Banking
HOW BANKS CAN COMBAT MAN IN THE MIDDLE ATTACKS

– David Vergara, Senior Director of Product Marketing, OneSpan
Digital banking has soared in popularity over the last few years, and it is showing no signs of slowing down. A report looking at the UK finance landscape in 2020 found that only 7.7% of UK banking customers prefer in-branch visits, with the vast majority preferring to use online or mobile channels. As a result, bank branches across the UK have been closing down, with Which? estimating that the UK’s bank branch network has shrunk by a third in the past five years. This year alone 247 branch closures are due in the UK.
This trend towards digital has been fuelled by the customer-centric digital only challenger banks, such as Monzo, Revolut and Starling, who claim close to 20 million customers between them. In recent months, the global coronavirus pandemic has also forced many consumers to adopt digital banking platforms if they weren’t using them before as stay-at-home measures have prevented easy access to bank branches.
While digital banking has increased the overall customer experience, it’s also widened the target of attack for cybercriminals, with threats such as man-in-the-browser or man-in-the-middle attacks becoming more common, and having serious consequences for customers. Fortunately, there are a range of technologies banks can implement to help defend against such threats without compromising the user experience of digital banking.
Man in the middle attacks
These attacks occur when a cyber-criminal is able to intercept communications between a customer’s device and the banking server. The criminal is then able to alter the details of the transaction, such as the amount and intended bank account, without the customer noticing. As a result, a standard £100 transaction could turn into a £10,000 transaction that’s wired directly into the criminals’ bank account.
There are several ways criminals can intercept communications, but one common example is when a customer is using a public WiFi hotspot. These are often insecure, and are easy for cybercriminals to infiltrate. So when a customer makes a transaction using a public WiFi network, they may be unknowingly sharing sensitive financial transaction data through a network controlled by a cybercriminal.
Combatting man in the middle attacks through regulation
In Europe, the Revised Payment Services Directive (PSD2) has pushed banks and financial institutions to evolve their online and mobile banking offerings, introducing a range of security requirements designed to counter man in the middle attacks.
For example, PSD2 has set out requirements for Strong Customer Authentication (SCA) in addition to dynamic linking, which is also known as transaction data signing. The dynamic linking requirement protects a transaction in three parts. First, it requires that the payer authenticate the transaction data they’ve inputted such as the amount and the payee and confirm that it’s correct. An authentication code is then generated that links to the transaction data, so that any change in transaction details would invalidate the code.
Second, the confidentiality and integrity of the transaction data needs to be protected throughout the authentication process, so a bad actor cannot intercept and alter the details. This ensures the authentication code is generated based on authentic transaction details.
Finally, the customer needs to be aware of the transaction data they are asked to authenticate. This means that the transaction data needs to be presented to the customer at the time of authorisation.
Combatting man in the middle attacks through technology
Cronto technology is one way banks can verifying transactions and protect customers against man in the middle attacks. Cronto is available through a mobile app and secures the communication channel between the customer and the bank to protect the transaction data from being altered. The data is then presented in plain-text so the user can confirm it corresponds with their intended transaction before generating an authentication code based on the transaction’s details.
Only the bank is able to generate this code and it can only be decrypted by the user’s mobile device. This unique approach to transaction verification simplifies the experience because it reduces the user interaction required to authenticate a transaction – customers simply point their phone at the screen to scan the image – essentially a colour QR-like image – and enter a response code into the browser. This allows all of the encrypted transaction details to be communicated between the bank and customer without the risk of interception or tampering by hackers.
As a result, banks can offer a quick, user-friendly security solution that protects customers, ensures compliance and ultimately improves the user experience.
You may like
Banking
SEIZING THE OPEN BANKING OPPORTUNITY

Nick Maynard is a Lead Analyst at Juniper Research
Open Banking has made significant progress in 2020, having recently launched across much of Europe and now starting to emerge in other markets too. And there are two primary reasons why Open Banking is disrupting the banking industry so much:
- Banks have begun to discover the real competitive advantage of a more open approach to banking. Offering a superior Open Banking experience to customers can be a compelling differentiator from other competitors as part of a wider digital app experience. Open Banking also creates a level playing field in markets where regulatory intervention has led to Open Banking deployment. As all banks are required to deploy APIs in this scenario, the situation is the same and does not put any one particular bank at a disadvantage.
- Legislation – for example, in October 2015, the European Parliament adopted PSD2 (the revised Payment Services Directive). By early 2020, major banks in the EU had adopted Open APIs. There have however been many cases of late deployments of APIs and problems with the availability of APIs.

