By Miles Tappin, Vice President, EMEA at ThreatConnect
Over the last few years, cyber criminals have become more agile and possess a higher quality of skill than ever before. However, these skills come at a cost to industries worldwide. According to the Allianz Risk Barometer 2020, companies now see cybercrime as the biggest threat to their business, taking the top spot for the first time and ranking above threats such as climate change, natural disasters and market developments.
With digital threats remaining front of mind for the C-suite, more needs to be done to ensure businesses are protected from the powerful effects that cyber crime can have on the bottom line, corporate reputation or day-to-day operations.
The rise of the “business savvy” hacker
Awareness of digital threats is rapidly accelerating among businesses, but many aren’t prepared to tackle the mounting threats they now face.
According to David Ferbrache, Global Head of Cyber-Futures at KPMG and Chair of the National Cyber Resilience Board for Scotland, organised crime has become a lot less “crude” than it used to be. In essence, criminals are now becoming “business savvy” and are even undertaking reconnaissance missions to work out exactly who the best target is and how much they can extort.
Gone are the days of “hackers” being people who lurked in darkened rooms, anonymously terrorising the internet. They now want to be known as players in an evolving landscape who are taking advantage of your organisations’ pitfalls and planning far in advance to inflict the most amount of damage possible for maximum impact.
The main worry for the C-suite is that cyber criminals are getting smarter. They’re continuously learning from previous attacks, sharing insights and using this to exploit new vulnerabilities using emerging forms of technology. This continuous feedback loop is enabling them to act quicker.
For example, if a hack highlights a potential weakness, they will then target it in their next assault before organisations have a chance to respond. It becomes an ongoing cycle for the attackers. If the weakness isn’t fixed in time, then there is no doubt that it will continue to happen. Much to the dismay of organisations.
Threat intelligence informing operations
It’s long been argued that threat intelligence should inform operations when it comes to cyber security. This allows organisations to quickly identify threats and false flags, so security teams do not waste their time chasing down non-malicious communications. It should be noted that intelligence does not exist for its own sake. Intelligence, in particular threat intelligence, specifically exists to inform decisions for security operations, tactics and strategy. However, this relationship is not a one-way street.
Intelligence and operations should be cyclical and symbiotic. Intelligence informs decisions for operations resulting in actions being taken based on those decisions. Those actions, including clean-ups, further investigations, or other mitigations will create data and information in the form of artefacts. This includes lists of targeted or affected assets, identified malware, network-based indicators of compromise and newly observed attack patterns.
In turn, these artifacts can be refined into intelligence that can inform decisions for future operations. While some organisations do not have a formally defined intelligence function on their team, the concept of using what you know about the threat-space to inform your operations exists in all organisations. Regardless of whether an explicitly named threat intelligence analyst employee is on the payroll, the relationship between intelligence and operations is fundamental and present in all security teams.
Enter the “mobius strip”
With security risks and attacks set to increase year-on-year and the average annual cost to organisations ballooning, companies need to explore how they can make greater use of threat intelligence to respond to the new barrage of threats.
Threat intelligence may be the catalyst for taking an action or starting a process and informing how the process and decision making is done throughout. As threat intelligence drives your orchestrated actions, the result of those actions can be used to create or enhance existing threat intelligence. A feedback loop is created — essentially threat intelligence drives orchestration and orchestration enhances threat intelligence.
Increasingly, cyber security programmes are operating like a “mobius strip”, a continuous loop where intelligence informs operations and insights from these operations are fed back and form new intelligence. The “mobius strip” will prevent hackers in the long-term. By sharing important data between intelligence and operations it denies hackers the upper hand. Providing context to indicators during incident management is crucial to understanding what you might be dealing with and where it’s been seen before. At the same time, adding new intel generated from an incident or case back to your threat repository takes information that’s very relevant to your organisation and makes it available for future analysis.
BANKING’S SECOND WAVE OF TRANSFORMATION: INTEGRATING THE CLOUD-ENABLED FUTURE BANK
Keith Pearson, Head of Financial Services EMEA, ServiceNow
The last six months have seen significant changes to the financial services landscape, with operational resilience, economic recovery, cost reduction and an acceleration of digital transformation key themes emerging from the industry.
At the start of this crisis, much of the banking industry was in a different position to many businesses. The 2008 recession spurred a need for improvements and combined with the emergence of tech-savvy fintechs, the industry has seen a major shift as customer expectations have adapted. The pandemic has forced organisations to accelerate innovation already part-underway in the banking industry.
