Chris Vaughan, Area VP – Technical Account Management EMEA, Tanium
When looking at the state of cybersecurity in organisations since the pandemic began, there is one industry that is lagging more than any other: banking. Research conducted earlier this year found that 86% of banking and finance businesses had experienced a cyberattack or data breach in the past 12 months – higher than any other industry surveyed.
One key issue holding large banks back centres around old IT infrastructure. Whilst organisations in other industries have embraced migration to the cloud, banks have been slower to do so. The reason? Many are using outdated IT infrastructure and systems which makes adopting cloud technology significantly more complicated, cost prohibitive, and there’s a reluctance to tackle the related data security challenges.
Addressing a lack of data visibility
The use of cloud services provides huge benefits for large organisations: most notably, the greater opportunities to increase the pace of operations and improve scalability.
However, a shift to the cloud can make securing data more challenging for IT teams – with sensitive data being shared over a broader online territory and no longer confined to physical ‘on-prem’ servers. In the cloud environment, achieving true data visibility – ascertaining what data you have and where it sits on the network – can be more difficult to achieve.
Organisations should also understand that the ultimate responsibility for managing data stored in the cloud sits with the organisation, not the cloud provider – so IT teams need to take accountability and ensure they have the right endpoint management tools in place to ensure data is accessible, safe, and secure. A valuable endpoint management tool will provide full visibility into the status of devices, applications and data points sitting across the cloud network – and flag vulnerabilities as they arise.
Follow FinTech to the cloud
With security paramount across the finance industry, data visibility needs to be front and centre of any IT infrastructure shift. All finance companies – from FinTech start-ups to legacy banks – share the same challenges regarding visibility in cloud IT infrastructure.
However, there is one key difference: FinTech companies are born in the cloud and don’t have old IT architecture and legacy systems to drag along, meaning they can build the network structure they want – and need – with a focus on data visibility from day one.
This doesn’t mean that traditional banks can’t reap the benefits too. They should look to FinTech organisations for examples of the value that moving to the cloud provides: from the opportunity to develop new business models, streamline operating procedures and costs, or add greater customer-centricity.
To keep things secure whilst shifting to the cloud, banks should embrace security tools that provide visibility across environments, users, and data sets. This can be facilitated by cloud-agnostic asset discovery and data monitoring solutions that help banks to simplify security amid the cloud migration process.
Consider data visibility across third-party software
Organisations should also consider the impact that third-party software, working within their cloud environment, has on their security posture. Many high-impact cyberattacks over recent years, including the recent NHS 111 outage, have originated from breaches of third-party software vendors – then paving the way for attackers to compromise the network.
Banks therefore need to ensure they are considering data visibility across their supply chains as part of their effort to manage their entire IT estate. Dependency on partners and suppliers – and a lack of visibility into the data they’re holding on behalf of the organisation – poses a real threat to banks, in part because there are more third-party vendors in their ecosystems today than ever before.
To tackle this challenge, IT teams need to first start by answering the following fundamental questions: Who are the suppliers? What is their security like? And how are they using our organisation’s data? Third-party vendors must be able to provide a comprehensive and accurate inventory of their IT assets to understand where data sits and where software vulnerabilities lie, and to apply patches in a timely manner to mitigate risks.
Where possible, banks should consider publicly listing the third-party software they use and its components – to provide transparency to customers with regard to how their data is stored and managed.
However, some suppliers would be reluctant to agree to this. As a result, there is a case for the industry to implement a regulatory framework. Just as banks force customers to share information to protect themselves from being used for money laundering or financing terrorist organisations, third-party suppliers could be made to report the components of their software. This would be similar to how food companies are obliged by both EU and local legislation to list the ingredients in their products.
Banks and credit institutions should act the same way with their software to avoid compromising the security of customers. In the US, many companies have already started tagging open-source code with component information, known as the ‘Software Bill of Materials’, and this approach should become mandatory for banks worldwide.
Banks also need to be held accountable for ensuring their suppliers meet a set of minimum security standards. Additional regulatory measures could require third-party suppliers to report the cyber-security protection they have in place (like the KYC approach) to help ensure defences remain strong across the industry. Only third-party providers who meet a certain security standard would be permitted to access the bank’s systems.
