Connect with us

Top Stories

An effective approach to financial data transformation and integration

Published

on

An effective approach to financial data transformation and integration

Hitesh Rathore, Principal Consultant – Global Consulting Group, Wipro

Samir Zaveri, Managing Consultant – Securities & Capital Markets Group, Wipro 

Today almost all financial institutions, especially global banks, face a constant need to integrate their data with their clients, other institutions, as well as with various market infrastructures and regulatory/statutory bodies. A number of financial messaging standards such as SWIFT, FIX, FpML and XBRL help financial institutions (FIs) meet this need.

The messaging standards are constantly evolving based on market needs and regulatory requirements. This in turn leads to considerable efforts for FIs, especially global banks, to maintain compliance with the latest versions of the messaging standards, creating pressure on profit margins.

The current state

There is widespread usage of SWIFT messages by almost all global banks, with continuous annual format changes based on market requirements. Besides the annual changes to the formats of some messages based on market requirements, the ISO version of all SWIFT messages has changed at times which results in changes to all messages. Such a major change dramatically increases the cost for FIs, who need to make many changes to the IT applications handling the messages.

Currently, most of the banks use ISO 15022 standard for SWIFT messaging, replacing the previous securities messaging standard ISO 7775.  However, in recent years, banks and financial intermediaries have also started using ISO 20022 standard in addition to the ISO15022 standard. This additional standard can provide a greater level of automation, although it tends to lead to a higher IT spend as it requires a greater level of changes due to its higher complexity.

Similarly, those using FIX or FpML, would have to upgrade legacy IT systems/platforms and challenges could arise in accepting older formats or versions of messages from a client/counterparty which has yet to adopt the newest standards. Thus, for any two parties to exchange data, they must either use the same protocol or use a conversion tool for protocol compatibility.

The challenges

  1. Lack of compatibility with legacy applications: Currently there are multiple formats and protocols of messaging standards like SWIFT, FIX, FPML and ISO. These standards are constantly evolving and new versions or periodic upgrades continue to be released. FIs are constantly facing challenges to upgrade legacy applications to accept new versions or use transformation tool for version compatibility.
  2. Complex validation requirements: Some of the new messaging standards have complex validation requirements. For example, the new ISO20022 SWIFT messages have large XML schema definitions (XSD) which require a lot of validation. This, in turn increases the time, effort and consequently, the cost for migration to new standard.
  3. Complex client onboarding: Issues surround complex client onboarding and setup initiatives to assist clients not operating on the same standards/formats/protocols can result in revenue realization delays.
  4. Regulatory requirements: Regulatory requirements such as Dodd Frank Act, European Market Infrastructure Regulation (EMIR), Markets in Financial Instruments Directive (MiFID), Sarbanes-Oxley Act as well as Basel Committee on Banking Supervision’s BCBS 239 are resulting in continuous changes to the messaging structures, causing a cascading effect on FIs to upgrade their applications to be compliant with these standards.
  5. High costs: Huge investments, both in terms of capital as well as technology resources, are required to make changes to industry standard protocols (SWIFT/FIX/FpML), including forced changes to downstream systems with low impact on processing requirements.

The Solutions

The message transformation and integration needs of various FIs are very different and it is difficult to find one solution that can readily fulfil the needs of most of the banks or FIs. Still, for any solution to work it should offer the main functionalities or features listed below:

  1. Data transformation flexibility – The solution should have the flexibility to transform data from one format to another seamlessly as per needs of the bank. For example, if a bank receives trade messages in XML format from brokers and needs to convert the same into SWIFT MT format, the solution should be able to do the same with ease.
  2. Support for industry standard messages – The product or solution developed should support all industry standard formats such as ISO 15002 format used in SWIFT MT messages or FIX format used in trade messages
  3. Validation of messages: Providing message libraries and related validation rules for standard messages during Institution-to-Institution (I-2-I) integration. Thus, a bank processing FIX, FpML and SWIFT messages should have the latest message libraries of these messages along with related validation rules defined to process those messages.
  4. Workflow management and rule based data transformations: Generally, banks need to integrate and route messages to various systems belonging to itself or other banks and institutions. To fulfill this need, the solution should have capability to define workflow for processing and routing messages based on pre-defined rules. As per needs of the bank, processing could be either real time or based on batch processing.
  5. Message dashboard – Since a bank usually handles quite a large number of messages as part of data transformation and integration, the solution should have a unified view or dashboard for message monitoring and management including exception handling. Additionally, it should also have the capability to maintain audit trail to aid in messages monitoring.
  6. Cloud based platform support – A cloud based platform is of great help to banks or FIs who want to start with the transformation and integration of few financial messages (or message types) to start with and gradually scale up later. This gives them the flexibility to start with a small initial investment and increase the spending on the solution based on the benefits they are able to reap.