As banking experienced its first wave of transformation, institutions focussed on customer engagement, uniting physical and digital channels for an improved customer experience. Banks invested heavily in front office digital technology, creating visually appealing mobile apps, engaging online banking experiences and technologies for bankers to personalise customer engagement.
However, this digital engagement layer is not enough. Regulations like PSD2 reinforce the necessity to remain compliant, adding additional pressure to the digital transformation process which in turn has been accelerated by COVID-19. Banking is therefore in the midst of its second wave of transformation, where financial institutions are creating and seeking out critical infrastructure to better connect underlying middle and back office operations with the front office, and ultimately, with customers.
A disconnected operation
Many financial organisations are still struggling because they have yet to streamline, automate and connect the underlying processes that are enabling customer experiences. Which poses the question: why is connecting operations so difficult?
In most cases, multiple systems are still glued together by email and spreadsheets to track end-to-end status. Around 80% of a middle office employee’s time is spent gathering data from systems to make a decision, with only 20% spent actually analysing and making the decision.
The disconnect negatively impacts customers. For many, experiences like opening a bank account or getting a mortgage involve clunky, manual processes riddled with paperwork and delays. When front and back office employees lack the ability to seamlessly work together, customers can be asked for the same data multiple times, elevating frustration.
Customers have little patience and can be inclined to publicly broadcast problems when left unresolved. In a world of social media and online reviews, this could be detrimental to a company’s reputation.
With digitally native, non-traditional financial services players gaining market traction by offering a seamless customer experience, maintaining satisfaction is crucial for traditional banks to ensure that customers don’t switch. Banks must focus on making it easy for customers to do business with them by offering faster cycle times with more streamlined operations.
The fintech effect
Fintechs and challenger banks like Starling have shown what connected operations can do, having been built with digitised processes from day one. Modern consumers expect round-the-clock service from their bank. As financial institutions look to the future, developing a model of operational resilience that is capable of withstanding unforeseen issues, like power outages or cyberattacks, is critical to minimising service disruption. Having connected internal communications between front and back office staff means customers can be notified about any problems, how they can be fixed and when they might be resolved, as well as receiving continuous progress updates instantaneously.
Automation can go a step beyond this. Today, customers expect companies to not only do more and do it faster but to prevent problems arising in the first place. With connected operations and Customer Service Management (CSM), banks can proactively fix things before they happen and resolve issues fast, enabling frictionless customer service and replicating the ‘fintech effect’.
What about compliance?
In the European Union and the UK, PSD2 and the Open Banking initiative are giving more control to the customer over personal account data. Digital banks such as Fidor and lenders like Klarna are seeking to reinvent banking by offering customer-centric services. But the process of streamlining underlying operations is not simply about providing customers with the fintech-esque experience. More than 50% of a financial institution’s business processes are also impacted by regulation.
Financial services leaders are focussing on streamlining and taking cost out of business operations while also placing importance on resilience. Regulators are pushing banks to have a firmwide view of the risk to delivering their critical business services.
Banks must invest in digitising processes to intuitively embed risk and compliance policies, which are generally managed separately and often manually from the business process, leading to excessive compliance costs and risk of non-compliance. With the right workflow tools for monitoring and business continuity management, banks can minimise disruption by gaining access to real-time, actionable information about non-compliance and high risk areas, encompassing cybersecurity, data privacy and audit management.
Increasing openness of financial institutions to regtech solutions, or managing regulatory processes in the industry through technology, will prove key during this second wave of transformation. Banks will increasingly move away from people and spreadsheets and toward regulatory solutions that provide a real-time view of compliance and provide an end-to-end audit trail for Heads of Compliance, Chief Risk Officers and regulators.
With a unified data environment aided by technology, financial institutions can drive a culture of risk management and compliance to improve business decisions.
Riding the wave
The banking industry is still in the midst of its second transformation, and the pandemic hasn’t made it any easier. But riding this wave and successfully digitising processes to connect back and front office employees will present a profound difference to customer service.
The bank of the future will be frictionless, digital, cloud-enabled, and efficient; interwoven into the fabric of people’s lives. It will continue to be compliant and controlled but will deliver those outcomes differently, with risk management digitally embedded within its operations.
Demonstrating the operational resilience of its key services will not only drive customer confidence but will also provide a greater indicator of control to regulators and the market, adjusting overall risk ratings and freeing up capital reserves to drive more revenue and increase profitability.
The institutions that will thrive in this increasingly digital and connected world are the ones that are actively transforming themselves and the way they do business now, by taking learnings from fintechs, following regulations and paving the way in defining the future of financial services.
