Connect with us
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Banking

WHY CUSTOMER EXPERIENCE IS THE KEY TO STANDING OUT IN THE BANKING SECTOR

Published

on

WHY CUSTOMER EXPERIENCE IS THE KEY TO STANDING OUT IN THE BANKING SECTOR

By Shashi Nirale Senior Vice President & SBU Head at Servion Global Solutions

With consumers shunning traditional in-branch services for mobile apps and online services, banks have been forced to adapt in order to stay relevant. In fact, research from the British Bankers Association found that digital banking is leading to a ‘consumer-led revolution’ with a drastic increase in the use of mobile banking apps. As a result of this, more and more users are moving to online-only challenger banks such as Atom Bank, which are driving traditional financial organisations to be more innovative to remain competitive.

In today’s marketplace, services and products in all industries are commoditised, with businesses struggling to compete on price – meaning they need to find alternative ways of standing out. One way to do this is delivering a better customer experience – a key differentiator. The battle for customer loyalty will see the use of next-generation technologies become vital for banks to succeed.

AI driven customer experience

Artificial Intelligence (AI) driven automation technology is already in use at a number of banks to help them reduce costs and improve customer experience. This is achieved by automating lengthy manual processes to free up staff so they can spend more time engaging effectively with customers. Further, AI-driven voice activation is taking over a range of customer interactions which previously would have required human interaction. With voice activated services such as Siri and Alexa becoming more popular, customers are increasingly familiar with the use of voice as a means for communicating with machines, and by extension, companies.

The natural evolution of these advances is voice biometrics. Within the banking sector, biometrics are set to become one of the most crucial tools in customer experience; providing customers with a convenient way of interacting without the need for a lengthy and inconvenient login processes, and with no additional customer authentication required. Today, customers become frustrated by having numerous passwords to remember or carrying a dongle around, just to access their accounts – any technology that helps to solve this issue will put banks one step ahead of their competition.

The win-win situation for consumers and banks

One example of this is Barclays, which has put in place a system that uses voice recognition to authenticate identity, meaning there’s no need for security questions or passwords. From the bank’s perspective, the advantage is clear; agents in the customer hub save time as they don’t need to go through lengthy authentication processes, so have more time to handle customer interactions.

But it’s not just voice authentications, new technologies have the potential to dramatically reduce operational costs for banks by automating other services such as bank transfers. Since live customer support agents normally charge by the hour, even a 30-second reduction in call time results in significant cost savings. Completing an entire customer service interaction by virtual means is even more cost effective. For customers, AI will offer highly personalised financial advice without the need for a human agent to be present. For customers, these technologies result in faster issue resolution, lower wait times, reduced customer effort and improved customer satisfaction.

Consumer driven change

Typically, the banking industry has been known as a laggard in terms of technology – however the industry is making great progress as a result of these new opportunities. The banking revolution is ultimately being driven by consumer uptake of new technologies. When it comes to meeting the needs of younger generations and future customers, voice recognition is just the start of a new evolution in banking.

The future will see even more exciting developments in the sector, customers will begin to see, and indeed demand, augmented and virtual reality channels of communication with their banks. In addition, we could even eventually see holograms in use, as companies push the boundaries of innovation to improve the customer experience. With this in mind, banks must ensure they are doing all they can to stay at the forefront of innovation, to avoid falling out of favour with their customers.

Banking

Ensuring ATMs aren’t the weakest link to banking cybersecurity

Published

on

Ensuring ATMs aren’t the weakest link to banking cybersecurity 1

By Elida Policastro, Regional VP – Cybersecurity division at Auriga

Digital banking brings huge benefits to customers, but the risks of cyber-attacks continue to rise. For banks, there is a need to stay ahead of the game, anticipating new methods of attack so that innovative solutions can be put in place in time to minimise those changing threats.

In terms of attack targets, the ATM ecosystem is complex and made up of heterogeneous hardware and software that is expensive and difficult to update especially when ATMs and customer touchpoints need to be available 24/7. Because of this, financial organisations usually do not have the latest security policies in place, nor a centralised view of the ATM attack surface. It is vital that banks and ATM operators strike the balance between software deployment and hardware maintenance with keeping control of changes in software and hardware and ensuring the ATM network is as secure as possible.

