Connect with us
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Technology

WHY IS HCE PERFECT FOR AUSTRALIA?

Published

on

seinthecloud1

Martin Cox – Global Head of Sales, Bell ID

Mobile payments have been a major talking point in Australia and around the world for a number of years. Hype around trials, joint ventures and roll outs have come and gone and the feeling of frustration that all of this effort and expense has not achieved mass-market deployments has grown.

WHY IS HCE PERFECT FOR AUSTRALIA? 3Google changed all of this for the Australian marketplace with one announcement in 2013. The incorporation of host card emulation (HCE) into the Android platform brought significant relief to many of the key banks and service providers that have been trying, yet failing, to make progress in launching mobile payments using USIM secure elements. Australia is widely regarded as a market where HCE can solve a number of issues and achieve traction quickly, so Australian banks and service providers are now sprinting to develop this technology and become first-movers within their markets. But why is HCE perfect for Australia?

  • Establishing a TSM infrastructure has been difficult

As with many markets around the world, Australian banks, mobile network operators (MNOs) and service providers have been unable to work together effectively and a trusted service management (TSM) infrastructure has not been implemented.

Whilst the introduction of TSMs to manage the USIM-based ecosystem has been a success in countries such as Canada, the release of Google’s Android KitKat 4.4, which enables NFC-based transactions through HCE, presents an opportunity. Leveraging HCE and cloud-based secure elements, financial institutions and service providers can take control of their implementations and come to market independently, avoiding the need for complex business relationships with other entities in the ecosystem.

  •  There is already a strong contactless infrastructure

HCE mobile payments use the same contactless point-of-sale (POS) infrastructure as contactless cards. This is an ideal starting point for Australia, where contactless-enabled terminals are widely deployed, with over 100,000 contactless POS terminals across Australia already.

On top of this, Australian banks are innovative and open to new technologies, and consumers are quick to adopt new payments methods, as was the case with contactless cards. Around twelve million contactless cards are already in circulation, so Australian consumers already accustomed to the ‘tap-and-go’ culture will quickly adapt to mobile payments.

  •  The commitment to Embedded Secure Elements is wavering
Martin Cox

Martin Cox

Australia was one of the few countries where embedded secure elements (eSE) were launched for mobile payments. As little adoption has come globally, however, commitment from the handset manufacturers is now wavering as eSEs represent an additional expense. For example, although included in the Samsung Galaxy S4, there is no eSE in the vast majority of S5′s. With NFC becoming prevalent in handsets but eSEs receiving less support, this leaves the door open for HCE to become the dominant technology for swift and widespread mobile payments deployment.

There are already a number of projects underway which may see HCE-based mobile payments applications in the hands of consumers this year. In addition to the market drivers which make HCE-based mobile payments perfect for Australia, there are a number of benefits for banks and service providers. Using cloud-based SEs provides increased flexibility, storage capacity and processing power, in addition to reducing the costs and complexity of implementation. For the consumer, mobile payments offer simplicity, convenience and much quicker payments.

Interested in finding out more about HCE? Read our blogs or watch our short explanatory video.

Technology

Setting up secure remote working for financial services

Published

on

Setting up secure remote working for financial services 4

By Pete Watson, CEO, Atlas Cloud

Financial advisors, insurers, banks and brokers; the entire financial services sector has been forced to rethink operating models to keep staff safe and clients served throughout a global pandemic. Traditionally, the industry as a whole has been slower to embrace home working and the solutions that power it, as roles were heavily office-based, or branch-based in the case of traditional banks.

Underpinned by stringent regulations and with access to an abundance of sensitive data, the process of remote cloud-based working is not only a discussion of logistics. It also throws up huge security considerations for firms making the transition. With 95% of financial services applications now said to possess vulnerabilities, it is easy to understand any reservations these companies might have about implementing a Software-as-a-Service working environment.

However, these same concerns may also hinder success in the long run, as a more flexible digital approach moves from value-added to business-critical in a remote setting. The question is, how do firms create a setup that both minimises risk and maximises success?

