According to  Simon Hill, Head of Legal & Compliance at Certes Networks, this is mostly due to the fact that financial institutions are not only heavily regulated by data privacy requirements, but they are also under mounting pressure to be open to consumers and businesses about how they are protecting their data from potential breaches. 

Additionally, no bank or financial services organisation wants to face the consequences of a data breach. This is demonstrated by the fallout of numerous data breaches in the industry over the years - from Capital One in 2019, to Equifax in 2016 and Tesco Bank in 2017. In the case of the Capital One data breach, a hacker was able to gain access to 100 million Capital One credit card applications and accounts. This included 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers. Additionally, an undisclosed number of people's names, addresses, credit scores, credit limits, balances and other information dating back to 2015 was involved, according to the bank and the US Department of Justice.

What’s more, the damages of these data breaches are not only reputational, but also financial. As a result of Equifax’s data breach, the organisation reached an agreement to pay at least $575 million and up to $700 million to compensate those whose personal data was exposed. In 2016 Tesco Bank was fined £16.4 million by the Financial Conduct Authority (FCA) over its "largely avoidable" cyber-attack that saw criminals steal over £2 million from 34 accounts. This clearly shows that these consequences can arise no matter how ‘large’ or ‘small’ a data breach may seem; companies that do not encrypt their data adequately enough to safeguard it will be penalised.

On top of this, the increasing expectations of consumers means that banks and financial institutions are trying to achieve a balancing act: how can they protect data privacy, while at the same time remaining transparent about how data is being protected? However, it doesn’t have to be a trade-off between meeting customer expectations and meeting cyber security compliance requirements. Banks and financial services organisations can utilise technology to the fullest extent while still protecting data and avoiding the unthinkable repercussions of a data breach.

The balancing act 

To achieve this balance, banks and financial services organisations need to take greater measures to control their security posture and assume the entire network is vulnerable to the possibility of a cyber-attack. Robust encryption and controlled security policies should be a central part of an organisation’s cyber security strategy. When stringent policies are generated and deployed, it enables greater insight into applications communicating in and across the networks. New tools are now available to enforce these policies, not only impacting the application’s workload and behaviour, but the overall success of the system access.

Conclusion 

Banks and financial services organisations should not have to worry about keeping data secure and protected when it is entirely possible to do so. Adopting new ways to look at how organisations define policies through micro-segmentation and separating workloads by regulations, is one example of how to keep data more secure. Also, ensuring policies define only those users who have a critical need to see the data limits network vulnerabilities. And lastly, a robust key management system that is automated whereby keys are rotated frequently, can also help to safeguard system access and strengthen the organisation’s security posture.

As curiosity rises around this topic Equifax has devised this educational infographic which helps answer the fundamental questions; including what a money mule is, how money muling works and how to spot ads for money mules. Equifax explores what could happen if you’re involved with such suspicious activity highlighting the severity of falling victim to becoming a money mule. 

Educating the public is as crucial as ever, particularly as the latest Fraudscape report by Cifas found that in 2018, organisations reported over 40,00 cases of fraudulent abuse of bank accounts that bore the hallmark of money mule activity. This widespread issue only seems to be escalating as cases involving mule activity were up by 26% in 2018 compared to 2017.

The interactive infographic will lie within the Equifax ‘Knowledge Centre’ on their main website. This informational hub provides readers and customers with relevant content and guidance surrounding a variety of financial categories. You can read Equifax’s full interactive guide to Money Mules here.

The festive season is the time of year when consumers may have spent a little more than they intended, prompting many to head into the first few months of the new year with plans to bring finances into line.  Understanding their credit score can help consumers get to grips with their finances, however the latest research from Equifax reveals that over half of Brits have never checked their credit score with a credit reference agency.

Londoners are most content with their credit scores, with a third (33%) saying they were happy the last time they checked, closely followed by the South East (31%) and the South West (28%.)  Those living in the East of England are the unhappiest, with 11% saying they were not impressed the last time their checked their score. 1 in 10 of those living in the North West came in a close second when it comes to being unhappy with their credit score.

