Marc Wilczek, COO of Link11 examines recent cyberattacks against banks, and shows how they can mitigate the impact of these on their services and customers
Banks’ customers expect services to be always available, easy to use and secure. But catering to this demand is one of the biggest challenges that the banking sector faces, while they also navigate complex digital transformation projects.
There is little room for error – and recent mis-steps have shaken public faith in banks’ resiliency in the face of IT issues.
Banks’ resiliency in the face of IT issues has a profound influence on consumer confidence. When a Tier 1 UK bank recently mishandled the migration of 1.3bn customers’ online banking records to a new service, the effect was devastating. Millions of customers were locked out of accounts, and many became victims of fraud as a result. Not only did the company incur an estimated £150million in fines from regulators and compensation payouts, but MPs said the incident had “damaged trust in banking sector”.
Subsequently, when customers of a UK online bank were locked out of their banking services for four hours, panic and complaints followed. In June, when a major credit card network crashed due to a hardware failure, chaos ensued.
The £11 DDoS service
Meanwhile, financial institutions face the growing threat of sophisticated, targeted cyber-attacks, particularly national banks, insurance firms and asset management firms. Indeed, seven of the UK’s biggest banks were forced to reduce operations or shut down entire systems following a cyber-attack in November 2017, costing them hundreds of thousands of pounds according the UK National Crime Agency.
The attacks were committed using Webstresser.org, the world’s largest provider of DDoS-on-demand services. The site, shut down by police in April this year, offered attack services for as little as £11. It costs a criminal almost nothing, while requiring little to no technical expertise, to mount an attack, but it costs a bank dearly to fix the damage they cause.
Meanwhile, in early 2018 online services from several Dutch banks and numerous other financial and government services in the Netherlands were brought to a standstill. Customers were left without access to their bank accounts for days, and the scale of the attack, which reached 100Gb/s showed how quickly the scale of DDoS attacks is growing.
DDoS attacks are dangerous for banks and financial service providers because of consumer’s heavy dependence on the availability of IT. 99% availability is no longer enough. They want to have services running 24/7, around the clock and around the globe, and customers expect seamless interaction in real time, leaving no room for performance issues.
While it’s always been painful to be victim to a DDoS attack, there’s now a severe risk of repetition – when sites are down or slow to respond the public reaction is rapid, and customer reactions on social media can go viral.
At any moment, any organisation could be targeted by a large-scale DDoS attack. Between January and March 2018, Link11’s Security Operation Centre discovered 14,736 attacks launched. This is an average of 160 attacks per day – an increase of 10% on the previous quarter. The scale of attacks was as surprising as their frequency. The LSOC discovered 12 attacks with an attack volume of more than 100 Gbps, and the peak attack bandwidth amounted to 212 Gbps.
Against this backdrop, it’s essential that banks implement ‘always on’ solutions that protect their customers’ access to services. So what should banks focus on, and how can they cater to their customer’s increasing demands, while facing down the ever-present threat of outages?
While protection against DDoS attacks has been available for some time, many can no longer stand up to the current generation of attacks. As we’ve seen, attacks in excess of 100 Gbps are commonplace, and traditional DDoS protections can no longer keep up. This was discovered recently when a secure email service was hit with a 500 Gbps attack – one of the largest DDoS attacks on record.
Although the service was down for just 10 minutes, the attack had to impact the company’s services before it could be mitigated – the equivalent of letting an attacker in the street hit you first, before you start fighting back.
Because IT landscapes are getting more complicated, putting hardware in place to protect some of the IT infrastructure onsite is no longer sufficient. Today, organisations tend to operate a complex structure that stretches far beyond their premises – in fact, there’s usually no digital work without the cloud. This means that only a cloud-based service can protect the entire IT infrastructure that an organisation relies upon.
The most effective type of DDoS mitigation is known as a ‘clean pipe’ service. This reroutes traffic via an external, cloud-based protection service that uses AI to filter out malicious traffic, including the largest-scale DDoS attacks. This ensures that the website only receives clean, legitimate IP traffic.
Meanwhile, DDoS attacks are identified and filtered in the cloud without affecting end users’ websites or online services – in other words, nullifying the attack before it can impact on services. By using this kind of system, banks can take care of growing their digital business while the service provider takes care of safeguarding their IT infrastructure.
A 360° View
It is increasingly clear that banks need to take further precautions to safeguard their clients and their data. Since IT landscapes are much more complex than they once were, there are numerous components that must be monitored.
