By Allen Storey – Chief Product Officer, Intercede
With US regulators questioning its efficacy, and regular reports that everything from photos to siblings can unlock mobile devices via facial recognition, businesses should be looking at stronger methods of authenticating access to their systems and managing credentials of their employees.
Speaking earlier this year at a trade event in Brussels, Alphabet CEO Sundar Pichai added yet another senior voice to the calls for a moratorium on the use of facial recognition, noting the technology is “fraught with risks”. While this focused mainly on the ability for rogue organisations or authoritarian governments to use biometrics for nefarious purposes, the technology is often unreliable, and the platform security is lacking.
Despite these concerns, many of our institutions are still using older, less secure technologies to determine who can and can’t access their premises and networks. As technology advances, so too do the attempts to undermine it. Security technology continues to improve, but hacker’s ability to work around it does too. It is therefore incredibly important for organisations to continuously re-evaluate their systems, updating them regularly to maintain the necessary protections for their data.
While in previous years’ stronger authentication methods such as Public Key Infrastructure (PKI)-based credentialing was expensive and difficult to deploy in all but the biggest organisations with the largest budgets, recent innovation has made this technology much more accessible.
For financial services organisations, and in particular retail banks, who hold confidential details of people’s finances as well as other personally identifiable information, the ability to hold and use this information without it being shared further or compromised is an inherent part of the service provided to customers.
Within the bank there will be those who require access to certain data sets and those that don’t. For instance, a mortgage adviser would need a detailed picture of an applicant’s finances over a longer time period than most, whereas a customer service representative might only require knowledge of a customer’s account name and number to pass them on to another department or colleague. To manage who can and cannot access certain records most banks will use an Identity and Access Management (IDAM) or Privileged Access Management (PAM) system. While these systems can determine which users have the necessary clearance to access different data sets, they often require another, separate system to authenticate that the person logging in to that user account is the person it has been assigned to. This is where strong employee credentials, that are both unique and bound to them, come in. The combination of these two systems allow banking institutions can ensure they are able to deliver services efficiently while managing customer data securely.
Moving to credentials management systems that enable strong methods of Multi-Factor Authentication (MFA) to verify identity is easier and cheaper than it has ever been. It’s time that the institutions we trust the most roll out up-to-date security measures to protect some of our most personal data.
PKI-based credentialing can be executed today with relatively cost-effective USB tokens such as the YubiKey or even a smartphone app – binding a key to a user identity, and supporting existing security technologies within the business, such as PIN, fingerprint, or facial recognition. This additional step, matching something an employee has (the credentialed device) with something they know (a PIN) and/or something they are (biometric) allows the organisation to be confident that only those authorised to access a network/location are doing so. Much more so that any of the individual technologies in isolation.
With the improvement of end user technologies, such as smartphones and USB tokens, and pre-installed tech like Microsoft’s Windows Hello for Business, crypto-level protection has become far more accessible for organisations of all sizes. Now, with PKI-based credentials management systems, identity can be verified by a wide range of systems, as the public key is contained in the certificate and PKI easily integrates into Microsoft environments using built-in Windows security features.
Without credential management software, managing smartcards and USB tokens at volumes of anything above 500 employees becomes complex and hugely time consuming for IT teams. For retail banks, with hundreds, if not thousands of front-line staff, this would have been an issue. However, new systems that pair a convenient user experience for the employee with a unified central console that allows for the full lifecycle management of credentials for re-issuance, revocation, unlocking, renewing, removing and updating make the prospect of PKI-based identity and access management at scale commercially viable.
This new ability to remove the complexities of managing PKI credentials makes the strongest form of user authentication so much more accessible for enterprises who don’t want to compromise on data security. Whether financial institutions want to issue staff with physical USB tokens or use an app that can be downloaded on to personal smartphones – there are a wide variety of ways they can provide the kind of security customers expect of those they trust to manage their money.
Whether it’s to provide secure network logon, access to customers’ financial data, or even entry in to secure parts of the bank branch which contain physical cash, these newly available solutions make it easy for enterprises of any size and structure to step up to the most secure method of multi-factor authentication across their workforce.