However, Equifax analysis of average credit scores across the UK seems to suggest a disconnect between consumers’ level of happiness or unhappiness with their credit score and their actual score.

Average Equifax Credit Scores by Region

This new infographic from Equifax can show individual’s how their area’s Equifax Credit Score compares with the rest of the UK.

“It is clear from our latest research that a significant number of individuals have never checked their credit score, which means that are not putting themselves in the best position when it comes to applying for credit” said Lisa Hardstaff, credit information expert at Equifax. “Not only should people get to grips with their credit scores, but they should also check their credit reports to understand what information is influencing their score. 

“The new year is always a time for new plans and potentially new financial applications. If individuals are planning on making an application for credit, they should check their credit report and score in advance. The credit report will give a record of their borrowing history, which could help them decide whether they need to improve or keep up their borrowing habits. And knowing their score and what range it falls in can help to give an indication of how lenders may view their creditworthiness.”

(Source: Equifax)

Two years on from the CMA market review which initiated Open Banking, Jake Ranson, banking and financial institution expert and CMO at Equifax, anticipates profound long term impact.

Open Banking was established to encourage competition. It’s well known that current account switching remains low, but this doesn’t reflect the full story. The initiative has been a wake-up call for traditional banks to improve their understanding of their customers and tailor services to their needs. Consumers won’t necessarily have to switch to experience improvements in their banking services.

Since inception two years ago, Open Banking has prompted exciting and much needed product developments to facilitate faster and more effective banking services for consumers. Many providers have applied for Open Banking regulatory permissions, showing the huge appetite to offer new and improved services.

The services that will really take off are the ones that give consumers transparency, control and save them valuable time. Consumers need a compelling reason to share their data, whether it’s faster lending decisions or the ability to access financial products better suited to their needs, and providers must articulate the value clearly in order to succeed.

The potential next steps are vast. We could see services that go beyond banking data, encompassing for example social media information so that consumers can manage their data in one place to gain easier access to tailored services. More and more companies are likely to get involved, potentially including players as varied as online estate agents and debt management companies.

Momentum is building but there’s still a need to educate consumers on how Open Banking can improve their financial lives. Equally important is reassurance that they maintain control of their data, it will only be used with their permission and they can revoke access at any time.

Online research from Equifax, the consumer and business insights expert, reveals a lack of awareness of banking options among Brits. When presented with a list of digital banks 60% hadn’t heard of any of the brands and only 20% would opt for a challenger bank if opening a new account today.

The survey, conducted with Gorkana, showed 44% of Brits would choose a traditional bank, and when choosing which brand to bank with, they prioritise good customer service (41%), ease of managing money via a good app or online service (34%), and availability of a physical branch (32%). Media influence was least important; only 3% of people factor news stories about a bank into their decision.

Good customer service also topped the list of priorities for people who would choose a challenger bank (31%), followed by incentives such as a joining fee (28%) and a good app or online service (27%). Friends or family using the bank was the least important factor – just 5% of respondents would take this into consideration.

People who would opt for a challenger bank appear to be more value conscious; one fifth (20%) said better rates when using their card or withdrawing cash abroad would appeal to them, compared to 12% of people who would use a traditional bank. Over a quarter (27%) rate more competitive rates, for example on overdraft fees or loans services a contributory factor when choosing a challenger bank, versus 19% for traditional banks.

Jake Ranson, Banking and Financial Institution expert and CMO at Equifax Ltd, says: “Challenger and digital banks have been making their mark in the banking sector bringing attractive, consumer friendly services to market, yet many consumers are still unaware of these brands. The government has taken action to increase competition in the sector but there’s still a lot of work to do to encourage consumers to fully explore the options available to them and make informed decisions on selecting or retaining accounts.

“Open Banking is underway and is a huge advance for consumers. Services are coming to market that will help people get better value from banks, for example identifying sign-up incentives or better rates tailored to their needs. The next step is for the industry to work together to increase consumer awareness of the value Open Banking unlocks.”

