Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

SECURITY WITHIN THE FINANCIAL SECTOR

Global Banking & Finance Review recently spoke with Brian Spector, CEO, CertiVox about security within the financial sector, including the state of user security, common threats and organizations can be doing.

How would you describe the state of user security within the financial and banking industry at the moment?

“Organisations across all industry sectors are facing the increasing risk of data breaches and sustained assault from hacking collectives, and it seems that not a day goes by without another high profile data breach hitting the headlines. In recent weeks we have seen three South Korean banks fined for a data breach that affected up to 20 million customers, as well as the fallout for banks from the Target attack in the US. Obviously this is also prevalent across other sectors with high profile organisations like Yahoo!, Adobe and Tesco also falling victim to attacks in recent months, and as you would expect, the financial services industry is relatively one of the most secure.

Brian Spector, CEO, CertiVox
Brian Spector, CEO, CertiVox

“However, we recently surveyed 2,000 UK consumers to look into their experiences of banking security, and found that of the 24 per cent of respondents who had online services hacked, 13 per cent of these successful attacks targeted banking services. With the important financial information concerned, this should make alarming reading for banks, particularly as the same research found that 25 per cent of respondents would terminate a service immediately if their account was compromised.

“The finance and banking industry by its very nature must be aware of these increasing threats and regularly update its security accordingly. However, the additional security implemented by some are either not sufficient, or diminish the experience of their customers.”

What are the most common threats encountered?

“Recent research from Ponemon shows that the average annual cost of cyber crime varies by industry segment, with financial services, defence, and energy and utilities experiencing substantially higher cyber crime costs than organisations in retail, hospitality and consumer products.”

“The problem is that as security gets more sophisticated so do the attacks themselves. It appears a recent high profile attack example could have been orchestrated based on initialisation through a malware-laced phishing email. Whatever the type of attack though, what is proven time and again is that username and password security systems are inherently weak, offering a wide range of attack vectors to criminals, along with a valuable harvest of private customer information.”

Confidential data is a top concern. What products are available to increase security and help prevent data theft?

“Security Intelligence systems such as two-factor authentication should start to be integrated across all industries in order to have some kind of real control on data breaches. Many companies do respond to these threats by adding layers of security, such as: additional security questions, Captcha codes, SMS based so called One-Time-Passwords or physical security devices in the case of banks. However, the problem with these measures is they often frustrate users in relation to the ease of use and experience in accessing services.

“Data is the individual’s responsibility, but as service providers ‘volunteer’ to protect personal information it is by default their duty to safeguard the consumer data held.  This means organisations must begin to learn about the different technologies available like encryption, and using it to safeguard personal and sensitive data. There are several strong authentication technologies ready to step in and replace the traditional ID/ password combination, and organisations should really be focused on finding a higher  level of security that transcends user name and password, which is also cost effective and advanced, but also easy to use.

“To establish trust and prevent these types of attacks, organisations need to look beyond username and password protection and even common two-step authentication and should urgently consider technologies that remove the username password altogether so that there is nothing to be stolen or compromised in the first place.”

Explain to us how CertiVox’s M-Pin strong Authentication works and the benefits to both consumers and businesses it can offer?

“M-Pin provides strong multi-factor authentication which is designed to replace the vulnerable username and password login system for digital services. Instead of username/password combinations, often the target of choice for hackers, M-Pin gives the end user a four digit PIN to enter for access to content and services. The M-Pin mobile client also alleviates concerns about accessing services from a PC not under a user’s control, by allowing login through the users’ smartphone.

“M-Pin is based on strong elliptic curve cryptography and delivers multi-factor authentication for websites, enterprise and mobile applications, using HTML5 web apps, meaning no browser plug-ins or software is required. Authentication is performed between the M-Pin Client and the M-Pin Authentication Server using the M-Pin Protocol, a zero knowledge proof construct. The result is that the M-Pin server has just one leakproof cryptographic key, which if compromised or stolen reveals nothing about users in an enterprise or your web application. In addition, M-Pin operates on a principle of distributed trust, whereby the root key generators are split between CertiVox’s servers and those belonging to the client, meaning that any attack would have to compromise both of these systems to have any chance of being successful.”

What have CertiVox got planned for 2014?

“We can’t talk about the details at this stage but we have a lot going on in a variety of sectors, including financial services, in 2014. Expect to see product upgrades, high profile customers and a real step up in our drive to stop the slew of data breaches and establish real trust between consumers and organisations.”