It’s very important to take a full view of each element that makes up the IT estate. This starts from infrastructure and extends through the bank’s network and physical security, all the way up to databases, middleware and applications. By taking a 360° view, banks can take effective steps to protect their IT estate in the light of errors, misconfigurations, DDoS attempts and other cyber-attacks.
In conclusion, DDoS continues to grow in popularity as an attack tool, simply because it’s relatively easy and cheap to do, and it’s very effective. But by understanding how DDoS attacks are perpetrated, and putting the right processes and protections in place, banks will be well placed to mitigate their impact – and to keep their customers happy.
About the author
Marc Wilczek is Chief Operating Officer at Link11. In this role, he is responsible for business development, sales, marketing, growth initiatives, and strategic alliances. He was previously Vice President Portfolio, Innovation & Architecture at Deutsche Telekom, where he headed all product-related activities, including pre-sales and consulting.
New digital first bank – Monument – announces its key technology providers
- Monument selects Mambu, Salesforce, Amazon Web Services, Persistent Systems and Accenture as key providers for its technology build
- Monument is the first challenger bank in the UK to service the unmet demands of more than 3.5 million mass affluent clients: professionals, property investors and entrepreneurs
- It is building a modern, unique, lego-like technology platform which takes best of breed SaaS providers and integrates them in a cloud based microservices architecture
- This will deliver an exceptional client experience and enable Monument to innovate and to introduce new components on a frequent basis
- Monument today announces that Mambu will be the central core banking engine in the platform alongside Salesforce for CRM, and AWS for cloud services
- Monument has also engaged Persistent Systems and Accenture Interactive to support the platform build
Following receipt of its banking licence with restriction on 6 October 2020, Monument has now signed agreements with a number of key technology providers to enable the build of its bespoke technology platform.
Monument wants to deliver exceptional client experiences by using technology solutions that are modern, flexible, easy to integrate and ultimately, if necessary, able to be replaced should the need arise. The design of its lego-like technology platform is Monument’s solution to the huge challenges faced by the legacy systems of established banks. Having assessed the market over many months, Monument concluded that no appropriate single solution existed in the market for the products and services that Monument will launch in 2021.
In addition, Monument only wishes to develop its own technology where it can deliver significant competitive advantage, for example in the mobile and web services to be used by clients. Much of the technology platform is therefore based on best of breed solutions from modern, cloud-based providers.
Mambu has developed the leading cloud banking engine which is an excellent fit for the platform that Monument is building. Similarly, Salesforce provides an industry leading CRM (customer relationship management) solution which can easily be integrated with Mambu and other solutions. AWS, as a leading provider of cloud-based infrastructure, provides a range of components to ensure the platform is reliable, scalable, secure and flexible.
To support Monument in building and integrating a platform with more than 18 different components/providers, Monument has chosen to work with Persistent Systems, a leading global solutions provider specializing in digital with extensive experience in software as a service (SaaS) solutions. To support Monument in rapidly building its mobile app and web-based channels, Monument has chosen to work with Accenture Interactive, which has significant expertise in building innovative digital experiences in both the financial and non-financial sectors.
Steve Britain, Monument’s Chief Operating Officer said:
“We have been working closely with our chosen providers for some months now, to lay the foundations for the build of our platform. We are delighted at how much we have already achieved, particularly as much of the work has been done by a highly distributed team because of COVID-19. We are now focused on completing the work to build a unique configuration of best in class software components that will make us highly flexible for the future and deliver market leading client service.”
More announcements will be made shortly as other key components of the architecture are confirmed.
Sudip Dasgupta, Monument’s Chief Technology Officer added:
“It was essential to me that we selected the strongest providers available. Those that offer us modern technology solutions with the best degree of integration that we need, together with flexibility for the future and proven operational reliability. In Mambu, Salesforce and AWS we have certainly achieved that objective and we are excited about our future engagement with them. Equally, as we rapidly build our platform for launching with clients in early 2021, we wanted support from providers who have been on this journey before and in Persistent and Accenture Interactive, I am delighted to say we have found that.”
Monument will be the only bank to offer its clients an entirely digital journey for buy-to-let and property investment lending of up to £2million. It will offer market leading, top quartile savings rates and its model is designed to reward loyalty. So, if a saver deposits money for a subsequent fixed term, they will get a better rate than a new customer. And a borrower who renews their loan will also be offered a favourable rate.