This is critical because ATMs and central servers, which are the systems that control ATMs, have become a popular target for cyber-attacks. Last year, over a half (58%) of the global banking industry respondents to the ATMIA Global Fraud and Security Survey 2019 reported that ATM attacks, which includes both physical security breaches and fraud incidents, had increased.

ATM fraud attacks fall into three categories:

  • Data fraud, resulting from data breach, such as account numbers, pin codes, and other personal data
  • Physical fraud, consisting of theft of valuable assets, such as cash by stealing cards
  • Cyber fraud – logical attacks to the systems and communications

Jackpotting is a an increasingly popular form of cyber-attack that exploits physical and software-based vulnerabilities in ATMs to get cash and thus an immediate financial reward for the attacker. It is estimated that in the last five years, financial organisations have lost millions to jackpotting. For example, the Ploutus family of ATM malware, which originally appeared in Mexico in 2013, has created losses of over $450 million dollars (€398 million) around the world.

ATMs suffer physical and logical attacks for several reasons: one is that the physical cash inside acts as an incentive, and another is that cash machines contain confidential information like debit card numbers and PIN codes, which can be stolen and sold.

Critically, ATMs are a weak link in a bank’s security systems. They appeal to attackers because they are often poorly monitored and little logical action is taken to protect the data in them. In addition, cyber-criminals have also realised that ATM networks utilise security infrastructure that is based on a great deal of legacy hardware and software. This is more vulnerable to attacks because of the high cost of upgrades and difficulty to install security updates with machines that are geographically dispersed and use older operating systems and protocols. Unfortunately, this results in insecure systems that can be easily exploited.

On top of all of that, there is a real risk of an insider threat. There are a lot of different people and roles responsible for the upkeep of an ATM and these all have administration rights, including employees from the financial institutions, service providers, developers and installers.

One of the main ways cyber adversaries attack ATMs is via the ‘XFS layer’, a standard interface designed to have multivendor software running on manufacturers’ ATMs and other hardware. While the XFS layer uses standard APIs to communicate with self-service applications, there is no standard way of secure authentication that comes with it, making it easy for cyber-criminals to exploit this vulnerability. Cyber-attackers can therefore deploy malware into banking touchpoints such as cash machines to trick them into giving ‘cash out’ commands and dispense money. The card reader may also be compromised – able to steal card numbers and track the pin pad to learn pin numbers, making the XFS layer a very attractive target. The importance of cybersecurity in banking is therefore only going to increase.

So, how should banks and ATM operators best prevent attacks? For ATMs, typical endpoint protection security such as anti-malware technology is just not enough. ATM networks and systems are critical infrastructure devices that need to be constantly available and so they require greater protection and a different approach.

The best approach is a centralised security solution that protects, monitors, and controls ATM networks and thus manages the entire banking asset network in one place and take appropriate action, such as stopping malware spreading throughout the network from infected ATMs.

Such modern technology solutions not only provide invaluable cybersecurity protection, they can also save banking organisations time and money, as ATM and infrastructure management is centralised into a single hub. Actions can be executed remotely to quickly establish new defences via techniques such as network segmentation or implementing new firewalls.

It is particularly important for banks to have several layers of protection in one single platform. Such layers could involve full disk encryption, application whitelisting, hardware protection and file integrity protection.

Although financial organisations are making a concerted effort to improve their security landscape, cyber-criminals are continuing to innovate their attacks, making it an environment of threats that is evolving and advancing. From this, banks must constantly be proactive in implementing and testing their cyber-defences. It is therefore wise to draw upon external counsel with specialist security knowledge to double check on security plans and processes and help ensure ATM security is up to date and preventative.

Cyber Threat Intelligence (CTI) can provide banks with an early warning system to detect and contain potential threats before they become incidents. This intelligence is essential for any business as cybersecurity threats become increasingly indiscriminate. Once they become aware of any relevant threats and vulnerabilities, then they will begin to understand where and how these can be exploited, as well as the impact this may have on both the business and individuals.

