finance
monthly
Personal Finance. Money. Investing.
Contribute
Newsletter
Corporate

The FCA, the authority that regulates UK banking and financial services, has this week admitted to accidentally leaking the private data of around 1600 people that complained against the regulator.

In a document on its website, the FCA published names, phone numbers and addresses in response to a freedom of information request in November 2019. No other data like financial information or passport info was included, however. The private data belonged to those who complained against the FCA between January 2018 and July 2019.

The FCA has admitted to the leak and apologised, with the intent to address each person whose data was revealed and apologise to each in writing. It has referred itself to the Information Commissioner’s Office (ICO) and will likely expect a fine for the data breach.

On the back of this news, Andy Barratt, UK MD at international cybersecurity consultancy, Coalfire, told Finance Monthly: “The question on a lot of people’s minds will be how does the ICO respond to a data breach at a fellow regulator.

“Together, the ICO and FCA enforce some of the largest monetary penalties for data breaches and there could be cries of foul-play if one’s punishment of the other appears to be a light touch.

“While many will see this as embarrassing for the FCA, it now has a real opportunity to go through the same pain as those it regulates and learn from it.

“Human error is, to an extent, unavoidable and it will be interesting to see whether the FCA better empathises with those it polices in future.”

Digital transactions do not end at simple purchases. Cryptocurrency, online betting, and sending cash via the internet have all become popular recently. With the amount of money changing hands online, it is no surprise that hackers see this as an opportunity for identity theft.

Privacy was once the only concern for web browsers, but financial data security has taken a place on the list of essential things to consider when roaming the internet. Digital shopping and online transactions are not going away, so it behooves everyone to learn ways to protect private information.

Seemingly becoming more challenging by the day, internet security is possible. Hackers regularly find new ways to attack their victims but practicing internet safety and putting safeguards in place will help keep your information out of the hands of a cyber-criminal.

1.       Protect Your Privacy Using a VPN

The first thing any mobile device user should do is download a VPN app. While a VPN can be used on other devices like laptops or tablets, it is important to protect mobile devices, too.

People frequently connect to Wi-Fi in public places to conserve data costs, leaving themselves vulnerable. Hackers roam unsecured networks hoping to find an easy target. A VPN can create a more secure environment by encrypting data to and from your device.

2.       Practice Internet Safety

Social media has created an environment ripe for malicious cyber-attacks. Facebook and Twitter alone often provide hackers with all the information they need to infiltrate the privacy of an individual.

Being safe online is more than avoiding “sketchy” web areas. Avoid putting too much personal information on social media sites and keep your profile restricted to those you know. Decline unknown friend requests and think twice about liking every post you come across.

Hackers prefer easy targets, and many users make themselves very vulnerable by providing so much information online. These details can give hackers tips to decoding your passwords or usernames, which opens you up to a world of digital trouble.

3.       Pay Attention When Purchasing

Online transactions are here to stay, and it would be ridiculous to recommend someone avoid digital purchases. However, when buying online, you should pay attention to where you are shopping.

Small online businesses are popping up everywhere, and while they may offer unique and trendy items, it is important to validate their security. Never enter financial information on a site missing the “HTTPS” at the beginning of its URL. The “s” means secure and any site without it should be considered unworthy of your personal information.

Internet security is possible by practicing a little diligence and understanding that your information is valuable. Hackers prefer the easiest targets and creating a few blockades may prevent you from becoming a victim. Practicing safe internet behaviors can help you enjoy your online shopping experience safely.

As payment methods become more seamless to cater for consumers who demand a quick and easy user experience, concerns around protection of payment details have been mounting. Here Finance Monthly hears from James Romer, Chief Security Architect for SecureAuth, on the ins and outs of customer payment information, how it’s controlled and the potentials for multi factor authentication.

In light of recent data breaches, consumer trust in the ability of businesses to keep their data safe is at a low. Despite being well-established and active for decades, authentication techniques such as username and password for online payment portals, have been failing consumers and financial institutions for years, as they are simply no longer enough to defend against bad actors. It is clear that more advanced authentication techniques are needed to keep our finances and data secure.

