If the recent software failures in the financial industry are anything to go by, then disruption to payment systems are becoming the ‘new normal’. This week David O Riordan, Principal Technical Engineer, SQS Group, delves into the benefits of blockchain, in particular in the aftermath of a software disaster.
The VISA card payment outages, Faster Payments issues and disruption to card payments at BP petrol garages, all within the first half of 2018, have caused many to question the regulatory environment around financial institutions. And with the Bank of England and FCA requesting banks to report on how prepared they are for IT meltdowns, stating that any outages should be limited to just 48 hours, the finance industry is under real scrutiny when it comes to technology.
Corporations are now expected to have a Disaster Recovery (DR) and business continuity plan put into place to avoid falling victim to software failures. Nevertheless, what business leaders need to understand is that while no IT solution is completely foolproof, and will likely go down from time to time, the key is knowing how a potential internal failure can be mitigated without affecting the overall performance. This can only be achieved with a well-practiced DR plan that is second nature to the responsible parties and can be executed in the desired timeline. However, this can be both costly and time-consuming to set up. How can such incidents be minimised, or potentially eliminated, in the future? Blockchain is an alternative technology solution business leaders should consider, as it has fraud protection already built-in and is highly resistant to all type of attacks and failures.
Blockchain for Business Continuity
Built-in Fraud Protection:
Blockchain is a de-centralised platform, where every node in the network works in concert to administer the network and no single node can be compromised to bring down the entire system. It is a form of distributed ledger where each participant maintains, calculates and updates new entries into the database. All nodes work together to ensure they are all coming to the same conclusions, providing in-built security for the network.
Most centralised databases keep information that is up-to-date at a particular moment. Whereas blockchain databases can keep information that is relevant now, but also all the historical information that has come before. But it is the expense required to compromise or change these databases that have led people to call a blockchain database undisputable. It is also where one can start to see the evolution of the database into a system of record. In the case of VISA and other payment systems, this can be used as an audit trail to track the state of transactions at all stages.
Ingrained Resiliency:
Additionally, blockchain removes the need for a centralised infrastructure as the distributed ledger automatically synchronises and runs across all nodes in the network by design. As a result, Disaster Recovery (DR) is essentially built in, eliminating the need for a synchronised DR plan. The inability to alter entries in the ledger also contributes to the overall security of the blockchain, improving resilience against malicious attacks.
This is unlike traditional large centralised systems where resilience is provided by failover within a cluster, as well as site-to-site Disaster Recovery at a higher level. Disaster Recovery plans and procedures can be costly due to a large amount of hardware and data replication required. Furthermore, most businesses often do not execute it, so when disaster strikes, corporations are not prepared to deal with the aftermath; as seen with VISAs outage problems.
The Downside of Decentralised Blockchain Technology
Performance:
While blockchain can be used as a system of record, and are ideal as transaction platforms, they are slow compared to traditional database systems. The distributed networks employed in blockchain technology means they do not share and compound processing power like traditional centralised systems. Alternatively, they each independently service the network; then compare the results of their work with the rest of the network until there is an agreement that an event has happened.
Confidentiality:
In its default, blockchain is an open database. Anyone can write a new block into the chain and anyone can read it. Private blockchains, hybrid limited-access blockchains, or ‘consortium’ blockchains, can all be created, so that only those with the appropriate access can write or read them. If confidentiality is the only goal then blockchain databases offer no benefit over traditional centralised databases. Securing information on a blockchain network requires a lot of cryptography and a related computational liability for all the nodes in the network. A traditional database avoids such overhead and can be implemented ‘offline’ to make it even more secure.
Blockchain for Disaster-Relief?
As an emerging digital disruptor technology, no one can say for sure where blockchain technology will ultimately lead. While many have disregarded this technology, the potential is certainly there to attempt to solve some of the most common problems in the digital space.
However, with high customer demands on the increase within financial services and with the combination of a widespread network and substantial cost pressures, IT outages will continue to impact consumer experience. Businesses can minimise potential damage by managing communication effectively and dealing with the technical nature of the outage quickly. With a comprehensive and well-rehearsed data recovery plan, it can not only mitigate outages but maintain standards of service too. This will encourage customer retention, loyalty and growth. Therefore, blockchain should be considered, as it has a built-in check and balance to ensure a set of colluding computers can’t ‘game’ the system; as the network is virtually impossible to crack. As blockchain processing efficiency improves, it will increasingly become a more viable proposition, potentially making traditional disaster recovery unnecessary in the future.
The 05: Do Not Honor card declined response is the most common and general ‘decline’ message for transactions that are blocked by the bank that issued the card. This week Finance Monthly hears from Chris Laumans, Adyen Product Owner, on the complexities of this mysterious and vague transaction response.
