady Abdel-Nour, Global Head of Investments and M&A at PayU 2020 will go down in history as a pivotal...
2021 — THE YEAR FINANCIAL SERVICES COMPANIES WILL NEED TO DRASTICALLY RETHINK THE WAY THEY MANAGE DATA
By Douglas Greenwell, Head of Commercial Strategy, Duco There’s no denying that 2020 was a year of historic change...
HOW DO YOU ADAPT YOUR INSURANCE PRICING STRATEGY IN THE FACE OF INCREASED PRICE COMPETITION?
By Ketil Kristensen, Senior Advisor, Insurance, SAS Many countries in Europe have in previous years experienced increased price competition...
THE CHANGING ROLE OF TODAY’S CHIEF FINANCIAL OFFICER
By Laura Wiler, Vice President, Finance and Business Operations at Sage Intacct The CFO role is changing. Today, the...
DATA: THE MUCH-NEEDED PROCUREMENT ADRENALINE SHOT, HELPING BANKS REMAIN COMPETITIVE IN THE RACE FOR INNOVATION
By Toby Munyard, Vice President, Efficio Consulting Like a flip-switch, the pandemic saw many industries pushed over the innovation...
2021 FINANCE SPEND PREDICTIONS
by Andrew Foster, VP Consulting EMEA, AppZen As we enter a new year filled with ongoing change and uncertainty,...
FIVE PITFALLS PROFESSIONAL SERVICES MUST OVERCOME DURING THE PANDEMIC
By Andy Campbell, global solution evangelist at FinancialForce The pandemic’s impact on the global economy has, and is continuing...