Why two factor authentication isn’t enough

To defend against increasingly sophisticated attacks on financial services, a comprehensive and intelligent approach is needed. A strategy that focuses on where most breaches occur – i.e. the identity level – and combines multiple authentication techniques that do not hinder the user is needed. Multi-factor authentication (MFA) combines a minimum of three factors: ‘something you are’ (for example, a facial scan), ‘something you have’ (such as a bank card) and ‘something you know’ (a passphrase or password) and can improve identity security both in the payment transaction process, as well as when the customer is accessing a payment portal.

To improve security around online transactions, two-factor authentication (2FA) was introduced to bolster traditional username and password methods. It involves using an additional verification step; such as information that’s unique to the individual, a physical token or an SMS one-time passcode (also known as SMS OTP). While 2FA was a step in the right direction, and might deflect the average attacker, for a motivated one it’s no longer enough. Phone-based authentication and knowledge-based questions can be easily defeated by determined attackers, as seen with the recent Reddit data breach. This pitfall, combined with the less than user-friendly experience, and delays that often accompany 2FA, financial organisations need to re-think their security strategy.

Applications in the financial industry

MFA has the potential to transform payment transactions and customer experience when accessing financial information, helping to protect against fraud whilst at the same time improving usability for the consumer. Overall, the user experience with multi-factor authentication is seamless, making a strong case for a move away from the 2FA approach for good. For example, looking at contactless transactions the end user will simply present their card, while holding their enrolled finger over the embedded fingerprint reader during the POS transaction. Verification of the fingerprint is performed on the card during the transaction, using a pre-enrolled template. If the fingerprint matches, then the transaction is approved. If the read or the match fails, then an additional challenge (for example PIN) can be offered.

But it’s not just cards that this can be applied to. When a customer is accessing an online payment portal, adequately authenticating the user is critical to protecting sensitive data. Although customers are accustomed to (and often reassured by) lengthy authentication processes, a reduced number of steps will greatly improve the quality and ease of their interaction. Forward-thinking organisations understand this and will implement modern techniques, such as adaptive authentication, where both security and user experience can be enhanced. These techniques act in the background to quickly verify different aspects of the user’s login attempt, considering factors such as location, device used and IP address, without compromising the experience.

For example, SecureAuth worked with a large UK-based financial services enterprise to secure and protect its customer portals. The company recognised that their business model was largely based on repeat custom, so aimed to prioritise customer retention through a personalised personal portal. Following detailed research into the preferences stated by their own customer base, this organisation was able to offer authentication that adapted to the user’s needs and preferences, for instance, by using demographic information to give the most appropriate authentication method based on market research. In addition, repeat users enjoyed a frictionless experience without repeat access requests, as authentication was only required at the transaction phase. This greatly reduced the amount of times that credentials were requested and improved the overall user experience, highlighting how with modern authentication approaches; increased security doesn’t have to impact user experience.

Protection of the authentication process in the financial industry is absolutely essential, as no single authentication technique is beyond the reach of malicious actors. It is only a matter of time before they find a way to circumvent traditional authentication methods. True identity security must rely on multiple factors combined with risk analysis. By implementing adaptive methods that flex and change according to this associated risk, organisations can allow access, deny, step-up or step-down users at the authentication stage. This means that even if a malicious actor possesses one aspect of the user’s unique profile, such as biometric information, then other factors will be considered to authenticate them. In this way, payment and personal information can be protected and consumer trust maintained.

Sharing confidential information is a data protection issue with more and more red tape every day. With more and more apps differentiating encryption methods, this becomes even harder to manage for authorities. Below Finance Monthly hears about the potential for banking fraud via apps such as WhatsApp from Neil Swift, Partner, and Nicholas Querée, Associate, at Peters & Peters LLP.

As ever greater quantities of sensitive personal data are shared electronically, software developers have been quick to capitalise on concerns about how susceptible confidential information may be to interference by hackers, internet services providers, and in some cases, governmental agencies. The result has been an explosion in messaging apps with sophisticated end-to end encryption functionality. Although ostensibly designed for day to day personal interactions, commonplace services such as WhatsApp and Apple’s iMessage use end-to-end encryption to transmit data, and more specialised apps offer their users even greater protection. Signal, for example, allows for its already highly encrypted messages to self-destruct from the user’s phone after they have been read.

