In answer to your question: Open Banking is a red-hot topic in the very closed world of banking and financial services because, from next January, every bank will be obliged to offer it to you. Open Banking is a package of reforms emanated by the CMA (UK Competition and Market Authority), with the aim to facilitate the opening of the financial networks to allow for more competition and better consumer services. It harnesses the technological changes which we have seen transform other markets…
“STOP RIGHT THERE! The very last thing I want is an OPEN bank! My picture of a bank is of those massive steel doors you see in the movies, preferably a hundred feet underground beneath tons of concrete… That’s where I want my precious money kept.”
Yes, a secure vault is an important part of any bank. But have you noticed that all the new bank branches you see today are made of glass? No more heavy Victorian stonework and solid oak doors, it’s all glass, glass, glass. Because the thing that robbers fear most is being seen – hence their balaclavas and anonymous getaway cars – and they are much happier doing their dirty work behind a thick brick wall than in the open. It’s a universal rule: police warn people living in dangerous neighbourhoods that it is safer to surround the house with an open-link fence than a solid wall, for that very reason…
“So you are telling me that the purpose of Open Banking is to make my money more secure?”
No, the aim is far, far bigger than that. I just wanted you to understand that greater transparency or open-ness does not mean less security – quite the opposite, in fact.
Think of the other changes that have taken place in the High Street: once everyone had to wait at a counter to ask for goods to be fetched from a backroom store, now everything is visible on open shelves, so you can compare, choose and help yourself. Add to that the hi-tech benefits of on-line shopping where you can immediately compare prices and specifications, and read customer reviews…
Banks are slowly changing, but no change as big as that has happened yet. The old jokes about a banker being someone who lends you an umbrella on a dry day then asks for it back when it starts raining, still apply.
Open Banking, however, is not so much a bank with an open door, as a doorway to a whole new world of banking…
“What if I don’t want a whole new world of banking?”
Remember: Open Banking is about choice. And saying “no thanks” is an OK choice. But first let me explain…
The heart of Open Banking
At the heart of Open Banking lies the ability for people to share their financial transactional data with third parties far more easily online.
“Sharing financial data online? Now you’re really scaring me!”
That’s a knee-jerk reaction! Glass fronted banks is a sharing of data – visual data – and we’ve seen how that can actually make things more secure. What really matters is what data is shared to whom and how.
Here’s an example: a popular smartphone app that helps UK customers track their spending across all their current, credit card and savings accounts, no matter who they bank with, in one secure app. Instead of having to log into every one of those accounts and do the sums to find out how you stand financially, the app delivers the facts at a glance and makes it a lot easier to budget. It’s a great idea and on the app store it scores hundreds of five star ratings. But it also scores quite a few one and two star ratings, because Open Banking is not in force till next January, and sharing the data is still difficult or inconsistent between some financial services. In fact the app’s creators have been lobbying for Open Banking for years.
Other examples would be simple payment apps that allow you to pay everyday costs such as uber trips, parking costs and meals directly from your phone.
If you think that sharing financial data is scary, just think how much more it must scare the banks – who have centuries of tradition based upon keeping an extremely tight hold on that sort of information. They are not going to do Open Banking without taking the most stringent precautions to make sure that it is only available via highly secure routes to third parties with the strongest data protection in place.
But above all remember that the drive behind Open Banking is not to let banks to go haywire with your secrets, but to force them to give you greater choice. That means they will not share that data unless you allow it or ask them to do it. It is the customer who is being given more control, not the banks.
Can you see where this is taking us?
Think back to the days when shopping meant asking for goods at a counter, and how open shelves and self service has transformed the retail experience. It creates competition: goods have to be nicely packaged, with relevant information and clear pricing to compete on today’s shelves.
With Open Banking, financial services will be required to be much more open about their products and services, and how well they are serving their customers. Choosing a bank or service will be less like a private inquisition and more like buying apps or online shopping. What exactly is offered, the plusses and minuses, how it compares with other offers, and how customers rate the service – all this and more will be available. You can pick up the packet, compare it with the others, and put it back on the shelf.
A best-kept secret?
If Open Banking has become a red-hot topic among financial services, why have we not heard so much about it? The award-winning broadcaster and consumer champion, Georgie Frost, chaired a recent NetEvents panel debate on the subject and, when asked that very question in an interview, she replied:“I don’t think the banks are doing nearly enough, if arguably anything, to prepare the consumer… We’re getting our letters through the post, talking about changes in Ts and Cs and, at best, people will file them in a drawer to read later, and never do. At worst, they’ll probably just file them in the bin, and then come January, no one’s really aware of what’s going on.” She pointed out that it would only take one scare story to make the headlines, and the whole project could be set back for ages.
