Connect with us
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Technology

SQS FORMS A NEW FORCE IN MOBILE PAYMENTS

Published

on

MP-image_iStock_00002029482

Tackling a disruptive, challenging and fast-moving banking trend in 2014

SQS, the world’s leading specialist in software quality, has completed its acquisition of Thinksoft Global Services, an independent Business Assurance and Testing Specialist focusing on the financial sector. Companies engaged in mobile payment projects can now take advantage of SQS’ new m-payment consultancy and QA services to reduce risks, improve product quality and accelerate speed to market.

The acquisition enhances SQS’ position in the market as it can now draw on Thinksoft’s extensive experience in testing a variety of mobile payment systems for leading banking clients across the globe.

Anand-Vyas,SQS

Anand-Vyas,SQS

The sharp, worldwide rise in mobile subscribers and the high volume of smartphone sales is expected to lead to a surge in m-payments. Gartner estimates that mobile payments will exceed $721.4 billion globally by 2017. In the financial sector, the race is on to provide integrated mobile payment systems. There are also new entrants with alternative payment platforms that seek to change the way consumers pay for P2P goods and services using their tablet or mobile phone.

SQS has a proven QA and Business assurance framework that encompasses risk assessment, agile testing, rapid automation, security testing and test management using mobile ready tools. Banks and businesses can now rely on SQS’ new m-payment consultancy services to ensure the quality of their m-payments offerings and to gain time-to-market advantage in this dynamic market space.

End-users can be unforgiving when faced with issues around the reliability and security of mobile payment apps. With good customer experience crucial to high adoption rates, companies will have to constantly improve and enhance the usability and features of their apps. A failure leading to severe service disruption can attract the ire of regulators and penalties. Therefore, upgrades and fixes for apps have to be done under shortened timescales. All of this requires rapid development and change cycles coupled with high levels of quality assurance.

With traditional software development methods unable to meet the demands of a rapid launch and upgrade cycle an m-payment app requires, an agile approach, test automation and mobile ready tooling will be crucial to success.

Anand Vyas, Head of Banking, Financial Services and Insurance, at SQS comments on the company’s new service: “Mobile payment is one of the fastest growing and disruptive technology trends in the financial sector. The pressure to roll out apps quickly means that reinventing the wheel is not an option. Today, tried and tested quality assurance expertise is essential to launching an error free app that will attract merchants and consumers alike. With a high number of variables, including devices, operating systems and networks, quality assurance is a major challenge and should be prioritised to ensure the smooth roll-out of mobile payment apps.”

Several clients developing mobile payments apps have benefitted from SQS’ expertise, including: a major international bank where automated testing reduced test effort by 80%, remote testing of mobile devices for a bank’s target countries, delivering affordable and comprehensive testing of a consumer Android app and helping launch the first m-payment app in the UK.

“We have unrivalled expertise when it comes to mobile payments software quality and have already worked with many leading financial institutions in Europe and beyond. Across all regions, we offer innovative services that provide our clients with the confidence to launch their mobile payments applications,” concludes Vyas.

SQS has launched a series of whitepapers “Top Tips on Improving Effectiveness – Mobile Payments” which are available at http://www.sqs.com/uk/services/mobile-payments.php.

Technology

Setting up secure remote working for financial services

Published

on

Setting up secure remote working for financial services 1

By Pete Watson, CEO, Atlas Cloud

Financial advisors, insurers, banks and brokers; the entire financial services sector has been forced to rethink operating models to keep staff safe and clients served throughout a global pandemic. Traditionally, the industry as a whole has been slower to embrace home working and the solutions that power it, as roles were heavily office-based, or branch-based in the case of traditional banks.

Underpinned by stringent regulations and with access to an abundance of sensitive data, the process of remote cloud-based working is not only a discussion of logistics. It also throws up huge security considerations for firms making the transition. With 95% of financial services applications now said to possess vulnerabilities, it is easy to understand any reservations these companies might have about implementing a Software-as-a-Service working environment.