Nick Maynard
The Disruption Factor
Open Banking is a major disruptive factor for banks. The reason for this being that it opens up account data to both AISPs (Account Information Service Providers) and PISPs (Payment Initiation Service Providers), which can attempt to carve out a role in the banking area.
- AISPs: These new vendors are able to access transaction data and balance information, as well as related information. This has, in particular, led to the rise of vendors such as Emma, Yolt and Connected Money. These vendors combine information from multiple sources, adding value to the user.
- PISPs: In this case, the vendors are able to leverage Open Banking API connections to initiate payments directly from the bank accounts in question. This means that these players are able to bypass traditional payment methods, such as cards. Vendors such as American Express and PayPal have already launched solutions that have taken full advantage of this action.
PSD2 Changes
Generally, the implementation of the new PSD2 European regulation for electronic payment services effectively reduces the entry barriers for new digital players. It also opens up banks to the potential for competition, enabled by their own APIs. This allows these players to compete with existing services in fields currently offered by the banks. In the case of AISPs, it is possible that third-party applications could displace the role of the apps from incumbent players, which would dilute the bank’s relationship with their users.
As with any fundamental change to markets in the banking area, there is the potential to bring a number of both opportunities and challenges to consider with Open Banking.
Open Banking Opportunities & Challenges to Consider
Source: Juniper Research
Banks and other parties that are looking to become involved in the Open Banking ecosystem must weigh these opportunities and challenges carefully. Open Banking certainly needs a more collaborative approach than traditional banking models, which will require significant effort to make them successful.
The Forecast for Open Banking
The total number of Open Banking users is set to double between 2019 and 2021, reaching 40 million in 2021 from 18 million in 2019. The ongoing Coronavirus pandemic is increasing the need for consumers to have the clarity of combining their accounts and gaining insight on their financial health, and also boosting momentum in the adoption of Open Banking.
This extraordinary growth is being driven by Europe, where the regulator-led approach to Open Banking has created a standardised market, with low barriers to entry. This contrasts with markets like the US, where a lack of central regulatory intervention is limiting growth potential.
Open Banking – Delivering Opportunities and Threats
It is worth noting that Open Banking can be both a threat and an opportunity for traditional banks. While Open Banking exposes user information and access to potential competitors, this threat has the potential to affect all players in the market equally. Consequently, established banks must create innovative Open Banking services that will provide benefits for the user, while also attracting customers from less innovative competitors.
Payments will be critical to the emerging Open Banking ecosystem; accounting for over $9 billion in transaction value in 2024. However, payments in this ecosystem are at a particularly early stage. While eCommerce is dominated by card networks, there is the potential that this role will be eroded over time by ‘direct from account’ payments. Consequently, card networks should look to offer Open Banking-enabled payment services, in order to offset the risk of future disruption.
Open Banking Users in 2021 (m), Split by 8 Key Regions: 40 Million
Source: Juniper Research
Banking
2021: THE NEW-NORMAL LIFECYCLE FOR BANKING