Also interviewed was John James from the HSBC banking group, clearly excited about the possibilities and adding: “First Direct, where I work, announced a partnership with a fintech called Bud to test a marketplace app that will allow customers to aggregate all their financial products together, so they’ll see what’s happening in one single log-on, and get some money management insight. But also, if they want to buy a product, they’ll see something called a ‘marketplace’, and that will allow them to access products beyond what First Direct and HSBC Group can offer them.”
Another speaker was Scott Manson from Nationwide, who focused more on the way that Nationwide was preparing for the change. When asked about the thorny question of being instructed by a customer to pass data to third parties, Scott responded: “Personally, I think it’s a great idea. I think it allows us to create a more competitive environment, a more innovative environment within the banking sector… It will allow customers to use their data in different ways, and I think that’s the crux of what open banking is. It’s about changing the ownership of the data from the banks and the building societies back to the customer, and I think that’s a great idea.”
The open future
Was Georgie Frost right to conclude: “I just don’t think customers are getting it. So, I don’t think we can look at open banking in the future unless we get this right”?
The fact is that Open Banking is not that easy to explain for the very reason suggested earlier: Open Banking is not so much a bank with an open door, as a doorway to a whole new world of banking. And how can one predict or describe a whole new world?
To answer that, let’s look at just one company that has been working on other ways to “return ownership to the customer” and has already taken it a stage further in the real world. VaduvurBharghavan is CEO of an American company called Ondot that has recently launched in Europe and the UK, and he too was interviewed. He explained: “The core value proposition is to put consumers in control. It’s one thing to provide visibility. It’s another thing to make it actionable. The core value proposition that Ondot brings to the table is really making this information actionable.”
What his company does is provide financial companies with software that enables their customers to take more control. It either provides a white-label app (branded by the issuer) that allows the customers to manage their accounts themselves, or else similar functionality that can be integrated into the company’s existing apps or interfaces.
So, what happens when you reach for your credit card, and it is not there? It usually means panic – when did you last use it? Where? What you are supposed to do is immediately inform the card company that it is missing, so they can cancel it before any harm is done. But many people would rather wait a little, hoping it turns up. With the card management facility, however, you could immediately block the card on your phone app so no-one can use it and, should it then be discovered behind a cushion or in a jacket pocket, you can immediately unblock it and sigh with relief.
There are also ways you can reduce the fear of losing the card. If, for example you normally only use the card paying for meals, you can set it so that it will only do that, or you might limit its use to certain restaurants or locations, or times of day. Anyone who steals the card to buy a widescreen TV will be sadly disappointed, and the card owner will be immediately notified. But what if you really do want to buy a TV and only have that card to hand? Then you simply go to the app and unblock it for the one transaction, as needed.
The fascinating thing about passing control to the customer is that people start finding new ways to use this service that even its developers had not anticipated. A parent issues cards to the children, tailored to how they should use it: so a daughter leaving home for university could have a card that only works in the university neighbourhood. A small company issues company cards tailored to specific duties: so the van driver’s card will only buy fuel, and maybe only at certain stations.
So how do you summarise what this type of software is offering? The answer again is that this too is opening a door to a whole new world, and the only way to describe that is to start experiencing it. While Open Banking lies ahead in the UK, card management is already giving people a taste of what greater open-ness might mean. VaduvurBharghavan pointed out a growing network of business partners: “We have two of the top 10 global banks in North America, where we really have a lot of market presence. We have six of the top 20 banks and six of the top 15 credit unions, and we have just over 3,000 financial institutions worldwide. So, we have significant deployments in North America, in India, in South East Asia, in Latin America, and now we are hoping to get to the European market.”
It is patently clear what benefits this empowerment – the ability to make real-time management decisions –gives to the card holder, but what does it do for the company that is giving away this power? The obvious answer is that it makes a compelling offering – most people would prefer a card that allowed such control. Less obvious perhaps is the way that it builds a closer relationship with the customer, it enables interactive analytics about usage and choices, it opens the door for special promotions and more.
It is never easy to specify the benefits of something that is by nature an “opening” to a new world of potential, let alone make clear predictions about how it will develop. As John James said in the interview: “This is going to be a gradual thing. This isn’t all going to happen next year, and then that’s it. This is a long-term change.”
But card management does provide a reassuring taste of some ways that an Open Banking world might develop. As Steve Walker, Lead Analyst at Global Data Technology put it: “I think in the move to open banking, for customers to be reassured enough to share their data, they need to have transparency around where it’s going, the ability to turn sharing on and off.”