UKRSIBBANK, part of BNP Paribas Group, announces a strategic partnership with financial wellbeing startup Dreams, to enhance the digital user experience of its 2 million customers in Ukraine
- The technology powering popular consumer app, Dreams – which has helped 460,000 users save over 440M EUR – will be made available to UKRSIBBANK’s users in Ukraine.
- Through the integration of the Dreams platform within UKRSIBBANK’s own digital tools, customers of the bank can set and achieve money-saving goals, track and improve their financial lives.
Dreams (https://www.getdreams.com/en/b2b/), the Stockholm-born fintech empowering millennials to save and feel better about their money, today announces a strategic partnership with Ukrainian commercial bank UKRSIBBANK, a subsidiary of French international bank BNP Paribas Group.
This partnership follows the announcement earlier this year of Dreams’ first enterprise partnership with banking software provider Silverlake Symmetri, and the recent unveiling of a new department in Stockholm dedicated to the development of Dreams’ B2B partnerships. The announcement marks an expansion of the company’s business model as it consolidates its B2B offering and evolves its services as a provider of white label solutions for financial institutions.
Through the integration within UKRSIBBANK’s own digital tools of the Dreams Platform – which is rooted in scientific principles – customers can set and achieve money-saving goals through clever, automated saving features, in addition to nudges and saving hacks.
The Dreams Platform will be included as part of UKRSIBBANK’s digital banking offering for its 2 million+ customers, and is set to grant millions of potential consumers across Ukraine access to products which will help keep their finances on track and improve their financial lives.
The rise in digital self-help tools has long been anticipated by Dreams and forward-thinking financial institutions. The current global economic uncertainty brought about by the COVID-19 pandemic has also placed significant strains on people’s finances, and the demand for better personal finance tools has only accelerated. The partnership with Dreams is welcomed by UKRSIBBANK which is currently striving to equip its customers with the best possible banking solutions whilst helping them achieve a more sustainable lifestyle.
Dreams is firmly established as an authority in its industry, having launched its consumer-facing app in its native Sweden in 2016 and Norway in 2018 – where it has already achieved a 16% market share of all 20-39 year olds.
Henrik Rosvall, CEO and founder of Dreams, comments: “It’s a true honour to be partnering with UKRSIBBANK and BNP Paribas Group, and we’re incredibly excited to be introducing the Dreams solution to UKRSIBBANK’s customers and the wider Ukrainian market.
“Dreams and UKRSIBBANK can now lead the charge, with BNP Paribas Group’s corporate strategy having shifted in recent years to focus on guiding customers towards responsible consumption and sustainable personal finance management. I’m confident that our mission of helping millennials save more and feel better about their money makes us the ideal partners.
“Our financial wellbeing platform – which is built upon behavioural science and personal finance management principles – will provide the perfect tool for UKRSIBBANK to help its customers make better financial choices and become more sustainable in the way they handle their finances. This partnership will also help UKRSIBBANK safeguard the loyalty of its customers and futureproof its digital banking offering against a growing number of challenger banks and fintechs.”
Konstantin Lezhnin, Head of Retail at UKRSIBBANK BNP Paribas Group, comments: “I believe that banks have a role to improve their customers’ lives. Planning and saving for important life events improves our quality of life by reducing stress levels, and we wish to make our customers feel more confident and in-control of their lives.
“UKRSIBBANK has always applied innovative ways to assist our customers in financial planning, so we are very happy to now be working with Dreams, the best European player in behavioural savings. They have an extremely solid track record in Sweden and Norway based on scientific research, so we are confident that this partnership will work positively for our customers in Ukraine. This also demonstrates our strategy to cooperate with startups and innovative companies that seek ways to expand their operations.”
Three times as many SMEs are satisfied than dissatisfied with COVID-19 support from their bank or building society
- More SMEs are satisfied (38%) than dissatisfied (13%) with their COVID-19 banking support
- Decline in SMEs using personal current accounts for business banking as more seek access to the Government-backed lending scheme
- Fewer SMEs believe nearby branches are important when choosing a bank or building society
- 15% of SMEs use mobile or online banking more often than before the COVID-19 pandemic
- When SMEs do look to switch, low or no charges for business banking remains the most important factor (47%) in selecting a new account
Three times as many SMEs have been satisfied than dissatisfied with the COVID-19 support available from their bank or building society, according to YouGov research commissioned by the Current Account Switch Service.