Understanding your needs

As with every new technology, the first step is understanding why your business needs it. Like all modern workplaces, financial service firms expect a lot from their IT infrastructure. Users require better connectivity, access and speed from their systems and decision makers must implement a network connectivity infrastructure that can meet these demands. Today, this setup must also account for every device that employees are using to work remotely.

Next is the fundamental security considerations. It goes without saying that financial services epitomise the need for watertight IT systems. Financial service firms store their sensitive information within key applications, all of which vary based on the service requirements. With sensitive customer and company data stored in applications and on devices, their networks are at constant risk of compromise.

Protecting this information is a necessity and managing a large scale shift to the cloud must cover every base – particularly as cybercriminals have raised their game to ‘exploit the chaos’ during lockdown. However, there often is a big difference between where those key applications are hosted.

Setting up securely

If financial firms have older applications, then data will typically be stored on-premise on company servers. Where this is the case, moving to a cloud-hosted virtual desktop environment offers a quick way to get remote working underway securely and with minimal friction. Modern Desktop-as-a-Service (DaaS) solutions can replicate the familiar desktop setting users know and love, but allow them to access all data, email and applications from anywhere and on any device. With all data managed in a secure cloud setting, no sensitive data is stored directly on the end-user device. This improves all-important cyber resilience without having to invest large resources in upgrading to new iterations of required software applications.

In other cases, many firms have already migrated legacy on-premise applications to SaaS-based applications, which alleviates the hosting burden with access enabled through your everyday web browser. However, where sensitive data is concerned, it is not quite so easy to just give employees access to a SaaS platform, where they can use any device and download often sensitive data to uncontrolled personal devices outside of the company network.

Pete Watson

Pete Watson

This issue has intensified in lockdown. A recent survey found that 23% of those working in financial services are now using their laptop to work, with 43% storing work on their personal devices. Inevitably, more devices in use leads to more potential entry points. A large amount of trust is placed with individuals to make sure they’re working safely. But when handling large caches of highly sensitive data, even the smallest oversight or breach could prove disastrous when adequate levels of threat protection are not in place. With 20% of home workers having taken no action to mitigate potential cyber threats during lockdown, successful security becomes about the safeguards that firms actively put in place.

To alleviate risk, companies would previously look to IP address blocking, which restricts access to SaaS logins to only ‘whitelisted’ IP addresses, such as the company premises. When working out of the office, you could then use a VPN to route your internet back through the office and allow access. However, as many have learned, a VPN-based approach has inherent security challenges that can be exploited by attackers to gain access to a network. A weak identity or unguarded device can allow unwanted visitors access to data through a VPN, with many often flying under the radar undetected. What’s more, in a time where access to on-premise devices and networks is limited, the significant housekeeping to stay on top of patching VPNs is by no means scalable or effective.

Assessing your options

Hosted virtual desktops offer a convenient solution to these issues, as firms no longer need to rely on the security of every device, and all security patching and updates can be applied to all users simultaneously. Yet, for firms already running their business from SaaS applications that enable access from anywhere – albeit not as effectively – this can seem an unnecessary expense. So, how do you then unlock the security benefits without overhauling your IT approach?

There are various solutions that offer add-on security features to your existing SaaS-based setup. The likes of Citrix Workspace can deliver a secure multi-factor login into one controlled cloud environment, providing access to pre-approved company apps and file storage with one-click access. Although a seemingly simple change, this additional layer not only keeps firms in control, but also affords user access to business-critical information and apps from any Internet-enabled location.

This calibre of financial data naturally makes firms across the sector susceptible to an array of other cyber threat tactics. Financial services are no stranger to spam emails which include viruses, or calculated impersonation attacks designed to deceive staff with malicious attachments, URLs and other pieces of content. When assessing an workspace setup, financial service companies must consider exploring multi-level assessment solutions that deliver advanced checks to protect them  from this popular method of attack. What’s more, modern disaster recovery from certified suppliers can reduce risk of network downtime, eliminating the potential reputational damage (as TSB suffered) and FCA fines and maintain continuity with data loss measured in seconds, not minutes.