The only thing that will never be left open is that massive steel vault in the basement.
The quotedNetEvents interviews can be experienced in full at…LINK
Bank fraud prevention in a post-COVID-19 world
By Pierre-Antoine Dusoulier, Founder and CEO, iBanFirst
Fraud on the rise
According to recent research from a leading UK retail bank, there was a 66 per cent increase in reported scams in the first six months of 2020 compared with the last six months of 2019 – due to the COVID-19 pandemic.
Across the summer months, Action Fraud UK reported a total financial loss of £11,316,266 by 2,866 victims of coronavirus-related scams.
The rise in fraud rates is a warning that banks, building societies and other financial providers need to be as alert as ever in identifying fraud.
So, what do banks need to do to ensure their customers are protected from fraud in a post-COVID-19 world?
Educate your customers to safeguard against fraud
On the customer level, banks need to be informing their customers on the types of common fraud to ensure that they are protected for all eventualities.
Authorised push payment scams are one of the fastest growing types of fraud. According to the FT, £354 million pounds was stolen this way last year. It is where a company or individual is tricked into paying money into a criminal’s account. Emails come from a genuine email address but are then intercepted by a criminal, so it’s imperative that businesses have end-to-end email encryption, and the customer double-checks the account details with the supplier on the phone prior to making a payment.
At the same time, scammers can also exploit the company’s invoicing process, where criminals create a bogus invoice for a small amount and send it to a company’s accounting department. If the finance team does not identify this as fraudulent, it can result in the business losing a considerable amount of revenue over a long period of time.
Supplier fraud is also a widespread scam. This involves the fraudster taking on the appearance of a supplier that has changed their bank details. The fraudster will have collected information on the suppliers of the targeted company, in order to pose as an official supplier. This can be prevented by ensuring that the supplier is contacted to confirm the legitimacy of the communication. It’s important not to call or email the supplier using the details provided on the suspected fraudulent correspondence. Instead they must check the original details of the supplier and speak to them on their official telephone number or email on file.
Banking malware is the least commonly cited type of fraud but has a greater financial risk attached to it. Malware is sent by email redirecting the recipients of the message to a fake banking interface, as a way of transferring funds to offshore accounts.
Remodel processes post-COVID-19 to keep customer data safe
To fight cyber fraud and scams, banks must also play their part. In a world where entire workforces are working from home banks must remain vigilant with customer data. COVID-19 has created a change in working habits and banks need to carry out the right level of training for its employees to protect customer data. Virtual team meetings and remote data sharing poses a threat to exposing sensitive information to malicious actors, and banks need to put the necessary safeguards in place.
All virtual meetings should use the banks’ private company network, and file sharing should be carried out through secure, encrypted company drives. Meanwhile, banks need to provision for all employees to receive regular software updates that will keep customer data safe, and ensure that they are aligned with new and existing data processing regulations.
Monitoring suspicious payments
A vital element to fraud detection is through monitoring customer transactions in real time, and harnessing emerging technologies such as artificial intelligence and machine learning to spot the signs of a scam or fraud before it is too late.
One way that banks protect businesses from fraud is through keeping a log and examining regular transactional history. Any transactions which appear suspicious based on location, amount, the beneficiary, and the method will be alerted to the business customer, to mitigate the immediate and future financial risk to the business.
Know your transaction
To understand financial flows better, every bank has a Know Your Customer (KYC) engine. This is a payment infrastructure that supports onboarding processes and risk-based transaction monitoring. This system is already well known and we don’t need to elaborate on this further, as it is the fundamental building block to ensure the highest level of traceability across all transactions – including remittances and receipts of funds and foreign exchange transactions internationally.
However, KYC is limited and doesn’t include real-time analysis. What can be overlooked is a KYT engine – Know your Transaction. The aim of KYT (Know Your Transactions) is to identify potentially risky transactions and their underlying unusual behaviour for detecting money laundering, fraud or corruption. An automated concentration of transactions with accurate and relevant information directly from the original data sources is essential.
Finally, banks and payment companies need to implement anti-fraud modules to defend against cyberattacks, based on the latest algorithms capable of analysing transactions issued in real time and detecting anomalies or suspicious behaviour upstream, strengthening the security and transparency of payments and building a network of trust between issuers and recipients of payments.
In a post-COVID-19 world it’s clear that scams will become more common place. Within this environment there is a shared responsibility when mitigating the risk of financial fraud. The bank must educate and inform customers to enable them to protect themselves, while ensuring a robust technological infrastructure and ways of working are in place that protects customer data; their finances, and fundamentally their business and livelihood.