However, these same concerns may also hinder success in the long run, as a more flexible digital approach moves from value-added to business-critical in a remote setting. The question is, how do firms create a setup that both minimises risk and maximises success?

Understanding your needs

As with every new technology, the first step is understanding why your business needs it. Like all modern workplaces, financial service firms expect a lot from their IT infrastructure. Users require better connectivity, access and speed from their systems and decision makers must implement a network connectivity infrastructure that can meet these demands. Today, this setup must also account for every device that employees are using to work remotely.

Next is the fundamental security considerations. It goes without saying that financial services epitomise the need for watertight IT systems. Financial service firms store their sensitive information within key applications, all of which vary based on the service requirements. With sensitive customer and company data stored in applications and on devices, their networks are at constant risk of compromise.

Protecting this information is a necessity and managing a large scale shift to the cloud must cover every base – particularly as cybercriminals have raised their game to ‘exploit the chaos’ during lockdown. However, there often is a big difference between where those key applications are hosted.

Setting up securely

If financial firms have older applications, then data will typically be stored on-premise on company servers. Where this is the case, moving to a cloud-hosted virtual desktop environment offers a quick way to get remote working underway securely and with minimal friction. Modern Desktop-as-a-Service (DaaS) solutions can replicate the familiar desktop setting users know and love, but allow them to access all data, email and applications from anywhere and on any device. With all data managed in a secure cloud setting, no sensitive data is stored directly on the end-user device. This improves all-important cyber resilience without having to invest large resources in upgrading to new iterations of required software applications.

In other cases, many firms have already migrated legacy on-premise applications to SaaS-based applications, which alleviates the hosting burden with access enabled through your everyday web browser. However, where sensitive data is concerned, it is not quite so easy to just give employees access to a SaaS platform, where they can use any device and download often sensitive data to uncontrolled personal devices outside of the company network.

Pete Watson

Pete Watson

This issue has intensified in lockdown. A recent survey found that 23% of those working in financial services are now using their laptop to work, with 43% storing work on their personal devices. Inevitably, more devices in use leads to more potential entry points. A large amount of trust is placed with individuals to make sure they’re working safely. But when handling large caches of highly sensitive data, even the smallest oversight or breach could prove disastrous when adequate levels of threat protection are not in place. With 20% of home workers having taken no action to mitigate potential cyber threats during lockdown, successful security becomes about the safeguards that firms actively put in place.

To alleviate risk, companies would previously look to IP address blocking, which restricts access to SaaS logins to only ‘whitelisted’ IP addresses, such as the company premises. When working out of the office, you could then use a VPN to route your internet back through the office and allow access. However, as many have learned, a VPN-based approach has inherent security challenges that can be exploited by attackers to gain access to a network. A weak identity or unguarded device can allow unwanted visitors access to data through a VPN, with many often flying under the radar undetected. What’s more, in a time where access to on-premise devices and networks is limited, the significant housekeeping to stay on top of patching VPNs is by no means scalable or effective.

Assessing your options

Hosted virtual desktops offer a convenient solution to these issues, as firms no longer need to rely on the security of every device, and all security patching and updates can be applied to all users simultaneously. Yet, for firms already running their business from SaaS applications that enable access from anywhere – albeit not as effectively – this can seem an unnecessary expense. So, how do you then unlock the security benefits without overhauling your IT approach?

There are various solutions that offer add-on security features to your existing SaaS-based setup. The likes of Citrix Workspace can deliver a secure multi-factor login into one controlled cloud environment, providing access to pre-approved company apps and file storage with one-click access. Although a seemingly simple change, this additional layer not only keeps firms in control, but also affords user access to business-critical information and apps from any Internet-enabled location.

This calibre of financial data naturally makes firms across the sector susceptible to an array of other cyber threat tactics. Financial services are no stranger to spam emails which include viruses, or calculated impersonation attacks designed to deceive staff with malicious attachments, URLs and other pieces of content. When assessing an workspace setup, financial service companies must consider exploring multi-level assessment solutions that deliver advanced checks to protect them  from this popular method of attack. What’s more, modern disaster recovery from certified suppliers can reduce risk of network downtime, eliminating the potential reputational damage (as TSB suffered) and FCA fines and maintain continuity with data loss measured in seconds, not minutes.

