Connect with us

Technology

HOW BANKS CAN USE BIG DATA TO REMAIN SECURE

Marc Lee

The challenges facing financial organisations are not getting any easier, particularly when it comes to security. The innovation and pace of technology, along with changing industry demands and regulations, all contribute to the challenge of keeping banks secure.

With data spread across multiple environments and the ‘always on’ work ethic demanding constant multichannel access to information, the need to protect data, while remaining compliant, is more pertinent than ever before.

The universe of user identities and access points is increasing exponentially. Today’s banks need to manage access to sensitive data across multiple devices, users, on-premise and cloud applications. This creates billions of identity and access relationships between the organisation and its stakeholders, third party suppliers, remote workers, customers and so on.

Marc Lee

Marc Lee

Today’s employees expect immediate access to data and applications, yet are blithely unaware of the risks involved with supporting this type of access across a financial organisation. This is a classic challenge in supporting today’s identity universe – a challenge that recently made the media headlines when a South Korean bank employee with access to various databases secretly copied sensitive data on more than 20 million credit card holders onto an external drive. To be able to better understand these security vulnerabilities, we need to look at the issue of Big Identity Data.

Big Identity Data is the information produced by the constant activity of identity and access management: bringing on new users or terminating others (joiners, movers, leavers), activating new devices, launching new applications, granting access rights, and changing user roles. And in every enterprise, this “identity universe” is rapidly expanding with the growth of:

  • Users needing easy access to business information and systems;
  • Rights to those resources, given users’ job functions and levels;
  • Targets, i.e., applications, data stores and other resources users need to get their jobs done;
  • Policies regulating what users are and are not allowed to do; and
  • Platforms, including in-house networks, the cloud, mobile devices and SaaS.

With this huge volume of “Big Identity Data”, uncovering risk typically requires a lengthy review of multiple systems and terabytes of data, which generally doesn’t happen. The silver lining, however, is that with powerful analytics, Big Identity Data can become part of the solution.

Big Identity Data actually presents a significant opportunity to help financial organisations to provision smarter, streamline audits, and identify and eliminate emerging threats to sensitive information before they can harm the company.

In recent years, Identity and Access Management (IAM) solutions have made great advances in helping banks to increase the efficiency of user account provisioning and more effectively manage IT audits.

However, IT and security professionals have been struggling to keep up with incessant business demands arising from increasing reliance on technology, while ensuring they remain compliant with regulatory requirements and that valuable information is protected.

For example, they are under constant pressure to not only provide access provisions, but to remember to shut down accounts of workers who have left organisations and avoid giving out too many access rights.

Technology is necessary to take control of these processes and identify potential vulnerabilities in data access. The secret is intelligent identity and access management (IAM), which continuously monitors identities, access rights, policies and user activities to identify and remediate vulnerabilities quickly.

The intelligent IAM approach displays these potential threats in visually intuitive heat maps. It can also identify patterns of behaviour that are a variance from the norm. Then the threats can be acted on, not only to resolve immediate threats, but also to improve ongoing provisioning and compliance, preventing similar risks from arising in the future.

By aggregating billions of data points and looking at patterns, intelligent IAM can flag unusual activity, orphan accounts, excessive access risks, and excessive rights to sensitive information stores. It can see what human eyes could never discover.

Financial organisations need to ask themselves how they must adapt to the vast amounts of information available to them and what steps can be taken to manage and mine the expanding universe of users, access and identities.

Technology

IDnow: Putting a new face on identity verification

IDnow: Putting a new face on identity verification 1

By Charlie Roberts, Head of Business Development UK&I at IDnow

Munich headquartered IDnow is an identity verification provider which uses AI-based technology to check all security features on ID documents. With its Identity Verification-as-a-Service (IVaaS) platform that combines humans and technology, IDnow has set out to make the connected world a safer place, by enabling the identity verification of more than seven billion potential customers from 193 different countries.

IDnow’s expert knowledge of German regulation, which is considered one of the most highly regulated markets globally, has become critical. Indeed, the firm is currently in talks with the UK government about creating “immunity passports” for people who have recovered from Covid-19 to determine how recently someone has been tested and whether they can return to work.

Since launching its solutions in the UK in November last year, IDnow has seen enormous demand from organisations for its AI-based products.  Compared to the same period in 2019, the firm has reported a 358% increase in order intakes as Covid-19 accelerates the need for digital processes

So why the increased demand? We caught up with Charlie Roberts, Head of Business Development UK&I at IDnow, to talk about the AI identity verification market and how AI can help financial services organisations detect and mitigate identity fraud.

So why has IDnow seen such increased demand for its identification products?

While technology is – on the whole – changing the way people do business for the better, it nevertheless carries with it a certain degree of risk to security.  In the current climate in particular, with an accelerated move towards buying and selling online, identity fraud is on the rise. In fact, our research estimates this type of fraud has doubled in the last year alone. And, while banking and financial services may be the lowest hanging fruit in terms of targets for attempted identity fraud, the threat is certainly not restricted to this sector.

The problem is the cost to the economy. In June this year, Action Fraud announced that over £6.2m has reportedly been lost in the UK due to coronavirus-related scams, making cyber fraud one of the biggest threats in our economy and the fastest growing crime.

So we have seen an enormous uptick in enquiries about AutoIdent and VideoIdent because of their combined human and machine approach. Any identity verification check that doesn’t look 100% accurate gets automatically passed through to a human for extra security, all on the same platform, in a matter of minutes.

What are the most common fraud methods?

Of all fraud methods, social engineering is the biggest issue for companies. It has become the most common fraud method in 2019, accounting for 73% of all attempted attacks. It lures unsuspecting users into providing or using their confidential data and is increasingly popular with fraudsters, being efficient and difficult to recognise.

Fraudsters trick innocent people into registering for a service using their own valid ID. The account they open is then overtaken by the fraudster and used to generate value by withdrawing money or making online transfers.

They mainly look for their victims on online portals where people search for jobs, buy and sell things, or connect with other people. In most of the cases, the fraudsters use fake job ads, app testing offers, cheap loan offers, or fake IT support to lure their victims. People are even contacted on channels like eBay Classifieds, job search engines and Facebook.

Fraudsters are also creating sophisticated architecture to boost the credibility of these cover stories which includes fake corporate email addresses and fake websites.

In addition, we are seeing more applicants being coached, either by messenger or video call, on what to say during the identity process. Specifically, they are instructed to say that they were not prompted to open the account by a third party but are doing so by choice.

How can we fight social engineering?

The first priority is to ensure people are aware of the problem, and then ensure people have the right technology in place to be able to track fraudulent activity and react quickly.

Crucially, it requires a mix of technical and personal mechanisms. Some methods include:

  • Device binding: To make sure that only the person who can use an app – and the account behind it – is the person who is entitled to do so, the device binding feature is highly effective. From the moment a customer signs up for a service, the specific app binds with their used device (a mobile phone for example) and, as soon as another device is used, the customer needs to verify themselves again.
  • Psychological questions: To detect social engineering, even if it is well disguised, trained staff can be used as an additional safety net both during detection, but also in addition to the standard, automated checks at the start of the verification process. They can ask a customer an additional set of questions once a risk of a social engineering attack has been detected. These questions are constantly updated as new attack patterns emerge.
  • Takedown service – with every attack, organisations can learn. This means constantly checking new methods and tricks to identify websites which fraudsters are using to lure in innocent people. And, by working with an identity verification provider that has good links to the most used web hosts, they are able to take hundreds of these websites offline.

Is social engineering the only type of identity fraud?

No! There is also false identity fraud. Our research indicates fake IDs are available on the dark web for as little as £40 and some of them are so realistic – including the use of holograms – they can often fool human passport agents. The most commonly faked documents are national ID cards, followed by passports in second place. Other documents include residence permits and driving licenses.

Charlie Roberts

Charlie Roberts

Similarity fraud is another method of identity fraud in use, although it’s not as common thanks to the development of easier and more efficient ways (like social engineering). This method involves the use of a genuine, stolen, government-issued ID that belongs to a person with similar facial features.

Can anything be done about this?

Biometric security is extremely effective at fighting this kind of fraud. It can check and detect holograms and other features like optical variable inks just by moving the ID in front of the camera. Machine learning algorithms can also be used for dynamic visual detection.

To fight similarity fraud, biometric checks and liveness checks used together are very effective – and they are much more precise and accurate than a human could ever be without the help of state-of-the-art security technology.

The biometric checks scan all the characteristics in the customer’s face and compares it to the picture on their ID card or passport. If the technology confirms all of the important features in both pictures, it hands over to the liveness check. This is a liveness detection program to verify the customer’s presence. It builds a 3D model of their face by taking different angled photos while the customer moves according to instructions.

The biometric check itself could be tricked with a photo but, in combination with the liveness check, it proves there is a real person in front of the camera.

This all sounds like a significant time investment for companies?

It does but, if you can find a solution that offers both a fully automated system AND a video identification solution on a single platform, then it becomes pretty friction-free and part of the workflow. In fact, customers can be checked in a matter of minutes. Organisations worldwide need to be taking this very seriously. With over 1.9 billion websites and counting, there is a huge potential for fraud, and it’s a serious problem that must be slowed down.