How One Bank Successfully Responds to Sophisticated Threat Actors
By Robert Golladay, Strategic Accounts Director, Illusive Networks
Cybercriminals and hacktivists have a special fondness for financial institutions. Continuous business innovation, complex ecosystems, merger and acquisition activity, fintech, cloud adoption and a growing consumer-driven attack surface multiply the problem for financial organizations. Despite the vast resources financial institutions devote to cybersecurity, one challenge has been especially difficult to solve – that of detecting and stopping APTs before real damage is done.
Securing cloud-based banking
An active lender in the UK sought a new way to protect its customers and the valuable assets it holds. The bank needed to:
- Defend customer and employee information from compromise
- Detect and thwart sophisticated attacks
- Effectively defend cloud-based operations across accounts and instances
As a cloud-first company, the bank’s preference is to always invest in next-generation technology for operations and security infrastructure. In May 2016, with the help of Amazon Web Services (AWS), it became the first bank in the UK to be fully cloud hosted. The bank also uses AWS to deliver a financial technology service that helps lenders make informed decisions through data and automation.
Security is always a priority, which is one of the reasons the company chose AWS, conducts regular penetration testing, and performs advanced attack simulations. To maximize effectiveness of its layered security infrastructure, the company continually trains its employees and reinforces data security best practices.
In particular, the bank sought additional safeguards from sophisticated threats that evade other security measures, such as advanced persistent threats, as well as gain insight into attacker tactics and techniques. The new layer needed to be cloud-based for high scalability and flexibility, and it had to defend the company without time-wasting false positive alerts. The security team looked at deception technology and chose a solution that allowed them to gain real-time verification of anomalies and lateral movement in the network.
The deception solution enabled the bank to focus on attackers’ behaviour and perspective. The solution’s expertise in attacker methodology augmented the bank’s internal capability to detect novel attacks, while enabling rapid and adaptable coverage in its cloud-based environment.
The bank’s deception solution uses agentless, intelligence-driven technology that creates a dense web of deceptions and effortlessly scales across the infrastructure. Featherweight deceptions on every endpoint look exactly like the bank’s real data, access credentials and connections. When an attacker is confronted with deceptions, this deceptive view of reality makes it impossible to choose a real path forward. One wrong step triggers an alert to the bank’s security team.
The bank’s CISO found it invaluable to be able to deploy a solution that creates doubt and confusion in an intruder’s mind. When attackers can’t distinguish between real and deceptive assets, the security team can collect information and apply intelligence to patterns that it has observed during that time period of activity. The solution simultaneously sharpens the bank’s investigative process and constrain the attacker.
The lender easily deployed deception technology across its complex environment, scaling it across AWS instances and accounts. The IT security team now has continuous visibility and confidence that these defences enable them to thwart sophisticated threat actors.
The bank gained proactive threat response and the assurance that an alert represents a real issue. These alerts are only triggered when an attacker engages with a deceptive asset. At that point, the deception technology immediately begins capturing forensic data from the system where the attacker is operating, presenting real-time forensics and a quantifiable measure of potential business risk. It uncovered, for example, malicious processes trying to operate on an endpoint.
The deception solution enables the lender to be much more proactive. It detects and analyses attacks in real time to produce actionable alerts, directing the security team to relevant and valuable conclusions. The technology provides exceptional, innovative coverage for malicious pivoting and lateral movement. It uncovers the in-depth, sophisticated actors who evade other countermeasures and gives security analysts direct visibility into targeted attacks, which they find invaluable.
A laser-focused approach
The financial sector remains a perennial favourite of the cybercriminal crowd. As networks become more complex, their perimeters all but disappear, creating the need for stronger and more comprehensive security than ever previously imagined. Advanced persistent threats are a particular concern, as they are notoriously difficult to detect before significant damage is done. For financial institutions, the reputation damage alone may be insurmountable.
Banks and other financial services organizations pour resources into cybersecurity, but one option that needs further exploration is deception technology. This method of security monitors for lateral movements toward critical assets and thus provides a powerful alternative or enhancement to traditional monitoring approaches. Security teams can see attackers’ proximity to those crown jewels early in the attack cycle, buying time for careful response. As the lender above learned, deception technology cuts through the noise of alerts to deliver the intel financial institutions need to act quickly and safeguard their high-value data.
Why banking and finance need to move qualifications online
By Rory McCorkle, Senior Vice President, PSI Certification and Education Services
The global banking and finance sector often presents a strange contradiction when it comes to technology. On one hand, the sector is leading the way in blockchain technology, big data and Artificial Intelligence. On the other hand, many large financial institutions are falling behind in their digital transformation efforts, with internal processes as well as the moving the customer experience online. Particularly when compared to fintech and new challenger banks.