Remote working is here to stay, and the time to act on security is now. While it can be a daunting task for finance companies, simply ignoring the growing cyber risks of a modern working environment could be catastrophic. By working with the right partners to put these safeguards in place, financial services can arm their workforce with secure remote working at scale, keeping threat at bay and maintaining the standard of client care needed to assure customers in times of change.

Continue Reading

Technology

Why technology is key to the future of auditing

Published

on

Why technology is key to the future of auditing 2

By Piers Wilson, Head of Product Management at Huntsman Security

The Financial Reporting Council (FRC), which is responsible for corporate governance, reporting and auditing in the UK, has been consulting on the role of technology in audit processes. This highlights growing recognition for the fact that technology can assist audits, providing the ability to automate data gathering or assessment to increase quality, remove subjectivity and make the process more trustworthy and consistent. Both the Brydon review and the latest AQR thematic suggest a link between enhanced audit quality and the increasing use of technology. This goes beyond efficiency gains from process automation and relates, in part, to the larger volume of data and evidence which can be extracted from an audited entity and the sophistication of the tools available to interrogate it.

As one example, the PCAOB in the US has for a while advocated for the provision of audit evidence and reports to be timely (which implies computerisation and automation) to assure that risks are being managed, and for the extent of human interaction with evidence or source data to be reflected to ensure influence is minimised (the more that can be achieved programmatically and objectively the better).

However, technology may obscure the nature of analysis and decision making and create a barrier to fully transparent audits compared to more manual (yet labour intensive) processes. There is also a competition aspect between larger firms and smaller ones as regards access to technology:

Brydon raised concerns about the ability of challenger firms to keep pace with the Big Four firms in the deployment of innovative new technology.

The FRC consultation paper covers issues, and asks questions, in a number of areas. Examples include:

  • The use of AI and machine learning that collect or analyse evidence and due to the continual learning nature, their criteria for assessment may be difficult to establish or could change over time.
  • The data issues around greater access to networks and systems putting information at risk (e.g. under GDPR) or a reluctance for audited companies to allow audit firms to connect or install software/technologies into their live environments.
  • The nature of technology may mean it is harder for auditors to understand or establish the nature of data collection, analysis or decision making.
  • The ongoing need to train auditors on technologies that might be introduced, so they can utilise them in a way that generates trusted outputs.

Clearly these are real issues – for a process that aims to provide trustworthy, objective, transparent and repeatable outputs – any use of technology to speed up or improve the process must maintain these standards.

Audit technology solutions in cyber security

The cyber security realm has grown to quickly become a major area of risk and hence a focus for boards, technologists and auditors alike. The highly technical nature of threats and the adversarial nature of cybers attackers (who will actively try and find/exploit control failures) means that technology solutions that identify weaknesses and report on specific or overall vulnerabilities are becoming more entrenched in the assurance process within this discipline.

While the audit consultations and reports mentioned above cover the wider audit spectrum, similar challenges relate to cyber security as an inherently technology-focussed area of operation.

Benefits of speed

The gains from using technology to conduct data gathering, analysis and reporting are obvious – removing the need for human questionnaires, interviews, inspections and manual number crunching. Increasing the speed of the process has a number of benefits:

  • You can cover larger scopes or bigger samples (even avoid sampling all together)
  • You can conduct audit/assurance activities more often (weekly instead of annually)
  • You can scale your approach beyond one part of the business to encompass multiple business units or even third parties
  • You get answers more quickly – which for things that change continually (like patching status) means same day awareness rather than 3 weeks later

Benefits of flexibility

The ability to conduct audits across different sites or scopes, to specify different thresholds of risk for different domains, the ease of conducting audits at remote locations or on suppliers networks (especially during period of restricted travel) are ALL factors that can make technology a useful tool for the auditor.