Towards data transformation and integration

FIs are finding it increasingly necessary to have transformation of financial messages or data and integration with other parties such as clients or counterparties in various lines of businesses.

There is a definite need in the industry for a comprehensive, scalable and reliable solution, which can transform multiple messaging standards as well as proprietary formats, and have the flexibility to support integration with various applications including legacy applications. This is essential for seamless communication with clients, market intermediaries, and statutory/regulatory bodies. A solution with add-on modules that would enable message enrichment capabilities, audit trails, exception handling, dashboards and reporting features, as well as have capability to support Software-as-a-Service delivery, will definitely appeal to most financial institutions.

FIs need to have a proper analysis done to decide an appropriate strategy or approach that can help them solve data transformation and integration challenges. 

Top Stories

The Future of Software Supply Chain Security: A focus on open source management

Published

on

The Future of Software Supply Chain Security: A focus on open source management 1

By Emile Monette, Director of Value Chain Security at Synopsys

Software Supply Chain Security: change is needed

Attacks on the Software Supply Chain (SSC) have increased exponentially, fueled at least in part by the widespread adoption of open source software, as well as organisations’ insufficient knowledge of their software content and resultant limited ability to conduct robust risk management. As a result, the SSC remains an inviting target for would-be attackers. It has become clear that changes in how we collectively secure our supply chains are required to raise the cost, and lower the impact, of attacks on the SSC.

A report by Atlantic Council found that “115 instances, going back a decade, of publicly reported attacks on the SSC or disclosure of high-impact vulnerabilities likely to be exploited” in cyber-attacks were implemented by affecting aspects of the SSC. The report highlights a number of alarming trends in the security of the SSC, including a rise in the hijacking of software updates, attacks by state actors, and open source compromises.

This article explores the use of open source software – a primary foundation of almost all modern software – due to its growing prominence, and more importantly, its associated security risks. Poorly managed open source software exposes the user to a number of security risks as it provides affordable vectors to potential attackers allowing them to launch attacks on a variety of entities—including governments, multinational corporations, and even the small to medium-sized companies that comprise the global technology supply chain, individual consumers, and every other user of technology.

The risks of open source software for supply chain security

The 2020 Open Source Security and Risk Analysis (OSSRA) report states that “If your organisation builds or simply uses software, you can assume that software will contain open source. Whether you are a member of an IT, development, operations, or security team, if you don’t have policies in place for identifying and patching known issues with the open source components you’re using, you’re not doing your job.”

Open source code now creates the basic infrastructure of most commercial software which supports enterprise systems and networks, thus providing the foundation of almost every software application used across all industries worldwide. Therefore, the need to identify, track and manage open source code components and libraries has risen tremendously.

License identification, patching vulnerabilities and introducing policies addressing outdated open source packages are now all crucial for responsible open source use. However, the use of open source software itself is not the issue. Because many software engineers ‘reuse’ code components when they are creating software (this is in fact a widely acknowledged best practice for software engineering), the risk of those components becoming out of date has grown. It is the use of unpatched and otherwise poorly managed open source software that is really what is putting organizations at risk.

Emile Monette

Emile Monette

The 2020 OSSRA report also reveals a variety of worrying statistics regarding SSC security. For example, according to the report, it takes organisations an unacceptably long time to mitigate known vulnerabilities, with 2020 being the first year that the  Heartbleed vulnerability was not found in any commercial software analyzed for the OSSRA report. This is six years after the first public disclosure of Heartbleed – plenty of time for even the least sophisticated attackers to take advantage of the known and publicly reported vulnerability.

The report also found that 91% of the investigated codebases contained components that were over four years out of date or had no developments made in the last two years, putting these components at a higher risk of vulnerabilities. Additionally, vulnerabilities found in the audited codebases had an average age of almost 4 ½ years, with 19% of vulnerabilities being over 10 years old, and the oldest vulnerability being a whopping 22 years old. Therefore, it is clear that open source users are not adequately defending themselves against open source enabled cyberattacks. This is especially concerning as 99% of the codebases analyzed in the OSSRA report contained open source software, with 75% of these containing at least one vulnerability, and 49% containing high-risk vulnerabilities.