Laura Crozier, Global Director of Industry Solutions, Financial Services at Software AG
It would be impossible to talk about predictions for the banking industry in 2021 without mentioning the cataclysmic impact that 2020 and the pandemic has had on people, businesses and countries.
Unlike with the global financial crisis, banks have been able to step up as “good guys” this time around, rebuilding their reputations as well as accelerating digital transformation. One of the main outcomes is increasingly smart, efficient online payments.
In 2020, the banking industry innovated like never before. This is the new normal. Overall, customers and society will be the beneficiaries from the changing industry. Here are my predictions:
Reputations are reborn
Banks across the globe pulled out the stops to integrate and adapt systems and processes to help customers during the pandemic. They offered accommodations in loans, assisted governments with the distribution of financial relief, and supported consumers by upping contactless spending limits and virtual deposits.
In 2021, banks will risk losing that rosy glow as economic circumstances drive them to deal with non-performing loans, mortgage foreclosures, layoffs etc. But, beyond their role in society as providers of capital and liquidity, banks will invest to sustain their reputations as trusted and good corporate citizens and use their power to persuade their customers and providers to adopt higher environmental and ethical standards. This will be in the areas of bank carbon-neutrality, sustainable financing, serving the unbanked, diversity and gender equality (as the number of women running a major global bank will double from one (Jane Fraser at Citi) to two). It’s a start.
Coming of age in the way of working
Back in Q1, when bank employees cranked up their laptops on their dining room tables, banks that were strategically undertaking business transformation accelerated their efforts. Those that were tactical, or on the fence, now understand with painful clarity that this work must be undertaken strategically.
Cracks in process and the way of working and their resulting risks can be crippling. Especially from a back-office perspective, it is not enough to rely on “organisational memory” and collegial proximity for work to get done right. Advanced banks pushed the boundaries of remote work, and the proof of concept was successful. So, they’re doubling down on developing digital twins and moving to the cloud. They’re adopting the hybrid office/WFH approach to reduce health risks and reduce cost permanently. The watercooler will never be the same.
The death of cash
Ok, maybe the rumours of the death of cash are a bit exaggerated since there will always be the need for cash (and, to some extent checks; the USA, for example, cannot seem to live without them). But the pandemic has permanently changed the way that consumers and small businesses bank, and the demotion of cash has been accelerated by a decade by the pandemic. For example, the Norwegian central bank said that cash payments in that country have plummeted to just 4% of transactions since March.
Implications? It will be critical to continue evolving payments to be smart, safe and flexible to compete in new world, in both retail and commercial banking. Also, the permanent change in the mix of channels will see banks’ face-to-face engagement with customers fade. Branches aren’t going to go away entirely, but they will be reserved for high value activities – by appointment only. To compensate, the personal touch has to be delivered digitally and intelligently.
The role of the bank as a “financial wellness partner” is being born. Banks will use customers’ data, not just to personalise and differentiate banking experiences, but to make recommendations for products and services beyond traditional banking from across their ecosystem to serve their customers well. Just as customers own their cash (physical or digital), in the future they will demand that they own their data (and can share it with whom they choose). Then retail and commercial clients will share their data in return for value.
Magazine
Trending


FUJITSU’S CTO, FINANCIAL SERVICES – IAN BRADBURY – SHARES HIS TOP PREDICTIONS FOR THE FINANCIAL SERVICES INDUSTRY IN 2021
At the beginning of the year, financial institutes were excited by the prospect of a new decade. The advent of...


HOW TECHNOLOGY IS MAKING AIRLINES SMARTER DURING LOCKDOWN
Captain Nadhem is the General Manager of Alpha Aviation UAE 2020 has provided challenges to all industries, but few...


THE INEFFICIENT MARKETS THEORY
Fraser Thorne, CEO at Edison Group According to accepted financial thinking The Efficient Market Hypothesis (EMH) asserts that, at all...


HOW WILL WE PAY IN 2021?
Nick Corrigan, UK & Ireland Managing Director, President of Global Payments. As 2020 began, there was already much conversation...


WHY BETTER PLANNING COULD BE THE INSURANCE INSURERS NEED
Adam Bimson, Chief Customer Officer, Vuealta Insurance is predicated on the ability to plan effectively, to model accurately, and...


WHY IT IS MORE IMPORTANT THAN EVER TO SHOP SOCIAL
Dave Linton is an innovator, social entrepreneur, thought leader, mentor of social enterprises, motivational speaker and the founder and Managing...


HOW COVID-19 HAS RESHAPED THE PAYMENTS LANDSCAPE
By Mohamed Chaudry, Group Chief Financial Officer of FoodHub The year 2020 may well have sounded the death knell...


CREATING A PEOPLE-CENTRIC WORKPLACE CENTERED ON FLEXIBILITY, EXPERIENCE AND WELLBEING
By Anne Marie Ginn, Head of Video Collaboration, Logitech EMEA The light is appearing at the end of the...


UK OPEN BANKING FINTECH YAPILY ANNOUNCES EXPANSION IN VILNIUS
Yapily, a London-based fintech startup, has announced plans to set up in Vilnius, the company’s third European office. Yapily joins...