Benefits of transparency

One part of the FRC’s perceived problem space is that of transparency, you can ask a human how they derived a result, and they can probably tell you, or at least show you the audit trail of correspondence, meeting notes or spreadsheet calculations. But can you do this with software or technology?

Certainly, the use of AI and machine learning makes this hard, the learning nature and often black box calculations are not easy to either understand, recalculate in a repeatable way or to document. The system learns, so is always changing, and hence the rationale that a decision might not always be the same.

In technologies that are geared towards delivering audit outcomes this is easier. First, if you collect and retain data, provide an easy interface to go from results to the underlying cases in the source data, it is possible to take a score/rating/risk and reveal the specifics of what led to it. Secondly, it is vital that the calculations are transparent, i.e. that the methods of calculating risks or the way results are scored is decipherable.

Benefits of consistency

This is one obvious gain from technology, the logic is pre-programmed in.  If you take two auditors and give them the same data sets or evidence case files they might draw different conclusions (possibly for valid reasons or due to them having different skill areas or experience), but the same algorithm operating on the same data will produce the same result every time.

Manual evidence gathering suffers a number of drawbacks – it relies on written notes, records of verbal conversations, email trails, spreadsheets, or questionnaire responses in different formats.  Retaining all this in a coherent way is difficult and going back through it even harder.

Using a consistent toolset and consistent data format means that if you need to go back to a data source from a particular network domain three months ago, you will have information that is readily available and readable.  And as stated above, if the source data and evidence is re-examined using a consistent solution, you will get the same calculations, decisions and results.

Benefits of systematically generated KPIs, cyber maturity measures and issues

The outputs of any audit process need to provide details of the issues found so that the specific or general cases of the failures can be investigated and resolved.  But for managers, operational teams and businesses, having a view of the KPIs for the security operations process is extremely useful.

Of course, following the “lines of defence” model, an internal or external “formal” audit might simply want the results and a level of trust in how they were calculated; however for operational management and ongoing continuous visibility, the need to derive performance statistics comes into its own.

It is worth noting that there are two dimensions to KPIs:   The assessment of the strength or configuration of a control or policy (how good is the control) and the extent or level of coverage (how widely is it enforced).

To give a view of the technical maturity of a defence you really need to combine these two factors together.  A weak control that is widely implemented or a strong control that provides only partial coverage are both causes for concern.

Benefits of separation of process stages

The final area where technology can help is in allowing the separation and distribution of the data gathering, analysis and reporting processes.  It is hard to take the data, evidence and meeting notes from someone else and analyse it. For one thing, is it trustworthy and reliable (in the case of third-party assurance questionnaires perhaps)? Then it is also hard to draw high-level conclusions about the analysis.

If technology allows the data gathering to be performed in a distributed way, say by local site administrators, third-party IT staff or non-expert users BUT in a trustworthy way, then the overhead of the audit process is much reduced. Instead of a team having to conduct multiple visits, interviews or data collection activities the toolset can be provided to the people nearest to the point of collection.

This allows the data analysis and interpretation to be performed centrally by the experts in a particular field or control area. So giving a non-expert user a way to collect and provide relevant and trustworthy audit evidence takes a large bite out of the resource overhead of conducting the audit, for both auditor and auditee.

It also means that a target organisation doesn’t have to manage the issue of allowing auditors to have access to networks, sites, data, accounts and systems to gather the audit evidence as this can be undertaken by existing administrators in the environment.

Making the right choice

Technology solutions in the audit process can clearly deliver benefits, however if they are too simplistic or aim to be too clever, they can simply move the problem of providing high levels of audit quality. A rapidly generated AI-based risk score is useful, but if it’s not possible to understand the calculation it is hard to either correct the control issues or trouble shoot the underlying process.

Where technology can assist the audit process, speed up data gathering and analysis, and streamline the generation of high- and low-level outputs it can be a boon.

Technology allows organisations to put trustworthy assurance into the hands of operations teams and managers, consultants and auditors alike to provide flexible, rapid and frequent views of control data and understanding of risk posture. If this can be done in a way that is cognisant of the risks and challenges as we have shown, then auditors and regulators such as the FRC can be satisfied.

