-banking on conversational AI –
By Cathal McGloin
Rise of the conversational interface
When it comes to customer service, consumers drive the conversation. Adoption of household gadgets such as Amazon Echo, Apple Siri and Google’s artificial intelligence (AI) voice assistant, which is embedded into billions of smartphones, have created a new voice-activated interface where customers can engage and interact via chat.
Add to this the move that consumers have already made to communicating via messaging apps, from Facebook Messenger to WhatsApp, Slack and SMS, and we can see that the age of conversational user interfaces is upon us.
Using natural language as a means of engagement, customers will be able to transact, interact, purchase, and make requests across multiple channels and consumer touchpoints, with less need for a human to be involved. This conversational AI represents a whole new opportunity for consumer-facing industries to create memorable experiences, strengthen brand loyalty, and lower delivery costs.
From ATM to AI
We believe that the integration of conversational AI will be the next banking interface. The move to automated banking began almost half a century ago with the introduction of ATMs. For routine transactions, customers got used to interacting with screens rather than bank employees. But that interface is rapidly changing as consumers look to voice-activated devices and messaging as a convenient form of engagement. They won’t want to have to sift through their bank’s website to try and find where and how to report fraud on their credit card, or apply for an increase on their credit card limit, or get a breakdown of their recent transactions. Instead, they will be able to ask their banking bot, via the chat interface, to get them the information or execute the necessary tasks to fulfil their particular banking need.
While convenient, the ATM and other banking innovations have often made the banking experience more impersonal. With conversational AI, banks can bring chat back into the banking relationship and really understand what their customers want. Rather than second guessing them, they can allow the customer to quickly find what they are looking for themselves, or bring them through a series of pre-configured menus or forms.
Mobile banking overtaking online transactions
Just eight years after the iPhone was launched, Ofcom declared, ‘The UK is now a smartphone society.’ Mobile transformed the way that consumers engage with high street banks and lowered the barrier to entry for challenger banks and payment providers. Now, the increased use of voice-activated interfaces and messaging apps is leading to the importance of smart conversations as the next competitive battleground for customer engagement.
Mobile ubiquity has enabled a slew of new business models that are built around customers’ lifestyles. The ING International Survey Mobile Banking 2018 polled 15,000 people in 15 countries and found that 61% of European smartphone users use their mobile device to do their banking: a 13% increase in since 2017. Two thirds (66%) have made a mobile payment in the past year, up from 58% in 2015. Banking consumers are tech-savvy and have demonstrated their readiness for better and more convenient ways to get things done.
The millennial generation, which has grown up with digital technology, has different customer service expectations and tends to be less loyal to financial service providers. Banks continue to be under pressure to retain and grow their customer base, upsell and cross-sell different products and services and engage across multiple communication channels, as preferred by their customers. They have to continuously innovate to build strong brand relationships and customer conversations are at the heart of this.
Traditional banks have faced new competition from start-up ventures such as Starling and completely new sectors, including technology vendors like Google, Apple and Facebook; mobile network operators including Orange; and retailers such as Tesco and Amazon. The race will continue as banks and other new entrants to the financial services market innovate using conversational AI.
Convenience is king
Owing to cloud computing technology, higher data processing power, and open sourcing by organisations such as Google and Amazon, artificial intelligence is now more accessible. As a result, we believe that conversational AI-based solutions will be fundamental to the next wave of banking innovation around customer engagement.
Consider the case of a payment card provider being able to provide immediate service to customers who request an increase in their credit card limit via a chatbot, allowing them to make a purchase while avoiding extra charges. The same chatbot platform can offer another customer the option to convert an agreed amount into the currency of the country that they are visiting on a weekend break.
Or think of an insurance provider that is able to make the customer onboarding process transparent and efficient: requesting necessary documents and providing approvals, all within a single conversation. Customers like frictionless processes. A chatbot can reduce multiple interactions to one seamless conversation that can execute the necessary business tasks required to complete the customer journey successfully. This is why conversational user interfaces, powered by AI, will be so powerful in financial services.
Digital consumers drive expectations
The growth of mobile and messaging apps has created consumers who are used to having everything connected 24/7 and interacting via swipes. This generates increasing volumes of customer interactions that need to be handled, as well as higher user expectations for service delivery. Without modern technology and approaches, the operational costs associated with servicing the new digital customer are prohibitive. Bots are enabling banks to surmount this challenge.