Remote working is here to stay, and the time to act on security is now. While it can be a daunting task for finance companies, simply ignoring the growing cyber risks of a modern working environment could be catastrophic. By working with the right partners to put these safeguards in place, financial services can arm their workforce with secure remote working at scale, keeping threat at bay and maintaining the standard of client care needed to assure customers in times of change.

Continue Reading

Technology

Why technology is key to the future of auditing

Published

on

Why technology is key to the future of auditing 5

By Piers Wilson, Head of Product Management at Huntsman Security

The Financial Reporting Council (FRC), which is responsible for corporate governance, reporting and auditing in the UK, has been consulting on the role of technology in audit processes. This highlights growing recognition for the fact that technology can assist audits, providing the ability to automate data gathering or assessment to increase quality, remove subjectivity and make the process more trustworthy and consistent. Both the Brydon review and the latest AQR thematic suggest a link between enhanced audit quality and the increasing use of technology. This goes beyond efficiency gains from process automation and relates, in part, to the larger volume of data and evidence which can be extracted from an audited entity and the sophistication of the tools available to interrogate it.

As one example, the PCAOB in the US has for a while advocated for the provision of audit evidence and reports to be timely (which implies computerisation and automation) to assure that risks are being managed, and for the extent of human interaction with evidence or source data to be reflected to ensure influence is minimised (the more that can be achieved programmatically and objectively the better).

However, technology may obscure the nature of analysis and decision making and create a barrier to fully transparent audits compared to more manual (yet labour intensive) processes. There is also a competition aspect between larger firms and smaller ones as regards access to technology:

Brydon raised concerns about the ability of challenger firms to keep pace with the Big Four firms in the deployment of innovative new technology.

The FRC consultation paper covers issues, and asks questions, in a number of areas. Examples include:

  • The use of AI and machine learning that collect or analyse evidence and due to the continual learning nature, their criteria for assessment may be difficult to establish or could change over time.
  • The data issues around greater access to networks and systems putting information at risk (e.g. under GDPR) or a reluctance for audited companies to allow audit firms to connect or install software/technologies into their live environments.
  • The nature of technology may mean it is harder for auditors to understand or establish the nature of data collection, analysis or decision making.
  • The ongoing need to train auditors on technologies that might be introduced, so they can utilise them in a way that generates trusted outputs.

Clearly these are real issues – for a process that aims to provide trustworthy, objective, transparent and repeatable outputs – any use of technology to speed up or improve the process must maintain these standards.

Audit technology solutions in cyber security

The cyber security realm has grown to quickly become a major area of risk and hence a focus for boards, technologists and auditors alike. The highly technical nature of threats and the adversarial nature of cybers attackers (who will actively try and find/exploit control failures) means that technology solutions that identify weaknesses and report on specific or overall vulnerabilities are becoming more entrenched in the assurance process within this discipline.

While the audit consultations and reports mentioned above cover the wider audit spectrum, similar challenges relate to cyber security as an inherently technology-focussed area of operation.

Benefits of speed

The gains from using technology to conduct data gathering, analysis and reporting are obvious – removing the need for human questionnaires, interviews, inspections and manual number crunching. Increasing the speed of the process has a number of benefits:

  • You can cover larger scopes or bigger samples (even avoid sampling all together)
  • You can conduct audit/assurance activities more often (weekly instead of annually)
  • You can scale your approach beyond one part of the business to encompass multiple business units or even third parties
  • You get answers more quickly – which for things that change continually (like patching status) means same day awareness rather than 3 weeks later

Benefits of flexibility

The ability to conduct audits across different sites or scopes, to specify different thresholds of risk for different domains, the ease of conducting audits at remote locations or on suppliers networks (especially during period of restricted travel) are ALL factors that can make technology a useful tool for the auditor.

Benefits of transparency

One part of the FRC’s perceived problem space is that of transparency, you can ask a human how they derived a result, and they can probably tell you, or at least show you the audit trail of correspondence, meeting notes or spreadsheet calculations. But can you do this with software or technology?