Continue Reading

Technology

The Future Growth of AI and ML

Published

on

The Future Growth of AI and ML 3

By Rachel Roumeliotis, VP of Data and AI at O’Reilly

We’ve all come to terms with the fact that artificial intelligence (AI) is transforming how businesses operate and how much it can help a business in the long term. Over the past few years, this understanding has driven a spike in companies experimenting and evaluating AI technologies and who are now using it specifically in production deployments.

Of course, when organisations adopt new technologies such as AI and machine learning (ML), they gradually start to consider how new areas could be affected by technology. This can range across multiple sectors, including production and logistics, manufacturing, IT and customer service. Once the use of AI and ML techniques becomes ingrained in how businesses function and in the different ways in which they can be used, organisations will be able to gain new knowledge which will help them to adapt to evolving needs.

By delving into O’Reilly’s learning platform, a variety of information about the different trends and topics tech and business leaders need to know can be discovered. This will allow them to better understand their jobs and will ensure that their businesses continue to thrive. Over the last few months, we have analysed the platform’s user usage and have discovered the most popular and most-searched topics in AI and ML. We’ll be exploring some of the most important finding below which gives us a wider picture of where the state of AI and ML is, and ultimately, where it is headed.

AI outpacing growth in ML

First and foremost, our analysis shone a light on how interest in AI is continuing to grow. When comparing 2018 to 2019, engagement in AI increased by 58% – far outpacing growth in the much larger machine learning topic, which increased only 5% in 2019. When aggregating all AI and ML topics, this accounts for nearly 5% of all usage activity on the platform. While this is just slightly less than high-level, well-established topics like data engineering (8% of usage activity) and data science (5% of usage activity), interest in these topics grew 50% faster than data science. Data engineering actually decreased about 8% over the same time due to declines in engagement with data management topics.

We also discovered early signs that organisations are experimenting with advanced tools and methods. Of our findings, engagement in unsupervised learning content is probably one of the most interesting. In unsupervised learning, an AI algorithm is trained to look for previously undetected patterns in a data set with no pre-existing labels or classification with minimum human supervision or guidance. In 2018, the usage for unsupervised learning topics grew by 53% and by 172% in 2019.

But what’s driving this growth? While the names of its methods (clustering and association) and its applications (neural networks) are familiar, unsupervised learning isn’t as well understood as its supervised learning counterpart, which serves as the default strategy for ML for most people and most use cases. This surge in unsupervised learning activity is likely driven by a lack of familiarity with the term itself, as well as with its uses, benefits, and requirements by more sophisticated users who are faced with use cases not easily addressed with supervised methods. It is also likely that that the visible success of unsupervised learning in neural networks and deep learning has helped our interest, as has the diversity of open source tools, libraries and tutorials, that support unsupervised learning.

A Deep Learning Resurrection

While deep learning cooled slightly in 2019, it still accounted for 22% of all AI and ML usage. We also suspect that its success has helped spur the resurrection of a number of other disused or neglected ideas. The biggest example of this is reinforcement learning. This topic experienced exponential growth, growing over 1,500% since 2017.

Even with engagement rates dropping by 10% in 2019, deep learning itself is one of the most popular ML methods among companies that are evaluating AI, with many companies choosing the technique to support production use cases. It might be that engagement with deep learning topics has plateaued because most people are already actively engaging with the technology, meaning growth could slow down.

Natural language processing is another topic that has showed consistent growth. While its growth rate isn’t huge – it grew by 15% in 2018 and 9% in 2019 – natural language processing accounts for about 12% of all AI and ML usage on our platform. This is around 6x the share of unsupervised learning and 5x the share of reinforcement learning usage, despite the significant growth these two topics have experienced over the last two years.

Not all AI/ML methods are treated equally, however. For example, interest in chatbots seems to be waning, with engagement decreasing by 17% in 2018 and by 34% in 2019. This is likely because chatbots were one of the first application of AI and is probably a reflection of the relative maturity of its application.

