Connect with us

Banking

Banking on better security: finance as Critical National Infrastructure

Published

on

Simon Mullis, Chief Technology Officer at Venari Security

 

In recent years we have seen a sharp increase in geo-political tensions and a range of novel and emerging cyber threats. One of the greatest threats we currently face is right under security teams’ noses: malicious activity hidden within encrypted traffic on their network. The UK’s Critical National Infrastructure (CNI) is firmly in the crosshairs for these attacks, so it is imperative that organisations are prepared to defend against them – not least in the finance industry.

The National Cyber Security Centre’s outlines 13 CNI sectors in the UK – defined as the critical systems, processes, people and information upholding UK infrastructure, the loss or compromise of which could have severe and widespread economic or social consequences as a result. While power grids and water supplies might immediately come to mind when thinking about critical infrastructure, the finance sector contains many organisations providing essential services – from cash withdrawals and deposits, to digital wire transfers, loan applications and investments – that citizens and businesses rely on every day and it must be treated in the same regard. The responsibility for banks and financial institutions to maintain secure systems is huge, and the consequences for failing to do so even more significant.

But with attacks on CNI on the rise, how can financial institutions ensure they are doing everything possible to guard against them? Let’s explore what some of the risks to CNI include, and how the finance sector specifically can take action to best protect its customers, their data, and financial assets.

What are some of the security risks faced by CNI?

One of the most recent high-profile CNI attacks that the finance industry must analyse and ensure is guarding against is the Colonial Pipeline ransomware incident, which took place in May 2021. The pipeline operator reported that a cyberattack had forced the company to temporarily shut down all business functions.

What is particularly significant about this attack is that it was simply an exposed username/password that allowed the attackers to gain access. Once in, their activity was end-to-end encrypted – just like all the other traffic. Vast swathes of the US were affected – with 45% of the East Coast’s fuel operations halted as a result.

In this case, despite the organisation protecting its data with strong encryption standards, attackers were able to enter the network through a legitimate, encrypted path and thus rendered many of the counter measures ineffective. With the operators unaware of any anomalous activity on their networks, the intruders had all the time they needed to assess the system and get organised.

This presents a dilemma for CNI sectors, especially finance, where interactions and operations have to be encrypted.

Encryption is not a silver bullet

As happened in the Colonial Pipeline incident, the use of end-to-end encryption enabled attackers to conceal themselves in legitimate traffic.  While critical to support data privacy and security in the event of breaches, end-to-end encryption renders many established means of detection ineffective.

Most defence methods still rely heavily on decryption and relatively rudimentary analysis to detect when traffic might be “known-bad” or deviating from expected patterns. The volume and speed of encrypted data now passing across networks means that it is impossible to detect everything with processes and techniques requiring this type of inspection.

And indeed, this is not a cutting-edge approach by cybercriminals. In the first three quarters of 2021 alone, threats over encrypted channels increased by 314% on the previous year. If organisations continue to use the same inadequate detection techniques to uncover malicious activity on their network, the rate of attacks using encrypted traffic will continue to grow at this rate or higher.

The security industry has long understood that breaches are “not if, but when” scenarios. And the current global climate, sparking a rise in nation-state attacks, undoubtedly increases the threat level further for CNI – and especially for sensitive sectors such as finance.

Driving visibility in financial networks

Financial institutions must strike a careful balance when it comes to security. On the one hand, it is vital they gain back visibility of their networks that end-to-end encryption might be at risk of concealing; on the other, it’s a necessity that they maintain a level of encryption in the first place.

Decryption is a too cumbersome and time-consuming approach now that our entire networks are encrypted – both data-at-rest and in motion – and organisations can only hope to keep up if they monitor for aberrant behaviour and malicious activity in their traffic without having to rely on decryption.

The solution? Security teams need to look towards using behavioural analytics to detect what is happening within encrypted traffic flows. A combination of machine learning and artificial intelligence, behavioural analytics can analyse encrypted traffic in near real-time without decryption. By accurately understanding the abnormalities between normal and anomalous behaviour, it significantly increases the rate and speed at which malicious activity concealed in encrypted traffic can be detected, whilst ensuring data remains private.

Security teams can then react immediately to contain the threats it identifies – rather than responding after the fact, when banks might only realise that an attack has taken place after a customer has experienced a breach.

Protecting finance as CNI

The ever-increasing interconnectedness of all things and ongoing geo-political conflicts means that attacks to critical infrastructure can only increase, with financial services front and centre as an obvious target.