(Source: Equifax)

According to the latest YouGov debt research commissioned by Equifax, 15% of UK adults have missed a payment on a credit card or short term loan at some point. Almost a third (32%) of UK adults with a credit card admit that, in a typical month, they don’t pay off their credit cards debts in full, with over half (52%) of these saying it’s because they can’t afford the full monthly balance. With the net lending to individuals in the UK increasing by £9.68 million a day in March 2018 and an average debt to income ratio per adult in the UK at 114.4% as of May 2018 , Equifax asks the question: is all debt bad?

Household debt has been on the increase over the past few years, fuelled by squeezed wages and rising inflation. Last year alone the total credit card debt of households across the UK stood at £70 billon by November – equating to an average debt of £2574.00 per household. Whilst using credit can be useful for various reasons, there is a tipping point where the borrowing can turn into unmanageable debt. If someone can no longer afford to repay their debt they may have to opt for an Individual Voluntary Arrangement (IVA) or even declare themselves bankrupt.

Lisa Hardstaff, consumer credit expert at Equifax, comments: “According to our YouGov research, 40% use credit cards for day-to-day spending, which isn’t strictly a ‘good’ or ‘bad’ thing. But 13% of respondents have gone into their overdraft limit without approval from the lender, which could mean incurring extra charges and fees. Our infographic aims to help consumers see the different kinds of debt and recognise the risks, whilst outlining steps they can take to regain control of their finances.

“Not all debt is bad. If it’s managed properly and paid off, loans and credit cards can help people make plans and deal with unexpected events and emergencies. However, it’s vital that people understand the basics of budgeting, otherwise borrowing can spiral out of control. The first step to budgeting is understanding what’s coming in in terms of wages, benefits and other income. Individuals also need to take stock of their outgoings, including bills, pensions, loans and daily purchases, such as coffee or clothes. By subtracting their total spending from their total income, individuals will be able to see if there’s a shortfall and make positive changes.”

(Source: Equifax)

HSBC UK has created the first live use case of open banking for credit applications using the InterConnect platform from Equifax, the consumer and business insights expert. The solution will facilitate quick affordability assessments by allowing individuals to submit their bank transaction information electronically, in less than five minutes, during an application for credit.

Each submission is presented directly to HSBC UK Underwriting in real-time, providing the bank with a fast and informed view of a customer’s affordability and facilitating faster lending decisions.

The Equifax InterConnect platform is a flexible cloud-based decision management platform, which consolidates insight on credit applicants and streamlines the risk decision process. The Equifax platform collates consumer current account transaction information from its third party fintech partners, classified according to FCA guideline categories; committed spend, basic quality of living, essential spend, and discretionary spend.

Jake Ranson, Banking and Financial Institution expert and CMO at Equifax Ltd, said: “This work with HSBC reflects our ongoing commitment to the open banking initiative and our drive to deliver to our banking and financial services clients the best solutions for their customers in this new world of open data.

“We’ve produced a next level data service that helps the industry make the most of new data sharing, and empowers customers with more control over their own financial information. Part of the open banking challenge is educating consumers on what it means in a real life context, and a streamlined credit application process that helps them get a faster decision is a great example.”

(Source: Equifax)

Online research from Equifax reveals that 43% of British adults don’t have any personal savings set aside for unexpected financial events such as unemployment, illness or urgent repairs to their home.

The survey, conducted by YouGov ahead of the recent Bank of England rate rise, found that nearly one third (29%) of people, are concerned about their ability to meet all their financial commitments, for example rent, utility bills or mortgage payments, over the next six months. People are even more worried about their longer term financial commitments, with 37% concerned about meeting their obligations over the next two years. This figure rises to 48% for 35-44 year olds.

Half as many renters (33%) have savings set aside to fall back on compared to homeowners (67%), despite 43% of people who rent expecting their rent payments to increase to some extent in the next year, and of these people, 42% say they’re unable to afford any increase.