Awareness of the threat landscape is vital for banks to understand what could be exploited and utilised for future cyber-attacks. If they do not, they open themselves up to the very real possibility of experiencing security breaches, loss of sensitive customer data, and of course stolen cash.

Continue Reading

Banking

Bank fraud prevention in a post-COVID-19 world

Published

on

Bank fraud prevention in a post-COVID-19 world 2

By Pierre-Antoine Dusoulier, Founder and CEO, iBanFirst

Fraud on the rise

According to recent research from a leading UK retail bank, there was a 66 per cent increase in reported scams in the first six months of 2020 compared with the last six months of 2019 – due to the COVID-19 pandemic.

Across the summer months, Action Fraud UK reported a total financial loss of £11,316,266 by 2,866 victims of coronavirus-related scams.

The rise in fraud rates is a warning that banks, building societies and other financial providers need to be as alert as ever in identifying fraud.

So, what do banks need to do to ensure their customers are protected from fraud in a post-COVID-19 world?

Educate your customers to safeguard against fraud

On the customer level, banks need to be informing their customers on the types of common fraud to ensure that they are protected for all eventualities.

Authorised push payment scams are one of the fastest growing types of fraud. According to the FT, £354 million pounds was stolen this way last year. It is where a company or individual is tricked into paying money into a criminal’s account. Emails come from a genuine email address but are then intercepted by a criminal, so it’s imperative that businesses have end-to-end email encryption, and the customer double-checks the account details with the supplier on the phone prior to making a payment.

At the same time, scammers can also exploit the company’s invoicing process, where criminals create a bogus invoice for a small amount and send it to a company’s accounting department. If the finance team does not identify this as fraudulent, it can result in the business losing a considerable amount of revenue over a long period of time.

Supplier fraud is also a widespread scam. This involves the fraudster taking on the appearance of a supplier that has changed their bank details. The fraudster will have collected information on the suppliers of the targeted company, in order to pose as an official supplier. This can be prevented by ensuring that the supplier is contacted to confirm the legitimacy of the communication. It’s important not to call or email the supplier using the details provided on the suspected fraudulent correspondence. Instead they must check the original details of the supplier and speak to them on their official telephone number or email on file.

Banking malware is the least commonly cited type of fraud but has a greater financial risk attached to it. Malware is sent by email redirecting the recipients of the message to a fake banking interface, as a way of transferring funds to offshore accounts.

Remodel processes post-COVID-19 to keep customer data safe

To fight cyber fraud and scams, banks must also play their part. In a world where entire workforces are working from home banks must remain vigilant with customer data. COVID-19 has created a change in working habits and banks need to carry out the right level of training for its employees to protect customer data. Virtual team meetings and remote data sharing poses a threat to exposing sensitive information to malicious actors, and banks need to put the necessary safeguards in place.

All virtual meetings should use the banks’ private company network, and file sharing should be carried out through secure, encrypted company drives. Meanwhile, banks need to provision for all employees to receive regular software updates that will keep customer data safe, and ensure that they are aligned with new and existing data processing regulations.

Monitoring suspicious payments

A vital element to fraud detection is through monitoring customer transactions in real time, and harnessing emerging technologies such as artificial intelligence and machine learning to spot the signs of a scam or fraud before it is too late.

One way that banks protect businesses from fraud is through keeping a log and examining regular transactional history. Any transactions which appear suspicious based on location, amount, the beneficiary, and the method will be alerted to the business customer, to mitigate the immediate and future financial risk to the business.

Know your transaction

To understand financial flows better, every bank has a Know Your Customer (KYC) engine. This is a payment infrastructure that supports onboarding processes and risk-based transaction monitoring. This system is already well known and we don’t need to elaborate on this further, as it is the fundamental building block to ensure the highest level of traceability across all transactions – including remittances and receipts of funds and foreign exchange transactions internationally.

However, KYC is limited and doesn’t include real-time analysis. What can be overlooked is a KYT engine – Know your Transaction. The aim of KYT (Know Your Transactions) is to identify potentially risky transactions and their underlying unusual behaviour for detecting money laundering, fraud or corruption. An automated concentration of transactions with accurate and relevant information directly from the original data sources is essential.