FINTECH EEDENBULL SECURES PAYMENT TECHNOLOGY DEAL WITH NATIONAL AUSTRALIA BANK
EedenBull has announced a five year agreement with National Australia Bank (NAB), which allows the bank to deploy EedenBull’s innovative...


MARQETA ANNOUNCES PARTNERSHIP WITH GOLDMAN SACHS ON MARCUS CHECKING OFFERING
Marqeta’s modern card issuing platform will be leveraged by Marcus by Goldman Sachs to build new digital banking offerings. Marqeta,...


MAKE 2021 THE YEAR YOU DRAW UP A PERSONAL BUDGET
By Neli Mbara, Certified Financial Planner at Alexander Forbes Budgeting is the most important thing you can do to manage...


FINTECH EEDENBULL SECURES PAYMENT TECHNOLOGY DEAL WITH NATIONAL AUSTRALIA BANK
EedenBull has announced a five year agreement with National Australia Bank (NAB), which allows the bank to deploy EedenBull’s innovative payment...


GEOSPATIAL DATA VISUALISATION MAKES SENSE OF MASS OF COMMERCIAL PROPERTY INSURANCE DATA
Heikki Vesanto, Manager GIS Data Science, LexisNexis Risk Solutions UK & I Like most areas of the general insurance...


A GUIDE TO HMO PROPERTY INVESTMENT
Many experienced property investors are turning their attention to HMOs and achieving much higher rental yields as a result. Find...


PROTECTING THE DIGITALLY-EXCLUDED: BIOMETRIC IDENTIFICATION ENSURES ACCESS TO PAYMENTS IN A CASHLESS WORLD
By Vince Graziani, CEO, IDEX Biometrics ASA The events of this year have exacerbated a number of challenges for...


‘GLOBAL TRADE IN 2008 VS 2021: GLOBAL IMPACT, DIFFERENT CHALLENGES’
A Q&A with Nawaz Ali Head of Insights at Western Union Business Solutions who draws comparisons between the financial crisis...


FOUR WAYS OF FINDING THE SUPPORT AND RESISTANCE LEVELS
Support and resistance levels are mainly conventional values where a large number of orders assemble to stop a prevailing trend...


TAX-FREE SAVINGS ACCOUNTS OR RETIREMENT ANNUITIES: KNOW THE SAVINGS PRODUCTS AVAILABLE TO YOU
By Michael Kirkpatrick, head of individual consulting best practice, Alexander Forbes The start of a year is a great time...


FROM PLASTIC WASTE TO PAYMENT CARD
Giesecke+Devrient invites to join the cause of saving the oceans. Giesecke+Devrient (G+D) and the environmental organization Parley for the...

FUJITSU’S CTO, FINANCIAL SERVICES – IAN BRADBURY – SHARES HIS TOP PREDICTIONS FOR THE FINANCIAL SERVICES INDUSTRY IN 2021

HOW TECHNOLOGY IS MAKING AIRLINES SMARTER DURING LOCKDOWN

THE INEFFICIENT MARKETS THEORY

HOW WILL WE PAY IN 2021?

WHY BETTER PLANNING COULD BE THE INSURANCE INSURERS NEED

WHY IT IS MORE IMPORTANT THAN EVER TO SHOP SOCIAL

EMV® 3-D SECURE: ENABLING STRONG CUSTOMER AUTHENTICATION

HOW TO SIMPLIFY IDENTIFICATION IN THE GLOBAL DIGITAL ECONOMY WITH THE LEI

EXEGER – CHANGING THE PERCEPTION OF POWER

FUTURE FX PROMO

FutureFX Profile

INTRODUCING JISPGO | ONE APP, ANY SHOP
Trending
- News6 days ago
FROM PLASTIC WASTE TO PAYMENT CARD
- Top 107 days ago
AML SYSTEMS FOR THE CRYPTO MARKET – HERE’S WHAT YOU MUST KNOW
- Finance5 days ago
GEOSPATIAL DATA VISUALISATION MAKES SENSE OF MASS OF COMMERCIAL PROPERTY INSURANCE DATA
- Interviews5 days ago
‘GLOBAL TRADE IN 2008 VS 2021: GLOBAL IMPACT, DIFFERENT CHALLENGES’