The growing engagement in unsupervised learning and reinforcement learning demonstrates that organisations are experimenting with advanced analytics tools and methods. These tools and techniques open up new use cases for businesses to experiment and benefit from, including decision support, interactive games, and real-time retail recommendation engines. We can only imagine that organisations will continue to use AI and ML to solve problems, increase productivity, accelerate processes, and deliver new products and services.

As organisations adopt analytic technologies, they’re discovering more about themselves and their worlds. Adoption of ML, in particular, prompts people at all levels of an organisation to start asking questions that challenge what an organisation thinks it knows about itself. With ML and AI, we’re training machines to surface new objects of knowledge that help us as we learn to ask new, different, and sometimes difficult questions about ourselves. By all indications, we seem to be having some success with this. Who knows what the future holds, but as technologies become smarter, there is no doubt that we will we become more dependent.

Continue Reading

Call For Entries

Global Banking and Finance Review Awards Nominations 2020
2020 Global Banking & Finance Awards now open. Click Here

Latest Articles

Setting up secure remote working for financial services 4 Setting up secure remote working for financial services 5
Technology54 mins ago

Setting up secure remote working for financial services

By Pete Watson, CEO, Atlas Cloud Financial advisors, insurers, banks and brokers; the entire financial services sector has been forced...

Ensuring ATMs aren’t the weakest link to banking cybersecurity 6 Ensuring ATMs aren’t the weakest link to banking cybersecurity 7
Banking1 hour ago

Ensuring ATMs aren’t the weakest link to banking cybersecurity

By Elida Policastro, Regional VP – Cybersecurity division at Auriga Digital banking brings huge benefits to customers, but the risks...

A sleeping digital giant wakes? 4 key trends accelerating payments transformation in the US 8 A sleeping digital giant wakes? 4 key trends accelerating payments transformation in the US 9
Top Stories2 hours ago

A sleeping digital giant wakes? 4 key trends accelerating payments transformation in the US

By Lauren Jones, International Payments Ambassador, Icon Solutions The US payments industry is undoubtedly ripe for change. Before the unprecedented...

Return to Work Doesn’t Mean Business as Usual When it Comes to Travel and Expense 10 Return to Work Doesn’t Mean Business as Usual When it Comes to Travel and Expense 11
Top Stories4 days ago

Return to Work Doesn’t Mean Business as Usual When it Comes to Travel and Expense

By Rob Harrison, MD UK & Ireland, SAP Concur The last few months have been an exercise in adaptability for...

Why technology is key to the future of auditing 12 Why technology is key to the future of auditing 13
Technology4 days ago

Why technology is key to the future of auditing

By Piers Wilson, Head of Product Management at Huntsman Security The Financial Reporting Council (FRC), which is responsible for corporate governance,...

Staff training crucial for SME recovery post-COVID 14 Staff training crucial for SME recovery post-COVID 15
Business4 days ago

Staff training crucial for SME recovery post-COVID

47% of UK’s top performing SMEs provide regular, formalised training for all staff Despite this, 15% of small businesses report to...

What Is Globalization 16 What Is Globalization 17
Business5 days ago

What Is Globalization

What is globalization? Globalization, or inter-connectedness, is the ever-growing process of integration and interaction among countries, individuals, businesses, and even...

What Is Microsoft Teams 18 What Is Microsoft Teams 19
Business5 days ago

What Is Microsoft Teams

Microsoft Teams is an application and web-based collaboration tool that combines chat, videos, online collaboration, document storage, and collaboration with...

What Is Capitalism 20 What Is Capitalism 21
Business5 days ago

What Is Capitalism

What is capitalism? Is it a great economic system or just another economic system that is not so great? Well,...

How To Start A Youtube Channel 22 How To Start A Youtube Channel 23
Business5 days ago

How To Start A Youtube Channel

How to Start a YouTube Channel For Your Business: Do you have a blog or website? If you do, it’s...

Newsletters with Secrets & Analysis. Subscribe Now