Certainly, the use of AI and machine learning makes this hard, the learning nature and often black box calculations are not easy to either understand, recalculate in a repeatable way or to document. The system learns, so is always changing, and hence the rationale that a decision might not always be the same.

In technologies that are geared towards delivering audit outcomes this is easier. First, if you collect and retain data, provide an easy interface to go from results to the underlying cases in the source data, it is possible to take a score/rating/risk and reveal the specifics of what led to it. Secondly, it is vital that the calculations are transparent, i.e. that the methods of calculating risks or the way results are scored is decipherable.

Benefits of consistency

This is one obvious gain from technology, the logic is pre-programmed in.  If you take two auditors and give them the same data sets or evidence case files they might draw different conclusions (possibly for valid reasons or due to them having different skill areas or experience), but the same algorithm operating on the same data will produce the same result every time.

Manual evidence gathering suffers a number of drawbacks – it relies on written notes, records of verbal conversations, email trails, spreadsheets, or questionnaire responses in different formats.  Retaining all this in a coherent way is difficult and going back through it even harder.

Using a consistent toolset and consistent data format means that if you need to go back to a data source from a particular network domain three months ago, you will have information that is readily available and readable.  And as stated above, if the source data and evidence is re-examined using a consistent solution, you will get the same calculations, decisions and results.

Benefits of systematically generated KPIs, cyber maturity measures and issues

The outputs of any audit process need to provide details of the issues found so that the specific or general cases of the failures can be investigated and resolved.  But for managers, operational teams and businesses, having a view of the KPIs for the security operations process is extremely useful.

Of course, following the “lines of defence” model, an internal or external “formal” audit might simply want the results and a level of trust in how they were calculated; however for operational management and ongoing continuous visibility, the need to derive performance statistics comes into its own.

It is worth noting that there are two dimensions to KPIs:   The assessment of the strength or configuration of a control or policy (how good is the control) and the extent or level of coverage (how widely is it enforced).

To give a view of the technical maturity of a defence you really need to combine these two factors together.  A weak control that is widely implemented or a strong control that provides only partial coverage are both causes for concern.

Benefits of separation of process stages

The final area where technology can help is in allowing the separation and distribution of the data gathering, analysis and reporting processes.  It is hard to take the data, evidence and meeting notes from someone else and analyse it. For one thing, is it trustworthy and reliable (in the case of third-party assurance questionnaires perhaps)? Then it is also hard to draw high-level conclusions about the analysis.

If technology allows the data gathering to be performed in a distributed way, say by local site administrators, third-party IT staff or non-expert users BUT in a trustworthy way, then the overhead of the audit process is much reduced. Instead of a team having to conduct multiple visits, interviews or data collection activities the toolset can be provided to the people nearest to the point of collection.

This allows the data analysis and interpretation to be performed centrally by the experts in a particular field or control area. So giving a non-expert user a way to collect and provide relevant and trustworthy audit evidence takes a large bite out of the resource overhead of conducting the audit, for both auditor and auditee.

It also means that a target organisation doesn’t have to manage the issue of allowing auditors to have access to networks, sites, data, accounts and systems to gather the audit evidence as this can be undertaken by existing administrators in the environment.

Making the right choice

Technology solutions in the audit process can clearly deliver benefits, however if they are too simplistic or aim to be too clever, they can simply move the problem of providing high levels of audit quality. A rapidly generated AI-based risk score is useful, but if it’s not possible to understand the calculation it is hard to either correct the control issues or trouble shoot the underlying process.

Where technology can assist the audit process, speed up data gathering and analysis, and streamline the generation of high- and low-level outputs it can be a boon.

Technology allows organisations to put trustworthy assurance into the hands of operations teams and managers, consultants and auditors alike to provide flexible, rapid and frequent views of control data and understanding of risk posture. If this can be done in a way that is cognisant of the risks and challenges as we have shown, then auditors and regulators such as the FRC can be satisfied.

