Paul Hampton, Payments and Crypto Management Expert, SafeNet
The use of online banking and shopping has grown significantly[i], but so too has the number of security threats targeting such services. Every day we hear of another company falling foul to a data breach, with nearly 200 million records stolen in the first quarter of 2014, so protecting financial data has never been more important. Yet, while the need to secure payment transactions and data remains critical, it doesn’t seem to be getting easier.
Today, security teams have to contend with increasingly sophisticated attacks, a technological environment that is evolving rapidly and compliance with multiple standards and regulations. Add this to the fact that any transaction relies on a complicated ecosystem with multiple points of vulnerability and it’s clear that securing financial data is far from simple. So what steps should businesses take to ensure that their most sensitive data remains protected?
Where do the vulnerabilities exist?
In order to protect data in the best way possible, businesses must first understand the vulnerabilities – one of which is the payment ecosystem. A successful transaction relies on a complicated ecosystem with many potential points of vulnerability and involving several parties, including the merchant, acquirer, switch and bank or card issuers. This ecosystem is only as strong as its weakest link. Another major point of vulnerability is the internet. Today, just about every business has an eCommerce site which aims to securely capture and process customer data. But when the customer makes a purchase, the business loses control of a large portion of the transaction interaction as customers use a variety of devices, operating systems and browsers to access eCommerce sites. It is becoming vital for businesses to protect their customers’ data as early in the transaction process as possible.
Another vulnerability is the gap between compliance and security. Merchants have been subject to a myriad of compliance requirements around how to handle customer data and process transactions, such as the Payment Card Industry Data Security Standard (PCI DSS). According to our Secure Payments survey, one-third of respondents spend more than six weeks a year complying with card schemes’ regulations, yet these guidelines fail to address some key areas of vulnerability in the payment ecosystem. Areas which have been exploited with disastrous consequences – for example, 70 million customers were affected by the Target customer credit card data theft in December 2013.
Why a ‘secure breach’ mind-set is best
With so many points of vulnerability, organisations must adopt a framework where data is central. This means adopting a ‘secure breach’ approach to data protection which focuses on protecting sensitive data wherever it exists and limiting access to this data, even when it lives in an uncontrolled, untrusted environment.
Today, Point-to-Point Encryption (P2PE) is the best method of protection. Rather than focusing on specific points of vulnerability, P2PE uses special payment terminals to encrypt card data at the earliest possible moment of its capture, ensuring that data remains in an encrypted state consistently until it arrives at the payment gateway. This means that even if an external attacker bypasses perimeter defences, or an unauthorised internal user looks to leak or steal data, the data remains protected.
This approach not only increases security, but also dramatically reduces the scope of PCI DSS compliance for merchants of all sizes. In fact, recent breaches in the retail industry, including those of retailer Office and eBay, may have been greatly mitigated by the use of Point-to-Point Encryption. Yet according to our research, only 24% of respondents are currently implementing P2PE solutions.
The detail: pay attention
For organisations that manage sensitive data, whether payment card information, personally identifiable information, or other sensitive records, safeguards need to be applied, both to guard against security threats and ensure compliance with privacy and security mandates. However, encryption alone is only part of the solution. Encryption keys need to be preserved in a secure and reliable manner. But, surprisingly, one of the most common mistakes that organisations make is storing encryption keys where the data resides, thus exposing sensitive information to significant risk.
Perhaps the problem is that currently, many teams that are responsible for key management, are small and distributed, or significantly contributing to their organisation’s heavy compliance workload. According to our research, two-thirds have four or less people involved in key management. So, to succeed in meeting administrative demands and security objectives, it is imperative security teams begin to leverage more centralised, efficient, and secure key management platforms.
Organisations should invest in a standards-based enterprise key management platform or strategy that can be used to control keys over their life cycle. This strategy should include specific methods of limiting access to keys, defining how those keys are issued and distributed, and providing protections for them as they are stored. Without these considerations, keys could be copied, modified or even impersonated by a skilled hacker, who could then access cardholder data.
A security strategy with data at the heart
As hacking attempts become almost a daily occurrence, being breached is not a question of “if” but “when”, so best-practice data protection is vital. CIOs have long considered the best defence to be a good offense when it comes to handling security threats. But in the new reality of security, the best offence is now the best defence, and encryption is the key to that strategy.
