By Stuart Reed, VP of Products,Nominet
Like many industries, finance is well aware of the need to maximise the returns presented by digital. However, financial institutions are tackling digital transformation at a pace and scale not common across other sectors. The question is, is this at the expense of security?
To explore this, Nominet recently commissioned a survey of CISOs, CTOs and CIOs at financial services providers across the UK and US, looking at the intersection of digital transformation and cyber security. It sought to explore how banks can manage third party risk, innovate, and meet evolving customer expectations while mitigating their exposure to cyber-attacks.
An appetite not to be left behind
Traditional banks have become increasingly vulnerable, juggling a myriad of challenges. Often they are having to reinvent themselves and come up with new and innovative ways to ride the wave of disruption. Mobile technologies, cloud platforms, and big data are just some examples of next generation technologies bolstering the capability of financial services institutions to improve cost efficiencies and remain relevant in today’s digital age.
Customer banking habits have shifted to expect an “always on” and “always connected” experience, and banks are aligning their services with these expectations. According to the report, around half (49%) were implementing digital transformation programmes to keep pace with evolving customer behaviours and preferences.
But, while digital transformation might be seen as the answer to securing a bank’s future, the evolving cyber landscape means that many may be compromising themselves in the hunt to become more innovative.
Financial services institutions are in a constant battle to arm themselves against the threat of attackers trying to breach their networks and siphon off high-value data. With the majority of customers managing their finance online 24/7, a bank’s IT network is a treasure trove, hugely attractive to cyber-criminals.
Awareness of this is not lacking. In Nominet’s survey, many were mindful of the risk exposure such digital programmes could have on their business, with about half (48%) claiming a threat to cyber security was the single biggest risk by its implementation. Over half of correspondents (53%) were equally, if not more, concerned about the increased attack surface presented by digital transformation, which now extends beyond the four walls of a bank branch. The majority (64%) are also worried about the exposure of customer data.
A complex environment of incidents and regulation
Incidents match this increased concern. In the last year in the UK, financial services firms reported a 1000 percent increase in incidents to the Financial Conduct Authority (FCA).[i] According to the FCA, 21 percent of these were triggered by third-party failure, 19 percent from hardware or software issues, and 18 percent were caused by a change in management.[ii]
The regulatory burden is also growing for financial services firms. On the other side of the Atlantic, many regulators believe that hackers now pose the greatest risk to the US financial system. In response, they have considered pooling resources to assess the cyber defences of America’s top banks.
In the UK, GDPR has drastically increased potential penalties on companies found to mismanage customer data. 47 percent of respondents cited compliance with new regulations as a driver for digital transformation to modernise their processes and operations.
A matter of timing
The reality is that, despite the rise in UK financial services firms falling prey to cyber breaches, businesses are failing to build security into digital transformation initiatives from the outset. Only around two in five admitted considering security, with one in five either leaving it to the pre-implementation or implementation stages. Worryingly, one in ten admitted to putting it off until their transformation was actually underway, and a handful confessed to giving cyber security no thought at all.
The majority of financial institutions are now opting to outsource essential back-office processes to simplify and streamline operations. 82 percent of financial services providers outsourced their digital transformation efforts, for example. But, while using third-party vendors boosts in-house capabilities and adds value in terms of domain knowledge and technical expertise, it also heightens the exposure to risk. It doesn’t matter if a third party is to blame for the misuse of data; under GDPR the company itself is responsible for the data. It’s therefore important to strike a balance and look at the digital transformation strategy through a lens of cyber to mitigate the misuse of data or a breach in the network.
As banks become more forward-thinking and innovate for the future, they must also keep a watchful eye on the present. Security teams need to be deeply embedded in all digital transformation initiatives from the very start. It should not be a question of securing infrastructure once a project has gone live, rather building in security from the outset as part of the planning phase. Without this, digital transformation will always present as many risks as it does opportunities.