Continue Reading

Technology

The Future Growth of AI and ML

Published

on

The Future Growth of AI and ML 6

By Rachel Roumeliotis, VP of Data and AI at O’Reilly

We’ve all come to terms with the fact that artificial intelligence (AI) is transforming how businesses operate and how much it can help a business in the long term. Over the past few years, this understanding has driven a spike in companies experimenting and evaluating AI technologies and who are now using it specifically in production deployments.

Of course, when organisations adopt new technologies such as AI and machine learning (ML), they gradually start to consider how new areas could be affected by technology. This can range across multiple sectors, including production and logistics, manufacturing, IT and customer service. Once the use of AI and ML techniques becomes ingrained in how businesses function and in the different ways in which they can be used, organisations will be able to gain new knowledge which will help them to adapt to evolving needs.

By delving into O’Reilly’s learning platform, a variety of information about the different trends and topics tech and business leaders need to know can be discovered. This will allow them to better understand their jobs and will ensure that their businesses continue to thrive. Over the last few months, we have analysed the platform’s user usage and have discovered the most popular and most-searched topics in AI and ML. We’ll be exploring some of the most important finding below which gives us a wider picture of where the state of AI and ML is, and ultimately, where it is headed.

AI outpacing growth in ML

First and foremost, our analysis shone a light on how interest in AI is continuing to grow. When comparing 2018 to 2019, engagement in AI increased by 58% – far outpacing growth in the much larger machine learning topic, which increased only 5% in 2019. When aggregating all AI and ML topics, this accounts for nearly 5% of all usage activity on the platform. While this is just slightly less than high-level, well-established topics like data engineering (8% of usage activity) and data science (5% of usage activity), interest in these topics grew 50% faster than data science. Data engineering actually decreased about 8% over the same time due to declines in engagement with data management topics.

We also discovered early signs that organisations are experimenting with advanced tools and methods. Of our findings, engagement in unsupervised learning content is probably one of the most interesting. In unsupervised learning, an AI algorithm is trained to look for previously undetected patterns in a data set with no pre-existing labels or classification with minimum human supervision or guidance. In 2018, the usage for unsupervised learning topics grew by 53% and by 172% in 2019.

But what’s driving this growth? While the names of its methods (clustering and association) and its applications (neural networks) are familiar, unsupervised learning isn’t as well understood as its supervised learning counterpart, which serves as the default strategy for ML for most people and most use cases. This surge in unsupervised learning activity is likely driven by a lack of familiarity with the term itself, as well as with its uses, benefits, and requirements by more sophisticated users who are faced with use cases not easily addressed with supervised methods. It is also likely that that the visible success of unsupervised learning in neural networks and deep learning has helped our interest, as has the diversity of open source tools, libraries and tutorials, that support unsupervised learning.

A Deep Learning Resurrection

While deep learning cooled slightly in 2019, it still accounted for 22% of all AI and ML usage. We also suspect that its success has helped spur the resurrection of a number of other disused or neglected ideas. The biggest example of this is reinforcement learning. This topic experienced exponential growth, growing over 1,500% since 2017.

Even with engagement rates dropping by 10% in 2019, deep learning itself is one of the most popular ML methods among companies that are evaluating AI, with many companies choosing the technique to support production use cases. It might be that engagement with deep learning topics has plateaued because most people are already actively engaging with the technology, meaning growth could slow down.

Natural language processing is another topic that has showed consistent growth. While its growth rate isn’t huge – it grew by 15% in 2018 and 9% in 2019 – natural language processing accounts for about 12% of all AI and ML usage on our platform. This is around 6x the share of unsupervised learning and 5x the share of reinforcement learning usage, despite the significant growth these two topics have experienced over the last two years.

Not all AI/ML methods are treated equally, however. For example, interest in chatbots seems to be waning, with engagement decreasing by 17% in 2018 and by 34% in 2019. This is likely because chatbots were one of the first application of AI and is probably a reflection of the relative maturity of its application.