For security teams tasked with safeguarding payment data, demands for encryption and key management are only increasing, both in scale and urgency. Sensitive information must be secured across the entire lifecycle, which means leveraging approaches like centralised key management and P2PE will be more critical than ever. Only such a data centric approach will leave companies safe in the knowledge that their data is protected, whether or not a security breach occurs.
If you are worried your company may have suffered a data breach, why not assess the severity of the breach using our Breach Level Index here: http://www.breachlevelindex.com/
[i] According to the UK Cards Association, the UK is Europe’s leading online shopping economy with spending by British
consumers online growing by 16 per cent in 2013 to reach £91 billion. http://www.theukcardsassociation.org.uk/news/EOYFFfor2013.asp – March 2014
How Siloed Data Leaves Financial Institutions Open to Fraud
By Stephanie Lapierre, CEO Tealbook
Reducing the risk of fraud is a top priority for all financial institutions since fraud is responsible for massive profit loss, as well as the degradation of an institution’s integrity and brand.
In trying to prevent fraud, most executives look to protect themselves from the outside in, implementing layers of security and launching reactive measures. However, in order to truly protect your organization from fraud, it’s imperative to begin by looking at your existing internal structures. The most critical and often overlooked area to assess is how your organization obtains, enriches, and distributes data.
Streamlining and scrubbing your data can increase profitability without adding to resource spend. Having good data allows you to complete your due diligence on vendors and external entities your organization regularly deals with. It favorably adjusts your efficiency ratio and reduces risk by eliminating redundancies, conflicting information, and information gaps. In addition, it allows smaller teams to operate with increased scale and effectiveness. In turn, this leads to a more effective vendor vetting process and less room for error in payment information verification.
Conversely, poorly managed data is confusing and deceiving and can play an unfortunate role in giving fraudulent access to outside parties through internal miscommunications. For example, updates could be made in one system and not another, and suddenly different departments are working with different data sets like payment information or legal formation documents that regulators look for in audits, and no one knows what is true or accurate. This effect snowballs over time, creating massive holes in the integrity of the data, creating unnecessary risk exposure and audit failures.
All of these vulnerabilities can serve as the foundation for developing a risk management protocol that may be rendered useless if it is based on poor data. It is impossible to properly vet vendors and suppliers or verify payment information if the data is unreliable.
By investing in a solid Data Foundation, you’ll see an increase in the success of your risk management and fraud prevention measures. In many instances, you won’t need to add more steps or resources, just power your existing systems with clean, agile, and accurate data to see improved efficiency.
Here’s a closer look at the most common vulnerabilities within a typical financial institution’s data ecosystem:
Fragmented Organization Structure
As organizations grow and scale, it’s inevitable that different subsections will become isolated from one another and begin different processes for data management. Poorly managed systems can exacerbate this lack of communication and threaten data integrity.
It may not seem like cause for concern if a few different arms of an organization aren’t completely in sync. However, in the financial space, this issue rarely applies to just one or two organizational divides. For example, a prominent US-based financial institution boasts over 90 business units, all of which need to be synergized in order to prevent inaccurate data, redundancies, and problems with regulatory information gathering. This siloed information is, unfortunately, a common practice that needs to be addressed.
Unmanaged Proprietary Systems
In an attempt to serve data in a highly specialized way, many institutions have explored developing proprietary data systems for internal use. However, because of factors like employee turnover or an inability to keep up with data integrity best practices, these legacy systems quickly become obsolete and unmanaged. Their custom nature also renders them inflexible and unable to integrate with other solutions.
When trying to work around an unmanaged system, different branches of an institution may turn to different solutions. When work is being done across different platforms, this reduces visibility and increases risk for inaccuracies, which leads to poor decisions, costly rework, and potentially fraud.
If your organization is reliant on a proprietary system, consider if that system is functional and scalable. If it’s not, you may want to look into a flexible data management system that can work with other technologies.
Disparate Information Across Systems
Mergers, acquisitions, and growth also lead to using and implementing many different ERP solutions and antiquated legacy software that are forced to communicate with each other using painful manual efforts. A major problem arises from the fact that these systems operate across numerous lines of businesses, all with different siloed data. By having so many siloed systems that could be compromised with harmful data, these disparate data sources leave banks and other financial institutions exposed to unnecessary risk.
Different departments have different needs, so it makes sense that they would use different solutions, but it’s important that those solutions pull from a single source of truth in order to prevent the types of data inaccuracies that lead to vulnerabilities.
Closing the holes in your data integrity is the most proactive way a financial institution can defend against fraud. As hackers get increasingly creative and aggressive, it becomes even more critical that organizations have a trusted Data Foundation to base their decisions on. This can be achieved by ensuring that siloed systems are powered by consistent and accurate data from a single reliable source.
Three things to help fintech unicorns grow profitability
By Kash Amini, CEO and Founder of MasLife
The new breed of fintech companies is missing a trick with a massive market opportunity. Lack of customers isn’t the problem – profitability is. CEO and Founder of health and finance app MasLife Kash Amini suggests that there are three key ingredients neobanks lack in their journey to growing profit.
The ‘doom-and-gloom’ merchants are out in force, predicting that the UK economy could tank, especially on the back of a second lockdown. Devotees of 70s English rock will remember an album by the group Supertramp called “Crisis? What Crisis?”, and you can see the new breed of fintech firms thinking exactly that. Figures from Accenture’s Digital Banking Tracker show that neobanks scooped up an extra 6 million customers in the second half of 2019, tripling their customer base – even before the pandemic hit. But every silver lining has a cloud, and in this case, Accenture’s Tracker shows some of them losing as much as £15 per customer in 2019.
The new neobanks are examples of that old adage ‘old wine in new bottles’. They are doing everything that traditional banking does, but in a more seamless manner. But a seamless experience is not enough – fintechs have been focused on providing customer-friendly experience, solid customer service, flexibility, and quick onboarding. But the technology doesn’t wow customers anymore. This is what they expect, they don’t want to pay premium rates for what they consider standard.
Fintechs know they need to offer more than frictionless technology, but only the right execution will make sense to the customer – to be in line with their values and attractive enough to drive revenue.
What’s missing is the connection between the platform and users, which can ease the experience of consumers dealing with their finances. Make users feel they are part of something beyond banking solutions and give them a platform that really listens and resonates with the users’ needs and goals, without making them feel that they are just another client.
Having values and purpose is another positive attribute. Recently launched German neobank Tomorrow is focussing on protecting the climate, pointing out to their customers that not a cent goes into armaments and coal power. Another brand example – non-fintech this time – which has features and attributes fintechs could integrate into their apps, is Calm, the meditation, relaxation, and sleep app.
Since the birth of fintech, it’s been quite revealing how simplifying the user experience has made dealing with financial apps more fun, and this plays into two separate groupings of the UK population – the Millennials (born between 1981 and 1996) and Generation Z (born between 1996 and 2015). A 2019 report by finance, IT and media firm Bloomberg showed Gen Z accounting for 32 per cent of the global population – ahead of Millennials who weighed in at 31.5 per cent. It’s difficult to pigeonhole these two groups, but let’s try anyway. Millennials are ambitious, hardworking, and self-focused, whereas Gen Z is searching for truth, authenticity and looking for ethical brands. A significant number of these two groups has switched from the way the banking experience was handled previously to how neobanks handle it. That’s why there is constant growth and innovation: new designs will only amplify and substantially attract more users to more neobanks.
Don’t buy some of the negativity associated with Gen Z, like them having ‘the attention span of a goldfish’. They’re thinking critically about brands which claim high values, trust, helping the world, fighting for a better purpose. Pakistani activist for female education Malala Yousafzai – the youngest Nobel Prize laureate, and Swedish environmental activist Greta Thunberg are examples of what I think Gen Z is all about. So, you need to combine the element of finance and seamless tech and add something ethical and unique, to attract Gen Z – which are your future premium customers.
Below are outlined three attributes the unicorn breed of fintech firms are missing, which could spell the difference between an onwards-and-upwards trajectory rather than a crash-and-burn scenario.
Images that decrease the anxiety associated with financial matters, together with a calming user interface design. When the user fires up the app it promotes a more relaxed and stress decreasing approach to handling the financial app and in turn their finances. The vast majority of fintech apps are very ‘financial looking’ – aka dry as a bone, and fintechs need to address the look and feel of their applications. Customers paying premium rates for financial services, expect something more than a standard finance app, so fintechs need to add a better-designed interface, both graphically and interactively – currently that’s missing.
