Online Banking is a global trend that banks and institutions are currently following to improve the current connections across digital services. In addition to it, Open Banking is the representation of a next-generation business model in an open data economy.
With Open APIs, banks can be easily linked to financial technology companies using affiliated services from a single dashboard using specific applications on a smartphone.
The leading jurisdictions in Open Banking include the United Kingdom (UK), Australia and the European Union (EU).
About it, LearnBonds explained: “The United Kingdom leading the way in Open Banking explains why so many UK-based challenger banks and tech startups like Revolut, Monzo, Starling and Curve are thriving in the banking sector.”
Countries such as the United States or New Zealand are considered ‘Beginners.’ These are countries and jurisdictions with small or no progress on regulation or standards.
Meanwhile, Switzerland, India or China are considered ‘Risers’ because the whole market is unregulated but they are registering Open APIs and evolving standards.
To understand which countries are currently at the forefront of Open Banking, the report takes into account four different factors that include the spread of Open APIs, regulatory requirements, standardization initiatives and the presence of a central TPP regulatory body.
Below Peter van der Putten, assistant professor at Leiden University and global director AI at Pegasystems, explains why these claims were especially painful for Apple as it brands Apple Card as a product that represents “All the things that Apple stands for”. Like simplicity, transparency and privacy”.
It all started with a recent tweet by David Heinemeier Hansson, claiming his Apple Card credit limit is 20 times higher than his wife’s. Things got even worse for Apple when Steve Wozniak, co-founder of Apple, also tweeted he can borrow 10 times more than his partner. Both state that all other circumstances are the same, for example the couples share bank and credit card accounts and are filing joint tax returns. Goldman Sachs subsequently issued a statement that neither gender or marital status is known to the bank in the application process and that customers that have lower limits than expected should get in touch with the bank. This triggered presidential candidate Elizabeth Warren to criticise the bank for putting the burden too much on the consumer.
Machine bias is a serious matter, but how would we know whether Apple Card credit policies are truly gender biased? How can bias creep into these models? And with more and more banks and financial organisations harnessing the power of AI for a variety of tasks, how can these businesses ensure that bias in artificial intelligence is kept to a minimum in the future?
First and foremost, it needs to be realised that from a pure capitalist perspective the bank would get no commercial benefits out of ‘being sexist’. By not giving credit to customers who can actually afford it the bank is missing out on potential profit.
Also, AI is not some magic potion, with secret evil intentions. AI algorithms are not perfect nor objective, a better description would be to call them blind. AI is as biased as the data used to create it. To make things worse, even if its designers have the best intentions, errors may creep in through the selection of biased data for machine learning models as well as through prejudice and assumptions in built-in logic. Therefore, financial organisations need to make sure that the data and rules being used to create their algorithms is absent of bias as much as possible. Also, one should realise that human decisions can also be subjective and flawed, so we should approach these with scrutiny as well.
[ymal]
Given the recent statements from the bank and also considering the rigorous regulatory environment it operates in, it is highly unlikely that the Apple Card policies are explicitly built to take gender into account, as credit policies are typically subject to strict external regulations and internal model approval. That said, it is not simply enough to remove gender from a bank’s prediction models and rules, as other more innocent looking pieces of data such as disposable income might be correlated with ‘protected’ variables like gender and age. The goal is not to remove all correlation, but customers with the same characteristics and different genders should be offered a similar credit limit. Also, it will not be possible to eradicate bias for every single customer, the bias will need to be assessed on the full base of customers to see whether it is within bounds.
In the Apple scenario, the claimants’ statement that ‘all other data was equal’ between partners may very well not hold when looking at the data and decision in detail. There may be material differences that have been overlooked by the Hansson and Wozniak, such as credit history. Also, by definition the bank may only have a partial picture of the customer characteristics and context. For example, Apple’s values of simplicity and privacy means that the information at application time is limited. In other words, this is fundamentally a data problem.
The point is, how would you know as a customer what’s driving an automated decision like this. That’s why regulators are introducing the ‘right to an explanation’, and we can expect customers to exercise this right more and more.