Mitigating open source security risks

In order to mitigate security risks when using open source components, one must know what software you’re using, and which exploits impact its vulnerabilities. One way to do this is to obtain a comprehensive bill of materials from your suppliers (also known as a “build list” or a “software bill of materials” or “SBOM”). Ideally, the SBOM should contain all the open source components, as well as the versions used, the download locations for all projects and dependencies, the libraries which the code calls to, and the libraries that those dependencies link to.

Creating and communicating policies

Modern applications contain an abundance of open source components with possible security, code quality and licensing issues. Over time, even the best of these open source components will age (and newly discovered vulnerabilities will be identified in the codebase), which will result in them at best losing intended functionality, and at worst exposing the user to cyber exploitation.

Organizations should ensure their policies address updating, licensing, vulnerability management and other risks that the use of open source can create. Clear policies outlining introduction and documentation of new open source components can improve the control of what enters the codebase and that it complies with the policies.

Prioritizing open source security efforts

Organisations should prioritise open source vulnerability mitigation efforts in relation to CVSS (Common Vulnerability Scoring System) scores and CWE (Common Weakness Enumeration) information, along with information about the availability of exploits, paying careful attention to the full life cycle of the open source component, instead of only focusing on what happens on “day zero.” Patch priorities should also be in-line with the business importance of the asset patched, the risk of exploitation and the criticality of the asset. Similarly, organizations must consider using sources outside of the CVSS and CWE information, many of which provide early notification of vulnerabilities, and in particular, choosing one that delivers technical details, upgrade and patch guidance, as well as security insights. Lastly, it is important for organisations to monitor for new threats for the entire time their applications remain in service.

Continue Reading

Top Stories

On the Frontlines of Fraud: Tactics for Merchants to Protect Their Businesses

Published

on

On the Frontlines of Fraud: Tactics for Merchants to Protect Their Businesses 2

By Nicole Jass, Senior Vice President of Small Business and Fraud Products at FIS

Fraud isn’t new, but the new realities brought by COVID-19 for merchants, and the rising tide of attacks have changed the way we need to approach the fight. Even before the pandemic broke out earlier this year, the transition to digital payments was well underway, which means fighting fraud needs a multilayered, multi-channel approach. Not only do you want to increase approval rates, you want to protect your revenue and stop fraud before it happens.

A great place to start is working with your payment partners to refresh your company’s fraud strategies with emerging top three best practices:

  1. AI-based machine learning fraud solutions helps your business stay ahead of fraud trends. Leveraging data profiles to model both “good” and “bad” behavior helps find and reduce fraud. AI-based machine learning will be increasingly essential to stay ahead of the explosive and sophisticated eCommerce fraud.
  2. Increasing capabilities around device fingerprinting and behavioral data are essential to detect fraud before it happens. While much of the user-input values can be easily manipulated to look more authentic, device fingerprinting and behavioral data are captured in the background to derive unique details from the user’s device and behavior. Bringing in more unique elements into decisioning, can help authenticate the users and determine the validity of the transactions.
  3. Prioritize user authentication. User authentication is a vital linchpin in any fraud defense and should receive even greater priority today. Setting strong password requirements and implementing multi-factor authentication helps curb fraud attacks from account takeover.

As well as working with your payment partners it’s more critical than ever to protect online transactions while not jeopardizing legitimate purchases. Fortunately, there are a few things you can do right now to address these concerns:

  1. Monitor warning signs

Payment verification is an important part of protecting your business. There are a variety of strategies to employ including implementing technology utilizing artificial intelligence and machine learning to help catch certain patterns. In addition to technology, here are a few other tips that may serve as warning signs. These are not a guarantee fraud is occurring, but they are flags to investigate.

o   The shipping address and billing address differ

o   Multiple orders of the same item

o   Unusually large orders

o   Multiple orders to the same address with different cards

o   Unexpected international orders

  1. Require identity verification

Finding a balance between protection and ease of purchase will ultimately help you protect your customers and your business. The following tactics can make it more difficult for fraudsters to be successful:

o   For customers that have a login, require a minimum of eight characters as well as the use of special characters in your customers’ passwords

o   Set up Two-Factor Authentication that requires a One-time Passcode (OTP) via SMS or email

o   Use biometric authentication for mobile purchases or logins

  1. Monitor chargebacks

Keeping good records is essential for eCommerce. If a customer initiates a dispute, your only available recourse is to provide proof that the order was fulfilled. Be prepared to provide all the supporting information about a disputed transaction. Worldpay’s Disputes solutions can connect to your CRM and provide you dual-layer protection against friendly fraud, first deflecting them before they arise and then fully managing chargeback defenses on your behalf.

