Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Interviews

SECURITY WITHIN THE FINANCIAL SECTOR

Brian Spector, CEO, CertiVox

Global Banking & Finance Review recently spoke with Brian Spector, CEO, CertiVox about security within the financial sector, including the state of user security, common threats and organizations can be doing.

How would you describe the state of user security within the financial and banking industry at the moment?

“Organisations across all industry sectors are facing the increasing risk of data breaches and sustained assault from hacking collectives, and it seems that not a day goes by without another high profile data breach hitting the headlines. In recent weeks we have seen three South Korean banks fined for a data breach that affected up to 20 million customers, as well as the fallout for banks from the Target attack in the US. Obviously this is also prevalent across other sectors with high profile organisations like Yahoo!, Adobe and Tesco also falling victim to attacks in recent months, and as you would expect, the financial services industry is relatively one of the most secure.

Brian Spector, CEO, CertiVox

Brian Spector, CEO, CertiVox

“However, we recently surveyed 2,000 UK consumers to look into their experiences of banking security, and found that of the 24 per cent of respondents who had online services hacked, 13 per cent of these successful attacks targeted banking services. With the important financial information concerned, this should make alarming reading for banks, particularly as the same research found that 25 per cent of respondents would terminate a service immediately if their account was compromised.

“The finance and banking industry by its very nature must be aware of these increasing threats and regularly update its security accordingly. However, the additional security implemented by some are either not sufficient, or diminish the experience of their customers.”

What are the most common threats encountered?

“Recent research from Ponemon shows that the average annual cost of cyber crime varies by industry segment, with financial services, defence, and energy and utilities experiencing substantially higher cyber crime costs than organisations in retail, hospitality and consumer products.”

“The problem is that as security gets more sophisticated so do the attacks themselves. It appears a recent high profile attack example could have been orchestrated based on initialisation through a malware-laced phishing email. Whatever the type of attack though, what is proven time and again is that username and password security systems are inherently weak, offering a wide range of attack vectors to criminals, along with a valuable harvest of private customer information.”

Confidential data is a top concern. What products are available to increase security and help prevent data theft?

“Security Intelligence systems such as two-factor authentication should start to be integrated across all industries in order to have some kind of real control on data breaches. Many companies do respond to these threats by adding layers of security, such as: additional security questions, Captcha codes, SMS based so called One-Time-Passwords or physical security devices in the case of banks. However, the problem with these measures is they often frustrate users in relation to the ease of use and experience in accessing services.

“Data is the individual’s responsibility, but as service providers ‘volunteer’ to protect personal information it is by default their duty to safeguard the consumer data held.  This means organisations must begin to learn about the different technologies available like encryption, and using it to safeguard personal and sensitive data. There are several strong authentication technologies ready to step in and replace the traditional ID/ password combination, and organisations should really be focused on finding a higher  level of security that transcends user name and password, which is also cost effective and advanced, but also easy to use.

“To establish trust and prevent these types of attacks, organisations need to look beyond username and password protection and even common two-step authentication and should urgently consider technologies that remove the username password altogether so that there is nothing to be stolen or compromised in the first place.”

Explain to us how CertiVox’s M-Pin strong Authentication works and the benefits to both consumers and businesses it can offer?

“M-Pin provides strong multi-factor authentication which is designed to replace the vulnerable username and password login system for digital services. Instead of username/password combinations, often the target of choice for hackers, M-Pin gives the end user a four digit PIN to enter for access to content and services. The M-Pin mobile client also alleviates concerns about accessing services from a PC not under a user’s control, by allowing login through the users’ smartphone.

“M-Pin is based on strong elliptic curve cryptography and delivers multi-factor authentication for websites, enterprise and mobile applications, using HTML5 web apps, meaning no browser plug-ins or software is required. Authentication is performed between the M-Pin Client and the M-Pin Authentication Server using the M-Pin Protocol, a zero knowledge proof construct. The result is that the M-Pin server has just one leakproof cryptographic key, which if compromised or stolen reveals nothing about users in an enterprise or your web application. In addition, M-Pin operates on a principle of distributed trust, whereby the root key generators are split between CertiVox’s servers and those belonging to the client, meaning that any attack would have to compromise both of these systems to have any chance of being successful.”

What have CertiVox got planned for 2014?

“We can’t talk about the details at this stage but we have a lot going on in a variety of sectors, including financial services, in 2014. Expect to see product upgrades, high profile customers and a real step up in our drive to stop the slew of data breaches and establish real trust between consumers and organisations.”

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post