A report last year by Accenture found that just 12% of large traditional banks surveyed have fully committed to digital transformation and 50% of banks made little progress. The remaining 38% are in the midst of their transformations, but their digital strategies lack coherence.[i]
One area of digital transformation that has been particularly slow is access to qualifications and certifications. Many exams in the banking and finance sector continue to use Paper Based Testing (PBT). However, COVID-19 has accelerated the transition from PBT to Computer Based Testing (CBT), proving irrevocably that change is possible – regardless of the size of your organisation, number of candidates or security requirements.
In a heavily regulated environment that is undergoing increased scrutiny, a high level of certification and compliance is a necessity for many working in the industry. And credentials that hold such significance need to be securely and fairly assessed. This is where CBT offers numerous benefits. For organisations there is security, integrity, flexible capacity, increased reach and a streamlined exam administration process. And for candidates, CBT provides flexibility, convenience, accessibility and increased choice.
Despite these benefits, some organisations still have reservations and have been slower to make the move to CBT. In more traditional professions, such as finance, there can be a greater reticence. This is likely to be based on the historic prestige of PBT, as well as a desire to stick to more traditional methods. However, with more learning completed online, and educational resources shifting to digital from primary education to CPD, expectations around assessments are changing.
Up-and-coming candidates in all professions, particularly those who are digital natives, are starting to question outdated methods. Organizations will need to adapt to stay current and relevant with their market. What’s more, technological advances have now combined with the coronavirus pandemic to increase the demand for remote business services. Meaning that a growing number of organisations in the banking and finance sector are moving to CBT.
Technology offers burgeoning options to increase test security with CBT. Linear-on-the-fly testing (LOFT) for example allows you to easily change items for each candidate, while maintaining the fairness of the exam – rather than the fixed forms used in PBT.
With LOFT, every candidate is given a unique set of items, making cheating a lot more difficult. And with no need to ship test papers around the country, there’s significantly less risk of physical security breaches with CBT than with PBT.
With the movement away from paper and pencil testing, advances in online proctoring have also dramatically increased the ability to deliver secure online assessments. Using a webcam and microphone, online proctoring provides test security for exams, while offering candidates additional flexibility and convenient scheduling.
Even before COVID-19, online proctoring was becoming far more commonplace. In 2018, there was a 10% increase in organisations using online proctoring with video/sound recording and identity authentication as part of the exam process compared to 2017.[ii] And COVID-19 has reinforced the fact that it is possible to effectively move to CBT side by side with online proctoring – and move quickly.
Testing has changed a lot during its history but the reasons for adopting CBT have remained the same for decades – fair and reliable testing delivered at scale. Nearly all tests that are completed with a paper and pencil can be adapted for CBT.
For organisations in the banking and finance sector, recent technological advances have provided many more options to reach candidates. At the same time, technology has significantly increased the security for important online assessments that will not only affect a candidate’s future, but might also impact the future and reputation of their profession.
As with any change, the move from PBT to CBT must be managed carefully and communicated clearly. And with best practice in place, it is possible for any organization, regardless of size and number of candidates, to make the move to CBT.
Return to Work Doesn’t Mean Business as Usual When it Comes to Travel and Expense
By Rob Harrison, MD UK & Ireland, SAP Concur The last few months have been an exercise in adaptability for...
Why technology is key to the future of auditing
By Piers Wilson, Head of Product Management at Huntsman Security The Financial Reporting Council (FRC), which is responsible for corporate governance,...
Staff training crucial for SME recovery post-COVID
47% of UK’s top performing SMEs provide regular, formalised training for all staff Despite this, 15% of small businesses report to...
What Is Globalization
What is globalization? Globalization, or inter-connectedness, is the ever-growing process of integration and interaction among countries, individuals, businesses, and even...
What Is Microsoft Teams
Microsoft Teams is an application and web-based collaboration tool that combines chat, videos, online collaboration, document storage, and collaboration with...
What Is Capitalism
What is capitalism? Is it a great economic system or just another economic system that is not so great? Well,...
How To Start A Youtube Channel
How to Start a YouTube Channel For Your Business: Do you have a blog or website? If you do, it’s...
What is URL
A Uniform Resource Locater, colloquially known as a URL, is an identification to a certain web resource, a directory or...
What Is Seo
Search engine optimization, also known as SEO, is the process of increasing the quantity and quality of site traffic from...
How Much Rent Can I Afford.
How much rent is too much to pay? Sometimes, apartment complexes look at an annual income that’s over forty times...