However, no matter how intelligent bots may be, they are still prone to a lack of emotion or personality and a degree of error and confusion that can result in customer dissatisfaction. This begs the support of an agent-assist model where bots can hand off to a human agent when necessary.
Augmented customer service
The Bank of England’s chief economist recently warned that the rise of AI could lead to a ‘hollowing out’ of parts of the jobs market, with manual, repetitive roles particularly vulnerable to automation. However, he countered this by stating that “jobs focused on skills of human interaction, face-to-face conversation, and negotiation, would be likely to flourish.”
Where customers need counselling, or comforting, empathic employees must be available to them.
Whenever automation and AI are mentioned, the obvious question is what is the human cost?
A study conducted by London Goldsmiths University found that organisations that continue to invest in development of employees’ skills, alongside their automation strategies and implementation, are around 30 per cent more productive than those that concentrate on automation at the expense of human resources.
Whereas some customer interactions, such as requesting an account balance, can be very basic and lend themselves to complete automation, 24/7 self-serve business processes often require complex rules-based workflows. While some of the tasks in these workflows may lend themselves to automation via AI or bots, there will also be the need for services to be delivered by specialists and for sensitive or complex interactions to be handled by experienced customer service agents. We believe that financial services employees will come to the fore managing the tasks that cannot be trusted to a bot and adding value to interactions, such as identifying upselling or cross-selling opportunities, or tracking engagement analytics and stepping in where needed.
To engage with their bank, customers used to push oak panel doors, now they push smartphone buttons, within five years they’ll simply chat via the nearest gadget.
Ensuring ATMs aren’t the weakest link to banking cybersecurity
By Elida Policastro, Regional VP – Cybersecurity division at Auriga
Digital banking brings huge benefits to customers, but the risks of cyber-attacks continue to rise. For banks, there is a need to stay ahead of the game, anticipating new methods of attack so that innovative solutions can be put in place in time to minimise those changing threats.
In terms of attack targets, the ATM ecosystem is complex and made up of heterogeneous hardware and software that is expensive and difficult to update especially when ATMs and customer touchpoints need to be available 24/7. Because of this, financial organisations usually do not have the latest security policies in place, nor a centralised view of the ATM attack surface. It is vital that banks and ATM operators strike the balance between software deployment and hardware maintenance with keeping control of changes in software and hardware and ensuring the ATM network is as secure as possible.
This is critical because ATMs and central servers, which are the systems that control ATMs, have become a popular target for cyber-attacks. Last year, over a half (58%) of the global banking industry respondents to the ATMIA Global Fraud and Security Survey 2019 reported that ATM attacks, which includes both physical security breaches and fraud incidents, had increased.
ATM fraud attacks fall into three categories:
- Data fraud, resulting from data breach, such as account numbers, pin codes, and other personal data
- Physical fraud, consisting of theft of valuable assets, such as cash by stealing cards
- Cyber fraud – logical attacks to the systems and communications
Jackpotting is a an increasingly popular form of cyber-attack that exploits physical and software-based vulnerabilities in ATMs to get cash and thus an immediate financial reward for the attacker. It is estimated that in the last five years, financial organisations have lost millions to jackpotting. For example, the Ploutus family of ATM malware, which originally appeared in Mexico in 2013, has created losses of over $450 million dollars (€398 million) around the world.
ATMs suffer physical and logical attacks for several reasons: one is that the physical cash inside acts as an incentive, and another is that cash machines contain confidential information like debit card numbers and PIN codes, which can be stolen and sold.
Critically, ATMs are a weak link in a bank’s security systems. They appeal to attackers because they are often poorly monitored and little logical action is taken to protect the data in them. In addition, cyber-criminals have also realised that ATM networks utilise security infrastructure that is based on a great deal of legacy hardware and software. This is more vulnerable to attacks because of the high cost of upgrades and difficulty to install security updates with machines that are geographically dispersed and use older operating systems and protocols. Unfortunately, this results in insecure systems that can be easily exploited.
On top of all of that, there is a real risk of an insider threat. There are a lot of different people and roles responsible for the upkeep of an ATM and these all have administration rights, including employees from the financial institutions, service providers, developers and installers.