Control vs visibility
Furthermore, whilst embracing cloud based models inevitably means relinquishing a level of control to a third party, it is essential to recognise that the responsibility of data still remains. As such, understanding where that data is, how it is accessed, who can access it and ensuring interactions are both expected and legitimate are crucial. Arguably having visibility across the network (be it on premises, in the cloud or a mixture of both) is more important than ever before. The common denominator linking networks regardless of complexity is the Domain Name System (DNS). DNS based traffic flows between network in all organisations and therefore if utilised as part of the security stack can provide valuable information regarding malicious and suspicious behaviours along with identifying data theft through DNS “tunnelling”. Having visibility and actionable intelligence at this layer provides the holistic view often missing at the network level and can help security teams reduce their digital attack surface and quickly respond to an identified breach before it causes harm.
Using payments to streamline everyday transport
By Venceslas Cartier, Global Head of Transportation & Smart Mobility at Ingenico Enterprise Retail
Once upon a time the only way to get from A to B on public transport was with cash – and likely a pre-paid ticket bought from a physical office. Nowadays, thanks to technological developments, options range from contactless and mobile payments, to in-app tickets and more. As payment methods advance, consumers and merchants are naturally moving towards Mobility as a Service (MaaS) systems, integrating various forms of transport services into a single mobility service, accessible on demand.
This move towards MaaS does not only streamline the consumer experience, it has other positive impacts too. Incentivising public transport use reduces environmental pollution, improves mental wellbeing by reducing travel-related stress, and aids productivity by freeing up time otherwise spent driving. With this in mind, let’s take a look at the current trends affecting the transport sector, as well as how payments can optimise transportation for both operators and consumers alike.
Optimising transport with payments
The payment process is integral to any service. A payment service provider (PSP) can provide a range of key benefits to operators by proving a gateway to the transportation open payment ecosystem, and ensuring they meet objectives in 3 key areas.
- Environmentally, by reducing the use of personal cars and alleviating pollution and congestion.
- Societally, making urban mobility more inclusive in terms of improving access to all areas and for all socioeconomic classes.
- Economically, by optimising investment in eco-structure and fostering financial transactions, therefore improving the wealth of the city.
Payments professionals’ expertise and technological solutions can make payments easy again for transport operators. They can provide a range of options so that the customer can choose which one is right for them, leveraging the capabilities of the mobility services’ infrastructure (contactless, mobile wallets, P2P, closed-loop, QR code, and blockchain).
Furthermore, they can help promote inclusion and sustainable urban development. For example, methods such as prepaid virtual cards, or mobility accounts linked to a prepaid account can reduce the risks of excluding the unbanked. The environmental impact per kilometre can also be reduced, along with the use of vehicles with lower emissions per person per kilometre.
Finally, PSPs can put merchants’ minds at ease, providing payment liability, allowing aggregation of all due amounts from all mobility service providers, and collecting payments in one single transaction from users while dispatching revenue between mobility service providers.
COVID-19’s disruption to the travel industry cannot be overlooked. In fact, research suggests that public transit ridership is down 70% across the globe since the onset of the virus, longer distance travel has seen reductions of up to 90%, and payment by cash has seen a 60% drop.
Being realistic, these behavioural shifts are unlikely to revert anytime soon, so it’s important for merchants to keep this in mind when thinking about payment methods. More than 70% of consumers and travellers say they are likely to avoid the use of cash over the next six months. As a result, more than 40 countries have already raised their contactless payment threshold, further helping consumers to avoid contact with frequently touched pin pads.
However, the pandemic has only accelerated the way things were heading already and highlighted the benefits. Within the context of the pandemic, transportation needs to reinvent itself and adapt its processes to suit the shift in commuter habits that we’ve already seen and will continue to see in the future.
Other trends to keep an eye on
Contactless has been steadily growing on the transport scene, as have mobile payments and in-app purchases. In fact, the recent move to mobile and online ticketing is the most promising method so far, having seen significant growth in the last few years and having been accelerated by COVID-19 as discussed above. Once consumers move to these easy, convenient, and seamless methods, it’s rare that they revert – so it’s a good idea for operators to think how they can cater to these preferences.
Speed and convenience are a must for busy travellers – but not at the expense of data security. Finding the right payments partner is therefore crucial so operators can safeguard their customers’ personal data, while also keeping on top of other security regulations/features such as P2P encryption, PCI certification, and tokenisation.
Next steps for operators
Public transport is essential for many peoples’ everyday lives – COVID-19 or no COVID-19. As such, mobility service providers can make a great difference to their service and operations by implementing the right solutions.