05: Do Not Honor may be the largest frustration for any merchant that regularly analyses their transactions. Although it frequently accounts for the majority of refusals, it is also the vaguest reason, leaving merchants and their customers at a loss about how to act in response.
Although unfortunately there isn’t an easy, single answer about what this refusal reason means, there are several suggestions as to what could be the cause behind the non-descript message. So what might the 05: Do Not Honor mean? From our experiences analysing authorisation rates and working with issuers and schemes, here are some plausible explanations.
Insufficient funds in disguise
In probably half of the cases, 05: Do Not Honor is likely just an Insufficient Fund refusal in disguise. Reality is that some issuers (or their processors) do a poor job of returning the appropriate refusal reasons back to the merchants. This is both due to the use of legacy systems at the issuer side as well there being no mandates or monitoring by the schemes on this, letting issuers continue to use it as a blanket term.
By looking at the data from various banks, it is easy to see how “Do Not Honor” and Insufficient Funds can often be used interchangeably. Records that show a disproportionately high level of Do Not Honor and a low level of Insufficient Fund refusals would suggest one masquerading as the other. Given that Insufficient Funds is one of the most common refusal reasons, 2nd maybe only to “Do Not Honor”, it makes sense that “Do Not Honor” by some banks may actually represent Insufficient Funds.
Refusal due to credential mismatches
Although the words “Do Not Honor” aren’t the most revealing, sometimes other data points in the payment response can be clues for the refusal. Obvious things to look at are the CVC response, card expiry date, and, to a lesser extent, the AVS response. For lack of a better reason, issuers will frequently default to using “05: Do Not Honor” as the catch-all bucket for other denials.
Suspicion of fraud
The most appropriate use of “05: Do Not Honor” would be for declining transactions due to suspicious activity on the card. In some cases, although the card is in good standing and has not been reported lost or stolen, an issuer might choose to err on the side of caution due to a combination of characteristics on a given transaction. For example, a high value transaction made at 3am from a foreign based merchant without any extra authentication, likely will trigger a few too many risk checks on the issuer side. These types of refusals will again unfortunately be designated into the “05: Do Not Honor” category, with merchants drawing the short straw. Even though issuers may be able to point to specific reasons why the transaction was refused, issuers have no way to communicate this back to the merchant.
Some astute merchants might point out that issuers should be able to use “59: Suspected fraud” in these cases. Some issuers however remap these 59 refusal reasons to 05 before sending the response to the acquirer to protect store owners in the POS environment and avoid uncomfortable situations with the shopper standing in front of them.
Collateral damage
Finally, the reality is that your likely not the only merchant that a given shopper interacts with. Regardless of how good your business is or how clean your traffic is, a shopper’s recent history with other merchants will influence the issuers decision on your transaction. For lack of a better reason, the catch-all 05: Do Not Honor refusal in some cases be seen as “Collateral damage”. If the shopper coincidentally just made a large purchase on a high-risk website or went on a shopping spree before reaching your store, there is the possibility that the issuer may decline the transaction at that moment in time. In these cases, there is unfortunately very little that can be done, except to ask for another card or to try again later.
Hopefully this helps shed some light on the possible reasons why ‘05: Do Not Honor’ is so dominant in the payment space and that there is no single reason for this response. Adyen’s advice to dealing with these refusals is to look at the data at individual issuer/BIN levels and from there, try to distil patterns particular to those bank’s shoppers.
The financial services industry must “unite and fight” against a no-deal Brexit that potentially erodes clients’ rights and damages the financial sector itself.
This warning from deVere Group founder and CEO, Nigel Green, comes as the UK's International Trade Secretary, Liam Fox, said that Britain should accept a ‘no-deal’ scenario, instead of requesting more negotiating time.
It also follows MPs being told earlier this week by the Association of British Insurers that it could be “illegal” to pay private pensions to British expats if the UK crashes out of the EU with no deal.
In addition, the City of London is claiming that Brexit will cost Britain up to 12,000 financial services jobs in the short-term, with many more potentially disappearing in the longer term.
Mr Green says: “Now is the time for the financial services industry to unite and fight against a no-deal Brexit that potentially erodes clients’ rights, protections and freedoms. It must also stand against it potentially damaging the financial sector itself.”
He continues: “It is an outrage that if the UK crashes out of the EU, and free movement of capital stops because there is no agreement in place, people could stop receiving their hard-earned retirement income, saved over many years, simply because they have chosen to live outside the UK, which they are perfectly entitled to do.
“As an industry we need to step up, lobby the policymakers, and ensure clients are secure on this issue, amongst others. We need politicians to guarantee their rights, choices and safeguards as a matter of urgency.”