The threat of identity fraud is not going away and, as fraudsters become more and more sophisticated, so too must technology. With the right investment in advanced technology measures, organisations will be in a much stronger position to stop fraudsters in their tracks and protect their customers from the risk of identity fraud.

Continue Reading

Technology

NextGen Communications – the future of customer experience

NextGen Communications – the future of customer experience 2

By Andrew Beatty, Head of Global Next Generation Banking at FIS

As software development increasingly resembles push updates in services, how can financial institutions best take advantage of their investments? The answer is leveraging today’s technologies to empower institutions to elevate their customer experience with personalised and integrated communications.

Long a staple of the British market, digital banks are expanding worldwide. The pandemic played to the strengths of these organisations. With branches closed or restricted, the accessibility and flexibility of these banks were major assets.

To better understand just why digital banks succeed, we need to look at their operating models. Using Software as a Service (SaaS) and Platform as a Service (PaaS) operating models rather than more traditional and slower alternatives allows them to supercharge development.

These new technologies can elevate customer experience (CX), with a specific focus on customer communications – an area often neglected in favour of purely aesthetic upgrades to flashy-looking front-end systems.

Communicating effectively

Every minute of every day, institutions globally generate 18 million texts, 188 million emails, 511,000 tweets, 232 VoIP calls and use 4.4 million GB of internet data. This colossal amount makes it difficult to provide a consistent experience that meets ever-higher customer expectations across all communication interactions and devices. Banks need to be accessible and provide a seamless experience through any and all of the channels their customers prefer, be that Native App Push, email, SMS, print, social media, Call Centre or bots.

FIs typically lack an integrated experience. What’s needed is enabled by a consistent data schema and workflow foundation that elevates the communications experience. Customers may not know to specifically request these, but they will notice their absence. Fundamental to these capabilities are application programming interfaces (APIs) that enable banks to pick and choose best-of-breed technologies, allowing banks to focus on improving the CX and increasing Operational Efficiency and Governance.

Loyalty matters

Banks succeed on the backs of loyal customers. What inspires loyalty in customers is a banking relationship that includes both listening and speaking. Research shows that 63% of customers would consider switching banking providers if communications don’t meet their expectations. For customers who said that their banks did not proactively offer them personalised services, the customer satisfaction experience rate fell to 39%.

Research shows that more than 70% of CX leaders struggle to design projects that increase customer loyalty. Contrast this number with 75% of enterprises aiming to beat their competitors by offering the best digital consumer experience, and we can gain a sense of just how crucial communications are; a seamless CX is more important than ever to meet these goals.

These last few months have been a testing ground for banks old and new. Every email, every statement about actions taken during the pandemic is a chance to prove (or disprove) that a bank has a robust, customised communication solution. Integration across all interactions is critical.

Questions to ask

Here are six questions executives who want to improve CX at their banks need to ask when evaluating infrastructure improvements:

  1. How will capabilities evolve without requiring extensive development to support new data schemas, workflow, communication types and new channels?
  2. Will the new solution allow accelerated change management (business user-enabled) of all communications to meet internal and external demand, or will we be handcuffed to an internal or external software release for these updates?
  3. Will our middle/back office and call centre benefit from this solution by having the capability to send ad-hoc communications from a previously approved library?
  4. Will we have end-to-end tracking of all our as-delivered communications for all stakeholders (call centre, back office, etc.)?
  5. How is delivery remediation handled? (e., failed email delivery to SMS)
  6. Are all required delivery methods supported in one centralised platform?

Consider these questions before embarking on a major project. This should help ensure the selected solution results in improved Customer Experience, superior Operational Efficiency, and better Governance for your financial institution.

FIs must take advantage of emerging technologies and investment in core technologies by considering service options for all key elements of their CX. A robust data integration and workflow layer along with API integrations allow the different components of technology infrastructure to have seamless real-time integrations with third-party Customer Communication Management technologies. This can accelerate existing digital transformation initiatives and take full advantage of a modern core transformation investment – putting technology to work for FIs and their customers.

Continue Reading

Technology

The Derry Group launches new employee engagement and communications app

The Derry Group launches new employee engagement and communications app 3

The Derry Group, a one stop shop for the distribution, storage and order picking of chilled and frozen products has today announced the launch of its new employee engagement app, Thrive.App.

Their flagship company Derry Refrigerated Transport is a leading service provider for chilled and frozen distribution throughout Ireland, the UK and Europe. Derry Refrigerated Transport is the first haulage company in Ireland to sign up to the newest self-service, rapid deployment Thrive.App which brings together the key features needed for businesses to power up their internal communications for their frontline teams.