Ultimately, banking and finance teams need to prioritise data visibility to ensure that their customer’s money and sensitive information stored in the cloud remains safe. This should involve putting technology in place to ensure that issues can be detected in real-time, and threats can be responded to as quickly as possible – regardless of where they sit across the organisation’s cloud infrastructure.
Digital Banking – a hedge against uncertainty?
Ankit Shah, Head of Digital Banking, Apex Group
The story of the 2020’s thus far is one of crisis. First the world was plunged into a global pandemic which saw the locking down of people and economies across the world. Now we deal with the inevitable economic consequences as currencies devalue and inflation bites. This has been compounded by Russia’s invasion of Ukraine and subsequent energy politics.
And the outlook remains uncertain. Tensions continue to build between China and Taiwan and inflationary conditions are forecast to continue well into 2023. This uncertainty is impacting everyone, and every sector. And finance is no exception with effects being felt everywhere from commodity and FX markets to global supply chains.
But it’s not all doom and gloom. Rollercoaster markets and an ever-evolving geopolitical situation have made 2022 a tricky year far, but, despite the challenges, digital banking has proven resilient. In fact, the adoption of digital banking services has continued to grow over the last few years, and is predicted to continue.
So, what are the forces driving this resilience?
In an increasingly digital world and economy, digital banking comes with some advantages baked in, which have seen the sector continue to succeed despite the tumult in the wider world. In fact, the crises which have shaped the decade so far may even have been to the advantage of digital banking. Just as during the pandemic, technologies which could facilitate remote working saw a huge uptick in users, so to digital banking is well suited to a world where both people, and institutions demand the convenience that online banking services offer.
And while uptake of digital banking services is widespread amongst retail consumers, a trend likely to continue as digital first generations like Gen Z become an ever-greater proportion of the consumer market, uptake amongst corporate and institutional customers has been slower. This is largely down to a lack of fintech businesses serving the more complex needs of the institutional market, but, in a post-Covid world of hybrid working business, corporate clients are looking for the same ease of use and geographic freedom in their banking that is enjoyed by retail consumers.
This is not just a pipe dream – with the recent roll out of Apex Group’s Digital Banking services, institutions can enjoy the kind of multi-currency, cloud-based banking solutions, with 24/7 account access that many of us take for granted when it comes to our personal banking.
One significant difference between retail and business accounts however, for banking service providers, is the relative levels of compliance which are needed. While compliance is crucial in the delivery of all financial services, running compliance on multi-million pound transactions between international businesses brings with it a level of complexity that an individual buying goods and services online doesn’t.
For digital banking services providers, this situation is further compounded by guidance earlier this year from HM Treasury – against the backdrop of the Russia-Ukraine conflict- requiring enhanced levels of compliance and due diligence when it comes to doing business with “a high-risk third country or in relation to any relevant transaction where either of the parties to the transaction is established in a high-risk third country or with a sanctioned individual.”
So, can digital banks meet these standards while also providing institutions with the kind of easily accessible, mobile service which retail customers enjoy?
The answer is yes and again, once initial hurdles are overcome, digital banking brings with it features which give it the edge over traditional banking services. Paperless processes, for example, mean greater transparency and allow for better and more efficient use of data. This means AI can be employed to search documents, as well as provide verification. It also means compliance processes, often notoriously complicated, become easier to track. Indeed, digitising time intensive manual process means the risk of human error in the compliance process is reduced.
Digital banking can also better integrate transaction monitoring tools, helping businesses identify fraud and irregularity more quickly. This can be hugely important, especially in the times of heightened risk we find ourselves in, where falling foul of a sanctions regime could have significant legal, financial and reputational consequences.
Our world is increasingly globalised, and so is business. For corporate and institutional banking customers, being able to operate seamlessly across borders is key to the operation of their business.
This brings with it challenges, which are again compounded by difficult geopolitical and economic circumstances. In recent weeks for example, we’ve seen significant flux on FX markets which can have real consequences for businesses or institutional investors who are buying and selling assets in multiple currencies and jurisdictions. The ability to move quickly then, and transact in a currency of choice, is vital. Advanced digital banking platforms can help – offering automated money market fund sweeps in multiple core currencies to help their clients optimise their investment returns and effectively manage liquidity.