Mr Green goes on to say: “This latest warning, and the ongoing uncertainty, is likely to trigger even more people who are eligible to do so to consider moving their British pensions out of the UK into HMRC-recognised pensions while they still can.
“Many will be seeking to safeguard their retirement funds by transferring them into a secure, regulated, English-speaking jurisdiction outside the UK.”
The deVere CEO adds: “The financial sector also needs to make its own voice heard.
“The industry needs continuity and certainty. What it does not need is the chaos and the expense of a no-deal Brexit.
“A no-deal scenario will likely mean a reduction of the services and products that we are able to offer clients, as well as increased costs for businesses and, ultimately, the client.
“Therefore, we must actively engage with politicians – who largely seem only to have their own political agenda at heart - to prevent this from happening.”
(Source: deVere Group)
Three quarters of finance decision makers within UK businesses have admitted that their company could be susceptible to fraud because of poor accounts payable systems, according to a new report.
And 70% of finance decision makers also admitted that a failure to implement robust purchase order processing within their company was also putting them at severe risk from fraud.
In fact according to the ‘Changing trends in the purchasing processes of UK businesses’ report commissioned by document managing, accounts payable and purchasing solution provider Invu, less than a quarter (24%) of decision makers are ‘completely confident’ that they could prevent or detect fraud with their current systems.
The risk from fraud is also not limited by company size, according to the research, with 25% of large businesses and 30% of small companies harbouring some concerns about fraud due to weak processes and checks.
“Although we’ve seen a slight reduction in the amount of financial decision makers concerned about fraud, it is clear that concerns remain high within Britain’s business community and that not enough is being done to protect companies from becoming victims of fraud,” said Ian Smith, GM and Finance Director at Invu.
“Fraud is a huge problem for any business, with the results being potentially fatal. Automated processes, which can monitor purchase and payment processes, go a long way to prevent and detect these issues, but they are clearly not being deployed enough within UK businesses.”
(Source: Invu)
Ahead of the Russia 2018 World Cup semi-finals kick off tonight, Dun & Bradstreet have revealed that when it comes to economic risk ratings its clear who wins. Below are graphics ahead of the match tonight between France & Belgium, and tomorrow between England & Croatia.
Below you can also see a thorough table of all countries in the World Cup that accounts for FIFA rankings vs. their D&B Country Risk rating vs. the GDP per capita global ranking.
| Team | 2018 FIFA Ranking | D&B Country Risk Rating | GDP per capita global ranking | Economic overview |
| Switzerland | 6 | 2.25 | 2 | Forward-looking indicators bounce back after a period of weakness. |
| Iceland | 22 | 3.25 | 5 | Growth is underpinned by base effects and a stronger demand for fish. |
| Denmark | 12 | 2.25 | 8 | The immediate risk of a general strike has been averted. |
| Sweden | 24 | 1.75 | 10 | The economic growth forecast for 2018 edges up. |
| Australia | 36 | 2.5 | 11 | Relations with main trading partner China continue to sour. |
| Germany | 1 | 1.5 | 16 | Economic indicators maintain their downward trajectory. |
| Belgium | 3 | 2.75 | 18 | Modest economic growth continues. |
| England | 12 | 2.75 | 22 | Forward-looking indicators still suggest disappointing growth this year. |
| France | 7 | 2.25 | 23 | Dun & Bradstreet downgrades its rating outlook for France as the economy slows. |
| Japan | 61 | 2.75 | 24 | Corporate and household earnings pull ahead of demand growth. |
| Korea (South) | 108 | 2.75 | 26 | The inter-Korean summit brings an improved political outlook. |
| Spain | 10 | 3.75 | 29 | Political uncertainty will remain elevated. |
| Portugal | 4 | 4 | 34 | As expected, GDP growth decelerates. |
| Saudi Arabia | 67 | 3.5 | 35 | Strong oil prices will boost the short-term economic outlook. |
| Uruguay | 14 | 4.25 | 40 | Exports are driving growth, and investment is forecast to pick up in 2018. |
| Panama | 55 | 3.5 | 44 | The economy will keep growing at a healthy pace. |
| Argentina | 5 | 5 | 48 | President Macri's falling popularity jeopardises planned reforms. |
| Croatia | 20 | 4 | 49 | Negative indicators suggest that the economy is slowing. |
| Poland | 8 | 3.25 | 50 | The EU gives Poland a deadline to resolve judicial independence issues. |
| Costa Rica | 23 | 4.5 | 51 | Dun & Bradstreet upgrades Costa Rica's country risk rating following the election of Carlos Alvarado Quesada as president. |
| Russian Federation | 70 | 6 | 52 | Payment performance remained broadly stable in 2017. |
| Brazil | 2 | 4.5 | 57 | The growth forecast is slashed following a crippling strike and the currency sell-off. |
| