By Mark Crichton, Senior Director of Security Product Management, OneSpan
The banking security industry is characterised by perpetual change—a result of the ever-developing methods employed by cyber-criminals to defraud customers. Banks looking to protect their users face an ongoing and uphill battle.
According to figures from Accenture, the banking industry incurred the greatest cyber-crime costs of any industry in 2018, at an average of $18.3 million per institution. Meanwhile, new annual figures from Cifas, the UK’s fraud prevention service, suggest that instances of fraud increased by six per cent last year.
All the signs point to the fact that 2020 will be no different. Banks will struggle to stem the flow of attacks, which are increasing in both sophistication and regularity.
Adding to the complexity, the banking security industry will also have to respond to a multitude of other external factors, with social, technological and legislative factors also contributing to inevitable change in the New Year.
So, looking towards the rest of the year, here are four factors that will influence banking security in 2020.
Mobile will become the banking norm
The supremacy of telephone and desktop banking is coming to an end, cut short by the rise of the mobile channel. Driven by the preferences of Millennials and Generation Z, mobile will become the most widely used banking platform in 2020.
Though the ease with which customers can bank on their mobile devices represents a victory for convenience, it also increases the size of the attack surface open to bad actors. Whether mobile is already part of a bank’s offering or a new mobile app is set to be launched, security needs to be built in from the beginning, not tacked on as an afterthought.
Fraudsters have identified the mobile channel as a comparatively vulnerable target, because of its relative infancy compared to other channels. They have tended to focus on security weaknesses connected with registering, activating or using a mobile device in relation to an online account or transaction.
This means that professionals in the banking security sector will need to pay particular attention to the security of banking apps rolled out in the New Year. App development—whether conducted internally or using an external agency—will need to incorporate best-in-class security mechanisms to protect users from fraud.
Open banking will bring about new threats
Open banking allows third parties to provide a variety of new offerings and services using customer data held by banks (with customer consent). Its arrival will allow customers to enjoy a high-quality, fully digital banking experience, but will also bring with it a host of new security risks.
Many pundits believe that 2020 will be the year of open banking, which will be adopted by consumers and enterprises alike. Its introduction will come as a result of PSD2 in Europe and similar legislation in other global economies, such as Australia, Singapore and Hong Kong.
Historically, banks have expressed unease about opening up their systems to third party providers—and their concerns aren’t unfounded. Though customers will enjoy a range of new benefits brought about by open banking, it will also give rise to new security threats and vulnerabilities.
Unlike banks, third party providers don’t have a wealth of resources to funnel into security measures. This means that the most formidable threat associated with the arrival of open banking will be data breaches suffered by third-party providers. It’s probable that weaknesses in the IT infrastructure of third-party providers will result in significant sums lost in cyber-attacks this year.
AI will hit its stride in financial services
In order to be utilised to the greatest effect, artificial intelligence (AI) needs access to vast quantities of data. The greater the pool of data used in the machine learning (ML) process, the more effectively AI can be used for all manner of applications, including to prevent fraud. To date, the fragmentation of data held by banks and other financial institutions (FIs) has meant applications of ML and AI haven’t been able to hit their full stride.
However, this year, we’ll see banks funneling resources into rectifying issues with data architectures and building effective AI-enabled systems. Adoption by a handful of FIs will have a domino effect, as the rest of the field reacts in an effort to remain competitive.
While AI can indeed enhance banking security infrastructure, the financial services industry cannot rely on it exclusively. This emerging technology is not infallible, so the most secure banks will find a balance between technology and human insight that accounts for the strengths and weaknesses of both.
Declining UK influence in Europe will benefit smaller FIs
Though the recent UK election has provided a measure of clarity where Brexit is concerned, businesses in all sectors are still reeling as a result of the uncertainty that has shrouded the UK since 2016. The financial industry is just one of many that have been affected by the ongoing Brexit question.
The effects of uncertainty will continue as the new trade relationship between the UK and Europe is negotiated throughout 2020. In the short term, we will not see significant divergence between the UK and the EU, in part because UK banks will want access to EU customers. However, the UK’s sway within EU structures—where it has been consistently calling for reduced regulation and support for the interests of large UK-banks—is soon to be diminished.
As a result of the UK’s waning influence within the EU, subtle changes will begin to take effect. Gradually, we’ll witness a shift towards increased consumer protection and greater consideration of the interests of smaller financial institutions.
In 2020, the banking industry will be forced to change shape in the face of new threats, and as a result of a multitude of external factors. To protect their customers from the inevitable host of unanticipated threats and attack vectors, banks must turn to technology.
The latest in risk-based technologies and modern identity verification methods allow banks to analyse cross-channel data to make security decisions in real-time. By identifying suspicious transactions and account openings as they occur, banks will address the ongoing threat posed by financial fraud and demonstrate a commitment to security that will build loyalty amongst customers in 2020.