Security teams need to quickly wake up to the reality that the threat isn’t just incoming, but that there may be hostile presences on their network already concealed within encrypted traffic. And the longer they wait to identify it, the greater risk it poses when the malicious actor decides to strike.

Banking

Digital Banking – a hedge against uncertainty?

Published

on

By

Ankit Shah, Head of Digital Banking, Apex Group

 

The story of the 2020’s thus far is one of crisis. First the world was plunged into a global pandemic which saw the locking down of people and economies across the world. Now we deal with the inevitable economic consequences as currencies devalue and inflation bites. This has been compounded by Russia’s invasion of Ukraine and subsequent energy politics.

And the outlook remains uncertain. Tensions continue to build between China and Taiwan and inflationary conditions are forecast to continue well into 2023. This uncertainty is impacting everyone, and every sector. And finance is no exception with effects being felt everywhere from commodity and FX markets to global supply chains.

But it’s not all doom and gloom. Rollercoaster markets and an ever-evolving geopolitical situation have made 2022 a tricky year far, but, despite the challenges, digital banking has proven resilient. In fact, the adoption of digital banking services has continued to grow over the last few years, and is predicted to continue.

So, what are the forces driving this resilience?

In an increasingly digital world and economy, digital banking comes with some advantages baked in, which have seen the sector continue to succeed despite the tumult in the wider world. In fact, the crises which have shaped the decade so far may even have been to the advantage of digital banking. Just as during the pandemic, technologies which could facilitate remote working saw a huge uptick in users, so to digital banking is well suited to a world where both people, and institutions demand the convenience that online banking services offer.

And while uptake of digital banking services is widespread amongst retail consumers, a trend likely to continue as digital first generations like Gen Z become an ever-greater proportion of the consumer market, uptake amongst corporate and institutional customers has been slower. This is largely down to a lack of fintech businesses serving the more complex needs of the institutional market, but, in a post-Covid world of hybrid working business, corporate clients are looking for the same ease of use and geographic freedom in their banking that is enjoyed by retail consumers.

This is not just a pipe dream – with the recent roll out of Apex Group’s Digital Banking services, institutions can enjoy the kind of multi-currency, cloud-based banking solutions, with 24/7 account access that many of us take for granted when it comes to our personal banking.

Staying compliant

One significant difference between retail and business accounts however, for banking service providers, is the relative levels of compliance which are needed. While compliance is crucial in the delivery of all financial services, running compliance on multi-million pound transactions between international businesses brings with it a level of complexity that an individual buying goods and services online doesn’t.

For digital banking services providers, this situation is further compounded by guidance earlier this year from HM Treasury – against the backdrop of the Russia-Ukraine conflict- requiring enhanced levels of compliance and due diligence when it comes to doing business with “a high-risk third country or in relation to any relevant transaction where either of the parties to the transaction is established in a high-risk third country or with a sanctioned individual.”

So, can digital banks meet these standards while also providing institutions with the kind of easily accessible, mobile service which retail customers enjoy?

The answer is yes and again, once initial hurdles are overcome, digital banking brings with it features which give it the edge over traditional banking services. Paperless processes, for example, mean greater transparency and allow for better and more efficient use of data. This means AI can be employed to search documents, as well as provide verification. It also means compliance processes, often notoriously complicated, become easier to track. Indeed, digitising time intensive manual process means the risk of human error in the compliance process is reduced.

Digital banking can also better integrate transaction monitoring tools, helping businesses identify fraud and irregularity more quickly. This can be hugely important, especially in the times of heightened risk we find ourselves in, where falling foul of a sanctions regime could have significant legal, financial and reputational consequences.

Cross-border business

Our world is increasingly globalised, and so is business. For corporate and institutional banking customers, being able to operate seamlessly across borders is key to the operation of their business.

This brings with it challenges, which are again compounded by difficult geopolitical and economic circumstances. In recent weeks for example, we’ve seen significant flux on FX markets which can have real consequences for businesses or institutional investors who are buying and selling assets in multiple currencies and jurisdictions. The ability to move quickly then, and transact in a currency of choice, is vital. Advanced digital banking platforms can help – offering automated money market fund sweeps in multiple core currencies to help their clients optimise their investment returns and effectively manage liquidity.

Control admin uncertainty

In times of uncertainty, digital banking can provide additional comfort via customisable multi-level payment approvals to enhance control of what is being paid out of business accounts, with custom limits available for different users or members of a team. Transparency and accountability are also essential, with corporate clients requiring fully integrated digital reporting and statements and instant visibility with transaction cost and  balances updated in real-time.

Outlook

For some, the perception remains that digital banking is the upstart industry trying to offer the services that the traditional banking industry has built itself upon. Increasingly however, the reality is that the pressure is on traditional banks to try and stake a claim to some of the territory being taken by digital first financial services.

With a whole range of features built in which make them well suited to business in a digital world, digital banking is on a growth trajectory. Until now, much of the focus has been upon the roll-out of services to retail consumers, but with features such as automated compliance, effortless international transactions and powerful AI coming as standard for many digital banks, the digital offering to the corporate world looks increasingly attractive.

Continue Reading

Banking

Security vs online payment convenience: which one is tipping the scales for customers?

Published

on

 Chirag Patel, President of Digital Wallets at Paysafe.

 

While keeping their payment details safe is a top priority for customers when shopping online, they’re not willing to jump through endless hoops or accept poor user experiences as the inevitable price of greater security.

Online payment security has been top of mind for merchants since the very first internet purchase: a copy of Sting’s ‘Ten Summoner’s Tales’ CD. Even though payment technology has become more sophisticated over time, the eCommerce explosion has brought about an ongoing battle between increasing security and ensuring convenience.

Chirag

Customers are ever more aware about the risks of online shopping and concerned about their financial details falling into the wrong hands. Simultaneously, demand for a good user experience has also risen steadily. But greater security typically introduces friction into the checkout process, which continues to be one of the leading causes of cart abandonment.

In our latest Lost In Transaction report, we surveyed 11,000 consumers in 10 countries across Europe and the Americas regarding the balance between security and convenience in online payments.
Here are the key take-aways for online merchants moving forward.

 

How concerned are consumers about online fraud?

According to our research, customers continue to grow increasingly worried about online fraud.
59% of respondents are more concerned about it today than they were 12 months ago. Not feeling comfortable sharing financial details online has increased from 49% in 2021, to 70% in 2022.
More to the point, our research shows that, when they have a choice, 44% of respondents will invariably pay with the method they perceive as safest while only 21% will choose the most convenient payment method, and even fewer (14%) will choose the fastest one.

These findings aren’t surprising considering that fraud has become more frequent and more serious during the COVID-19 pandemic. For example, in 2021 the average US fraud victim lost $500 and the average UK victim lost £806.

However, what merchants need to keep in mind is that, even though security typically dictates the choice of payment method, there’s a limit to how much friction customers are prepared to tolerate. And our research suggests this limit is close to being reached, with 42% of customers reporting that they would prefer more payment security but only 19% open to accepting whatever measures are necessary for increased protection against fraud. The other 23% would only accept a minimal increase in inconvenience.

 

A fine line to walk

If you’re a merchant, the situation is positive but challenging to navigate.
Fortunately, 44% of consumers think merchants are getting the balance between security and convenience right — up from 26% in 2021 – and trust is also high. 53% think online payments are more secure than they were twelve months ago. And 64% of respondents are more likely to shop from merchants who already have their payment details on file, compared to 54% in 2021.

The challenge is that security risks are ever evolving. Cybercriminals are constantly refining their techniques, which means measures that are highly effective today can become inadequate tomorrow. And regulation is constantly developing, at times at odds with consumer sentiment. The introduction of Strong

Customer Authentication rules, for instance, sparked fears that the deliberate friction they required would hurt sales, which, admittedly, has had less of a negative impact than anticipated.

Consequently, while security enhancements are inevitable if merchants are to continue meeting high standards, there’s margin for error now that more consumers are reaching the limits of their tolerance for friction.

For every new security measure they introduce, merchants must be increasingly mindful of the impact on the streamlined payment experience customers expect.

 

Finding a common ground: boosting security with trust and technology

While maintaining – or even improving – the current balance between security and convenience might seem impossibly tricky, payment technology has evolved to a point where it’s doable.

With embedded payments, for instance, the consumer pays through a user-friendly interface at the point of need. And because financial details are stored securely in tokenized format, there’s no need to share them every time you make a purchase.

eCash is another such solution that enables customers to buy online quickly, securely, and privately.
A unique barcode is generated at the checkout which customers can then get scanned at one of one million points of sale in 55+ countries to pay in cash. Which means they can buy online without having to share or even store any financial details.

This presents a great opportunity for merchants to take advantage of the high levels of trust these payment solutions enjoy. While our research shows that there’s still a significant knowledge gap, particularly in embedded payments, consumers are becoming more open to both technologies. So now is the time to explain the benefits clearly to customers and, more importantly, address concerns.