  1. Monitor declines

Credit card issuers mitigate fraud by automatically declining payments that look suspicious, based on unusual card activity such as drastic changes in spending patterns or uncommon geolocations of spending. You can check your own declined payment history to help spot a potential problem. When volumes increase, the help of a payments fraud management partner is beneficial.

  1. Protect your own wallet

While you take the steps to protect your business, it’s also important to be mindful of your own protection—it’s incumbent on all responsible consumers to be vigilant about their data. Whether it’s simple awareness of how the fraudsters are operating today, sticking to trusted brands when shopping online, and thinking twice about what data you share and who you share it with, you’ll soon see how often you are sharing personal information about yourself.

Continue Reading

Top Stories

Using payments to streamline everyday transport

Published

on

Using payments to streamline everyday transport 3

By Venceslas Cartier, Global Head of Transportation & Smart Mobility at Ingenico Enterprise Retail

Once upon a time the only way to get from A to B on public transport was with cash – and likely a pre-paid ticket bought from a physical office. Nowadays, thanks to technological developments, options range from contactless and mobile payments, to in-app tickets and more. As payment methods advance, consumers and merchants are naturally moving towards Mobility as a Service (MaaS) systems, integrating various forms of transport services into a single mobility service, accessible on demand.

This move towards MaaS does not only streamline the consumer experience, it has other positive impacts too. Incentivising public transport use reduces environmental pollution, improves mental wellbeing by reducing travel-related stress, and aids productivity by freeing up time otherwise spent driving. With this in mind, let’s take a look at the current trends affecting the transport sector, as well as how payments can optimise transportation for both operators and consumers alike.

Optimising transport with payments

The payment process is integral to any service. A payment service provider (PSP) can provide a range of key benefits to operators by proving a gateway to the transportation open payment ecosystem, and ensuring they meet objectives in 3 key areas.

  1. Environmentally, by reducing the use of personal cars and alleviating pollution and congestion.
  2. Societally, making urban mobility more inclusive in terms of improving access to all areas and for all socioeconomic classes.
  3. Economically, by optimising investment in eco-structure and fostering financial transactions, therefore improving the wealth of the city.

Payments professionals’ expertise and technological solutions can make payments easy again for transport operators. They can provide a range of options so that the customer can choose which one is right for them, leveraging the capabilities of the mobility services’ infrastructure (contactless, mobile wallets, P2P, closed-loop, QR code, and blockchain).

Furthermore, they can help promote inclusion and sustainable urban development. For example, methods such as prepaid virtual cards, or mobility accounts linked to a prepaid account can reduce the risks of excluding the unbanked. The environmental impact per kilometre can also be reduced, along with the use of vehicles with lower emissions per person per kilometre.

Finally, PSPs can put merchants’ minds at ease, providing payment liability, allowing aggregation of all due amounts from all mobility service providers, and collecting payments in one single transaction from users while dispatching revenue between mobility service providers.

Managing coronavirus

Venceslas Cartier

Venceslas Cartier

COVID-19’s disruption to the travel industry cannot be overlooked. In fact, research suggests that public transit ridership is down 70% across the globe since the onset of the virus, longer distance travel has seen reductions of up to 90%, and payment by cash has seen a 60% drop.

Being realistic, these behavioural shifts are unlikely to revert anytime soon, so it’s important for merchants to keep this in mind when thinking about payment methods. More than 70% of consumers and travellers say they are likely to avoid the use of cash over the next six months. As a result, more than 40 countries have already raised their contactless payment threshold, further helping consumers to avoid contact with frequently touched pin pads.

However, the pandemic has only accelerated the way things were heading already and highlighted the benefits. Within the context of the pandemic, transportation needs to reinvent itself and adapt its processes to suit the shift in commuter habits that we’ve already seen and will continue to see in the future.

