HOW CAN FINANCIAL INSTITUTIONS USE REGULATIONS TO DRIVE MORE ROBUST SECURITY?

By Paul Ferris, Product Manager at Diebold-Nixdorf UK/I

ATM crime will always exist in one form or another. The European Association for Secure Transactions (EAST) found that in 2016 transaction reversal fraud was up 147% compared to 2015[1], highlighting how certain types of attacks are becoming more prevalent in some geographical areas. Criminals are clearly very persistent and will continue to develop more and more sophisticated methods of attack, often quickly migrating from one area to another when solutions are put in place.

Indeed, attacks are already moving beyond local instances and towards financial institutions’ networks; something that has a wider-spread impact than localised attacks on ATM systems. Financial institutions therefore need to make sure that it’s not just their physical and logical environments that are secure but also their overarching networks; something that compliance can help with.

All this might paint a bleak picture for banking security, but in fact there are several measures that institutions can take to not only secure their physical and cyber networks, but also to ensure they’re compliant with industry policy and regulations.

Paul Ferris, product manager at Diebold-Nixdorf UK/I, looks at why security and compliance actually go hand in hand with one another:

1. What are the key security trends in the industry now?

IT attacks are the number one risk to financial institutions, but this isn’t the only form of security attack that threatens the network.

The top four security threats that the UK/I industry generally face are transaction reversal fraud, malware attacks, black box attacks and card entrapment.

The current key threat, transactional reversal fraud – which results in a hard loss of cash to deployers – has risen exponentially on a global scale but particularly in the UK where there have been over 10,000 attacks over the past year[2].

1. What are the most important actions financial services providers can take to protect themselves? 

There are fundamental actions that financial service providers can take. First and foremost, instead of deploying a single solution they should look at deploying layers of security to prevent a single point of exposure and to reduce the risk of an attack harming the online or offline networks.

This applies to each of the three main pillars of security: physical security, logical security and fraud. It’s not a case of ‘one-solution-fits-all’; organisations need an informed, vigilant approach for more robust protection.

Financial institutions should also consider location when it comes to security solution deployment, particularly with physical security threats. Higher density environments such as cities may need a different approach than lower density areas. This demonstrates why a broad-brush approach to banking security is not as effective as a multi-layered, organisational wide strategy.

1. How do security and industry compliance impact upon each other? 

Both security and compliance go hand in hand. The industry regulators are using compliance to drive more effective security measures throughout the sector.

A decade ago, when it came to ATM deployment most conversations focused on the configuration of the ATM – whereas now the first questions asked will most often be around security and compliance. This is driven by a wider recognition that both of these areas are crucial to operating an effective self-service network and ultimately keeping customers satisfied.

1. What are the potential pitfalls/challenges for financial institutions in the intense regulatory environment?

The two major challenges for financial institutions are cost and time. Despite the announcement of new or updated regulations sometimes years in advance, it still takes time to implement and also costs money.

Planning is the most important measure financial institutions can take as this will help to minimise costs, plan resources and deliver an integrated rollout plan which logically combines all associated requirements into an effective roadmap for change.

1. What resources can institutions/customers lean on to help with compliance and security procedures? 

Keeping close to the various industries bodies is key. Making sure that there is an open line of communication between your company and the relevant authorities will help ensure you’re not caught out by any updates or the creation of new policies and regulations.

Work together. Across the industry, we have a wealth of knowledge and experience and therefore we should strengthen our efforts as a unified industry to ensure we all have access to an up-to-date, compliant and safe self-service network.

So, make sure you’re prepared, but view regulatory change as a positive – it’s designed to help rather than hinder. Planning ahead is critical as well as ensuring you have a compliance and security road map to navigate regulatory changes which impact your estate. Regular reviews of the attack landscape and your risk profile are also vitally important to maintaining a safe network for the future.

By Paul Ferris, Product Manager at Diebold-Nixdorf UK/I

ATM crime will always exist in one form or another. The European Association for Secure Transactions (EAST) found that in 2016 transaction reversal fraud was up 147% compared to 2015[1], highlighting how certain types of attacks are becoming more prevalent in some geographical areas. Criminals are clearly very persistent and will continue to develop more and more sophisticated methods of attack, often quickly migrating from one area to another when solutions are put in place.

Indeed, attacks are already moving beyond local instances and towards financial institutions’ networks; something that has a wider-spread impact than localised attacks on ATM systems. Financial institutions therefore need to make sure that it’s not just their physical and logical environments that are secure but also their overarching networks; something that compliance can help with.

All this might paint a bleak picture for banking security, but in fact there are several measures that institutions can take to not only secure their physical and cyber networks, but also to ensure they’re compliant with industry policy and regulations.

Paul Ferris, product manager at Diebold-Nixdorf UK/I, looks at why security and compliance actually go hand in hand with one another:

1. What are the key security trends in the industry now?

IT attacks are the number one risk to financial institutions, but this isn’t the only form of security attack that threatens the network.

The top four security threats that the UK/I industry generally face are transaction reversal fraud, malware attacks, black box attacks and card entrapment.

The current key threat, transactional reversal fraud – which results in a hard loss of cash to deployers – has risen exponentially on a global scale but particularly in the UK where there have been over 10,000 attacks over the past year[2].

1. What are the most important actions financial services providers can take to protect themselves? 

There are fundamental actions that financial service providers can take. First and foremost, instead of deploying a single solution they should look at deploying layers of security to prevent a single point of exposure and to reduce the risk of an attack harming the online or offline networks.

This applies to each of the three main pillars of security: physical security, logical security and fraud. It’s not a case of ‘one-solution-fits-all’; organisations need an informed, vigilant approach for more robust protection.

Financial institutions should also consider location when it comes to security solution deployment, particularly with physical security threats. Higher density environments such as cities may need a different approach than lower density areas. This demonstrates why a broad-brush approach to banking security is not as effective as a multi-layered, organisational wide strategy.

1. How do security and industry compliance impact upon each other? 

Both security and compliance go hand in hand. The industry regulators are using compliance to drive more effective security measures throughout the sector.

A decade ago, when it came to ATM deployment most conversations focused on the configuration of the ATM – whereas now the first questions asked will most often be around security and compliance. This is driven by a wider recognition that both of these areas are crucial to operating an effective self-service network and ultimately keeping customers satisfied.

1. What are the potential pitfalls/challenges for financial institutions in the intense regulatory environment?

The two major challenges for financial institutions are cost and time. Despite the announcement of new or updated regulations sometimes years in advance, it still takes time to implement and also costs money.

Planning is the most important measure financial institutions can take as this will help to minimise costs, plan resources and deliver an integrated rollout plan which logically combines all associated requirements into an effective roadmap for change.

1. What resources can institutions/customers lean on to help with compliance and security procedures? 

Keeping close to the various industries bodies is key. Making sure that there is an open line of communication between your company and the relevant authorities will help ensure you’re not caught out by any updates or the creation of new policies and regulations.

Work together. Across the industry, we have a wealth of knowledge and experience and therefore we should strengthen our efforts as a unified industry to ensure we all have access to an up-to-date, compliant and safe self-service network.

So, make sure you’re prepared, but view regulatory change as a positive – it’s designed to help rather than hinder. Planning ahead is critical as well as ensuring you have a compliance and security road map to navigate regulatory changes which impact your estate. Regular reviews of the attack landscape and your risk profile are also vitally important to maintaining a safe network for the future.