As 2015 gets under way, it is time to take stock of some of the biggest challenges facing the banking industry this year – including cybercrime, cultural change, more stress testing, ever-increasing regulatory scrutiny and a troubled economic outlook in Asia, Europe and the Middle East.
One of the trends of 2014 was its delivery of technology that we had been promised for years but had fallen short until now. Siri, Cortana and Google Now all make good on the sci-fi staple of the voice-activated computer. Virtual reality has been attempted many times, but it seems that the Oculus Rift may have finally cracked it. And biometric authentication, while often included in devices but rarely used, is now commonly used by owners of new iPhones to unlock their devices thanks to Touch ID.
A platform for sharing cyber-security threat intelligence among financial services companies has been launched by US post-trade utility the DTCC and non-profit security organisation FS-ISAC. Called Soltra Edge, the platform gathers data about cyber-security threats and converts it into a standardised format for sharing.
As Bob Dylan, famously sang, The Times, They Are A-Changin’. Once, the tools required to carry out a bank raid usually comprised a shotgun, old stockings and a bag labelled “swag”. Today, it’s a laptop, computer programming skills and patience. And the nature of the crime is changing too – previously, the goal was often to get away with a few thousand pounds, before lying low for a while. Now, the “prize” sought may be the theft of millions or the personal details of thousands, to be then sold on.
Fraud and financial crime are growing substantially in their nature and complexity as we continue to evolve into an ever more connected world. New technologies, particularly the spread of mobile devices, have opened up different avenues of attack for technically sophisticated and well organised gangs of fraudsters and criminals. The social and economic costs of organised crime in the UK alone are estimated to be £24bn, of which £8.9bn are associated with fraud.
Greater information sharing and closer collaboration between the public and private sectors are needed to combat cyber-attacks, which are now the principal concern of the financial services industry, according to the DTCC. A top priority should be the creation of global industry working groups to engage with national regulators on the development of cyber-security regulations that address the real-time and evolving nature of cyber-threats.
The recent nomination of the British Banker’s Association as an intelligence node and source of benchmarks and practices in the UK’s financial infrastructure, via CBEST, has pushed the role of the banking sector in detecting and remediating breaches into the spotlight. So what can banks do to ensure their cyber defences are up to the task?
As banks develop new retail styles, they face new security challenges as the changing use of space in-store means surveillance and alarm systems must evolve in tandem.
Microsoft has begun a joint pilot project with the Financial Services Information Sharing and Analysis Centre (FS-Isac) to tackle financially-motivated cyber crime attacks, which are estimated to cost $100 billion a year in the US alone.
While the average bank heist averages $6000, a cyber-thief can make off with millions. Last year 552 million identities were breached, while every call about a compromised credit card costs a bank $4.
The news last month (June) that the Luuuk malware had snared its first victim, an unnamed European bank, has again highlighted the magnitude of the challenge facing the banking sector. While the reported theft of €500,000 during the course of a week certainly does not break any records, the discovery of what is believed to be a variant of the feared Zeus malware, is just the latest in a line of increasingly sophisticated cyber attacks
With passwords continuing to attract widespread derision from consumers it seems that businesses are starting to listen to their customers and in recent weeks voice biometrics has been hitting the headlines, as the technology is set to replace the bane of so many people’s lives.
Firms looking to adopt cloud-based services should consider the security and data privacy implications associated with moving critical systems into the cloud, and not let vendors drive their technology strategies for them, according to Bank of England CIO John Finch.
“The fastest growing national security threat facing the [US], which also happens to face the financial services industry, is cyber-espionage, cyber-crime and cyber-terrorism” according to a former deputy and acting director of the Central Intelligence Agency, speaking at the SifmaTech conference in New York.
Specialist Java start-up Waratek has announced a security product intended to protect older Java code – which can contain five to 10 security vulnerabilities per 10,000 lines of code – from security breaches.
As the number of cybercrime incidents increases, financial institutions and their corporate customers should take renewed steps to protect their data – including using tokenisation and hosted payments pages, according to a new report by Chase Paymentech.
Bank account fraud in the UK increased 48% in the first four months of this year, with a 57% rise in the number of identity frauds compared to the same period last year.
Confusion and concern over security is cited over and over again as the biggest barrier to widespread consumer uptake of mobile payments. And no wonder – confidence in the protection of sensitive cardholder data lies at the heart of trust in this technology. An EMV card as a physical asset is cryptographically secure. How can we emulate this security with something that is virtual?
What does the Monetary Authority of Singapore have to do with virtualised data centres and cloud computing? Security measures that, among other policies, go a long way toward preventing attacks by rogue operators working on the inside, for one thing.
Mobility has risen to such a level of importance that many people believe it deserves its own C-level position to advance and align mobility strategy throughout the enterprise. In no other industry is this more pressing than in banking where financial institutions are increasingly using mobile apps to set themselves apart from their rivals.
At the end of last year, Yahoo was hit by a malware attack. It affected over two million clients, mainly in Romania, Great Britain, France, Italy and Spain, putting their personal data at risk. Upon visiting the website between 27 December and 3 January, users received advertisements, some of which were malicious and infected users’ devices without even a click.
Concerns are emerging over the failure of some mobile banking providers to address security risks. According to a recent review of 40 home banking apps from the world’s top 60 banks, nine out of ten apps had serious security vulnerabilities.
2014 looks to be a good year for fraudsters as government and law enforcement struggle to come to terms with the issues and the continuing spread of mobile continues to offer them poorly-protected targets.
The World Federation of Exchanges has set up a Cyber Security Working Group with a “mission to aid in the protection of the global capital markets” in the wake of a number of attacks on international exchanges over the past few years.
NCR is “fundamentally and permanently changing” financial services its financial services business with a £1.6 billion acquisition of Digital Insight, a Californian on-line and mobile banking solutions provider. It has also bought UK-based fraud prevention company Alaric.
A draft set of 14 recommendations to promote the security of mobile payments has been published by the European Central Bank for public consultation.
Cybersecurity and cyber espionage have been in the headlines the past few years as leaked stories relating to government-sponsored activities have appeared and sabre rattling between aggrieved nations has moved to the public domain. At the same time an increased volume of distributed denial of service attacks (DDoS) on banks and other institutions carried out […]
Basic security mechanisms in payment and banking systems are poorly applied and are out-gunned by the resources available to cybercriminals, a session at the Money2020 event in Las Vegas was told.
Front and centre of the agenda that Swift set out at the beginning of this week’s Sibos is the concept of collaboration and cooperation – a perennial theme for Swift, but Leibbrandt told Daily News at Sibos there is a change in the air.
Banks should report all cases of fraud to law enforcement agencies and punishments should be substantially increased, according to a committee of MPs.
Financial institutions have been battling waves of large distributed denial of service attacks since early 2012. Many of these attacks have been the work of a group called the Qassam Cyber Fighters, which until recently posted weekly updates on Pastebin about the reasons behind its attacks.
The financial services sector’s growing interdependence between internet-accessible clearing and transaction processing infrastructure means that a successful DDoS attack can have far reaching consequences, such as customer dissatisfaction and loss of trust, brand damage, increased operating costs and lost revenue to name just a few.
Responsible for protecting people and assets across single or multiple countries in a range of different environments, the role of security manager in the finance industry is not for the faint hearted.
Retail banking is changing through many external forces. The on-going global financial crisis has impacted the regulation surrounding the banking industry, but there are other factors changing the environment banks find themselves operating in.
Protect your transactions! Protect your login! Protect your mobile channel! Protect your end users! A layered security architecture is now standard for most organisations. The problem, however, with many of today’s layered security solutions is that they do not correlate information between the various layers (security risks, suspicious events, fraud indicators etc.) and thus fail to see the big picture.
Fraud and payments specialist Alaric has hired Jan Rees as account manager to look after customers across EMEA and the Americas. Rees has more than 20 years’ experience in the payments space, including roles at S1, Wincor Nixdorf, Level Four and Logica (now CGI). For the past year he has been working on a consultancy […]
Transatlantic friction over data protection isn’t exactly a new problem – the industry has been faced with pending regulations for over a decade, but the conflicting demands of European data privacy and US intelligence gathering legislation are coming together to make the issue a serious problem for banking technologists.
Germany’s Commerzbank has adopted a visual transaction signing tool from British security firm Cronto for its online banking customers, designed to protect against Trojan malware.
Mobile and NFC payment technologies have been on the rise in recent years. But with many merchants and retail outlets still reluctant to invest in the new technologies, and with the rise of fraud in existing solutions, industry participants are divided over how and whether the technology will ever gain widespread acceptance in developed markets.