The widespread availability of sophisticated and largely impregnable messaging services has led to a raft of novel challenges for law enforcement. The UK government, in particular, has been outspoken in its criticism of the way in which end-to-end encryption offers “safe spaces” for the dissemination of terrorist ideology.

Financial regulators are becoming increasingly conscious of the opportunity that these messaging services present to those minded to circumvent applicable rules, and avoid compliance oversight. 2017 saw Christopher Niehaus, a former managing director at Jeffries, fined £37,198 by the Financial Conduct Authority for sharing confidential client information with friends and colleagues via WhatsApp. Whilst the FCA accepted that none of the recipients needed or used the information, and the disclosure was simply boasting on Neihaus’ part, it was only his cooperation with the regulator that saved him from an even more substantial fine.

That same year saw Daniel Rivas, an IT worker for Bank of America, investigated by the US Securities and Exchange Commission and plead guilty to disclosing price sensitive non-public information to friends and relatives who used that information. One of the means of communication was to use Signal’s self-destructing messaging services. Rivas’ prosecution saw parallels with the 2016 conviction of Australian banker Oliver Curtis, an equities dealer, for using non-public information that he received from an insider via encrypted Blackberry messages.

These examples are likely to prove only the tip of an iceberg; given that encrypted exchanges are by definition clandestine, understanding the true scale of the issue, outside resorting simply to anecdote, is itself an unenviable task for regulators and compliance departments. Whilst those responsible for economic wrongdoing have often been at pains to cover their tracks – perhaps by using ‘pay as you go’ mobile phones, and internet drop boxes to communicate – access to untraceable and secure communication is now ubiquitous. It is difficult to imagine that future regulatory agencies will have access to the material of the same volume and colour that was obtained as part of the worldwide investigations into alleged LIBOR and FX manipulation.

How then can regulators respond? And how are firms to discharge their obligations both to record staff business communications, and monitor those communications for signs of possible misconduct? Many firms already ban the use of mobile phones on the trading floor, but such edicts – even where rigorously enforced – will only go so far. Neither Mr Rivas, nor Mr Neihaus, would have been caught by such a prohibition.

There may be technological solutions to technological problems. Analysing what unencrypted messaging data exists to see which traders are notably absent from regulated systems, or looking for perhaps tell-tale references to other means of communication (“check your mobile”), may present both investigators and firms with vital intelligence. Existing analysis of suspicious trading data may assist in identifying prospective leads, although prosecutors may need to become more comfortable in building inferential cases.

Fundamentally, however, such responses are likely to be both reactive, and piecemeal. Unless the ongoing wider debate as to the social utility of freely available end-to-end encryption prompts some fundamental rethink, the need to effectively regulate those who participate in financial markets – and thus the regulation of those markets themselves – may prove increasingly challenging.

Just eight of the publicly listed companies cite the technology in recent annual reports.

Despite robotics and automation being at the forefront of many business conversations over the last 12 months, research announced by Redwood Software suggests that companies are not yet willing to reveal their plans.

Of the listed organisations, eight of them mention robotics in their most recent annual report, with just two including detailed references to both robotics and artificial intelligence (AI). Only insurance company Aviva, and support services company, Capita, outline automation to be a focus for them, despite many others also implementing the technologies across their business.

As large organisations look to streamline complex processes and develop a technology-driven enterprise model to keep up with more agile start-ups, robotics have the ability to assist them, improving both productivity and efficiency of operations. Neil Kinson, chief of staff at Redwood Software commented: “We know there are a lot of high-level organisations and brands across a variety of industries that are doing some sort of work with robotics and automation, so it’s surprising to not see this reflected in their annual reports. However, with business competition continuing to rise, everyone is working to gain the strategic upper hand and not give too much away.”

“Every business is undergoing some form of digital transformation, and many are using robotics as a means of achieving success when doing so. The problem, however, is that as the business case for automation continues to grow, the desire for organisations to establish themselves as innovators in robotics will only become more prominent. As companies seek to increase value by strategically streamlining core operations, we’re bound to see competing services and a variety of offers. ”

Both robotics and automation have been at their technological tipping point for the last few years, and are estimated to have contributed to around 10 per cent of GDP per capita growth in OECD countries between 1993 and 2016.