Over 60’s turning to digital banking up by 90% during pandemic
More than 90% of people aged over 60 have used online banking for the first time during the Covid-19 pandemic, according to a poll by iResearch Services, highlighting the importance of banks getting digital right in 2021.
In comparison, 17% of people aged under 30 said they were accessing services via an app or web browser for the first time.
The findings show how banks must adapt to help service the influx of new digital users and gain their trust, accelerated by the Coronavirus pandemic. With 97% of 18–24-year-olds trusting their bank with their data, compared to only 33% of people aged over 66.
Commenting on the findings, Gurpreet Purewal, Associate Vice President, Thought Leadership, at iResearch, said: “Our study demonstrates the lasting impact of Coronavirus on how people will access banking services from now on. Banks will be required to refocus on really understanding customer needs in order to engage with the different requirements of each individual customer.
“More than half (54%) of respondents said they are less likely to attend a physical branch after the pandemic. This demonstrates a seismic shift in the way people will access banking services now and into the future.”
In other findings, 63% of respondents said their bank acted in their best interests during the pandemic, but a third said they would consider switching their bank for better, more personalised communication.
Purewal added: “On the whole, High Street banks have emerged with great credit from the pandemic for the way they have supported their customers. As the economy rebuilds, it will be more important than ever that they communicate in the right way to help consumers through 2021 by leveraging digital platforms and understanding their needs fully.”
Asked how banks can improve their communication with customers, ‘connecting on a personal level’ ranked highest, followed by ‘more honest and open dialogue’, a ‘demonstration of how they are helping customers’, ‘more creative campaigns’, ‘consistent messaging across channels’ and finally ‘responsiveness to major events’.
Banking on the cloud to create a crucial advantage in financial services
By Rahul Singh, President of Financial Services, HCL Technologies
Once considered a revolutionary technology, cloud is now at the heart of agile and innovative businesses. The financial services industry is no exception, and has been a major adopter of cloud-based Software-as-a-Service (SaaS) for its non-core applications. Functions such as customer management, human capital management, and financial accounting have progressively shifted to the cloud. Several banks have also warmed up to using cloud for services such as Know your Customer (KYC) verification. IDC analysts say that public cloud spending will grow from $229 billion in 2019 to almost $500 billion by 2023, and a third of this will be spent across three industries: professional services, discrete manufacturing, and banking. The time is ripe for an increasing number of financial services providers to consider moving more of their core services to cloud.
Adoption is already on the rise
Earlier reluctance to move core activities to the cloud has softened, and many banks have put strategies in place to migrate services, including consumer payments, credit scoring, wealth management, and risk analysis. This significant change is driven by factors such as PSD2 and open banking, which require secure and cost-effective data sharing.
Regulators too were once cautious in their approach to cloud technology, but this is also changing. The Australian Prudential Regulation Authority (APRA), for example, whilst acknowledging the risks associated with cloud, also recognised the risk of sticking to the status quo. ARPA trusted the enhanced security offered by the cloud, and updated its cloud-associated risk advice. Wisely, APRA recommended that banks must develop contingency plans that allow cloud services to be provided through alternate means if required.
Rising pressure from new challengers
The other pressure for incumbent banks is from next generation fintech firms. These are cloud-native organisations, and are able to onboard customers remotely in minutes, roll out new services in days, and meet compliance requirements at lower costs.
As a result, the need for traditional banks to upgrade core systems and integrate the latest technologies is stronger than ever. The COVID-19 pandemic has been an additional driver, highlighting the importance of upgrading and migrating core systems to the cloud. Financial services organisations have been forced to rethink their approach to digital transformation, and pay special attention to a cloud-aligned culture. The industry is recognising how the cloud can address new and ongoing regulatory changes, meet different demands from customers, support the roll-out of emerging technologies, and enable incumbent providers to respond to the relentless competition from fintech firms.
New year, new priorities
As we enter 2021, financial services providers will need to reset their priorities, and go beyond using the cloud for scalability and cost efficiency alone. The new areas to focus on will include:
- Creating a robust digital foundation: The cloud market is expanding fast, and there is an ever-increasing number of services on offer. Whilst the big three hyper-scalers are the obvious choice, various other players are also gaining traction, such as IBM, Oracle, and Alibaba Cloud. Organisations will need a robust digital foundation to adopt cloud at scale in a secure and compliant way. A well-architected digital foundation, supported by resilient operations, ensures that organisations have continued access to their systems and data, regardless of where employees are located, or what device they are using.
- Adoption of technology platforms: Enterprises are finding ways to reduce complexity by embracing a platform approach, and increasing the speed of business IT consumption. Physical infrastructure is being abstracted into cloud-based platforms, with data consolidated into data lake platforms. Software products like Apigee are being offered as capability platforms to drive better analytics and intelligence.
- Enhancing IT security: Cloud offers organisations greater security than on-premises servers, if implemented correctly. Financial services organisations have relied on control and compliance-based security for years, but these practices are increasingly vulnerable to cyber threats. Whilst service integrators create robust cybersecurity solutions for financial services organisations, cloud providers are also looking to provision industry-specific security and regulatory measures like end-to-end data encryption – making it easier for financial services organisations to be compliant whilst migrating to cloud.
- Driving innovation: Cloud is the fundamental factor behind the ability of fintechs to innovate rapidly. Using cloud, financial services can leverage new technologies and tools like augmented reality (AR), virtual reality (VR), natural language processing (NLP), machine learning (ML) and the Internet of Things (IoT) to unlock new processes that improve customer interaction and experience with portable real-time services. Whilst fintechs have led the way in cloud-based innovation through open banking platforms, some of the leading banks are also adopting cloud to simplify their business processes, including KYC as a Service, to enhance customer experience.
- Enterprise synchronisation: Effective collaboration, both internally and with external partners, is crucial to success in the ever-expanding financial services ecosystem. Cloud allows businesses to integrate collaboration through shared tools and platforms. This is a critical ability as it leads to faster decisions and improved innovation cycles.
Legacy systems hold banks back from improving revenue generation and restrict their ability to build a responsive and resilient business. Cloud is a key factor in the success of challengers: traditional banks have no time to waste in migrating their core systems to cloud and building a secure future.
State of the Industry: optimism high in global financial services, although some key issues cause concern
- Exclusive research from Barclays Corporate Banking reveals the views of financial services leaders from across the globe on a range of key issues
- Recovery from Covid-19 is a key priority for FinTechs over the year ahead, however their number one aim shows the optimism in the sector: focussing on business growth
- Asia-Pacific may be the new focal point for expectations around Open Banking, with interest from Europe dropping year-on-year
- Firms confidence in their own cybersecurity fell 5% versus 2019, with less than half of respondents (42%) feeling satisfied with their own approach to the issue
Key players in the financial services industry are optimistic about the year ahead, according to a new ‘State of the Industry’ report from Barclays Corporate Banking, Alive to Opportunity.
Exclusive research from the bank also highlights regional differences in approaches to regulation, expectations for payment innovation and confidence in cybersecurity.
Optimism for 2021
As the official insights partner of last year’s Money 20/20 global conference series, Barclays conducted a survey of over 200 financial services leaders from across EMEA, the Americas and Asia-Pacific. From these senior executives, Barclays Corporate Banking found that optimism in the sector is high as it enters into 2021.
Whilst recovery from Covid-19 might be seen as a likely top priority for the coming year, it came in second place when respondents were asked what they would be focussing most on during 2021 – with 42% of leaders selecting it. Top spot instead went to ensuring business growth, with nearly three in five (57%) respondents picking it as their main area of concentration.
Commenting on this trend, Phil Bowkley, Global Head of Financial Institutions Group, Barclays Corporate Banking, said:
“Given that 2020 was such a tumultuous year, it is encouraging to hear FinTech businesses are confident and focused on future growth. Many firms have grasped the upheaval of the global pandemic as an opportunity. Covid-19 has driven a huge surge in ecommerce and cross-border business. This has significantly increased flows across FinTech payment providers, which have worked hard to enable cross-border trade, payments and ecommerce. At the same time, the industry has been collaborating with banks to ensure much-needed financial support from government flows to the real economy.”
Regions back themselves on innovation
In a continuation of a trend seen in 2019, respondents often rated their own region as the most likely source of future innovation. This ‘home’ bias was particularly strong in Asia-Pacific, where China, India, Japan and Southeast Asia together claimed over 83% of regional votes when considering the key sources of innovation over the next five years.
However, China’s reign as the most likely site of financial services innovation did not continue from 2019, with Barclays’ most recent survey showing that nearly one in four (24%) key industry leaders now view the United States as the most probable location for the rise of payment innovation over the next five years.
A shift eastwards for Open Banking?
Barclays’ research also suggests that Asia-Pacific may be the new focal point for expectations around Open Banking, with interest from Europe dropping year-on-year.
In 2019’s report, the impact of this key regulation was anticipated to be strongest in Europe – however, this time round just 38% of EMEA leaders now expect Open Banking to have a big impact on their business. By contrast, the majority (59%) of senior respondents from Asia-Pacific feel that the regulation will be key for their companies as we move into the remainder of 2021.
Security and resilience in a post-Covid world…
Firms’ confidence in their own cybersecurity dropped by 5% versus 2019, with less than half of respondents (42%) feeling satisfied with their business’ approach to the issue. Businesses in EMEA feel least confident about their security provisions, with one in three (33%) indicating that their own cyber security needs further investment.
The importance of resilience to customers was also a theme that many felt would rise in significance in 2020, given the recent growth in remote working as a response to Covid-19 – however just 5% of respondents viewed this issue as important when considering customer loyalty.
Steve Lappin, Managing Director, Barclaycard Business, said: “From remote working to e-commerce, coronavirus has meant that digital channels play a much greater role in working life. While this has undoubtedly presented new opportunities, it has also put additional pressure on infrastructure and heightened potential vulnerability to attacks. Therefore, it’s not surprising that confidence in cybersecurity has dropped, with many firms feeling that their rapid adoption of these new channels has left governance and control lagging behind. It’s critical that businesses remain vigilant – security may not be a key driver of customer loyalty, but cybersecurity issues are definitely a driver of disloyalty.”
Staying connected: keeping the numbers moving in the finance industry
By Robert Gibson-Bolton, Enterprise Manager, NetMotion 2020 will certainly be hard to forget. Amongst the many changes we have come to...
How to lead a high-performing team
By Matthew Emerson, Founder and Managing Director, Blackmore Four When we think about a great team, the image we conjure...
A practical guide to the UCITS KIIDs annual update
By Ulf Herbig at Kneip We take a practical look at the UCITS KIID What is a UCITS KIID and what...
Oil prices steady as lockdowns curb U.S. stimulus optimism
By Noah Browning LONDON (Reuters) – Oil prices were steady on Monday as support from U.S. stimulus plans and jitters...
Dollar steadies; euro hurt by vaccine delays and German business morale slump
By Elizabeth Howcroft LONDON (Reuters) – The dollar steadied, the euro slipped and riskier currencies remained strong on Monday, as...
Hong Kong’s Cathay Pacific warns of capacity cuts, higher cash burn
(Reuters) – Cathay Pacific Airways Ltd on Monday warned passenger capacity could be cut by about 60% and monthly cash...
Stocks rise on recovery hopes
By Ritvik Carvalho LONDON (Reuters) – Global shares rose to just shy of record highs, as optimism over a $1.9...
Fragile recovery seen in global labour market after huge 2020 losses – ILO
By Stephanie Nebehay GENEVA (Reuters) – Some 8.8% of global working hours were lost last year due to the pandemic,...
“Lockdown fatigue” cited as UK shopper numbers rose 9% last week
LONDON (Reuters) – The number of shoppers heading out to retail destinations across Britain rose by 9% last week from...
Alphabet’s Verily bets on long-term payoff from virus-testing deals
By Paresh Dave OAKLAND, Calif. (Reuters) – For Alphabet Inc’s Verily, a healthcare venture that is one the tech giant’s...