Connect with us

Banking

BANKS UNDER ATTACK: HOW FINANCIAL INSTITUTIONS CAN PROTECT DIGITAL GROWTH

Published

on

By Victor Acin, Threat Intelligence Analyst, Blueliv

 

Financial services firms are increasingly being told to embrace disruption in order to compete in a fast-evolving market. But this very disruption threatens to drive a new type of risk: the risk of data loss, service outages and fraud on a massive scale. The resulting hit to the bottom line and corporate reputation may undo all the good work that digital transformation has helped to foment.

As we enter a new decade, banks need to think carefully about how they respond to these mounting cyber-risks, without holding back digital innovation. Cybersecurity, with threat intelligence at its core, must be a central part not just of business strategy but also of corporate culture.

 

Digital goes mainstream

According to PwC, financial institutions are increasingly migrating infrastructure to public cloud systems, as “digital becomes mainstream” in 2020. These investments are helping to create the more user-friendly services that customers are demanding today. With fintech innovators often leading the way, lenders have invested heavily in mobile app-based services at the front-end and more streamlined processes for opening accounts and other laborious tasks. In the future, it’s predicted that AI and robotics will become commonplace, and that blockchain will disrupt.

However, PwC also warns that amidst all this change, cybersecurity will be one of the top challenges facing financial institutions in 2020. The truth is that financial institutions have always been a main target for hackers — after all, they guard huge volumes of highly sensitive data, as well as money. And as they build out more digital infrastructure, cyber-risk increases unless proper controls are put in place.

 

What does cyber-risk look like?

The bad news is that hackers have developed multiple ways to get what they want. A typical financial institution’s attack surface covers not just core banking IT systems, but also customer accounts and the wider payment ecosystem. That’s a lot to protect.

Humans are often perceived as the weakest link in the security chain. That’s why attackers target banking customers in raids aimed at accessing their back accounts. Phishing emails, automated tools which try huge volumes of breached passwords (known as credential stuffing), and malware are some of the most popular mechanisms for account takeover. In fact, earlier this year Blueliv’s threat researchers noticed a 283% increase in activity linked to Trickbot, one of the key botnets used to spread a banking Trojans designed to compromise customer accounts.

Humans are also targeted inside banks themselves. Phishing emails sent to employees are a common first step in potentially sophisticated multi-stage attacks designed to illegally transfer huge sums of money or steal large data troves. Other threats to banks and their customers come from ransomware and DDoS, designed to extort money and deny critical services, and attacks aimed at harvesting payment card details — either from POS systems in retail and hospitality outlets or from e-commerce sites.

 

Money, money, money

If any indication were needed of the riches to be gained from targeting financial institutions, it’s the relatively large number of sophisticated attack groups that have emerged over recent years. The Carbanak/Cobalt gang is believed to have stolen $1.2 billion from over 100 banks in 40 countries, installing malware internally via phishing emails which either dispensed cash via ATMs or facilitated illegal SWIFT wire transfers, for example.

Others include Dridex, the group behind one of the most prolific banking Trojans ever created, and the North Korean state-backed Lazarus Group, which is thought to have been responsible for the audacious $81 million cyber heist at Bangladesh Bank.

As for the victims of such attacks, there’s a host of potential knock-on effects that can undermine financial stability and customer confidence. There are costs associated with: investigation and remediation of the incident itself; customer notification and possible credit monitoring; and business interruption, if services are taken offline. Legal costs may follow if customers take their bank to court and there may be follow-on fraud attempts to tackle. Then there are the less immediate impacts such as regulatory fines, declining share price, damaged reputation and customer churn.

The latter risk is particularly acute given the UK’s new Open Banking environment, in which a new breed of fintech start-ups are entering the market. More than ever, banks have to prove that they can offer their customers value, and keep their data and finances safe.

 

What happens next?

The bad news is that attacks are on the rise. The number of cybersecurity incidents reported to the FCA jumped by 1000% between 2017 and 2018. But there are things financial institutions can do.

A layered approach to security is required, promoted from the top down by engaged executives. Company-wide security awareness training is also essential: even by spotting and reporting phishing emails more effectively, staff could transform from being the weakest link to a formidable first line of defence against attacks. Tried and tested incident response plans are also essential: it’s inevitable that hackers will eventually target an organisation, so best be prepared.

Most importantly, banks need to improve their threat intelligence. Systems powered by accurate, real-time data from multiple sources can enhance decision making, improve the resilience of existing cyber-defences, automatically block attacks and support incident response. They can also scour dark web marketplaces to alert security teams if customer card data or user logins are about to be traded by cyber-criminals.

