Connect with us
Our website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Technology

Banking on a passwordless future

Banking on a passwordless future 3

Banking on a passwordless future 4By Alex Laurie, SVP Global Sales Engineering, ForgeRock 

Two years on from the pandemic, businesses are still adapting to the mass digital transformation brought on by the pandemic. While some initially found the transition to digital operations at times challenging, in general UK businesses have taken the new ways of working in stride.

However, as this technological revolution unfolded, it has brought an onslaught of bad actors looking to exploit the situation. When businesses moved quickly to adapt, corners were cut and unfamiliar operating contexts emerged, leaving gaps for opportunistic cyberattackers to bypass defences. As a result, cyberattacks in the UK have remained high.

The finance sector is no exception to this trend. The rise in the use of online financial services meant an inevitable increase in malicious activity: in 2021, 12% of records breached belonged to the financial sector. In an industry so reliant on identity, data, and trust, security teams are faced with an enormous task. So what are they up against, and how can they respond?

The weakest link  

Financial services firms had to move fast to adopt online systems in their internal and customer-facing processes. Online services that let you access bank accounts, make transactions and transfer money are now the default customer access channel for most banks, allowing users to access multiple services from one device. Data from the Cyber Security Breaches Survey 2022 found that 82% of UK companies used online banking accounts in 2021, and the percentage of businesses accepting online payments increased to 30%.

However, data also shows that these changes have exposed a risk point. A high proportion of threats across the UK came in the form of phishing attacks, accounting for 38% of all incidents between January and September in 2021. In a time when emails and messages were a crucial line of connection between banks and their online-first customers, notifications represented an obvious choice of attack vector, targeting the weakest link in the chain: human error.

High risk, high reward 

To date, the financial services industry has always been heavily regulated by cybersecurity legislation. Multi-Factor Authentication (MFA) is now commonplace across the banking sector, and a good starting place to increase security for users. Adding another layer of protection, MFA requires two or more types of credentials, such as a one-time password, a pin or a biometric identifier. However, financial institutions should not stop there.

The sector needs to adapt their protection to match the increasing variety and sophistication of threats without sacrificing the all important user experience. The cost of getting this wrong can be devastating: financial services data is often highly sensitive and valuable to individuals and malicious actors alike. In this sense, cybersecurity innovation should be seen as a strategic imperative that helps secure customer trust and safeguard the business.

The passwordless future  

There are several ways the financial sector can achieve a security posture that is strong enough to build customer trust without forgoing user efficiency. Firstly, it’s important to consider Zero Trust from the outset. Zero Trust starts with the assumption that all access requests at every level should be continuously verified because in the remote- and digital-first era, there are no longer clear network boundaries. While the concept of Zero Trust is primarily applied as a modern approach to access for employees it can also be applied to consumer access across channels like mobile, web and physical banking. Over the past two years we’ve seen a significant convergence in the approach of security access for employees and consumers in financial services.

Starting with Zero Trust as a base, organisations can then use smart tools to streamline access requests, and avoid security teams being overwhelmed. Artificial Intelligence (AI) is a good example. It can be an integral part of a company’s defences when used correctly because it allows a security apparatus to monitor login requests in real time, automatically blocking malicious attacks and suspicious behaviour through learnt patterns, escalating high priority or sensitive requests for human handling where needed. Legitimate users are able to pass through security systems seamlessly, without the need for additional human resources and manpower.

Digital transformation needn’t stop there. The passwordless future is on the horizon, with potential for login details themselves to become a thing of the past – after all, if a password exists, it can theoretically be guessed. Recent developments in FIDO2 authentication has seen tech giants such as Apple, Google, and Microsoft move towards the discarding of passwords altogether. A passwordless future would be game-changing for the financial sector. Not only would this increase the security and ease of online access, but also reduce the value of stolen credentials to attackers.

Banking on tech-enabled trust

Behavioural changes brought on by the pandemic have caused an apparently permanent shift in both how we conduct business online, and how threat actors target organisations. How the financial sector responds to this transformation is crucial – whether that be adopting a culture of Zero Trust, implementing MFA and AI systems, or banking on the passwordless future. This promises not only to protect users in the short term during a volatile period for cyberattacks, but also continually build the trust that is fundamental to the value of the financial services industry.

Global Banking and Finance Review Awards Nominations 2022
2023 Awards now open. Click Here to Nominate

Advertisement

Newsletters with Secrets & Analysis. Subscribe Now