The growing engagement in unsupervised learning and reinforcement learning demonstrates that organisations are experimenting with advanced analytics tools and methods. These tools and techniques open up new use cases for businesses to experiment and benefit from, including decision support, interactive games, and real-time retail recommendation engines. We can only imagine that organisations will continue to use AI and ML to solve problems, increase productivity, accelerate processes, and deliver new products and services.

As organisations adopt analytic technologies, they’re discovering more about themselves and their worlds. Adoption of ML, in particular, prompts people at all levels of an organisation to start asking questions that challenge what an organisation thinks it knows about itself. With ML and AI, we’re training machines to surface new objects of knowledge that help us as we learn to ask new, different, and sometimes difficult questions about ourselves. By all indications, we seem to be having some success with this. Who knows what the future holds, but as technologies become smarter, there is no doubt that we will we become more dependent.

Continue Reading

Call For Entries

Global Banking and Finance Review Awards Nominations 2020
2020 Global Banking & Finance Awards now open. Click Here

Latest Articles

Time for the adaptive profession – APM reveals findings of its Projecting the Future report   7 Time for the adaptive profession – APM reveals findings of its Projecting the Future report   8
Business26 mins ago

Time for the adaptive profession – APM reveals findings of its Projecting the Future report  

The project profession is at the forefront of change, but needs to continually develop skills to stay relevant 15 September,...

Setting up secure remote working for financial services 9 Setting up secure remote working for financial services 10
Technology1 hour ago

Setting up secure remote working for financial services

By Pete Watson, CEO, Atlas Cloud Financial advisors, insurers, banks and brokers; the entire financial services sector has been forced...

Ensuring ATMs aren’t the weakest link to banking cybersecurity 11 Ensuring ATMs aren’t the weakest link to banking cybersecurity 12
Banking2 hours ago

Ensuring ATMs aren’t the weakest link to banking cybersecurity

By Elida Policastro, Regional VP – Cybersecurity division at Auriga Digital banking brings huge benefits to customers, but the risks...

A sleeping digital giant wakes? 4 key trends accelerating payments transformation in the US 13 A sleeping digital giant wakes? 4 key trends accelerating payments transformation in the US 14
Top Stories3 hours ago

A sleeping digital giant wakes? 4 key trends accelerating payments transformation in the US

By Lauren Jones, International Payments Ambassador, Icon Solutions The US payments industry is undoubtedly ripe for change. Before the unprecedented...

Return to Work Doesn’t Mean Business as Usual When it Comes to Travel and Expense 15 Return to Work Doesn’t Mean Business as Usual When it Comes to Travel and Expense 16
Top Stories4 days ago

Return to Work Doesn’t Mean Business as Usual When it Comes to Travel and Expense

By Rob Harrison, MD UK & Ireland, SAP Concur The last few months have been an exercise in adaptability for...

Why technology is key to the future of auditing 17 Why technology is key to the future of auditing 18
Technology4 days ago

Why technology is key to the future of auditing

By Piers Wilson, Head of Product Management at Huntsman Security The Financial Reporting Council (FRC), which is responsible for corporate governance,...

Staff training crucial for SME recovery post-COVID 19 Staff training crucial for SME recovery post-COVID 20
Business4 days ago

Staff training crucial for SME recovery post-COVID

47% of UK’s top performing SMEs provide regular, formalised training for all staff Despite this, 15% of small businesses report to...

What Is Globalization 21 What Is Globalization 22
Business5 days ago

What Is Globalization

What is globalization? Globalization, or inter-connectedness, is the ever-growing process of integration and interaction among countries, individuals, businesses, and even...

What Is Microsoft Teams 23 What Is Microsoft Teams 24
Business5 days ago

What Is Microsoft Teams

Microsoft Teams is an application and web-based collaboration tool that combines chat, videos, online collaboration, document storage, and collaboration with...

What Is Capitalism 25 What Is Capitalism 26
Business5 days ago

What Is Capitalism

What is capitalism? Is it a great economic system or just another economic system that is not so great? Well,...

Newsletters with Secrets & Analysis. Subscribe Now