Other trends to keep an eye on

Contactless has been steadily growing on the transport scene, as have mobile payments and in-app purchases. In fact, the recent move to mobile and online ticketing is the most promising method so far, having seen significant growth in the last few years and having been accelerated by COVID-19 as discussed above. Once consumers move to these easy, convenient, and seamless methods, it’s rare that they revert – so it’s a good idea for operators to think how they can cater to these preferences.

Speed and convenience are a must for busy travellers – but not at the expense of data security. Finding the right payments partner is therefore crucial so operators can safeguard their customers’ personal data, while also keeping on top of other security regulations/features such as P2P encryption, PCI certification, and tokenisation.

Next steps for operators

Public transport is essential for many peoples’ everyday lives – COVID-19 or no COVID-19. As such, mobility service providers can make a great difference to their service and operations by implementing the right solutions.

Continue Reading
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Call For Entries

Global Banking and Finance Review Awards Nominations 2020
2020 Global Banking & Finance Awards now open. Click Here

Latest Articles

The Future of Software Supply Chain Security: A focus on open source management 4 The Future of Software Supply Chain Security: A focus on open source management 5
Top Stories1 hour ago

The Future of Software Supply Chain Security: A focus on open source management

By Emile Monette, Director of Value Chain Security at Synopsys Software Supply Chain Security: change is needed Attacks on the...

Overcoming Barriers That Threaten Your Creative Output 6 Overcoming Barriers That Threaten Your Creative Output 7
Business1 hour ago

Overcoming Barriers That Threaten Your Creative Output

By Charlie Worrall, Digital Marketing Executive, Imaginaire Working in a creative field doesn’t happen by chance. Years of study and...

Seven easy ways to maximise online sales by expanding your marketplaces 8 Seven easy ways to maximise online sales by expanding your marketplaces 9
Business2 hours ago

Seven easy ways to maximise online sales by expanding your marketplaces

By Nate Burke, CEO and Founder of Diginius, a UK provider of proprietary software for digital marketing and ecommerce solutions, shares...

The future of offshore banking 10 The future of offshore banking 11
Banking2 hours ago

The future of offshore banking

By Granville Turner, Director at Turner Little. Despite its misconceptions, the popularity of offshore banking is growing. Not only is...

On the Frontlines of Fraud: Tactics for Merchants to Protect Their Businesses 12 On the Frontlines of Fraud: Tactics for Merchants to Protect Their Businesses 13
Top Stories2 hours ago

On the Frontlines of Fraud: Tactics for Merchants to Protect Their Businesses

By Nicole Jass, Senior Vice President of Small Business and Fraud Products at FIS Fraud isn’t new, but the new...

Online retailers to accelerate growth plans to combat the COVID-19 crisis 14 Online retailers to accelerate growth plans to combat the COVID-19 crisis 15
Business3 hours ago

Online retailers to accelerate growth plans to combat the COVID-19 crisis

New Paysafe study reveals that despite the impact of COVID-19, businesses are still innovating to maintain plans for future growth...

Online networking is crucial to the future of small business growth 16 Online networking is crucial to the future of small business growth 17
Business4 hours ago

Online networking is crucial to the future of small business growth

By Trudy Simmons, business and clarity coach We have all had to find a lot of new ways of being...

Hong Kong’s First Multi-Cloud Challenger Bank Goes Live with Temenos 18 Hong Kong’s First Multi-Cloud Challenger Bank Goes Live with Temenos 19
Banking4 hours ago

Hong Kong’s First Multi-Cloud Challenger Bank Goes Live with Temenos

WeLab Bank designed, built and launched using cloud-native Temenos Transact in less than 10 months WeLab offers next generational digital...

Reconnecting the retail brain: learning from the octopus 20 Reconnecting the retail brain: learning from the octopus 21
Business1 day ago

Reconnecting the retail brain: learning from the octopus

By John Malpass, Retail Consultancy Practice Lead at Teradata An octopus has nine brains: one for each tentacle and plus one at...

How robotic technology will disrupt the manufacturing industry 22 How robotic technology will disrupt the manufacturing industry 23
Technology1 day ago

How robotic technology will disrupt the manufacturing industry

By Marga Hoek, author of The Trillion Dollar Shift Robotics technology has the potential to disrupt industries across all sectors...

Newsletters with Secrets & Analysis. Subscribe Now