When famed bank robber Willie Horton was asked why he robbed banks, he famously replied, “That’s where the money is.” And today’s cybercriminals might just offer the same response.
Financial Services in the Crosshairs
Financial services is one of the most highly targeted industry sectors, competing for that ignominious distinction with healthcare. In fact, our 2016 Data Threat Report, Financial Services Edition found that 90 percent of financial institutions feel vulnerable to data threats. We also found that 44 percent of financial institutions have already experienced a data breach.
As the primary repositories and conduits of the world’s financial data, it’s no wonder that these enterprises are a primary target for cybercriminals and malicious insiders and, like the broader global economy, have suffered numerous and well-publicized data breaches.
Just this past January, an international criminal gang hit some of the UK’s largest banks, bringing down digital services at Lloyds Banking Group intermittently for more than two days. Although no customers suffered a financial loss, the denial of service attack underscored the need for banks and regulators to shore up their systems, which in many cases rely on decades-old technology.
Just recently, the Bank of Canada warned that the financial services sector was vulnerable to “a cascading series of cyberattacks that could undermine confidence in the entire financial system.” And if that statement alone doesn’t keep you up at night, the statement also warned that the attack could have a ripple effect into other sectors including critical infrastructure such as energy and water systems.
Take Heed: Confidence is the Key to the Kingdom
The Bank of Canada’s statement on confidence in the financial system hits on a point that’s often overlooked. It’s too easy to become desensitized to the seemingly endless onslaught of attacks and the sobering statistics around the cost of data breaches.
However, confidence is a critically important aspect as the financial services sector undergoes seismic changes. Organizations are making the leap from the familiarity of big legacy systems, which many banks still rely on, to mobile technology that reflects changing consumer preferences and marketplace pressures. Competition from technology companies such as NFC-powered Apple Pay, Android Pay and Samsung Pay is forcing financial services to innovate, adapt or miss out on enormous market opportunity.
While new mobility for the customer makes innovation a force function, these changes also create new data protection challenge. As with traditional payment transactions, digital payments must also be protected, the risk managed and the end user reassured – whether the transaction takes place via NFC in a store, on a tablet computer, or using a mobile phone over a wireless network.
The industry has a fair amount ground to cover when it comes to making consumers feel that the access to their sensitive financial data is safe on their mobile devices. When we recently surveyed 2,000 consumers in the UK and the U.S., we found that over two thirds worry about making purchases using contactless technology or their mobile phone. Unsurprisingly, their biggest fear when using digital payments is having their financial data stolen by cyberattackers. To increase consumer confidence, promote even broader adoption, and instill trust wherever information is created, shared or stored, organizations must address multiple data security concerns.
Security Evolves to Match Innovation
As a relatively new platform, businesses developing applications are still learning about the digital payment environment and how best to address threats. Simultaneously, device capabilities are continuing to evolve. This includes the use of biometrics, geolocation, and even device interaction styles – how you swipe, hold device, etc. These features, if implemented appropriately, stand to increase the security of individual transactions with improved identity verification.
In addition to the identity component, there remains a strong dependence on backend infrastructure to be a security anchor for digital payments. This includes processes such as birthing credentials, transaction security, data protection for both data in transit and at rest.
Here at Thales, we combine our proven products with deep expertise in credential management, payments-related regulations and the full range of data protection challenges faced by today’s forward thinking organizations.
Of course, some of the most exciting technology innovation impacting our financial system is around blockchain. Blockchain has the potential to disrupt and democratize today’s payment systems and expand the global market opportunity for payments. Some analysts closely following the technology see its potential to empower under banked and low income populations in third world countries. In the end the greatest application and opportunity of blockchain may not be focused in the financial capitals of London, New York and Singapore, but in realizing the vision of low cost, easy transactions from billions of mobile phones in the developing world.
Innovation in mobile technology is truly one of the biggest game changers globally and across industry sectors. That’s why it’s especially critical that financial services tackles data protection challenges successfully so that confidence is not undermined. To learn more about how Thales is helping financial services organizations confidently address security in the new mobile world and enabling trust between the device and network, check out our solutions for mobile payments here.
In the coming months, Thales will be issuing the 2017 Thales Data Threat Report, Financial Services Edition. Subscribe to our newsletter to receive the latest data security research, blogs and resources every month.