Author: HildingArrehed, director of worldwide professional services at ActivIdentity, part of HID Global
Two common misconceptions about online banking security may be holding financial institutions back from offering their customers the best services possible.
I've had the opportunity to work with a number of financial institutions around the world, helping them design and implement security solutions for their online banking systems. Along the way, I've identified two highly prevalent myths surrounding online banking security. Here, I'll explain the flawed thinking behind these myths and offer some simple solutions to their associated challenges.
Myth 1: Strong online security practices are inconvenient and create bad customer experiences
Banks with the strongest online security are able to offer their customers more and better services than their less secure competitors, which often trump any convenience factors. For example, a bank that launched its online banking service back in 1996 began immediately enforcing strong, two-factor one-time password (OTP) token-based authentication at every login. The bank quickly reached 2.5 million online users despite the fact that access to the site required login via a challenge/response scenario. Customers recognized that this system enabled them to confidently and securely conduct all their financial business online, including executing international money transfers, making stock trades and completing mortgage applications.
Fast-forward to 2011. With all of today's advanced security technologies, you might ask how financial institutions can build online banking systems that offer functionality and sufficient security and also maintain the highest level of convenience. My suggestion is to let your customers customize their security options in the following ways:
- At the time of log in, allow customers to choose which authentication method to use based on how they intend to use the service. For example, a password should be enough to view account status and transfer money between a customer's own accounts
- Empower customers to configure their own "convenience vs. security" levels. When logged in with a strong authentication method, such as OTP token or SMS text, it should be possible to reset the password mentioned above, or disable/enable that access level altogether
- Let customers choose to connect from their preferred device. Be quick to release mobile and tablet apps, since using the built-in Web browser in small devices is typically not an option. Embed security into your apps, but keep your security model and supported authentication devices consistent so it's clear to the user that regardless of the device or app, the same service is being accessed with the same level of security
- Some customers will want to get security credentials (OTP tokens, etc.) directly in a branch office, while others will want everything to be managed via phone. Tech savvy customers might want to use their mobile phones as OTP tokens. Let them choose, and don't be afraid to charge a small premium
- Let customers use the same security credential they use for online banking when they access other bank services such as telephone banking and customer service
- Do not underestimate the power of great customer support — in multiple forms. Some customers may want to research issues and find solutions on your website, while others prefer to communicate via email or phone. Make sure to provide all of these options, and do it well
Myth 2: The strongest security measures should protect initial access to all services
Levels of security should increase based on transactional sensitivity. For example, logging into your online account could be simply protected by password authentication, but access to money transfers should require more stringent validation and verification. Consider the following best practices for secure, risk-appropriate and cost-efficient electronic transaction signing:
- Make it as easy as possible. Only ask for transaction signing when money is transferred to outside accounts, and allow transactions to be batched, including payments, transfers and other tasks that require signing. This prevents customers from having to go through the same electronic signing process multiple times
- Use a secure but risk-appropriate technology to carry out the transaction signing. Smart cards, tokens, soft tokens and SMS text messages are all good ways to provide electronic transaction signing. However, customers should only be required to have one strong security credential to log in and conduct online business with your bank — they can choose to have multiple credentials, but this shouldn't be a requirement
- Make sure it's clear to the user what is being electronically signed. This is to prevent the risk of man-in-the-middle attacks. Clarity is particularly important now given recent attacks on trusted Certificate Authority providers and hacks of the session security protocol mechanisms (SSL/TLS) used by Web browsers. If transferring $500 from account 12345678 to 87654321 on December 3, for example, select a subset of this transaction data to be encrypted (electronically signed) by the customer by using a strong security credential. In the case of an OTP token, this could mean that the number 5008321312 (where 500 is the amount, 8 is the last number of the source account, 321 is the last three numbers of the destination account and 312 is the date for the transaction) was typed into the token for encryption (electronic signing). The token would then return an encrypted version of the number that, once typed into the internet bank site, can be verified by the bank's back end, the only other entity with access to the encryption key used by the token. Given a strong user awareness campaign and a user-friendly interface, this allows the user to understand what it is they are approving
- Store the transaction data, including the customer's electronic signature, in a secure, tamper-evident audit database for archiving purposes. It can be very useful in proving that a money transfer was correctly carried out and approved many years after it happened
Every bank obviously has its own advantages, challenges and security needs. Your security solution, including authentication and money transfer approval mechanisms, needs to be specifically defined to meet those unique needs.
UBX appoints new Chief Investment Officer
In line with its strategy to explore and invest in companies and platforms of the future, UBX—the Fintech and Corporate Venture Capital arm of Union Bank of the Philippines (UnionBank) — is announcing the appointment of Matthew Kolling as the company’s Chief Investment Officer (CIO).