Incorporating nature and meditation images to give a much more holistic feel would also promote a better relationship with one’s finances. Health and wellness themes will make it more pleasant for people to deal with finances.
- Human connection
A lot of fintechs are completely missing the point of humanising financial apps and giving added value to the customer. When you’re incorporating finance holistically, it’s important to realise that a healthy relationship with money is part of one’s wellbeing and affects all the other aspects of one’s life – personal, business, etc. just as much as physical health.
Fintechs should think about adding gamification to their apps. It moves the process of dealing with money away from it being ‘just a finance app’ and adds more support to creating a healthier approach to personal finance.
Respected financial psychology expert Dr. Bradley Klontz has conducted several studies on customers’ relationships with their finances. People with money avoidance issues will avoid looking at account balances, bank statements, will not adhere to budgets and run away from their financial problems. Gamification and calming features can help people overcome the worry of opening their money account and make them feel more connected.
The way customers feel about their finances affects how they feel every day about other important areas of their lives. Satisfying the non-financial aspects of users would help them to evolve in all aspects of life, as this will ultimately bring them financial freedom.
The finance sector and most fintech apps do not have the consumer’s interest in mind. They are intentionally letting users go into debt in order to generate revenue. This isn’t the way to humanise the finance sector, and it is definitely not a mindful approach to customers’ wellbeing and future finances. Generation Z customers are looking for ethical applications, so fintechs who can show and prove they care about not just the customer, but about scenarios chiming with customer feelings – like improving the climate or minimal use of unrecyclable materials will likely be chosen.
Helping people realise how to reach their potential is missing big time. Fintechs need to give users a 360 approach to their life and realise the need for a holistic approach to customer finance.
We have seen these trends emerging in the last few months with some fintechs startups having approached new ways of engaging with their customers. But the big unicorn fintech world still awaits a strong player which will embrace these trends and cater to the current and future premium customers. Neobanks who find a way to help their customers create healthy financial habits will win their loyalty and the industry fight for premium rates.
Shifting Priorities in the Age of Digital Transformation
Creating the analytics-driven enterprise with a “strategic enterprise intelligence system”
In the Age of Digital Transformation, executives concerned with creating competitive advantage are laser-focused on the vitally important question:
“How can I use technology to beat the competition and avoid disruption?”
This deceptively simple question tends to open a can of worms when we attempt to answer it. On a daily basis, executives seek to simplify complex answers by deconstructing them into their component parts. By doing so, they hope to define and deploy said components on an operational level to create a better, stronger operating model.
This is the very foundation of the analytics-driven enterprise. Through this article, we hope to help executives deconstruct the complex questions they face regarding their investments in the technologies needed to secure a competitive advantage in the 21st century.
Shifting Priorities in the Age of Digital Transformation
Enlightened executives have shifted their priorities to compete in the digital age. To be a digital competitor today, the CEO and their team must leverage technology to:
- Drive revenue productivity – drive increasing rates of revenue with continuously lower variable operating costs by accelerating marginal revenues faster than marginal costs. Wall Street rewards public companies for their organic revenue growth more than any other KPI.
- Improve operational efficiencies – automate where automation makes sense, and drive continuous streamlining and improvement of key business processes that provide value at an increasingly lower cost.
- Enhance the customer experience – create a brand experience that insulates the customer base from competitive attacks and mitigates the risk of being disrupted by either traditional competitors or new entrants.
- Monetize data assets – gather, store, analyze, and move digitally-derived insights to where they are needed to drive operations, service, sales and marketing. Leveraging the company’s own unique data assets is the key to “cracking the code” and winning in the 21st
Enlightened executives have come to understand that next to their people, data is their most valuable corporate asset. The ability to leverage 21st century technologies to monetize data has resulted in an explosion of technologies of many different types designed to generate high ROI and sustainable competitive advantage from data assets residing both inside and outside of the enterprise.
Data analytics and Business Intelligence (BI) technologies are included in those high-ROI technologies. As evidence of the digital transformation explosion currently underway, in September of 2020 the cloud data warehousing firm Snowflake recorded the largest initial public offering in history. The company sold 28 million shares to raise nearly $3.4 billion. After trading over $300, Snowflake stock closed at $253.93, up 112% from its offering price. Warren Buffet’s Berkshire Hathaway fund is a major investor.