MAINTAINING SECURITY: NOT SOMETHING TO LOSE CUSTOMERS OVER
By Philipp Pointner, Chief Product Officer of Jumio
They say it takes 60 days to make or break a habit. With the UK having spent over 100 days in lockdown, old habits have changed and new ones have formed. While restrictions are starting to ease, these habits will stay with us, including how we choose to manage our finances. While prior to the pandemic, we may have gone to the bank regularly to deposit a cheque, change our bank account or open a new one, this habit has now been broken, putting the role of the branch in question.
Well before the outbreak of COVID-19, bank branches were closing in large numbers. More than a third of the UK’s bank branches have shut for good in less than five years, while hundreds of those that remain have reduced their business hours.
These macro changes in how we interact with our finances impacts financial institutions, which have had to adapt to allow current and prospective customers to access services remotely with the same level of security. Digitalisation in banking has been happening for years, but the global pandemic has significantly accelerated these efforts. While newer challenger banks have a reputation for faster sign-ups and seamless customer experience, security remains a top concern, particularly when the annual value of online banking fraud losses eclipsed £112 million in 2019.
Fraud detection measures have a reputation for making the customer experience worse. How can we preserve the user experience without compromising online security?
The best experience vs. the best security
Top security at the account sign-up stage is essential, yet nearly half (48%) of all fraud value stems from accounts that are less than a day old. Experian’s 2020 Global Identity and Fraud Report found that account opening and account takeover are responsible for higher losses than any other type of fraud. The account onboarding process is one that carries many risks — financial, regulatory, and reputational — when identifying the true identity of a customer, especially when not done in person.
In ensuring fraud detection, measures with incremental friction are often put in place to keep identities secure. However, too much friction can be problematic, with nearly 40% of potential new customers quitting onboarding processes which are too time-consuming and onerous. This level of abandonment represents a significant cost for financial institutions. With friction having such an impact on conversion rates, there are lessons traditional banks can learn from their challenger counterparts when it comes to customer experience.
How do we solve this?
For many consumers digital banking is not new, but the global pandemic has forced others to try digital banking for the first time because there are no other options. How many of these consumers will return to a physical branch when lockdowns are lifted?
When onboarding, whether online or in branch, banks perform the same set of steps even though the process differs. While banks are required to perform the necessary due diligence as part of their KYC obligations, many of the onboarding steps required in-branch can be automated, streamlined and simplified to deliver a better customer experience.
Face-based biometrics have the power to help banks strike the right balance between customer experience and security when it comes to digital verification. When a customer goes to set up an account, the bank asks them to take a picture of their government-issued ID (e.g., driver’s license, passport) and a corroborating selfie. This process determines if the ID is authentic and if the person in the selfie matches it.
To make this process even more secure, online solutions are now embedding certified liveness detection in the selfie-taking process to make sure that the customer is not attempting to spoof the system with a deepfake video or a picture of a picture. By leveraging biometrics and AI, an accurate verification decision can be made in a matter of seconds, which dramatically lessens the friction and frustration experienced by most online customers.
Going beyond onboarding
With over 60% of financial institutions experiencing an increase in fraud volume over the last few years, and cyber fraud as the primary concern, top-end security needs to go beyond the onboarding stage.
Face-based biometrics can also serve as the answer to ongoing authentication. During the initial identity verification process, better online solutions create a 3D face map, containing over 100 times more liveness data than a 2D photo. When a future authentication is required, for example, when a customer tries to reset their password or initiate a wire transfer, the customer is asked to take a new selfie, during which a new 3D face map is created. This face map is compared to the original and authorises the transaction in seconds with a significantly higher level of identity assurance.
This holistic approach is required now more than ever, with fraudsters taking advantage of the surge to digital.
So, what next?
Digitalisation is no longer just an important priority — it must be a primary focus for all regulated financial institutions. When lockdowns were announced all around the world, challenger banks were better prepared to support their customers online, but while they may have had an advantage at the start, it doesn’t need to stay that way. With the extraordinary power of face-based biometrics and AI, financial institutions can level the playing field by delivering an online experience that balances account security and customer usability.
DON’T RISK IT ALL WITH NON-COMPLIANCE
By Paul Sleath, CEO at PEO Worldwide Did you know non-compliance costs more than twice the cost of maintaining or...