One of the main ways cyber adversaries attack ATMs is via the ‘XFS layer’, a standard interface designed to have multivendor software running on manufacturers’ ATMs and other hardware. While the XFS layer uses standard APIs to communicate with self-service applications, there is no standard way of secure authentication that comes with it, making it easy for cyber-criminals to exploit this vulnerability. Cyber-attackers can therefore deploy malware into banking touchpoints such as cash machines to trick them into giving ‘cash out’ commands and dispense money. The card reader may also be compromised – able to steal card numbers and track the pin pad to learn pin numbers, making the XFS layer a very attractive target. The importance of cybersecurity in banking is therefore only going to increase.
So, how should banks and ATM operators best prevent attacks? For ATMs, typical endpoint protection security such as anti-malware technology is just not enough. ATM networks and systems are critical infrastructure devices that need to be constantly available and so they require greater protection and a different approach.
The best approach is a centralised security solution that protects, monitors, and controls ATM networks and thus manages the entire banking asset network in one place and take appropriate action, such as stopping malware spreading throughout the network from infected ATMs.
Such modern technology solutions not only provide invaluable cybersecurity protection, they can also save banking organisations time and money, as ATM and infrastructure management is centralised into a single hub. Actions can be executed remotely to quickly establish new defences via techniques such as network segmentation or implementing new firewalls.
It is particularly important for banks to have several layers of protection in one single platform. Such layers could involve full disk encryption, application whitelisting, hardware protection and file integrity protection.
Although financial organisations are making a concerted effort to improve their security landscape, cyber-criminals are continuing to innovate their attacks, making it an environment of threats that is evolving and advancing. From this, banks must constantly be proactive in implementing and testing their cyber-defences. It is therefore wise to draw upon external counsel with specialist security knowledge to double check on security plans and processes and help ensure ATM security is up to date and preventative.
Cyber Threat Intelligence (CTI) can provide banks with an early warning system to detect and contain potential threats before they become incidents. This intelligence is essential for any business as cybersecurity threats become increasingly indiscriminate. Once they become aware of any relevant threats and vulnerabilities, then they will begin to understand where and how these can be exploited, as well as the impact this may have on both the business and individuals.
Awareness of the threat landscape is vital for banks to understand what could be exploited and utilised for future cyber-attacks. If they do not, they open themselves up to the very real possibility of experiencing security breaches, loss of sensitive customer data, and of course stolen cash.
Bank fraud prevention in a post-COVID-19 world
By Pierre-Antoine Dusoulier, Founder and CEO, iBanFirst
Fraud on the rise
According to recent research from a leading UK retail bank, there was a 66 per cent increase in reported scams in the first six months of 2020 compared with the last six months of 2019 – due to the COVID-19 pandemic.
Across the summer months, Action Fraud UK reported a total financial loss of £11,316,266 by 2,866 victims of coronavirus-related scams.
The rise in fraud rates is a warning that banks, building societies and other financial providers need to be as alert as ever in identifying fraud.
So, what do banks need to do to ensure their customers are protected from fraud in a post-COVID-19 world?
Educate your customers to safeguard against fraud
On the customer level, banks need to be informing their customers on the types of common fraud to ensure that they are protected for all eventualities.
Authorised push payment scams are one of the fastest growing types of fraud. According to the FT, £354 million pounds was stolen this way last year. It is where a company or individual is tricked into paying money into a criminal’s account. Emails come from a genuine email address but are then intercepted by a criminal, so it’s imperative that businesses have end-to-end email encryption, and the customer double-checks the account details with the supplier on the phone prior to making a payment.
At the same time, scammers can also exploit the company’s invoicing process, where criminals create a bogus invoice for a small amount and send it to a company’s accounting department. If the finance team does not identify this as fraudulent, it can result in the business losing a considerable amount of revenue over a long period of time.
Supplier fraud is also a widespread scam. This involves the fraudster taking on the appearance of a supplier that has changed their bank details. The fraudster will have collected information on the suppliers of the targeted company, in order to pose as an official supplier. This can be prevented by ensuring that the supplier is contacted to confirm the legitimacy of the communication. It’s important not to call or email the supplier using the details provided on the suspected fraudulent correspondence. Instead they must check the original details of the supplier and speak to them on their official telephone number or email on file.
