Modo Thoughts

Managing Security Risks for Financial Institutions

Written by Modo | Nov 15, 2019 10:55:58 PM

 

In the past few decades, financial institutions have increasingly evolved, growing in technology and data-driven processes, and bringing consumer experience to the forefront. That being said, these financial institutions have also been increasingly shaken up by a number of data hacks, breaches, and security risks that have left consumers at risk for identity theft, stolen data, and more.

That leaves the industry with some important questions to answer. If the criminals and their technology continue to get smarter along with us, how then can we best protect our data, assets, organizations, and consumers?

Recently, a panel of financial professionals—Krista Tedder (Javelin), Kim Sutherland and Chris Schnieper, (LexisNexis), and Matt McBride (Modo)—joined a conversation to discuss security questions facing the financial industry such as:

  •       How to leverage technology like AI, blockchain, and machine learning to protect and detect threats.
  •       How to secure customers’ trust in technology that can help to protect them, their assets, and their data.
  •       How the importance of standards in fraud, identity, and cybersecurity matter.
  •       How to effectively prevent and deal with fraud and cyber-attacks across borders.

We’ve laid out a few of the main takeaways from the panel here.

Security Breaches and Fraud: What’s the Catalyst & Why Are These Breaches Continuous

According to the panel experts, the problem of cybercrime and fraud lie within the infrastructure of the financial institutions. Though these financial institutions have been consistently evolving in the last few decades, the fact of the matter remains—these systems weren’t built to lend themselves to an age where we’re soon to surpass over $4 trillion in eCommerce payments.

The systems of the financial institutions were built in an era where security was a bolt-on feature to an existing mainframe, not an integral part of a system itself. For the time they were established, that system worked fine. But now, in an age of eCommerce and weaponized cybercrime techniques, these antiquated systems can’t always hold up without an additional focus on built-in security.

Further, in an era where data is more valuable than cash, we deal with fraudsters and hackers, as opposed to bank robbers—these criminals are able to leverage data in so many different ways without any real consequences for multi-attempts to hack large, financial systems.

 

Walking a Fine Line: Balancing Friction With Authentication

Of course, in a world where fraud and cybercrime are so prevalent, the need for authentication and protection from financial institutions is greater than ever. But how do we find the balance between security and user experience? With too many roadblocks for financial institution interfaces, apps, and more, the customer experience can seem less seamless, troublesome and cause friction.

According to panel experts, walking that line is tricky, but can be done by balancing the risk of transactions. Though it differs with every institution, the general concept of balance is based on the amount of risk associated with each objective. If a customer is looking for a low-risk transaction—say, to check their bank account—the amount of friction and authentication can be minimal. When a client is, for example, trying to access a 401k account and withdraw significant funds, that’s a much riskier transaction, and one that requires far more authentication. In this case, a higher degree of friction makes sense.

All of this balance comes with a tiered, multi-level approach where categorizing risk helps to both reassure the customer they’re protected and in good hands, without making their experience seem troublesome or irritating.

Standardization in the Industry: Can It Help?

And further, if financial institutions were required to follow common standards, would cybercrime see the effects?

These experts agreed that financial institutions aren’t ready to see standardization as a requirement just yet—in fact, before standardization can happen, a strict definition of what standardization means needs to happen first.

As discussed in the panel, standardization would help with organizational flexibility, allowing them to better align with best practices. Further, standardization would help create a common vernacular, and a definition of standardization itself. Standardization could be useful to give an organization a framework for picking a control set or tailor a control set that’s relevant for their business.

But, at the end of the day, we’re currently in a state of unbalance—with different organizations defining everything in their own unique ways, and standardization is out of reach.

Finally, even if financial institutions did abide by an order of standardization, there’s no guarantee that would help the battle against fraudsters and cybercrime.

As long as you have hackers and fraudsters, the panel lamented, there’s no standardization that can be put into place to stop them. While it wouldn’t make it easier or more difficult for criminals to hack financial institutions with standardizations, cybercriminals are relentless and work quickly—they’d likely be able to crack a financial institution following standardization requirements, too.    


Watch the full webinar on Managing Security Risks for Financial Institutions here

If you’re searching for a solution to build, manage, and maintain your payments operations safely and securely look no further than Modo! We’d love to hear from you.