Overall, four in ten SMEs (38%) were satisfied with the support they received from their business current account provider since the pandemic began. This contrasts with one in ten SMEs (13%) who were dissatisfied. In general, more than half of SMEs (55%) are satisfied with their current business bank account, compared to 8% who are dissatisfied. However, inertia remains a problem as half of SMEs (50%) said they would not look to switch business accounts even if they were dissatisfied with their current bank or building society.
When SMEs do look to switch, low or no charges for business banking remains the most important factor (47%) in selecting a new account. Advanced digital features (35%), good interest rates (34%), and a personal connection through a relationship manager (33%) also mattered.
The SME banking research was conducted both in February and in September 2020. It also reveals that since the start of the pandemic, the proportion of SMEs using business current accounts has increased from 69% in February to 74% in September as firms are required to have a business account to receive access to the Government-backed lending schemes.
However, one in five SMEs (20%) still use a personal current account for their business banking needs, despite the risk that tax liabilities get confused, and calculations are made incorrectly. These businesses are also missing out on a range of business-only banking benefits such as integrated accounting software or invoicing tools offered by different providers.
In addition, the research shows the importance of branches to SMEs has declined over the seven months. When asked in February, more than a fifth of SMEs (22%) said the availability of nearby bank branches was important when selecting their bank or building society, compared to 17% in September. However, the Post Office could be fulfilling the role of branches in some areas.
The declining importance of nearby branches was most noticeable in the North East region where 35% of SMEs believed branches were important in February, falling to 18% in September. The importance of nearby branches also varies between industries. One in ten IT companies (11%) said nearby branches were an important factor compared to nearly three in ten (29%) leisure and hospitality businesses.
While branches are less important, digital banking use has increased for some SMEs. Several firms have started to use online banking for the first time as 15% of SMEs say they use mobile or online banking more often than before the social distancing measures were introduced.
Maha El Dimachki, Chief Payments Officer of Pay.UK, owner and operator of the Current Account Switch Service, said: “Across the country, banks and building societies have been working hard in difficult circumstances to meet customer needs. Thanks to that work, small and medium-sized enterprises are more likely to say they are satisfied than dissatisfied with the support they received from their business account provider since the pandemic started. But lockdown has changed small business behaviour dramatically, in a way that points to significant changes to their banking needs both now and in future.
“It’s encouraging to see many small businesses are generally satisfied with their business bank accounts. However, even when businesses are unhappy with their bank, some don’t consider switching as an option, despite the many benefits available. We’ll continue to raise awareness of the benefits of switching among small businesses to help them get the most from their bank account.”
Data Unions, fisherfolk and DeFi
By Ruby Short, Streamr In the fintech world it seems every month there’s a new trend or terminology to get...
Deloitte: Middle East organizations need to rethink their workforce in the wake of COVID-19
Organizations in the Middle East have had to take immediate actions in reaction to the COVID-19 pandemic, such as shifting...
One in five insurance customers saw an improvement in customer service over lockdown, research shows
SAS research reveals that insurers improved their customer experience during lockdown One in five insurance customers noted an improvement in...
ECOMMPAY expands Open Banking payments solution to Europe
Open Banking by ECOMMPAY facilitates fast, secure and simple payments International payment service provider and direct bank card acquirer, ECOMMPAY, has...
Bots Are People Too: Robotic Process Automation in Finance
By Tom Venables, Practice Director – Application & Cyber Security at Turnkey Consulting As technology has advanced, Robotic Process Automation...
The power of superstar firms amid the pandemic: should regulators intervene?
By Professor Anton Korinek, Darden School of Business and Research Associate at the Oxford Future of Humanity Institute. Gosia Glinska, associate...
How to drive effective AI adoption in investment management firms
By Chandini Jain, CEO of Auquan Artificial intelligence (AI) has the potential to augment the work of investment management firms...
Democratising today’s business software with integrated cloud suites
By Gibu Mathew, VP & GM, APAC, Zoho Corporation Advances in the cloud have changed the way we interact with...
Why the UK is standing tall at the forefront of fintech
By Michael Magrath, Director of Global Standards and Regulations, OneSpan In recent years, the UK has established itself as one...
How CFO’s can Help Their Businesses Successfully Navigate The Financial Fallout From COVID-19
By Mohamed Chaudry, Group CFO of FoodHub 2020 has been one of the toughest years in recent memory for business....