With hundreds of employees working across multiple locations in Ireland, communication, organisational engagement and information sharing is essential for the growing business.

In order to meet the additional challenges presented by the current global pandemic and the fact that the company works out of various locations throughout the country The Derry Group recognises the need to look at new ways in which all employees can more effectively communicate and share information with each other.

Commenting on the deployment of the new Thrive.App, Patrick Derry, Managing Director, said,

“We have worked hard to build and transform our business to what it is today, and our employees are key to our success. It is important to us that we give them everything they need to carry out their roles successfully as well as feeling supported and recognised for what they do. With the Thrive.App our employees can now easily access the information they need to support them in their role, they see important updates as they occur, and they know what is happening across all areas of the business.

The launch of Thrive.App will bring everyone closer together, which is particularly important during the current challenges of Covid19 and the fact that we have teams in various parts of the country.

The Thrive team have provided the best support and guidance in helping us to launch the employee app and we are confident they will continue to support us to make it a success across our organisation.”

James Scott, CEO, Co-Founder of Thrive, adds; We are delighted to help and welcome The Derry Group as a new client and look forward to working together to ensure their employee communications and engagement app is a success and loved by their teams within the Group structure whether based in Armagh, Dublin or Cork. 

Our goal is to help organisations in shifting their communications from traditional methods such as printed newsletters, notice boards and team briefings to instant, modern apps and we have loved helping The Derry Group do this. We look forward to seeing the direct positive impact the app will have on their employee communications and engagement.”

Continue Reading

Call For Entries

Global Banking and Finance Review Awards Nominations 2020
2020 Global Banking & Finance Awards now open. Click Here

Latest Articles

The ultimate tech guide to remote working for the casual worker   4 The ultimate tech guide to remote working for the casual worker   5
Business25 mins ago

The ultimate tech guide to remote working for the casual worker  

By Paul Routledge D-Link Country Manager Like many others, you may have grabbed your laptop in the middle of March...

Safeguarding international logistics arrangements during the coronavirus crisis 6 Safeguarding international logistics arrangements during the coronavirus crisis 7
Business49 mins ago

Safeguarding international logistics arrangements during the coronavirus crisis

By Adam Ewart, CEO and Founder of Send My Bag It has certainly been a whirlwind couple of months. The coronavirus...

The Future of Finance Teams: Digitally Transformed 8 The Future of Finance Teams: Digitally Transformed 9
Top Stories55 mins ago

The Future of Finance Teams: Digitally Transformed

By Simon Bull, Sales Operations & Business Development Manager at Aqilla Finance teams haven’t always been at the forefront of...

High-yield bonds will help, not hinder, businesses’ recovery 10 High-yield bonds will help, not hinder, businesses’ recovery 11
Finance1 hour ago

High-yield bonds will help, not hinder, businesses’ recovery

By Jesse Chenard CEO of fintech MonetaGo, One of the best indicators of stock market growth is high-yield bonds. The junk...

A holistic view of organisational security 12 A holistic view of organisational security 13
Business1 hour ago

A holistic view of organisational security

By James Ward, Senior Cyber Consultant at MASS The finance sector is typically more developed than others when it comes...

IDnow: Putting a new face on identity verification 14 IDnow: Putting a new face on identity verification 15
Technology1 hour ago

IDnow: Putting a new face on identity verification

By Charlie Roberts, Head of Business Development UK&I at IDnow Munich headquartered IDnow is an identity verification provider which uses AI-based...

Finance leaders must act against increasing fraud 16 Finance leaders must act against increasing fraud 17
Finance1 hour ago

Finance leaders must act against increasing fraud

By David Thorley, Director of Customer Development, FISCAL Technologies The COVID-19 pandemic has resulted in a whole host of increased...

NextGen Communications – the future of customer experience 18 NextGen Communications – the future of customer experience 19
Technology2 hours ago

NextGen Communications – the future of customer experience

By Andrew Beatty, Head of Global Next Generation Banking at FIS As software development increasingly resembles push updates in services,...

The UK Property recovery has begun 20 The UK Property recovery has begun 21
Finance5 hours ago

The UK Property recovery has begun

By Jamie Johnson is the CEO of FJP Investment, The UK property sector will be integral to the country’s economic...

The Derry Group launches new employee engagement and communications app 22 The Derry Group launches new employee engagement and communications app 23
Technology10 hours ago

The Derry Group launches new employee engagement and communications app

The Derry Group, a one stop shop for the distribution, storage and order picking of chilled and frozen products has...