Jake Ranson, Banking and Financial Institution expert at Equifax Ltd, said: “The extent to which people live pay cheque to pay cheque with no financial cushion is a particular concern in the current uncertain economic environment. Debt levels are on the rise and wherever possible consumers should budget for unexpected expenses. The recent interest rate hike highlights the importance of setting aside some cash to counter any financial shocks.

“To help consumers better manage their finances, companies must ensure they offer products that match an individual’s financial capacity in the long term, taking into account economic jolts that could impact their ability to meet repayments.”

(Source: Equifax)

By Andy Barratt, Managing Principal Financial Services & Payment Solution Assessment at Coalfire

The fall-out from the Equifax hack has, understandably, focused on the millions of people who have had data stolen, but far less attention is being paid to the wider implications for the financial services industry.

Financial services providers, in particular, rely heavily on credit ratings to vet potential customers, with Equifax being one of the major providers of this information in the UK.

Businesses across the sector need to ask themselves whether they can consider the data they receive from Equifax is reliable. Pleading ignorance is not an option, now that the hack is public knowledge, and the onus is back on financial services providers themselves to ensure they are lending responsibly and securely.

 It’s well known that the credit rating services provided by the likes of Equifax, Experian and Callcredit are integral to modern lending processes. The depth of information and immediacy they offer is, for many, simply not achievable otherwise. With this reliance in mind, the broader impact of the breach for the sector could be significant and long-lasting.

Should the extent of the breach be more far-reaching, it might be too late by the time the industry knows that records at Equifax have been manipulated.

The impact of the breach

The first, and more widely discussed, impact of the Equifax breach is the potential for the individuals whose data has been stolen to be a victim of identity fraud.

 The number of people affected by this particular incident has been reported widely and is now reasonably understood to be in the millions. This puts an abundance of vital personal information at the fingertips of unscrupulous individuals across the globe.

 The second key factor to consider is the systemic impact on the financial services industry. Especially in an environment where increasing amounts of business are carried out without any face-to-face interaction with the customer and automated, rapid decision making used.

 For the growing number of online-only businesses, it can be very hard to know if an applicant is who they say they are – especially if the credit rating provided by a third party is potentially compromised. While the affected data will have been flagged as stolen, we don’t know if the cyber-thieves changed any of the original records at source.

 If the source data at Equifax has been manipulated, false identities could go undiscovered giving fraudsters a greater chance of success. Stolen data can be used to create fake identities, falsify credit histories and enter into relationships with lenders that would otherwise not be possible.

 Criminals could also have made individuals appear more credit-worthy than they are in reality. This might result in over lending to sub-prime or near sub-prime individuals in a manner that may well be judged irresponsible by regulators.

 Of course, many lenders use multiple sources alongside their own records to verify loan applications.

But for those relying heavily (or solely) on Equifax data to support their decision making, it is vitally important to evaluate the level of dependence and whether a new approval process needs to be put in place.

Ensuring data reliability

At this stage, completely abandoning Equifax might be overcautious, but a review of how their data is utilised is a must.

Businesses need to start a dialogue with the credit ratings agency immediately. Equifax should be forced to disclose what measures have been put in place to alert both consumers and financial institutions to fraudulent data, how they are identifying the people affected and what new practices are being implemented to ensure data security and integrity in the future.

It will, of course, be down to individual companies to decide whether the evidence provided by Equifax is satisfactory.

If it is not, firms that rely heavily on this agency, should consider other partnerships so that data can be corroborated. Anomalies can be identified by comparing information provided by two or more ratings agencies, potentially uncovering a fraudulent application.

In this vein, firms may also be able to further leverage existing customer data to sense check a new application. For example, if an existing customer’s circumstances or credit worthiness change drastically from one application to the next, this should raise flags.

Common-sense checks such as this are an interim measure, but will help judge the reliability of data while assurances from Equifax are sought and more long-term strategies put in place.

Long term, it will be up to the regulators to decide if Equifax can really be relied upon by the global financial services community. Any rulings or advice on Equifax’s reliability could have significant implications for the financial services industry’s dependency on a small number of credit rating agencies.