With these negative reports in the media about how AI might be being used incorrectly, that presents a challenge for businesses in how they can prove to their customers that they are using it right.
With these negative reports in the media about how AI might be being used incorrectly, that presents a challenge for businesses in how they can prove to their customers that they are using it right. Interestingly, a recent Pega survey into consumer attitudes to artificial intelligence found that 28% aren’t comfortable with its use by businesses. Stories, such as this one about the Apple card, will only help to perpetuate this opinion.
To combat these beliefs, financial organisations must be absolutely transparent with their use of algorithms and AI. The key is for banks to balance transparency with accuracy. The more ‘material’ the AI’s outcome, for example these credit limit decisions, the greater need for transparency and control.
Having a human approach to AI makes sure that the technology is used responsibly and with the customers’ best interests fully in mind. This will allow decisions to be made by the technology within the context of customer engagement that would be seen as empathetic if made by a person. If an organisation can successfully cultivate a culture of empathy within a business, AI can also be used as a powerful tool to help differentiate companies from their competition.
Wall Street Journal reports that according to a source familiar with the company’s plans Google plans on adding checking accounts to its consumer offerings, essentially allowing people to bank with Google, as opposed to their traditional high street bank.
Very little information has been confirmed so far but we do know that Citigroup and the Stanford Federal Credit Union are set to run the accounts under the Google banner, but branded as the financial institutions’ names, rather than the proprietor, Google.
According to several reports, Caesar Sengupta, an executive at Google told WSJ Google does not intend to sell any customer data on the back of its advance into the consumer banking landscape. “If we can help more people do more stuff in a digital way online, it’s good for the internet and good for us,” Sengupta said.
Google is of course not the first Silicon valley giant to dip its toes in the banking game, as we saw Apple reveal plans for the Apple card this year. It has however already faced several issues in getting this project off the ground, from its relationship with Goldman Sachs, who runs the card, to scandals of sexism in its algorithms as of late. Facebook also delved into the financial landscape with its payments operation and the introduction of Libra, which has already lost the majority of its support over regulatory concerns and uncertainty in the crypto sphere.
If Google plans on stepping into the banking landscape and challenging the current status quo, which in turn is already disrupted by challenger banks and fintech start-ups, it will have to move quickly and without any hiccups. Perhaps we could see a Google bank or Bank of Google in the near future. Keep your eyes peeled.
Using Single Sign On (SSO) technology, Xero users will have direct access to NatWest’s Rapid Cash service, which provides businesses with a flexible line of credit to cover unpaid invoices for up to £500,000, offering greater flexibility and a fast solution to temporary cash flow difficulties. Rapid Cash will be the first working capital product to have this level of integration with Xero in the UK.
The move is part of the bank’s intention to introduce broader connectivity between its suite of digital banking services, and other major providers in the business banking sector.
New Zealand based tech company Xero provide cloud-based accountancy software targeted at small and medium sized businesses. Born-in-the-cloud, Xero is an easy-to-use platform for small businesses and their advisors around the world. In the UK, Xero provides 536,000 businesses with connections to a thriving ecosystem of 800+ third-party apps and 200+ connections to banks and financial service providers.
NatWest launches the new feature today having also introduced a similar level of functionality with its accountancy software business FreeAgent several months ago, which over 100,000 UK sole trader and small SME customers now use. The bank acquired the Edinburgh based fintech in 2018, which continues to operate as an operationally independent entity.
Andy Ellis, Head of NatWest Ventures, said: “We’re pleased to be able to begin offering our innovative new services, such as Rapid Cash, to users of Xero from today. Businesses increasingly tell us that they want simple, easy access to our products and services. By offering our solutions directly through the platforms that customers use to manage their business day to day, we’re making it easier for them to get the support they need - whether that’s funding, products or our expert advice.’
Edward Berks, Director of Platform Business, UK & EMEA, Xero, said: "Small businesses have historically fallen behind larger firms in accessing the best financial services. This means they often struggle to access capital which can threaten their very existence. So it's great to see the playing field level out through innovations such as NatWest Rapid Cash."
NatWest is a sponsor at this year’s Xerocon event, taking place at the London ExCel between 12-14 November, where the bank will be exhibiting its key digital ventures with attendees.
Complaints have made the headlines insinuating Apple Card’s credit limits may have been different for men and women, making their overall offering inherently sexist.
New York's Department of Financial Services (DFS) has been in touch with Goldman Sachs, which operates Apple’s credit cards, stating that any discrimination, intentional or not, "violates New York law."
Even Apple's co-founder Steve Wozniak said in a tweet that the algorithms used to arrange customer credit limits may be inherently biased against women, and last week Bloomberg reported that tech entrepreneur David Heinemeier Hansson issued complaints that the Apple Card allowed him 20 times the credit limit that it allowed his wife, despite her having a better credit score.
Mr Hansson recently tweeted: "Apple Card is a sexist program. It does not matter what the intent of individual Apple reps are, it matters what THE ALGORITHM they've placed their complete faith in does. And what it does is discriminate."
The DFS issued a statement to assure it would be "conducting an investigation to determine whether New York law was violated and ensure all consumers are treated equally regardless of sex."
"Any algorithm that intentionally or not results in discriminatory treatment of women or any other protected class violates New York law."
Goldman Sachs also told Bloomberg: "Our credit decisions are based on a customer's creditworthiness and not on factors like gender, race, age, sexual orientation or any other basis prohibited by law."
It is forecasted that mobile banking is set to be more popular than visiting a high street bank branch within two years. And as the banking industry continues its digital journey, Mark Grainger, VP Europe at Engage Hub, says consumers are coming to expect more control over their data, greater convenience, and “anytime, anywhere” accessibility.
Mobile-first consumers
So far, most banks worldwide have handled the mobile era in exactly the same way, simply shrinking down traditional bank accounts and putting them on a smartphone screen without offering real innovation or engagement.
But simply pouring millions into innovation hubs and piecemeal digitisation strategies isn’t going to deliver the kind of results that will win over those tempted by the challenger banks. Traditional banks need to shift gears and use the valuable information they already have to provide customers with seamless interactions across different channels.
At the same time, banks need to understand that the digital banking revolution is more than a mobile app. It’s about creating an entire experience. The implications of failing to facilitate a seamless cross-channel customer experience – one that lives up to growing customer expectations – is huge. Today, consumers have more choice than ever before, thanks to the rise of fintech start-ups and digital-only banks, and if they do not get the level of service they’ve come to expect, they will not hesitate to take their business elsewhere.
Subscription service model
Using a service model patterned after Amazon Prime or Netflix may seem odd to many retail banks, but challenger banks are already experimenting. Would consumers pay a subscription to get the same service they do with Amazon and Netflix? The answer is yes.
Revolut is already showing itself as a front runner in subscription-based banking. The challenger provides a ‘freemium’ model, which gives users a free UK current account and a free euro IBAN account that offers no fees on exchanging in 24 currencies, up to £5,000 a month. Revolut also provides monthly subscription plans with higher thresholds for no fees, as well as instant access to crypto-currencies, cash back, travel insurance, free medical insurance abroad, airport lounge access and priority support.
Research shows that in the UK 57% of people would be willing to pay an extra monthly fee for additional services from their banks. Most consumers – 45% – would like additional media services such as Netflix and Amazon while 40% prefer earned cashback and 37% would pay for overdraft facilities.
Considering that at present, 72% of customers don’t pay any monthly fees to their banks it’s fair to say that there is a great potential for financial institutions to leverage these services and elevate their game when it comes to competing against challenger banks and unconventional financial services.
[ymal]
Trust and value
Furthermore, traditional banks have a crucial asset compared to challenger financial institutions, and that is trust. Traditional banks have a much longer and seemingly more robust security record.
The paradox is that many people trust their primary financial provider but distrust the financial services industry overall. Therefore, banks that want to persuade their customers to adopt new models and pay a potential monthly fee have to prove that they have customers’ interest at heart.