 

Online payment security is crucial, but not at all costs

Keeping their financial details safe is the most important element of the payment process for most customers. But while fraud protection may be winning the battle against convenience hands down, merchants need to carefully navigate the process of increasing security without adding too much inconvenience.

As critical as it is for merchants to protect customers’ data, a zero-fraud strategy would also likely cause way more friction than most customers are prepared to tolerate. A smooth, seamless payment experience remains as important as ever.

 

 

Continue Reading

Magazine

Trending

Business2 days ago

Know Your Business (KYB): Exceeding KYC

Victor Fredung, CEO at Shufti Pro   Money laundering costs the UK more than £100 billion pounds a year, according...

Finance1 week ago

Mini-Budget 2022:

Tax giveaway is a boost for business, but will it drive growth or fuel inflation?   Chancellor Kwasi Kwarteng has...

Finance1 week ago

A zero trust environment is critical for financial services

Boris Bialek, Managing Director of Industry Solutions at MongoDB Not long ago security professionals were still focused on protecting their...

Banking1 week ago

Digital Banking – a hedge against uncertainty?

Ankit Shah, Head of Digital Banking, Apex Group   The story of the 2020’s thus far is one of crisis....

News1 week ago

Union Bank of India goes live with RuPay Credit Card on UPI with Kiya.ai as a technology partner

Nitesh Ranjan, ED Union Bank of India with Rajesh Mirjankar, Managing Director & CEO, Kiya.ai at the launch   Kiya.ai,...

Finance1 week ago

Anyone Can Become an R&D Tax Expert with the Right Foundations

Ian Cashin is a Customer Success Manager at Fintech company and R&D tax software provider WhisperClaims   For accounting firms,...

Business1 week ago

Addressing the ongoing global pilot shortage issue

By Bhanu Choudhrie, Founder of Alpha Aviation   The Covid-19 pandemic brought the aviation industry to a halt, causing vast...

Business1 week ago

How exporters can mitigate risks and operate smoothly in stormy, post-Brexit waters

By Morgan Terigi is Co-Founder and CEO of Incomlend   The past few years have presented a series of hurdles...

Business1 week ago

From employees to customers, workforce management can benefit the entire banking ecosystem

Michael Cupps, SVP of Marketing of ActiveOps explores the significant impact workforce management can have on the employees and customers...

Business1 week ago

Redefining the human touch with digital transformation

Simon Kearsley, CEO of bluQube   It may not be a new phrase, but digital transformation is still inducing anxiety...

Finance2 weeks ago

CFOs – the forgotten ally in the fight against ransomware

Justin Vaughan-Brown, VP Market Insight at Deep Instinct   Ransomware attacks have nearly doubled in the past couple of years....

Technology2 weeks ago

7 cost benefits of cloud accounting software

By Paul Sparkes, Commercial Director of iplicit, an award-winning accounting software developer   Is your accounting software having a laugh...

Business2 weeks ago

How does Identity Access & Privileged Access Management help in PCI DSS Compliance?

Narendra Sahoo is a director of VISTA InfoSec. Introduction The Payment Card Industry Data Security Standard also commonly referred to...

Finance2 weeks ago

Listed private debt deserves a closer look from investors

By Michel Degosciu, Managing Partner, LPX AG Over the past few years, the private debt asset class is attracting serious...

Banking2 weeks ago

Security vs online payment convenience: which one is tipping the scales for customers?

 Chirag Patel, President of Digital Wallets at Paysafe.   While keeping their payment details safe is a top priority for...

Business2 weeks ago

The Tool and Tips to Truly Get Started with No-Code Development

Author: Chris Obdam, CEO of Betty Blocks   Throughout the legal industry, firms and in-house departments are leveraging legal tech...

That’s where Netcall’s Liberty Create came in. Create is a new breed of low-code software solution, built for both business users and professional developers That’s where Netcall’s Liberty Create came in. Create is a new breed of low-code software solution, built for both business users and professional developers
Business2 weeks ago

How ReFi Will Transform Finance

– by Ransu Salovaara, CEO of carbon platform Likvidi   Humanity faces a multitude of threats, many of which are...

Business3 weeks ago

THE NEXT WAVE OF FINTECH IS HERE

Much has been made of the ‘second generation’ fintech movement recently, but what have these businesses learned from those entering...

News3 weeks ago

UK leaves Europe trailing in its embrace of digital banking

People in the UK have embraced digital and online banking in a way that those across the rest of Europe...

Business3 weeks ago

The rise of automation and its impact on the CFO & CIO

By: Gert-Jan Wijman, VP Europe, Middle East and Africa at Celigo   On the back of the pandemic, organisations have...

Trending