With this in place, banks can move from a reactive to a proactive security posture, hunting down those who seek to do them harm, cancelling cards and resetting passwords before an attack can even be monetised. Collaboration within and between organisations is also key. The bad guys are past masters at sharing information and expertise to get what they want. It’s time the security teams within our banks did the same.

 

Banking

Digital Banking – a hedge against uncertainty?

Published

on

By

Ankit Shah, Head of Digital Banking, Apex Group

 

The story of the 2020’s thus far is one of crisis. First the world was plunged into a global pandemic which saw the locking down of people and economies across the world. Now we deal with the inevitable economic consequences as currencies devalue and inflation bites. This has been compounded by Russia’s invasion of Ukraine and subsequent energy politics.

And the outlook remains uncertain. Tensions continue to build between China and Taiwan and inflationary conditions are forecast to continue well into 2023. This uncertainty is impacting everyone, and every sector. And finance is no exception with effects being felt everywhere from commodity and FX markets to global supply chains.

But it’s not all doom and gloom. Rollercoaster markets and an ever-evolving geopolitical situation have made 2022 a tricky year far, but, despite the challenges, digital banking has proven resilient. In fact, the adoption of digital banking services has continued to grow over the last few years, and is predicted to continue.

So, what are the forces driving this resilience?

In an increasingly digital world and economy, digital banking comes with some advantages baked in, which have seen the sector continue to succeed despite the tumult in the wider world. In fact, the crises which have shaped the decade so far may even have been to the advantage of digital banking. Just as during the pandemic, technologies which could facilitate remote working saw a huge uptick in users, so to digital banking is well suited to a world where both people, and institutions demand the convenience that online banking services offer.

And while uptake of digital banking services is widespread amongst retail consumers, a trend likely to continue as digital first generations like Gen Z become an ever-greater proportion of the consumer market, uptake amongst corporate and institutional customers has been slower. This is largely down to a lack of fintech businesses serving the more complex needs of the institutional market, but, in a post-Covid world of hybrid working business, corporate clients are looking for the same ease of use and geographic freedom in their banking that is enjoyed by retail consumers.

This is not just a pipe dream – with the recent roll out of Apex Group’s Digital Banking services, institutions can enjoy the kind of multi-currency, cloud-based banking solutions, with 24/7 account access that many of us take for granted when it comes to our personal banking.

Staying compliant

One significant difference between retail and business accounts however, for banking service providers, is the relative levels of compliance which are needed. While compliance is crucial in the delivery of all financial services, running compliance on multi-million pound transactions between international businesses brings with it a level of complexity that an individual buying goods and services online doesn’t.

For digital banking services providers, this situation is further compounded by guidance earlier this year from HM Treasury – against the backdrop of the Russia-Ukraine conflict- requiring enhanced levels of compliance and due diligence when it comes to doing business with “a high-risk third country or in relation to any relevant transaction where either of the parties to the transaction is established in a high-risk third country or with a sanctioned individual.”

So, can digital banks meet these standards while also providing institutions with the kind of easily accessible, mobile service which retail customers enjoy?

The answer is yes and again, once initial hurdles are overcome, digital banking brings with it features which give it the edge over traditional banking services. Paperless processes, for example, mean greater transparency and allow for better and more efficient use of data. This means AI can be employed to search documents, as well as provide verification. It also means compliance processes, often notoriously complicated, become easier to track. Indeed, digitising time intensive manual process means the risk of human error in the compliance process is reduced.

Digital banking can also better integrate transaction monitoring tools, helping businesses identify fraud and irregularity more quickly. This can be hugely important, especially in the times of heightened risk we find ourselves in, where falling foul of a sanctions regime could have significant legal, financial and reputational consequences.

Cross-border business

Our world is increasingly globalised, and so is business. For corporate and institutional banking customers, being able to operate seamlessly across borders is key to the operation of their business.

This brings with it challenges, which are again compounded by difficult geopolitical and economic circumstances. In recent weeks for example, we’ve seen significant flux on FX markets which can have real consequences for businesses or institutional investors who are buying and selling assets in multiple currencies and jurisdictions. The ability to move quickly then, and transact in a currency of choice, is vital. Advanced digital banking platforms can help – offering automated money market fund sweeps in multiple core currencies to help their clients optimise their investment returns and effectively manage liquidity.

Control admin uncertainty

In times of uncertainty, digital banking can provide additional comfort via customisable multi-level payment approvals to enhance control of what is being paid out of business accounts, with custom limits available for different users or members of a team. Transparency and accountability are also essential, with corporate clients requiring fully integrated digital reporting and statements and instant visibility with transaction cost and  balances updated in real-time.