Cloud is but one component. The digital transformation market based on technology is segmented into cloud computing, AI, big data and analytics, mobility/social media, cybersecurity, IoT, and others. The global digital transformation market size is projected to grow at a CAGR of 16.5% from USD 469.8 billion in 2020 to USD 1009.8 billion by 2025. The AI segment is expected to grow at 30% + CAGR during the same period.
Gamechanger: The Rise of Big Data
The emergence of big data as a source of competitive advantage has changed everything. The hype rages on as the continuous, 24/7/365 onslaught of structured and unstructured data has triggered both unprecedented opportunities and major disappointment.
Cutting through the hype surrounding big data and making it actionable has been a major source of heartburn for business teams. As a result, the technologies associated with making big data actionable—organizing it, analyzing it, and creating useable output that drives the four priorities outlined above—has become a priority for global enterprises across all sectors.
Managing and monetizing this “Big Data Tsunami” has become a top priority for CEOs around the globe.
The Rise of Business Intelligence (BI) Tools
Business Intelligence tools include key features such as data visualization, visual analytics, interactive dashboarding, and KPI scorecards with minimal IT support. They allow business users to utilize automated reporting and predictive analytics in a self-service mode to operate the business and build their “strategic enterprise intelligence system.”
Becoming an analytics-driven enterprise is essential in the Age of Digital Transformation, where start-ups are emerging in every sector, taking share from established brands, and inhibiting improvement in core KPIs.
The data analytics BI tools served up in visualization dashboards typically consist of four categories: 1) Diagnostic, 2) Descriptive, 3) Predictive, and 4) Prescriptive. Diagnostic and Descriptive analytics tell the company what happened and why, while Predictive and Prescriptive analytics tell the company what to do and when to do it.
Properly integrated, a strategic BI solution can let the business both look “in the rearview mirror” (diagnostic and descriptive reporting) and “through the windshield into the future” (predictive and prescriptive actions). This allows the company to optimize its approach to customers, products, and markets, as well as drive core KPIs to new levels.
BI tools, when integrated properly with other data and analytics assets and organized for the unique needs of the business, can create a strategic enterprise intelligence system. Their benefits include:
- Data consolidation across business unit, data and technology silos—a single version of the truth at the enterprise level
- Self-service analytics unlock data access so data can be monetized
- Elimination of manual tasks
- Reduced costs
- Real-time access and reporting
Today, the world’s most innovative companies are using complex combinations of these commercially available suites combined with their own proprietary data analytics to drive the performance of these suites to even higher levels.
To learn more about building a strategic enterprise intelligence system, and how digital champions are transforming their business models using data insights, check out The Benefits of Business Intelligence Suites for Executives on Trianz.com.
This is a Sponsored Feature.
How Siloed Data Leaves Financial Institutions Open to Fraud
By Stephanie Lapierre, CEO Tealbook Reducing the risk of fraud is a top priority for all financial institutions since fraud...
Dealing with the loneliness crisis with assistive technology
By Karen Dolva, CEO and Co-Founder of NoIsolation Humans are social beings, and for most children, school will be their...
Round Table Feature – Attracting FDI at times of crisis
In recent years the growth of Northern Ireland’s financial services sector has been fuelled by an unbeatable combination of world-class...
UK versus Australia – data regulation on both sides of the world
By Guy Hanson, VP, Customer Engagement, Validity While consumer data privacy continues to be a hotly debated topic and many...
COVID-19 is changing people’s preferences when it comes to BTL investments
By Jamie Johnson, CEO of FJP Investment Throughout 2020, investors have had to navigate increasingly treacherous and volatile market conditions...
Three things to help fintech unicorns grow profitability
By Kash Amini, CEO and Founder of MasLife The new breed of fintech companies is missing a trick with a...
How banks can take on Google in the race for AI talent
By Nicola Sullivan, solutions director at candidate engagement tech firm Meet & Engage The events of 2020 have made the...
Furlough Fraud: genuine mistake or cheating the system?
As the furlough scheme comes to an end, many employers will be at risk of falling foul of its stringent...
Five features that decrease the value of your home
When you’re preparing to sell your house or flat you might think of various steps you could take that might...
Regulatory overlaps cause conflicts, confusion and complexity: is collaboration the answer?
By Rob Fulcher, Head of Business – Americas, CUBE Global Regulatory overlaps are an ongoing, perplexing and often time-consuming anomaly....