Control admin uncertainty
In times of uncertainty, digital banking can provide additional comfort via customisable multi-level payment approvals to enhance control of what is being paid out of business accounts, with custom limits available for different users or members of a team. Transparency and accountability are also essential, with corporate clients requiring fully integrated digital reporting and statements and instant visibility with transaction cost and balances updated in real-time.
For some, the perception remains that digital banking is the upstart industry trying to offer the services that the traditional banking industry has built itself upon. Increasingly however, the reality is that the pressure is on traditional banks to try and stake a claim to some of the territory being taken by digital first financial services.
With a whole range of features built in which make them well suited to business in a digital world, digital banking is on a growth trajectory. Until now, much of the focus has been upon the roll-out of services to retail consumers, but with features such as automated compliance, effortless international transactions and powerful AI coming as standard for many digital banks, the digital offering to the corporate world looks increasingly attractive.
Security vs online payment convenience: which one is tipping the scales for customers?
Chirag Patel, President of Digital Wallets at Paysafe.
While keeping their payment details safe is a top priority for customers when shopping online, they’re not willing to jump through endless hoops or accept poor user experiences as the inevitable price of greater security.
Online payment security has been top of mind for merchants since the very first internet purchase: a copy of Sting’s ‘Ten Summoner’s Tales’ CD. Even though payment technology has become more sophisticated over time, the eCommerce explosion has brought about an ongoing battle between increasing security and ensuring convenience.
Customers are ever more aware about the risks of online shopping and concerned about their financial details falling into the wrong hands. Simultaneously, demand for a good user experience has also risen steadily. But greater security typically introduces friction into the checkout process, which continues to be one of the leading causes of cart abandonment.
In our latest Lost In Transaction report, we surveyed 11,000 consumers in 10 countries across Europe and the Americas regarding the balance between security and convenience in online payments.
Here are the key take-aways for online merchants moving forward.
How concerned are consumers about online fraud?
According to our research, customers continue to grow increasingly worried about online fraud.
59% of respondents are more concerned about it today than they were 12 months ago. Not feeling comfortable sharing financial details online has increased from 49% in 2021, to 70% in 2022.
More to the point, our research shows that, when they have a choice, 44% of respondents will invariably pay with the method they perceive as safest while only 21% will choose the most convenient payment method, and even fewer (14%) will choose the fastest one.
These findings aren’t surprising considering that fraud has become more frequent and more serious during the COVID-19 pandemic. For example, in 2021 the average US fraud victim lost $500 and the average UK victim lost £806.
However, what merchants need to keep in mind is that, even though security typically dictates the choice of payment method, there’s a limit to how much friction customers are prepared to tolerate. And our research suggests this limit is close to being reached, with 42% of customers reporting that they would prefer more payment security but only 19% open to accepting whatever measures are necessary for increased protection against fraud. The other 23% would only accept a minimal increase in inconvenience.
A fine line to walk
If you’re a merchant, the situation is positive but challenging to navigate.
Fortunately, 44% of consumers think merchants are getting the balance between security and convenience right — up from 26% in 2021 – and trust is also high. 53% think online payments are more secure than they were twelve months ago. And 64% of respondents are more likely to shop from merchants who already have their payment details on file, compared to 54% in 2021.
The challenge is that security risks are ever evolving. Cybercriminals are constantly refining their techniques, which means measures that are highly effective today can become inadequate tomorrow. And regulation is constantly developing, at times at odds with consumer sentiment. The introduction of Strong
Customer Authentication rules, for instance, sparked fears that the deliberate friction they required would hurt sales, which, admittedly, has had less of a negative impact than anticipated.
Consequently, while security enhancements are inevitable if merchants are to continue meeting high standards, there’s margin for error now that more consumers are reaching the limits of their tolerance for friction.
For every new security measure they introduce, merchants must be increasingly mindful of the impact on the streamlined payment experience customers expect.
Finding a common ground: boosting security with trust and technology
While maintaining – or even improving – the current balance between security and convenience might seem impossibly tricky, payment technology has evolved to a point where it’s doable.
With embedded payments, for instance, the consumer pays through a user-friendly interface at the point of need. And because financial details are stored securely in tokenized format, there’s no need to share them every time you make a purchase.
eCash is another such solution that enables customers to buy online quickly, securely, and privately.