Grey skies ahead – Malta prepares for a gloomy 2021 if they can’t tackle financial crime
By Dhanum Nursigadoo, ComplyAdvantage
With the summer drawing to a close, many countries who rely significantly on warm weather tourism will be assessing the impact of Covid-19. Being a small island in the middle of the Mediterranean you would expect Malta to be taking a significant economical hit – just like we are seeing in other popular European holiday destinations – but this doesn’t take into account the strength of the Maltese economy.
Emerging from the eurozone crisis with one of the most dynamic economies strategically positioned between three continents, Malta has had one of the lowest unemployment rates in the EU and has recently seen its GDP growth expand year-on-year. But perhaps the most important aspect of the Maltese economy has been its attraction for foreign businesses with only a 5% tax on profits. It is no secret that Malta is a tax haven, probably one of the most effective tax havens in the world.
But you can’t pick and choose who takes shelter, and it’s no secret that money launderers have been taking advantage of the regulatory landscape in this archipelago.
The conditions of a tax haven suit criminal enterprises, who can take advantage of the opaque environment and blend their illegal activities with the same operations enjoyed by high net worth individuals and corporations who are looking to reduce their tax bill. And last year Malta’s keenness for secrecy and avoidance resulted in a damning report by Moneyval – the Council of Europe’s Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) body – which found that while the nation had made some efforts to curb money laundering there was still much to be desired in order to bring the tax haven up to standard. Overall, they were of the opinion that Malta viewed combating money laundering as a non-priority and this resulted in branding Malta with low to partial ratings for 30 out of the 40 Financial Action Task Force (FATF) recommendations.
The findings of the report were stated to have the potential to “create within the wider public the perception that there may exist a culture of inactivity or impunity”. This follows on from a series of international high-profile stories regarding Malta and financial crime. Most shocking was the murder of journalist Daphne Caruana Galizia – who investigated corruption and money laundering in her native country – and was killed by a car-bomb three years ago leading to international outrage and condemnation.
Now Malta is in a race against time to turn their reputation around or they will suffer genuine consequences. The FATF have threatened to place Malta on a “greylist” of high-risk jurisdictions unless they have shown a genuine commitment to combatting financial crime and implemented the recommendations of the Moneyval report. If they fail, this would make Malta the first EU country to make the list and join others such as Panama, Syria and Zimbabwe.
The pandemic has actually given Malta more time to meet these obligations, and it has been widely reported that an initial summer deadline has now been moved to October due to the widespread disruption.
As we head into the autumn, there are signs that Malta has begun to take action. The Malta Financial Services Authority (MFSA) has created and established an empowered AML now headed up by Anthony Eddington, formerly of the UK’s Financial Conduct Authority and who has previous experience of tackling anti-financial crime at Deutsche Bank. This team has already begun working closely with international experts, specifically partners in the US through the US embassy in Malta and the United States Commodities Futures Trading Commission (CFTC). In May this collaboration led to 25 new cases focused on money laundering in particular, and with plans to increase standard inspections and on-site investigations into businesses in Malta, it appears there is a change to the country’s priorities.
Importantly, the report highlighted a problem for countries that choose to become tax havens. In some cases it was not that the Maltese authorities deliberately turned a blind-eye, but simply that they did not have the necessary knowledge to effectively tackle financial crime in the first place. Law enforcement appeared unable to even recognise when crime was occurring.
But this blurring of financial compliance will not help businesses if Malta does indeed become “greylisted” this year. While not as devastating as being blacklisted (the two occupants of this list are Iran and North Korea) there are significant detrimental effects to being put on the FATF greylist. Although this signals that the country is committed to developing AML/CFT plans (unlike the blacklist) it still sends out a warning signal to the world that this is a high-risk area, with the country in question subject to increased monitoring and potential sanctions from the IMF and the World Bank. Make no mistake, being put on the greylist will be catastrophic for Malta’s economy.
It remains to be seen how the work to avoid such a calamity will affect Malta’s tax haven status. Perhaps with an increased fight against financial crime there will be less ability to defend one of Europe’s most competitive tax regimes. But if Malta does not show they are genuinely committed to tackling this problem, then the pandemic disruption to the island’s tourism may be minor in comparison to the grey clouds that now approach their shores.