BANKIA TRANSFORMS THE CUSTOMER AND EMPLOYEE EXPERIENCE WITH BIANKA BY IPSOFT
Developed with cognitive artificial intelligence, IPsoft’s conversational agent can carry out transactional tasks, perform different roles in customer service and...
by Devan Nathwani, FIA and Investment Strategist at Secor Asset Management Defined Benefit pension schemes are one of the most significant institutional...
TOUCH-FREE AUTHENTICATION FOR ALL: WHY WE NEED A SAFER PAYMENT METHOD IN THE ‘NEW NORMAL’
David Orme, SVP, Sales & Marketing, IDEX Biometrics ASA Ever since March, when the World Health Organization encouraged people to...
WHY BANKS NEED TO EMBRACE OPEN SOURCE COMMUNITIES
Nikolai Stankau, Director Business Development, EMEA Financial Services at Red Hat, the world’s largest enterprise open source solutions provider. ...
FOR PE TO SNAP UP “GOOD” COMPANIES, THEY MAY NEED TO WADE INTO “BAD” ECONOMIES
By Martin Soderberg, Partner at SPEAR Capital There’s no shortage of global challenges for investors currently, especially for those...
THE BASICS OF BUSINESS FINANCE
When you’re starting your business, you’ve got a lot to be thinking about. You need to find affordable suppliers, market...
HOW THE IMPORTANCE OF E-COMMERCE PLATFORMS GREW DURING THE PANDEMIC
Never in history has the world relied more on the internet than during this Covid-19 pandemic. With governments imposing lockdowns...
UNBANKED AND UNCONNECTED: SUPPORTING FINANCIAL INCLUSION BEYOND DIGITAL
Darren Capehorn, Director, Icon Solutions Many of us take it for granted, but accessing basic financial services is fundamental...
MORE THAN REGULATION – HOW PSD2 WILL BE A KEY DRIVING FORCE FOR AN OPEN BANKING FUTURE
Ralf Ohlhausen, Executive Advisor, at PPRO Whilst initially seen as simply a regulation exercise, the second Payment Service Directive,...
TIME TO THINK OUTSIDE OF THE BLACK BOX
Mike Brockman, CEO, ThingCo If you have the unbridled joy of parenting a teenager you’ll probably know what telematics...
BANKING’S SECOND WAVE OF TRANSFORMATION: INTEGRATING THE CLOUD-ENABLED FUTURE BANK
Keith Pearson, Head of Financial Services EMEA, ServiceNow The last six months have seen significant changes to the financial services landscape, with operational resilience, economic recovery, cost reduction and an...
RISK AND INVESTMENT SPECIALIST, CARDANO, TAKES TO DOCUMENT AND EMAIL MANAGEMENT IN THE CLOUD WITH ASCERTUS AS IMPLEMENTATION PARTNER
Ascertus also providing document comparison tool, compareDocs Cardano, a privately-owned, purpose-built risk and investment specialist, has chosen Ascertus Limited as its implementation...
HOW SALARY SLIPS HELP YOU UNDERSTAND TAX DEDUCTIONS ON YOUR SALARY
A salary slip is defined as a document that is provided by your employer which contains the breakdown of your...
BRANCHES ARE THE HUMAN FACE OF YOUR BANK?
Sudeepto Mukherjee, Senior Vice President, Financial Services Lead EMEA & APAC Publicis Sapient Branches have always played a pivotal...
RISE IN E-COMMERCE FOR SMALL BUSINESSES IS A BIGGER RISK THAN JUST STOCK CONTROL
With consumer confidence in the high street at an all-time low, many SME shops and businesses have moved to online...
TIME TO FOCUS ON YOUR ‘WEALTHBEING’
Tony Mudd, Divisional Director, Development & Technical Consultancy. St James’s Place FIVE WAYS TO SAFEGUARD YOUR FINANCIAL FUTURE The...
PAYROLL AGILITY IN THE CORONAVIRUS CRISIS – HOW FINANCE FIRMS CAN ACHIEVE IT
by Hannah Grimshaw, BPO Payroll Lead, Symatrix The government has published guidance with regards to the next steps for...
WHY IT’S TIME TO ADAPT TO THE VIRTUAL WORLD: HOW TO MASTER ONLINE NEGOTIATIONS
By Tony Hughes, CEO at Huthwaite International, a leading global provider of sales, negotiation and communication skills development Virtual...
BNP PARIBAS PERSONAL FINANCE COLLABORATES WITH EXPERIAN AND ARYZA TO HELP CUSTOMERS THROUGH THE COVID-19 PANDEMIC
The consumer finance specialist will be using the Open Banking tool to help customers create an affordable payment plan based...