One way to achieve this is through transparency. The financial services industry still lags behind other sectors when it comes to transparent policies, costs and customer data. This needs to change and they need to show that they are keeping pace with the market trends and customer expectations.
Another crucial aspect banks need to keep in mind when it comes to monthly subscriptions is the added value they would bring to customers. If they agree to additional costs, consumers will also expect extra benefits and not just the same things they used to get for free. Without additional value added, it will seem that banks are trying to simply make some extra money thus confirming customers’ distrust in financial institutions.
If they agree to additional costs, consumers will also expect extra benefits and not just the same things they used to get for free.
Bank of America, for example, learnt this lesson the hard way when they wanted to charge their customers a $5 fee for using their debit cards for purchases. The backlash was swift and strong, and the bank had to cancel the plan within six weeks.
To avoid such situations, banks need to focus on their customers’ financial health and create personalised and holistic value propositions that will provide a competitive edge against challenger banks and convince millennials that they can provide safe and innovative solutions for life’s complex challenges.
By understanding these strategies and embracing the changes in consumer buying behaviours, financial institutions will be able to create new ways to generate recurring value for their customers and new sources of predictable income.
Key skills
However, in order to transform their approach to digital transformation and subscription models banks will also need the right skills and capabilities.
A new CBI/TCS report highlights the UK’s rapidly accelerating digital talent gap as new technologies transform the way we live and work. Currently, the UK is losing out on £63bn a year as companies struggle to find people with digital skills. Areas of banking that need to be a focus for investment include the use of AI in customer profiling, money laundering detection and improving customer services. All of these investments require emerging technology to be implemented, and employees with the skills to manage it. Banks will need to implement training programmes, smart hiring strategies, and strategic digital transformation programmes to attract tech talent and implement a customer experience to rival challenger banks.
And whilst providing subscription services to their customers might require considerable resources and a significant shift in strategy and policies, engaging the new generation of digital-first customers is paramount if traditional banks want to remain relevant and fend off challenger financial institutions. Harnessing this opportunity will provide a critical competitive edge, inspire loyalty and make customers feel valued.
Many industries have already adopted this system and have reaped significant benefits already. It’s high time for traditional banks to challenge the current status quo as well and reap the benefits of a subscription model.
Ebury provides corporate banking services to small businesses that trade worldwide. Operating in 119 countries, in 140 different currencies, it has processed over £16.7 billion in payments since its inception and helped over 43,000 clients trade internationally.
News has broken that Santander is buying its 50.1% stake in the fintech for £350 million, of which £70 million will help Ebury merge into new markets in Latina America and Asia.
This is a bold but expected move form Santander, as it manages accounts for more than four million SME customers around the globe, 200,000 of which operate on an international scale. The partnership between Santander and Ebury will also allow the fintech to make the most of the bank’s relationships, assets and brand to build new banking partnerships.
Ana Botín, group executive chairman of Banco Santander, said: “Small and medium-sized businesses are a major engine of growth around the world, creating new jobs and contributing up to 60% of total employment and up to 40% of national GDP in emerging economies. By partnering with Ebury, Santander will deliver faster and more efficient products and services for SMEs, previously only accessible to larger corporates.”
Goode Intelligence predicts more than 1.9 billion bank customers worldwide will use biometrics by the end of 2020 as a means of making payment authentication more secure and convenient. They also predict that by 2023, there will be 579m biometric cards in circulation. The UK could have a significant role to play in this adoption, with Natwest announcing earlier this month its trial of a biometric fingerprint credit card, making it the first UK bank to do so.
There are some obvious, immediate benefits to biometric authentication. Consumers can authenticate purchases above the current £30 contactless limit without having to enter their PIN, using only their fingerprint instead. For retailers, not only would this reduce queue times but also help facilitate more secure transactions, technologically and visually, as merchants will be able to witness the cardholder authenticating the transaction, which is currently not the case with a stolen card.
Cost factor
When chip and PIN were first introduced back in 2000, a similar cost comparison was made between using a magstripe card and a chip card. In the industry at the time, the discussion about the difference in price revolved around the business case to include a lot of additional data stored on the chip cards, such as medical information and driver’s licence information. In the end, it was determined that the cost of that particular chip was too expensive. What we have now is the cheapest chip they could mass produce; a win-win in the eyes of issuers.
When it comes to adding biometric functionality to a card, the significant cost to produce is obvious to even those not privy to the intricacies of card issuance.
When it comes to adding biometric functionality to a card, the significant cost to produce is obvious to even those not privy to the intricacies of card issuance.
Some commentators on this have suggested that some costs could be borne by the cardholder in the form of an annual fee or a set-up fee for a biometric card. However, this could have a negative impact on getting consumers to use biometric authentication.
As is the way with any new technology, there is inevitably going to be initial resistance to cost. But this must be balanced with considerations for, say, the reduction in fraud.
Questions on security
In the case of Natwest’s biometric card, consumers have to go into a Natwest branch and register their thumbprint on a reader, which may seem like an innocuous part of the process but actually raises issues around mass adoption. You cannot have a solution where you’re asking individuals to go to a branch to register a thumbprint; it’s not inclusive to those without access to a branch, especially when bank branches are closing at a rate of knots. The alternative would be a mobile solution, but this again raises issues of accessibility.
The whole idea of using biometrics to authenticate payment raises questions around security, beyond the obvious ways it helps facilitate secure transactions. The human thumbprint is not a physical image. It’s encrypted. When you hear of a data compromise in the news, most cardholders are told to reset their password. But when you’re doing biometrics and you’re using something which is unique to you - like a fingerprint -- if that data is compromised, what’s the backup? You’ve ultimately only got 10 options unless you start using your toes!
Like any new tech, biometrics generates a lot of buzz and excitement. Whilst it is a fascinating new development in our industry, let’s take a steady approach that ensures we cover all eventualities. Once we open the pandora’s box of mass adoption, it will be very difficult to close it.
Authored by Nick Fisher, European Projects Manager at JCB International (Europe).
The protocol is designed to make sure that during a transfer, the name of the recipient exactly matches the name on the account receiving the funds. Intended to give greater assurance when it comes to transactions, CoP helps users to avoid directing payments to the wrong account.
It was then announced in 2019 that the name checking service would be delayed until March 2020 at the earliest. But given the security implications, Chris Stephens, Head of Banking Solutions at Callsign, asks: why has the deadline been pushed back?
After a consultation with groups in the industry, The Payment Systems Regulator (PSR) deemed the expected implementation deadlines “unachievable”. However, with the personal details of consumers at risk, banks are searching for various ways to address fraud to keep their customers secure. This is especially important given that in 2018, a total of £1.20 billion was stolen from the banking industry by those committing fraud. Justifiably, there has been a great deal of worry that this delay will leave consumers at risk of fraud. But many people are questioning whether its introduction will really help to reduce fraud levels, and if there are any other measures banks can be put in place to keep their customers money safe and secure?
Buy Affordable Paintings online in Dubai, UAE, USA and UK. Paintings, Art Rentals, Art Exhibition and Art Prints with Art Smiley. Sell International Arts Online. Get Connected to International Art Gallery, Artists & Art seekers.
While it seems like a logical way of combating bank fraud, putting the CoP scheme into practice will probably only work to a certain degree. A fraudster’s natural reaction to any such regulation is to improve upon their current skillset and work out a means to bypass the new security infrastructure and regulations. In the context of CoP, all a fraudster would have to do is set up a new account in the victim’s name to give the victim further confidence that they are transferring money to a “secure account.”
[ymal]
Another problem that can potentially arise is the idea that customers will become complacent when it comes to security due to the belief that CoP provides them with another layer of protection. Even though CoP will absolutely protect customers against crimes such as authorised push payment fraud, the scheme could leave them vulnerable to more advanced types fraud which are of far higher value.
In addition, almost every bank would have to implement CoP for it to be successful. While the decision to implement the scheme is down to each individual bank, The Payment Systems Regulator has said that Lloyds, Barclays, HSBC, Royal Bank of Scotland, Santander, and Nationwide Building Society, which together account for about 90% of bank transfers, must all have their CoP schemes up and running by March next year. Banks that don’t sign up to the scheme would automatically become targets in the eyes of fraudsters as they won’t need the details of the bank account to match the name of their intended target. Therefore, there would have to be a more collaborative approach from banks for the implementation of CoP to work.
While the decision to implement the scheme is down to each individual bank, The Payment Systems Regulator has said that Lloyds, Barclays, HSBC, Royal Bank of Scotland, Santander, and Nationwide Building Society, which together account for about 90% of bank transfers, must all have their CoP schemes up and running by March next year.
Regardless of when CoP will be introduced, there are other tools to help banking customers tackle fraud, such as dynamic authentication journeys, which requests that a user states why they are conducting a transaction and offer fraud warnings, that are very effective at preventing APP fraud. However, the logic behind these policies can be complex and they require constant monitoring in order to be kept up to date. Once the implementation of these dynamic user flows has been done, it also highlights the question about how the outcomes can be accessed by the third parties that leverage a bank’s Open Banking APIs.
To have any chance of reducing banking fraud, it’s crucial that financial organisations today use all the relevant information they have to generate a full picture of their customers. It is imperative that they utilise the data at their fingertips in order to safeguard their customers while still providing the seamless, friction-free service they demand. A customer’s digital presence will only be protected from fraudsters once banks look at all the elements of security as interconnected, rather than separate components.
By feeding data into a strong and dynamic policy manager that can be nimble and adaptive, banks will be better compliant and secure while at the same time provide robust user journeys that provide the right amount of friction when necessary. By having a more holistic approach to security, rather than focusing on single point elements, they have a far better chance of beating the fraudsters and allowing their customers to live their digital lives uninterrupted.
Channel director and finance expert at moneyguru.com, Deborah Vickers has the lowdown on a raft of innovative and exciting companies making their mark on the retail banking sector in 2019. So, if you’re thinking of making the switch, here are just some of the banks and their benefits.
1. N26
It’s surprising to think that N26 only launched in the US and UK last year, considering how popular they have become. Their three current account products appeal to customers looking for an equivalent to a standard or packaged current account, with easy options to save by creating ‘Spaces’ within the app.
Alongside their banking app, they also provide a desktop version called N26 Web, so customers can gain access to their account from practically any device. In addition, they’re working on an overdraft facility that should be available soon in the UK.
2. Revolut
Launched back in 2015, Revolut is one of the largest challenger banks in the market. In March 2019 they reported they had hit 4.5 million customers, with 1.6 million being UK-based.
They are one of the only challengers to allow customers to exchange money into cryptocurrencies and you can earn cashback with any purchase made on their Metal card. Their version of a savings account comes in the form of Vaults, which can be set up straight from the app.
3. Starling Bank
Having recently celebrated their two-year anniversary, Starling is a challenger bank going from strength-to-strength in the UK. They have recently developed Marketplace, making it easier for customers to access financial products from partner companies.
Despite not offering a premium current account, Starling offer an overdraft facility and a personal loan option, being one of the only challenger banks to do so. They became known for offering a portrait-style, teal debit card, but customers have flocked to the bank for other features such as saving money via Goals and analysing their accounts through Spending Insights.
4. Monese
Monese prides itself on being the simple alternative to high-street banks, built for customers who would like an easy route into managing their money. They have one free current account and two premium accounts that charge a monthly fee.
This hassle-free approach to banking appeals particularly to those who have emigrated from another country to the UK, as Monese doesn’t require proof of address or a credit history, making it much easier to apply and be accepted.
5. Cashplus
Cashplus are a challenger who have entered both the personal banking and business banking sectors, allowing those with a bad credit score to still benefit from a secure bank account that suits them.