As CIO, Kolling will be managing UBX’s Corporate Venture Capital (CVC) fund. He will also play a key role in raising capital for UBX while assisting the company in key corporate transactions, including the structuring of joint ventures and acquisitions.
Prior to his appointment at UBX, Kolling has been Head of Venture Investments at Aboitiz & Company since 2019, wherein he had been working with UBX on investment portfolio decisions. Before that, he held senior positions in Private Equity, Venture Capital, and Investment Banking at firms such as Providence Equity Partners and Morgan Stanley in New York.
Kolling has more than 20 years of experience in managing investments and deals in the Technology and Telecommunications industries and is active in Venture Capital and startup communities in the Philippines and the Southeast Asian region. He currently chairs the Manila Angel Investors Network, among others.
“We at UBX are excited to welcome Matt as our new CIO. We firmly believe that Matt will be instrumental in driving value creation opportunities, both within the CVC fund and our corporate ventures. We look forward to working with him as we fulfill UBX’s vision of a future where banking services are embedded into everyday experiences that matter,” said UBX president and CEO John Januszczak.
Meanwhile, UnionBank president and CEO Edwin Bautista said, “The addition of world-class talents in our pool reinforces our strategy to future-proof the organization and our business as we prepare for many new opportunities that come with the changing times.”
It’s all relative: Older generations feel helping out the family financially is more important since the Covid-19 outbreak
Before Covid, 23% of people prioritised helping younger generations out financially, that increased to a third as a result of the pandemic
A recent survey* conducted by Hodge has revealed that the Covid pandemic has led to more people wanting to help younger family members financially.
A third (31%)** of those questioned said that since the Covid outbreak giving a financial gift to children or grandchildren is more important to them, compared to 23% who said it was a priority before the pandemic.
The traditional “Bank of Mum and Dad” is still very much open for financial help, with parents being responsible for 72% of the gifts, but the study also revealed that financial gifts can come from all corners of the family – including children (14%) and siblings (14%).
The survey also found that a third of people have received a financial gift from family, with those aged between 25-34 as the most likely to receive
The most popular reason for gifting money to family is for special occasions such as a quarter of gifts were given for weddings and birthdays but 11% of people have received money to help with big purchases such as cars and houses. In addition, 19% of people have received help with day to day finances, with around 14% of those receiving a gift have done so to pay off debt.
Emma Graham, Business Development Director at Hodge, said of the research: “Our study showed that, as a nation, we all want to help our family out when it comes to money. And whilst we all think of the Bank of Mum and Dad or Gran and Grandad as a traditional source, we were surprised to see that 14% of brothers and sisters are also helping out.”
The findings come from a recent intergenerational study conducted by Hodge, who interviewed over 3000 people about their attitudes towards finances and their aspirations for the future. The full research findings can be found at https://hodgebank.co.uk/2020/05/19/money-its-all-relative/.
As part of the study, people were also asked about paying back the gift, with 40% of beneficiaries expecting to pay their parents back, but this dropped to 28% if the gift came from grandparents.
From the gift donor’s perspective, 26% expect the gift to be paid back, however just 15% of grandparents expected the money back.
Hodge has produced a set of guides on how families can navigate the tricky subject of giving financial gifts within a family, as well as the considerations and steps that be families should think about taking before a gift is given, such as is it a loan or a gift and thinking about contingencies if the family member’s circumstances change. The guides can be found here: https://hodgebank.co.uk/news/
Emma continued: “It’s clear that families feel strongly about offering financial support to each other if they are able and this has increased since the Covid pandemic. Before Covid, 23% of people prioritised helping their families out financially in the next five years. Since the Covid-19 outbreak that has increased to a third of people saying helping a family member financially had become more important.
“So, it is clear that the Covid-19 lockdown and subsequent predicted economic downturn, has led to more families looking to share wealth to help younger children or grandchildren during this difficult time. Many people may look to Later Life mortgages, where many products have reduced their rates and have flexible lending criteria, to help out a loved during these difficult times.”
New report identifies the factors which will determine SMEs’ chances of a successful COVID recovery
· Analysis of the performance of over 1,000 UK small and medium-sized businesses by Allica Bank provides roadmap for SMEs
· Regular training, an openness to innovation, and a clear vision all contribute heavily to an SMEs’ chances of success
· Allica Bank has launched a programme of free workshops to expand on the findings and support business owners
Business bank, Allica Bank has combined data and insight from over 1,000 UK SMEs with a multiple regression analysis to determine what factors most closely aligned with an SMEs’ chances of success and separated the highest-performing businesses from their peers. These ‘rules for success’ have been compiled from the research data to support British businesses as they look to chart a course to post-Covid recovery.
The full report identifies six behaviours for small and medium businesses to follow, to maximise their chances of a successful COVID recovery. The six top-line rules emphasised by the data were:
Rule 1: SMEs should regularly train staff
Of the top-performing businesses analysed, 47% provided training for employees at least on a quarterly basis, compared to just 32% of other businesses. Regular employee training was linked closely to success by the model.