A unique barcode is generated at the checkout which customers can then get scanned at one of one million points of sale in 55+ countries to pay in cash. Which means they can buy online without having to share or even store any financial details.
This presents a great opportunity for merchants to take advantage of the high levels of trust these payment solutions enjoy. While our research shows that there’s still a significant knowledge gap, particularly in embedded payments, consumers are becoming more open to both technologies. So now is the time to explain the benefits clearly to customers and, more importantly, address concerns.
Online payment security is crucial, but not at all costs
Keeping their financial details safe is the most important element of the payment process for most customers. But while fraud protection may be winning the battle against convenience hands down, merchants need to carefully navigate the process of increasing security without adding too much inconvenience.
As critical as it is for merchants to protect customers’ data, a zero-fraud strategy would also likely cause way more friction than most customers are prepared to tolerate. A smooth, seamless payment experience remains as important as ever.
Know Your Business (KYB): Exceeding KYC
Victor Fredung, CEO at Shufti Pro Money laundering costs the UK more than £100 billion pounds a year, according...
Tax giveaway is a boost for business, but will it drive growth or fuel inflation? Chancellor Kwasi Kwarteng has...
A zero trust environment is critical for financial services
Boris Bialek, Managing Director of Industry Solutions at MongoDB Not long ago security professionals were still focused on protecting their...
Digital Banking – a hedge against uncertainty?
Ankit Shah, Head of Digital Banking, Apex Group The story of the 2020’s thus far is one of crisis....
Union Bank of India goes live with RuPay Credit Card on UPI with Kiya.ai as a technology partner
Nitesh Ranjan, ED Union Bank of India with Rajesh Mirjankar, Managing Director & CEO, Kiya.ai at the launch Kiya.ai,...
Anyone Can Become an R&D Tax Expert with the Right Foundations
Ian Cashin is a Customer Success Manager at Fintech company and R&D tax software provider WhisperClaims For accounting firms,...
Addressing the ongoing global pilot shortage issue
By Bhanu Choudhrie, Founder of Alpha Aviation The Covid-19 pandemic brought the aviation industry to a halt, causing vast...
How exporters can mitigate risks and operate smoothly in stormy, post-Brexit waters
By Morgan Terigi is Co-Founder and CEO of Incomlend The past few years have presented a series of hurdles...
From employees to customers, workforce management can benefit the entire banking ecosystem
Michael Cupps, SVP of Marketing of ActiveOps explores the significant impact workforce management can have on the employees and customers...
Redefining the human touch with digital transformation
Simon Kearsley, CEO of bluQube It may not be a new phrase, but digital transformation is still inducing anxiety...
CFOs – the forgotten ally in the fight against ransomware
Justin Vaughan-Brown, VP Market Insight at Deep Instinct Ransomware attacks have nearly doubled in the past couple of years....
7 cost benefits of cloud accounting software
By Paul Sparkes, Commercial Director of iplicit, an award-winning accounting software developer Is your accounting software having a laugh...
How does Identity Access & Privileged Access Management help in PCI DSS Compliance?
Narendra Sahoo is a director of VISTA InfoSec. Introduction The Payment Card Industry Data Security Standard also commonly referred to...
Listed private debt deserves a closer look from investors
By Michel Degosciu, Managing Partner, LPX AG Over the past few years, the private debt asset class is attracting serious...
Security vs online payment convenience: which one is tipping the scales for customers?
Chirag Patel, President of Digital Wallets at Paysafe. While keeping their payment details safe is a top priority for...
The Tool and Tips to Truly Get Started with No-Code Development
Author: Chris Obdam, CEO of Betty Blocks Throughout the legal industry, firms and in-house departments are leveraging legal tech...
How ReFi Will Transform Finance
– by Ransu Salovaara, CEO of carbon platform Likvidi Humanity faces a multitude of threats, many of which are...
THE NEXT WAVE OF FINTECH IS HERE
Much has been made of the ‘second generation’ fintech movement recently, but what have these businesses learned from those entering...
UK leaves Europe trailing in its embrace of digital banking
People in the UK have embraced digital and online banking in a way that those across the rest of Europe...
The rise of automation and its impact on the CFO & CIO
By: Gert-Jan Wijman, VP Europe, Middle East and Africa at Celigo On the back of the pandemic, organisations have...