Banking malware is the least commonly cited type of fraud but has a greater financial risk attached to it. Malware is sent by email redirecting the recipients of the message to a fake banking interface, as a way of transferring funds to offshore accounts.
Remodel processes post-COVID-19 to keep customer data safe
To fight cyber fraud and scams, banks must also play their part. In a world where entire workforces are working from home banks must remain vigilant with customer data. COVID-19 has created a change in working habits and banks need to carry out the right level of training for its employees to protect customer data. Virtual team meetings and remote data sharing poses a threat to exposing sensitive information to malicious actors, and banks need to put the necessary safeguards in place.
All virtual meetings should use the banks’ private company network, and file sharing should be carried out through secure, encrypted company drives. Meanwhile, banks need to provision for all employees to receive regular software updates that will keep customer data safe, and ensure that they are aligned with new and existing data processing regulations.
Monitoring suspicious payments
A vital element to fraud detection is through monitoring customer transactions in real time, and harnessing emerging technologies such as artificial intelligence and machine learning to spot the signs of a scam or fraud before it is too late.
One way that banks protect businesses from fraud is through keeping a log and examining regular transactional history. Any transactions which appear suspicious based on location, amount, the beneficiary, and the method will be alerted to the business customer, to mitigate the immediate and future financial risk to the business.
Know your transaction
To understand financial flows better, every bank has a Know Your Customer (KYC) engine. This is a payment infrastructure that supports onboarding processes and risk-based transaction monitoring. This system is already well known and we don’t need to elaborate on this further, as it is the fundamental building block to ensure the highest level of traceability across all transactions – including remittances and receipts of funds and foreign exchange transactions internationally.
However, KYC is limited and doesn’t include real-time analysis. What can be overlooked is a KYT engine – Know your Transaction. The aim of KYT (Know Your Transactions) is to identify potentially risky transactions and their underlying unusual behaviour for detecting money laundering, fraud or corruption. An automated concentration of transactions with accurate and relevant information directly from the original data sources is essential.
Finally, banks and payment companies need to implement anti-fraud modules to defend against cyberattacks, based on the latest algorithms capable of analysing transactions issued in real time and detecting anomalies or suspicious behaviour upstream, strengthening the security and transparency of payments and building a network of trust between issuers and recipients of payments.
In a post-COVID-19 world it’s clear that scams will become more common place. Within this environment there is a shared responsibility when mitigating the risk of financial fraud. The bank must educate and inform customers to enable them to protect themselves, while ensuring a robust technological infrastructure and ways of working are in place that protects customer data; their finances, and fundamentally their business and livelihood.
How One Bank Successfully Responds to Sophisticated Threat Actors
By Robert Golladay, Strategic Accounts Director, Illusive Networks
Cybercriminals and hacktivists have a special fondness for financial institutions. Continuous business innovation, complex ecosystems, merger and acquisition activity, fintech, cloud adoption and a growing consumer-driven attack surface multiply the problem for financial organizations. Despite the vast resources financial institutions devote to cybersecurity, one challenge has been especially difficult to solve – that of detecting and stopping APTs before real damage is done.
Securing cloud-based banking
An active lender in the UK sought a new way to protect its customers and the valuable assets it holds. The bank needed to:
- Defend customer and employee information from compromise
- Detect and thwart sophisticated attacks
- Effectively defend cloud-based operations across accounts and instances
As a cloud-first company, the bank’s preference is to always invest in next-generation technology for operations and security infrastructure. In May 2016, with the help of Amazon Web Services (AWS), it became the first bank in the UK to be fully cloud hosted. The bank also uses AWS to deliver a financial technology service that helps lenders make informed decisions through data and automation.
Security is always a priority, which is one of the reasons the company chose AWS, conducts regular penetration testing, and performs advanced attack simulations. To maximize effectiveness of its layered security infrastructure, the company continually trains its employees and reinforces data security best practices.
In particular, the bank sought additional safeguards from sophisticated threats that evade other security measures, such as advanced persistent threats, as well as gain insight into attacker tactics and techniques. The new layer needed to be cloud-based for high scalability and flexibility, and it had to defend the company without time-wasting false positive alerts. The security team looked at deception technology and chose a solution that allowed them to gain real-time verification of anomalies and lateral movement in the network.