Outlook

For some, the perception remains that digital banking is the upstart industry trying to offer the services that the traditional banking industry has built itself upon. Increasingly however, the reality is that the pressure is on traditional banks to try and stake a claim to some of the territory being taken by digital first financial services.

With a whole range of features built in which make them well suited to business in a digital world, digital banking is on a growth trajectory. Until now, much of the focus has been upon the roll-out of services to retail consumers, but with features such as automated compliance, effortless international transactions and powerful AI coming as standard for many digital banks, the digital offering to the corporate world looks increasingly attractive.

Continue Reading

Banking

Security vs online payment convenience: which one is tipping the scales for customers?

Published

on

 Chirag Patel, President of Digital Wallets at Paysafe.

 

While keeping their payment details safe is a top priority for customers when shopping online, they’re not willing to jump through endless hoops or accept poor user experiences as the inevitable price of greater security.

Online payment security has been top of mind for merchants since the very first internet purchase: a copy of Sting’s ‘Ten Summoner’s Tales’ CD. Even though payment technology has become more sophisticated over time, the eCommerce explosion has brought about an ongoing battle between increasing security and ensuring convenience.

Chirag

Customers are ever more aware about the risks of online shopping and concerned about their financial details falling into the wrong hands. Simultaneously, demand for a good user experience has also risen steadily. But greater security typically introduces friction into the checkout process, which continues to be one of the leading causes of cart abandonment.

In our latest Lost In Transaction report, we surveyed 11,000 consumers in 10 countries across Europe and the Americas regarding the balance between security and convenience in online payments.
Here are the key take-aways for online merchants moving forward.

 

How concerned are consumers about online fraud?

According to our research, customers continue to grow increasingly worried about online fraud.
59% of respondents are more concerned about it today than they were 12 months ago. Not feeling comfortable sharing financial details online has increased from 49% in 2021, to 70% in 2022.
More to the point, our research shows that, when they have a choice, 44% of respondents will invariably pay with the method they perceive as safest while only 21% will choose the most convenient payment method, and even fewer (14%) will choose the fastest one.

These findings aren’t surprising considering that fraud has become more frequent and more serious during the COVID-19 pandemic. For example, in 2021 the average US fraud victim lost $500 and the average UK victim lost £806.

However, what merchants need to keep in mind is that, even though security typically dictates the choice of payment method, there’s a limit to how much friction customers are prepared to tolerate. And our research suggests this limit is close to being reached, with 42% of customers reporting that they would prefer more payment security but only 19% open to accepting whatever measures are necessary for increased protection against fraud. The other 23% would only accept a minimal increase in inconvenience.

 

A fine line to walk

If you’re a merchant, the situation is positive but challenging to navigate.
Fortunately, 44% of consumers think merchants are getting the balance between security and convenience right — up from 26% in 2021 – and trust is also high. 53% think online payments are more secure than they were twelve months ago. And 64% of respondents are more likely to shop from merchants who already have their payment details on file, compared to 54% in 2021.

The challenge is that security risks are ever evolving. Cybercriminals are constantly refining their techniques, which means measures that are highly effective today can become inadequate tomorrow. And regulation is constantly developing, at times at odds with consumer sentiment. The introduction of Strong

Customer Authentication rules, for instance, sparked fears that the deliberate friction they required would hurt sales, which, admittedly, has had less of a negative impact than anticipated.

Consequently, while security enhancements are inevitable if merchants are to continue meeting high standards, there’s margin for error now that more consumers are reaching the limits of their tolerance for friction.

For every new security measure they introduce, merchants must be increasingly mindful of the impact on the streamlined payment experience customers expect.

 

Finding a common ground: boosting security with trust and technology

While maintaining – or even improving – the current balance between security and convenience might seem impossibly tricky, payment technology has evolved to a point where it’s doable.

With embedded payments, for instance, the consumer pays through a user-friendly interface at the point of need. And because financial details are stored securely in tokenized format, there’s no need to share them every time you make a purchase.

eCash is another such solution that enables customers to buy online quickly, securely, and privately.
A unique barcode is generated at the checkout which customers can then get scanned at one of one million points of sale in 55+ countries to pay in cash. Which means they can buy online without having to share or even store any financial details.

This presents a great opportunity for merchants to take advantage of the high levels of trust these payment solutions enjoy. While our research shows that there’s still a significant knowledge gap, particularly in embedded payments, consumers are becoming more open to both technologies. So now is the time to explain the benefits clearly to customers and, more importantly, address concerns.