Both of their current account offerings have a monthly fee, but don’t require a credit check, making it much easier to apply and keeping your credit score intact. Through the Creditbuilder feature, you can also start to make improvements to your credit score over 12 months, with no risk to yourself.
6. Monzo
Cited as one of the most popular challengers in the UK (according to the BACS switching statistics), Monzo Bank is now used by more than 2 million people, since their launch in early 2015. They pride themselves on being transparent with customers and have an active community forum with 40k users.
They have recently launched a premium account option called Monzo Plus, which is in early development but has started with a monthly fee of £3. You can then add on extras such as travel insurance, with many more options in the pipeline.
7. Tandem
Tandem focus on being a companion to your existing current account, helping you work in tandem with your finances. All you need to do is download their free app and start saving.
Unlike other major challengers, Tandem concentrates on offering savings accounts and credit cards to customers, alongside their money management app. Use of the app creates a seamless transition between your existing current account and a savings pot, which rounds up to the nearest pound using Autosavings and puts the change into a pot for later use. They are looking at implementing a full current account very soon, along with support for Apple Pay and Google Pay too.
8. Atom Bank
Atom Bank have entered the challenger space by providing savings accounts, mortgages and business loans to customers, all available by applying online and managing through their app. Like Tandem, Atom Bank are a challenger that you can use alongside your existing current account to help with saving for the future.
Along with providing competitive rates for their fixed savers accounts, they are also the only challenger in our list to provide mortgages, meaning potential homeowners can find an alternative to high-street banks when looking for funding.
According to Simon Hill, Head of Legal & Compliance at Certes Networks, this is mostly due to the fact that financial institutions are not only heavily regulated by data privacy requirements, but they are also under mounting pressure to be open to consumers and businesses about how they are protecting their data from potential breaches.
Additionally, no bank or financial services organisation wants to face the consequences of a data breach. This is demonstrated by the fallout of numerous data breaches in the industry over the years - from Capital One in 2019, to Equifax in 2016 and Tesco Bank in 2017. In the case of the Capital One data breach, a hacker was able to gain access to 100 million Capital One credit card applications and accounts. This included 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers. Additionally, an undisclosed number of people's names, addresses, credit scores, credit limits, balances and other information dating back to 2015 was involved, according to the bank and the US Department of Justice.
What’s more, the damages of these data breaches are not only reputational, but also financial. As a result of Equifax’s data breach, the organisation reached an agreement to pay at least $575 million and up to $700 million to compensate those whose personal data was exposed. In 2016 Tesco Bank was fined £16.4 million by the Financial Conduct Authority (FCA) over its "largely avoidable" cyber-attack that saw criminals steal over £2 million from 34 accounts. This clearly shows that these consequences can arise no matter how ‘large’ or ‘small’ a data breach may seem; companies that do not encrypt their data adequately enough to safeguard it will be penalised.
On top of this, the increasing expectations of consumers means that banks and financial institutions are trying to achieve a balancing act: how can they protect data privacy, while at the same time remaining transparent about how data is being protected? However, it doesn’t have to be a trade-off between meeting customer expectations and meeting cyber security compliance requirements. Banks and financial services organisations can utilise technology to the fullest extent while still protecting data and avoiding the unthinkable repercussions of a data breach.
The balancing act
To achieve this balance, banks and financial services organisations need to take greater measures to control their security posture and assume the entire network is vulnerable to the possibility of a cyber-attack. Robust encryption and controlled security policies should be a central part of an organisation’s cyber security strategy. When stringent policies are generated and deployed, it enables greater insight into applications communicating in and across the networks. New tools are now available to enforce these policies, not only impacting the application’s workload and behaviour, but the overall success of the system access.
Conclusion
Banks and financial services organisations should not have to worry about keeping data secure and protected when it is entirely possible to do so. Adopting new ways to look at how organisations define policies through micro-segmentation and separating workloads by regulations, is one example of how to keep data more secure. Also, ensuring policies define only those users who have a critical need to see the data limits network vulnerabilities. And lastly, a robust key management system that is automated whereby keys are rotated frequently, can also help to safeguard system access and strengthen the organisation’s security posture.