Finally, banks and payment companies need to implement anti-fraud modules to defend against cyberattacks, based on the latest algorithms capable of analysing transactions issued in real time and detecting anomalies or suspicious behaviour upstream, strengthening the security and transparency of payments and building a network of trust between issuers and recipients of payments.

In a post-COVID-19 world it’s clear that scams will become more common place. Within this environment there is a shared responsibility when mitigating the risk of financial fraud. The bank must educate and inform customers to enable them to protect themselves, while ensuring a robust technological infrastructure and ways of working are in place that protects customer data; their finances, and fundamentally their business and livelihood.

Continue Reading

Banking

How One Bank Successfully Responds to Sophisticated Threat Actors

Published

on

How One Bank Successfully Responds to Sophisticated Threat Actors 3

By Robert Golladay, Strategic Accounts Director, Illusive Networks

Cybercriminals and hacktivists have a special fondness for financial institutions. Continuous business innovation, complex ecosystems, merger and acquisition activity, fintech, cloud adoption and a growing consumer-driven attack surface multiply the problem for financial organizations. Despite the vast resources financial institutions devote to cybersecurity, one challenge has been especially difficult to solve – that of detecting and stopping APTs before real damage is done.

Securing cloud-based banking

An active lender in the UK sought a new way to protect its customers and the valuable assets it holds. The bank needed to:

  • Defend customer and employee information from compromise
  • Detect and thwart sophisticated attacks
  • Effectively defend cloud-based operations across accounts and instances

As a cloud-first company, the bank’s preference is to always invest in next-generation technology for operations and security infrastructure. In May 2016, with the help of Amazon Web Services (AWS), it became the first bank in the UK to be fully cloud hosted. The bank also uses AWS to deliver a financial technology service that helps lenders make informed decisions through data and automation.

Security is always a priority, which is one of the reasons the company chose AWS, conducts regular penetration testing, and performs advanced attack simulations. To maximize effectiveness of its layered security infrastructure, the company continually trains its employees and reinforces data security best practices.

In particular, the bank sought additional safeguards from sophisticated threats that evade other security measures, such as advanced persistent threats, as well as gain insight into attacker tactics and techniques. The new layer needed to be cloud-based for high scalability and flexibility, and it had to defend the company without time-wasting false positive alerts. The security team looked at deception technology and chose a solution that allowed them to gain real-time verification of anomalies and lateral movement in the network.

Choosing deception

The deception solution enabled the bank to focus on attackers’ behaviour and perspective. The solution’s expertise in attacker methodology augmented the bank’s internal capability to detect novel attacks, while enabling rapid and adaptable coverage in its cloud-based environment.

The bank’s deception solution uses agentless, intelligence-driven technology that creates a dense web of deceptions and effortlessly scales across the infrastructure. Featherweight deceptions on every endpoint look exactly like the bank’s real data, access credentials and connections. When an attacker is confronted with deceptions, this deceptive view of reality makes it impossible to choose a real path forward. One wrong step triggers an alert to the bank’s security team.

The bank’s CISO found it invaluable to be able to deploy a solution that creates doubt and confusion in an intruder’s mind. When attackers can’t distinguish between real and deceptive assets, the security team can collect information and apply intelligence to patterns that it has observed during that time period of activity. The solution simultaneously sharpens the bank’s investigative process and constrain the attacker.

The lender easily deployed deception technology across its complex environment, scaling it across AWS instances and accounts. The IT security team now has continuous visibility and confidence that these defences enable them to thwart sophisticated threat actors.

Deceptively secure

The bank gained proactive threat response and the assurance that an alert represents a real issue. These alerts are only triggered when an attacker engages with a deceptive asset. At that point, the deception technology immediately begins capturing forensic data from the system where the attacker is operating, presenting real-time forensics and a quantifiable measure of potential business risk. It uncovered, for example, malicious processes trying to operate on an endpoint.

The deception solution enables the lender to be much more proactive. It detects and analyses attacks in real time to produce actionable alerts, directing the security team to relevant and valuable conclusions. The technology provides exceptional, innovative coverage for malicious pivoting and lateral movement. It uncovers the in-depth, sophisticated actors who evade other countermeasures and gives security analysts direct visibility into targeted attacks, which they find invaluable.