 

Online payment security is crucial, but not at all costs

Keeping their financial details safe is the most important element of the payment process for most customers. But while fraud protection may be winning the battle against convenience hands down, merchants need to carefully navigate the process of increasing security without adding too much inconvenience.

As critical as it is for merchants to protect customers’ data, a zero-fraud strategy would also likely cause way more friction than most customers are prepared to tolerate. A smooth, seamless payment experience remains as important as ever.

 

 

Continue Reading

Magazine

Trending

Business2 days ago

Know Your Business (KYB): Exceeding KYC

Victor Fredung, CEO at Shufti Pro   Money laundering costs the UK more than £100 billion pounds a year, according...

Finance1 week ago

Mini-Budget 2022:

Tax giveaway is a boost for business, but will it drive growth or fuel inflation?   Chancellor Kwasi Kwarteng has...

Finance1 week ago

A zero trust environment is critical for financial services

Boris Bialek, Managing Director of Industry Solutions at MongoDB Not long ago security professionals were still focused on protecting their...

Banking1 week ago

Digital Banking – a hedge against uncertainty?

Ankit Shah, Head of Digital Banking, Apex Group   The story of the 2020’s thus far is one of crisis....

News1 week ago

Union Bank of India goes live with RuPay Credit Card on UPI with Kiya.ai as a technology partner

Nitesh Ranjan, ED Union Bank of India with Rajesh Mirjankar, Managing Director & CEO, Kiya.ai at the launch   Kiya.ai,...

Finance1 week ago

Anyone Can Become an R&D Tax Expert with the Right Foundations

Ian Cashin is a Customer Success Manager at Fintech company and R&D tax software provider WhisperClaims   For accounting firms,...

Business1 week ago

Addressing the ongoing global pilot shortage issue

By Bhanu Choudhrie, Founder of Alpha Aviation   The Covid-19 pandemic brought the aviation industry to a halt, causing vast...

Business1 week ago

How exporters can mitigate risks and operate smoothly in stormy, post-Brexit waters

By Morgan Terigi is Co-Founder and CEO of Incomlend   The past few years have presented a series of hurdles...

Business1 week ago

From employees to customers, workforce management can benefit the entire banking ecosystem

Michael Cupps, SVP of Marketing of ActiveOps explores the significant impact workforce management can have on the employees and customers...

Business1 week ago

Redefining the human touch with digital transformation

Simon Kearsley, CEO of bluQube   It may not be a new phrase, but digital transformation is still inducing anxiety...

Finance2 weeks ago

CFOs – the forgotten ally in the fight against ransomware

Justin Vaughan-Brown, VP Market Insight at Deep Instinct   Ransomware attacks have nearly doubled in the past couple of years....

Technology2 weeks ago

7 cost benefits of cloud accounting software

By Paul Sparkes, Commercial Director of iplicit, an award-winning accounting software developer   Is your accounting software having a laugh...

Business2 weeks ago

How does Identity Access & Privileged Access Management help in PCI DSS Compliance?

Narendra Sahoo is a director of VISTA InfoSec. Introduction The Payment Card Industry Data Security Standard also commonly referred to...

Finance2 weeks ago

Listed private debt deserves a closer look from investors

By Michel Degosciu, Managing Partner, LPX AG Over the past few years, the private debt asset class is attracting serious...

Banking2 weeks ago

Security vs online payment convenience: which one is tipping the scales for customers?

 Chirag Patel, President of Digital Wallets at Paysafe.   While keeping their payment details safe is a top priority for...

Business2 weeks ago

The Tool and Tips to Truly Get Started with No-Code Development

Author: Chris Obdam, CEO of Betty Blocks   Throughout the legal industry, firms and in-house departments are leveraging legal tech...

That’s where Netcall’s Liberty Create came in. Create is a new breed of low-code software solution, built for both business users and professional developers That’s where Netcall’s Liberty Create came in. Create is a new breed of low-code software solution, built for both business users and professional developers
Business2 weeks ago

How ReFi Will Transform Finance

– by Ransu Salovaara, CEO of carbon platform Likvidi   Humanity faces a multitude of threats, many of which are...

Business3 weeks ago

THE NEXT WAVE OF FINTECH IS HERE

Much has been made of the ‘second generation’ fintech movement recently, but what have these businesses learned from those entering...

News3 weeks ago

UK leaves Europe trailing in its embrace of digital banking

People in the UK have embraced digital and online banking in a way that those across the rest of Europe...

Business3 weeks ago

The rise of automation and its impact on the CFO & CIO

By: Gert-Jan Wijman, VP Europe, Middle East and Africa at Celigo   On the back of the pandemic, organisations have...

Trending