Despite this, many small businesses have neglected training and nearly half (46%) of the small businesses analysed only provide training for employees about once a year or less often. This included 15% that never provide employer-funded training. This discrepancy could represent a significant opportunity for small businesses to unlock the potential of their employees and thrive in the post-Covid economy.
Rule 2: SMEs need to focus on innovation and technology
Looking again to the best performing businesses, 76% were found to either continually (39%) or often (37%) be considering new opportunities for technology in their business. This is compared to only 51% for businesses considered to be outside of the top ranks, out of which only 27% admitted to continually looking for new technology opportunities.
Rule 3: Small business must have a formal, long-term vision
Nearly two thirds (66%) of the most successful businesses in the survey had a formal, long-term vision, compared to just 50% of businesses outside the top 100. Looking to the businesses that scored the lowest on the SME Performance index, only 37% claimed to have a formal, long-term vision.
Rule 4: SMEs should broaden their customer reach and find new markets
Of the top-performing businesses, 65% of these have overseas customers compared to just 40% of the worst performing businesses. Among the best performing SMEs, over a third (34%) identified international expansion as one of the top three drivers for their success.
Rule 5: SMEs need to develop reinvestment plans
22% of the best performing SMEs reinvested some of their profits into the business in the past three years with an average 9% of profits being redeployed. Tellingly, this is nearly double what other businesses admit to reinvesting in their business (5%).
Rule 6: SMEs should engage with local business organisations and networks
Of the top 100 SMEs, 30% had obtained external credit to expand over the past three years (compared to 24% of other businesses). Meanwhile, only 16% of all other SMEs had engaged with local enterprise partnerships or growth hubs in the past three years (compared to 23% of the top 100 SMEs).
Chris Weller, Chief Commercial Officer, Allica Bank, said:
“All small businesses are different, as are all small business owners, but one trait they share is an innovative resilience. Whilst the coming months and years will undoubtedly continue to present extreme challenges, there is no doubt that small and medium sized businesses across the UK will rise to meet them head on.
“To give them the best chance to succeed, though, they need to be equipped with the right tools. There is certainly no silver bullet or panacea for every small business, but as this study has found, there are a number of common factors found in the most successful businesses that allow small enterprises to thrive and that they can consider individually for their business.
“This research has identified common ‘rules for success’ that speak to every aspect of running a business, not just the financials. Once we saw these results, we wanted to use them to help small businesses begin to re-build and prosper, by outlining common factors and then examining how best they can be practically applied to businesses in all sectors of the economy.
“Small business owners and their employees have been hit hard by the crisis, but they have the drive and resourcefulness to breathe new life into the economy and bring energy to post-Covid Britain. Our commitment at Allica Bank is to give them the support they need to do so, every step of the way.”
The full report contains a wealth of additional data and insight into each of these topics. As part of its mission to empower small businesses, Allica Bank is making the findings freely available and running a series of free online workshops with relevant partner organisations for businesses to attend.
UBX appoints new Chief Investment Officer
In line with its strategy to explore and invest in companies and platforms of the future, UBX—the Fintech and Corporate...
Workforce Diversity Matters To Our ESG Evaluation
We believe the limited representation of Black voices in key decision-making processes prevents companies from reaping the benefits of a...
Blackline reveals CEO succession plan
By President & COO Marc Huffman appointed CEO as of Jan. 1st, 2021; Founder Therese Tucker to serve as executive...
From furlough to returning to work – employees are feeling insecure in their future
New data looking into 6,273 employees, commissioned by Perkbox, the employee experience platform, has revealed the considerable impacts of the...
How mortgage regulations are changing globally
By Globalaw members Oliver Foerster, Partner @ Huth Dietrich Hahn, Roberto Sparano, Partner @ Quorum Legal ,Paul Tully, Managing Director and Partner...
Return to work: Flexibility, preparation and communication are key
By Matt Weston, Managing Director, Robert Half UK As lockdown restrictions ease for the foreseeable future, conversations across the business...
How sustainable AI improves the triple bottom line
An investment in green AI enables financial services firms to align people, profit, and planet By Nick Dale, EVP business...
The impact and implications of Covid-19 on financial reporting
By Mark Billington, Regional Director, Greater China & South-East Asia, ICAEW The economic consequences of Covid-19 have been unprecedented, affecting...
Contis enters RBS Capability and Innovation Fund bid seeking £35 million for disruptive SME growth strategy
Leading payments provider, Contis, has applied for two grants from the RBS & BCR Alternative Remedies Package, totalling £35 million. Unlike most applicants who...
Four years of digital transformation in four weeks: UK lockdown puts pressure on brands to digitally deliver
Nearly a third (32%) of consumers would switch providers if a brand’s website is unavailable for more than 24 hours...