The deception solution enabled the bank to focus on attackers’ behaviour and perspective. The solution’s expertise in attacker methodology augmented the bank’s internal capability to detect novel attacks, while enabling rapid and adaptable coverage in its cloud-based environment.
The bank’s deception solution uses agentless, intelligence-driven technology that creates a dense web of deceptions and effortlessly scales across the infrastructure. Featherweight deceptions on every endpoint look exactly like the bank’s real data, access credentials and connections. When an attacker is confronted with deceptions, this deceptive view of reality makes it impossible to choose a real path forward. One wrong step triggers an alert to the bank’s security team.
The bank’s CISO found it invaluable to be able to deploy a solution that creates doubt and confusion in an intruder’s mind. When attackers can’t distinguish between real and deceptive assets, the security team can collect information and apply intelligence to patterns that it has observed during that time period of activity. The solution simultaneously sharpens the bank’s investigative process and constrain the attacker.
The lender easily deployed deception technology across its complex environment, scaling it across AWS instances and accounts. The IT security team now has continuous visibility and confidence that these defences enable them to thwart sophisticated threat actors.
The bank gained proactive threat response and the assurance that an alert represents a real issue. These alerts are only triggered when an attacker engages with a deceptive asset. At that point, the deception technology immediately begins capturing forensic data from the system where the attacker is operating, presenting real-time forensics and a quantifiable measure of potential business risk. It uncovered, for example, malicious processes trying to operate on an endpoint.
The deception solution enables the lender to be much more proactive. It detects and analyses attacks in real time to produce actionable alerts, directing the security team to relevant and valuable conclusions. The technology provides exceptional, innovative coverage for malicious pivoting and lateral movement. It uncovers the in-depth, sophisticated actors who evade other countermeasures and gives security analysts direct visibility into targeted attacks, which they find invaluable.
A laser-focused approach
The financial sector remains a perennial favourite of the cybercriminal crowd. As networks become more complex, their perimeters all but disappear, creating the need for stronger and more comprehensive security than ever previously imagined. Advanced persistent threats are a particular concern, as they are notoriously difficult to detect before significant damage is done. For financial institutions, the reputation damage alone may be insurmountable.
Banks and other financial services organizations pour resources into cybersecurity, but one option that needs further exploration is deception technology. This method of security monitors for lateral movements toward critical assets and thus provides a powerful alternative or enhancement to traditional monitoring approaches. Security teams can see attackers’ proximity to those crown jewels early in the attack cycle, buying time for careful response. As the lender above learned, deception technology cuts through the noise of alerts to deliver the intel financial institutions need to act quickly and safeguard their high-value data.
Time for the adaptive profession – APM reveals findings of its Projecting the Future report
The project profession is at the forefront of change, but needs to continually develop skills to stay relevant 15 September,...
Setting up secure remote working for financial services
By Pete Watson, CEO, Atlas Cloud Financial advisors, insurers, banks and brokers; the entire financial services sector has been forced...
Ensuring ATMs aren’t the weakest link to banking cybersecurity
By Elida Policastro, Regional VP – Cybersecurity division at Auriga Digital banking brings huge benefits to customers, but the risks...
A sleeping digital giant wakes? 4 key trends accelerating payments transformation in the US
By Lauren Jones, International Payments Ambassador, Icon Solutions The US payments industry is undoubtedly ripe for change. Before the unprecedented...
Return to Work Doesn’t Mean Business as Usual When it Comes to Travel and Expense
By Rob Harrison, MD UK & Ireland, SAP Concur The last few months have been an exercise in adaptability for...
Why technology is key to the future of auditing
By Piers Wilson, Head of Product Management at Huntsman Security The Financial Reporting Council (FRC), which is responsible for corporate governance,...
Staff training crucial for SME recovery post-COVID
47% of UK’s top performing SMEs provide regular, formalised training for all staff Despite this, 15% of small businesses report to...
What Is Globalization
What is globalization? Globalization, or inter-connectedness, is the ever-growing process of integration and interaction among countries, individuals, businesses, and even...
What Is Microsoft Teams
Microsoft Teams is an application and web-based collaboration tool that combines chat, videos, online collaboration, document storage, and collaboration with...
What Is Capitalism
What is capitalism? Is it a great economic system or just another economic system that is not so great? Well,...