Below Marcin Nadolny, Head of Regional Fraud & Security Practice at SAS, explains more on the date push back and what this will mean for banks moving forward.
UK companies must be able to demonstrate that they are moving towards compliance from September 2019, but no enforcement action will be taken for 18 months. For the rest of the EU in general, the timeline is unchanged. However, national competent authorities have the flexibility to provide limited additional time to become PSD2 compliant (see the recent EBA opinion).
The big picture
But whichever country you’re in, it’s essential that companies recognise the urgency at play. In the new digital world, payment security is absolutely essential. The question now is not whether PSD2 compliance should remain at the top of the priority list. It’s how quickly companies can realistically achieve it. In a nutshell, PSD2 simultaneously massively increases the amount of financial data moving into banks’ systems while also making it mandatory that they run fraud controls on that data in real time.
As PSD2 ushers in the age of open APIs in finance, the traffic volume that payment processors will have to handle will be enormous. Consumers’ personally identifiable data will be at heightened risk, and we will observe increased malware attacks and data breaches via the newly created attack vectors. If businesses aren’t prepared for the change, it’ll be a fraudster’s paradise.
Is your organisation ready to cope with this new heavy traffic and identify fraudulent activities? It might be like finding a needle in a haystack. Fortunately, AI is coming to the rescue. Emerging technologies, such as predictive models, network analytics and anomaly detection, all have the power to increase your efficiency in finding and fighting fraud.
[ymal]
Real-time fraud detection
PSD2 is more than just a regulation. It’s the start of a major transformation for the payments industry. With the move to digital-first, open models, there’s an increased need to operate processes in real time – providing instant payments, for example – and that means that fraud prevention will need to move at the same speed.
Adequate anti-fraud protection is required by the regulation. Banks are expected to fill out certain tests as a fraud assessment, including reviewing behavioural profiles, checking known compromised devices and IDs, applying known fraud scenarios to transactions, and detecting malware signs. Analytics can help speed up detection, find suspicious behaviours and collate data points by ingesting new data sources. This builds a picture of "normal" behaviour against which banks can measure transactions.
At present, not all banks are applying all these anti-fraud measures. Some base their protection on simple rules and aren’t able to detect fraud in real time or stop transactions in progress. These abilities aren’t technically required by the regulator until PSD2 comes into effect. Real-time fraud prevention used to be a luxury – but now it’s a must-have. Banks must take the initiative to ensure they can detect fraud in process in incredibly short time frames.
Third parties enter the market
The other major change included in PSD2 is the arrival of third-party providers in the market. These nonfinancial companies, including GAFA (Google, Amazon, Facebook and Apple), e-tailers and fintechs, will be able to work as payment processors going between customers and banks. This means the banks have a much bigger traffic volume to handle and review for fraud. Legacy systems and processes simply can’t handle it.
In order to cope, banks need to have systems in place that are able to assess for fraud at huge volumes and in real time. Not only that, but transactions from third parties might come with limited contextual information. So, banks will have to enrich them with additional data on variables including digital identity, reputation and past behaviour.
AI applications will be essential to handle that ongoing enrichment at speed. Humans alone simply can’t process that level of information. So, it’s essential that banks invest in AI to augment the skills they have and lighten the load of compliance.
Managing the risk
The risk to banks posed by these growing data streams is not just in terms of payment fraud. There is also a heightened cybersecurity risk. New data flows and new payment systems present possible system back doors and new attack vectors that hackers will be quick to discover. By attacking third party infrastructure, malicious actors will be able to gain access to consumers’ personal data.
Addressing this problem is not the sole responsibility of the banks. But it highlights the level of risk associated with the increase in data volume and connectedness. Reputational damage and heavy fines are a very real possibility for institutions that don’t get their act together in time.
Compliance will require many changes to anti-fraud and customer identification processes. The technology required to handle this additional burden is out there. Banks must invest wisely and ensure they are fully equipped, whether next month or by 2021.