How will the UK prepare a supply chain for the distribution of the Covid-19 vaccines?
By Don Marshall, Marketing role at Exporta.
The challenge of mobilising a supply chain for the introduction of a global and nationwide vaccine will be enormously complex. The process will be costly, and it’s likely the figures will stretch to the hundreds of millions for both the production of the vaccine itself and its distribution across the UK. We must prepare and plan a supply chain strategy to ensure it reaches those most in need in a timely and safe manner.
The task of immunising a whole population is something that has never been planned or likely imagined by anyone within a standard supply chain. A supply chain that goes directly from the manufacturer to the end consumer, or user/ patient in this case, is complex and goes beyond the scope of any single logistics company. It would have to be conceived and delivered via a large joint effort and collaboration between multiple organisations. Effectively distributing the vaccine will depend on the source of manufacture, its storage requirements, and protection of the vaccines from manufacture through to patient administration.
The majority of vaccines require storage within a specific temperature range and need to be handled safely and in hygienic conditions. Depending on where the vaccines are manufactured, the transport legs will vary; if they are coming from overseas, air freight will increase cost and complexity. In addition to supplying the vaccine, syringes, needles and containers also need to be taken into account when preparing the supply chain.
Securing the specific types of boxes or containers i.e. the lidded containers normally used for transporting pharmaceutical products will mean acquiring them from all available stockists and manufacturers. Delivery vehicles would then need to be considered, with temperature-control factored in. The medical supply chain can inform their approach to distribution by assessing data from previous supply chains, and how large quantities of vaccines have been sent out in the past. Collating successful vaccine delivery examples from other parts of the world would be advantageous here, the more we can do to prepare for a logistical challenge of this magnitude, the better.
The distribution of this COVID vaccine will be unique in its scale and for that reason, additional supply chains will need to be mobilised. Apart from medical supply chains, those best suited for this type of transportation are the fresh/frozen food industries and supermarkets. I would mobilise these businesses to assist with the vaccine’s distribution wherever possible and use their car parks and facilities for the temporary medical centres needed to administer the vaccine to the public.
Using the food industry and supermarket networks would leave the current pharmaceutical supply chains intact for health services, pharmacies and the NHS. It would protect those vital services and continue to serve communities across the UK. Inevitably, it would place a short term strain on food supply chains, but these are supply chains that are well-equipped and versed in coping with excess demand i.e. the spike endured from the brief spell of public panic buying at the start of the crisis. With adequate resourcing and planning, I believe the UK supply chain can and will handle this challenge.
Reconnecting the retail brain: learning from the octopus
By John Malpass, Retail Consultancy Practice Lead at Teradata An octopus has nine brains: one for each tentacle and plus one at...
How robotic technology will disrupt the manufacturing industry
By Marga Hoek, author of The Trillion Dollar Shift Robotics technology has the potential to disrupt industries across all sectors...
RPA, the software robots that finance and banking professionals need to hear about.
By Rory Gray, Vice President of Sales at leading software automation firm, UiPath, explains what role Robotic Process Automation (RPA)...
The rise of nomadic work: how to turn your remote team into a creative force
By Paige Erickson, EMEA MD, Workfront During the first stage of the lockdown in the spring, almost half of Brits...
The value of digital identity in payments
By Vince Graziani, CEO, IDEX Biometrics ASA In ever more challenging times, the payments industry needs to maintain trust by...
Consumers in the COVID era can learn to embrace strong customer authentication
By Ed Whitehead, Signifyd managing director, EMEA The changes that COVID-19 has caused in rapid succession make it hard to...
How NatWest used social media to better target its communications
By DuBose Cole, Head of Strategy, VaynerMedia London For banks, it is imperative to reach their existing – and potential...
It’s time to press ‘reset’ on travel and expense processes
By Rudy Daniello, EVP of Corporations, Amadeus Travel & Expenses(T&E) is a large spend category for companies across the globe....
Covid-19 and the rise of remote payment fraud: how do we catch a digital thief?
By Evgenia Loginova, co-founder and co-CEO of Radar Payments Covid -19 is finding different ways to hurt our finances –...
Effective financial planning will secure businesses a certain future
By Simon Bittlestone, CEO of financial analytics company Metapraxis 2020 has been an unpredictable year, bringing further volatility to already...