A laser-focused approach

The financial sector remains a perennial favourite of the cybercriminal crowd. As networks become more complex, their perimeters all but disappear, creating the need for stronger and more comprehensive security than ever previously imagined. Advanced persistent threats are a particular concern, as they are notoriously difficult to detect before significant damage is done. For financial institutions, the reputation damage alone may be insurmountable.

Banks and other financial services organizations pour resources into cybersecurity, but one option that needs further exploration is deception technology. This method of security monitors for lateral movements toward critical assets and thus provides a powerful alternative or enhancement to traditional monitoring approaches. Security teams can see attackers’ proximity to those crown jewels early in the attack cycle, buying time for careful response. As the lender above learned, deception technology cuts through the noise of alerts to deliver the intel financial institutions need to act quickly and safeguard their high-value data.

Continue Reading

Call For Entries

Global Banking and Finance Review Awards Nominations 2020
2020 Global Banking & Finance Awards now open. Click Here

Latest Articles

Time for the adaptive profession – APM reveals findings of its Projecting the Future report   4 Time for the adaptive profession – APM reveals findings of its Projecting the Future report   5
Business45 mins ago

Time for the adaptive profession – APM reveals findings of its Projecting the Future report  

The project profession is at the forefront of change, but needs to continually develop skills to stay relevant 15 September,...

Setting up secure remote working for financial services 6 Setting up secure remote working for financial services 7
Technology2 hours ago

Setting up secure remote working for financial services

By Pete Watson, CEO, Atlas Cloud Financial advisors, insurers, banks and brokers; the entire financial services sector has been forced...

Ensuring ATMs aren’t the weakest link to banking cybersecurity 8 Ensuring ATMs aren’t the weakest link to banking cybersecurity 9
Banking2 hours ago

Ensuring ATMs aren’t the weakest link to banking cybersecurity

By Elida Policastro, Regional VP – Cybersecurity division at Auriga Digital banking brings huge benefits to customers, but the risks...

A sleeping digital giant wakes? 4 key trends accelerating payments transformation in the US 10 A sleeping digital giant wakes? 4 key trends accelerating payments transformation in the US 11
Top Stories3 hours ago

A sleeping digital giant wakes? 4 key trends accelerating payments transformation in the US

By Lauren Jones, International Payments Ambassador, Icon Solutions The US payments industry is undoubtedly ripe for change. Before the unprecedented...

Return to Work Doesn’t Mean Business as Usual When it Comes to Travel and Expense 12 Return to Work Doesn’t Mean Business as Usual When it Comes to Travel and Expense 13
Top Stories4 days ago

Return to Work Doesn’t Mean Business as Usual When it Comes to Travel and Expense

By Rob Harrison, MD UK & Ireland, SAP Concur The last few months have been an exercise in adaptability for...

Why technology is key to the future of auditing 14 Why technology is key to the future of auditing 15
Technology4 days ago

Why technology is key to the future of auditing

By Piers Wilson, Head of Product Management at Huntsman Security The Financial Reporting Council (FRC), which is responsible for corporate governance,...

Staff training crucial for SME recovery post-COVID 16 Staff training crucial for SME recovery post-COVID 17
Business4 days ago

Staff training crucial for SME recovery post-COVID

47% of UK’s top performing SMEs provide regular, formalised training for all staff Despite this, 15% of small businesses report to...

What Is Globalization 18 What Is Globalization 19
Business5 days ago

What Is Globalization

What is globalization? Globalization, or inter-connectedness, is the ever-growing process of integration and interaction among countries, individuals, businesses, and even...

What Is Microsoft Teams 20 What Is Microsoft Teams 21
Business5 days ago

What Is Microsoft Teams

Microsoft Teams is an application and web-based collaboration tool that combines chat, videos, online collaboration, document storage, and collaboration with...

What Is Capitalism 22 What Is Capitalism 23
Business5 days ago

What Is Capitalism

What is capitalism? Is it a great economic system or just another economic system that is not so great? Well,...

Newsletters with Secrets & Analysis. Subscribe Now