If Equifax’s trustworthiness is called into question, it could be a tipping point that opens the door to a new type of ratings agency.

Financial services is in a transformative phase with new ‘challengers’ emerging all the time. Online-only banks like Monzo are capitalising in an industry that is already amenable to change. The sector should watch on with interest for comment from the FCA that could impact Equifax’s role and keep an eye out for potential partnerships should new rating providers enter the market.

The truth is that Equifax and the service it provides is deeply entwined with the financial services sector. So much so that wider implications from the data breach are inevitable. It’s fundamental now that the sector ascertains whether its lending processes are still reliable and make the necessary changes if they are not.

About the Author

Andy Barratt is Managing Principal for Financial Services and Payment Solution Assessment at Coalfire, a cyber security consultancy which works with many businesses across the financial services sector.

Website: https://www.coalfire.com/

Deloitte appears to be the latest in a series of large multi-national companies becoming the victim of serious cyber breaches.

A report by the Guardian newspaper has revealed that the accountancy giant computers were discovered to have been hacked in March this year, although there are suggestions that the hack could have occurred as long ago as October 2016.

The news comes as several US companies are reporting large scales cyber security issues. Equifax and the SEC have both recently suffered embarrassing and potentially devastating hacks which have resulted in huge amounts of company data being compromised.

While the scale of the Deloitte hack is not yet known, the accountancy firm works for a vast amount of companies and governments around the world, providing tax consultancy and audits, all who have vital and confidential data held by the company. It appears that the main attack has been focused on the US arm of Deloitte, although there have been indications that it may affect companies in other countries.

The leak is said to have stemmed from the use of the company’s cloud storage system, where they store nearly 250,000 client emails. The hackers entered through an administrator password and reports suggest that this could have allowed them full access to all the information stored in the cloud.

Deloitte have sought to play down the hack in a statement which cited that there have been “very few impacted clients”. A spokesman is quoted as saying: “In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilising a team of cybersecurity and confidentiality experts inside and outside of Deloitte.”

Deloitte have taken steps to not only plug the leak, but to locate the source of the hack and earlier this year employed top US law firm Hogan Lovells to launch a special investigation on their behalf.

The hack will also serve as an embarrassment to a company who were voted Best Cybersecurity Consultants in the World in 2012.

While the full scale of the attack is not yet known, Deloitte will hope that they will not suffer the same fate as Equifax, whose share price fell 32% during the fallout of their cyber breach.

There are just six months left until Open Banking phase two begins, when customers will be able to digitally access and securely share their bank transaction data to get the most from their finances.

The initiative will encourage financial service providers to offer high quality, targeted services and in turn boost competition.

Roger Vincent, Head of Banking and Innovation at Equifax, comments: “The banking industry is set for a huge customer-centric shake-up with the implementation of Open Banking phase two in January 2018. This exciting development will dramatically change the customer banking experience, helping consumers and businesses to use their financial transaction data to access products more easily and better understand their finances.

“The initiative kicked off earlier this year with stage one, where the ‘CMA9’ (nine banks mandated by the Competition and Markets Authority) provided improved access to information such as ATM locations and product listings. The second stage is the real game changer, with bank transaction data made available digitally for consumers and businesses to share securely, and only with their agreed consent, via open application program interfaces (APIs). Through the open APIs the data can be used by authorised third parties to build new high quality and targeted services, including new digital offerings, facilitating a more competitive environment.

“The ability for transaction data to be used for automated creditworthiness and affordability assessments, fraud detection and product accessibility is endless. Customers will be able to control how their financial data is shared digitally and provide a deeper picture of the way they manage their money. This could mean a quicker, more secure and fully digital mortgage application process or faster access to finance for a new business venture. For those currently underserved by the market, for example young people or the self-employed, it could mean the start of a journey to better financial health.

“Over the next six months, banks need to embrace the move towards a more transparent banking world. To do this successfully, preparations must focus on meeting the long-term practical benefits of consumer empowered data sharing rather than approaching this change as a tick-box compliance activity.”

(Source: Equifax)