(Source: Redwood Software)

In the last few years fintech has taken a prime spot in R&D, investment and market value, and is increasingly crucial to the progress of financial services and the growth of businesses worldwide. Here to tell us why, and offer particular insight into the development of this key sector is Gary Turner, Co-founder and UK Managing Director of globally leading accounting software programme, Xero.

 

Fintech, despite being amongst the newest global industries, is already one of the most vital in terms of supporting the growth of businesses across the world. At the time of publication, there are 1,362 fintech companies across 54 countries with the US, UK and China holding strong as innovators and market leaders in financial innovation. Globally, businesses are working to become entirely digital, and early disruptors saw the opportunity to create a financial digital platform to perfectly compliment the modern way of working - the timing and execution of fintech allowed it to become the biggest industry in the world. But for the less initiated, this raises questions around how fintech has had such an influence in macro and micro economics.

Learn To Win Kroger $5000 Gift Card

The key is simple – it creates a level playing field for businesses who aren’t restricted by software. SMB growth can often be restricted by the online tools available within budget, the data they have access to, and how quickly they can access it – all of these shortcomings have been recognised and seen as potential by the fintech industry. By using cloud-based software, business owners can interact with a real-time system of record, something that was previously only available to enterprise companies. This has helped create a central platform for small businesses and owners to share information with other businesses and partners, as industry relationships can be improved and built upon through open data.

 

Numbers in real time

Another relationship that has evolved is the one between a business owner and their finances. Originally, owners would have a recurring meeting with their accountant to get a briefing on their business’ performance, but cloud software has changed the routine. Now, with improvements to financial technology, owners can now log-in anytime to check in on the numbers that keep the business running. The advantages for an owner to oversee trends on a daily basis are paramount to their success, with charts and graphs making it simple to understand where you are over or under servicing. Quick data allows for quick action. Having data readily available in one place gives a business understanding of what their customers need.

 

Public vs private

This brings to light what fintech means for the private sector, and the public sector is looking to learn just how it can improve the way they work too. In the UK we have being trying to streamline the HMRC and other departments’ services by shifting to a digital services model – this is an example of institutions recognising how critical real-time financial data is for business success. In early 2017 the HMRC announced new concessions to the policy to support small businesses who were struggling with some of the technicalities of the roll-out - while most businesses will have access to a personalised digital tax account by the end of the roll out, free software will be available to the majority of small businesses, while those that cannot go digital will not be required to. Despite the recent changes, the overarching vision of the Making Tax Digital policy will ultimately be of benefit for the UK’s business infrastructure, as the appetite for digital services is growing and traditional paper-based processes gradually becomes obsolete.

 

A global change

The UK private and public sector have felt it necessary to make these seismic changes, and it’s interesting to see how it translates across the world. Unsurprisingly the US, UK, Europe and China have had the largest fintech investment in the past five years, but India is one country that has expanded its offering, with a $2.2 billion investment – the money being pumped into the global industry is phenomenal. Beyond the usual suspects, Luxembourg has experienced huge growth in its digital economy in the past 10 years and has invested substantially into its world-class IT infrastructure, all of which is provided to entrepreneurs looking to innovate in the fintech sector. Similarly, Hong Kong has earmarked $250 million for an innovation and technology fund designed to match funding from venture capital outlays in local tech startups.

It’s these reasons and more that has allowed fintech to evolve, but the growth isn’t forecasted to slow down. In the past 12 months, there has been more than $1 trillion worth of transactions processed, with more money comes potential for more learnings, the potential for more learnings must derive from intelligent software – this thirst for insight will only see the financial web grow more powerful.

With monumental funding and innovative initiative schemes, the next 12 months will only see the industry go from strength to strength as the rollout becomes commonplace for all businesses across the globe.

About Finance Monthly

Universal Media logo
Finance Monthly is a comprehensive website tailored for individuals seeking insights into the world of consumer finance and money management. It offers news, commentary, and in-depth analysis on topics crucial to personal financial management and decision-making. Whether you're interested in budgeting, investing, or understanding market trends, Finance Monthly provides valuable information to help you navigate the financial aspects of everyday life.
© 2024 Finance Monthly - All Rights Reserved.
News Illustration

Get our free monthly FM email

Subscribe to Finance Monthly and Get the Latest Finance News, Opinion and Insight Direct to you every month.
chevron-right-circle linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram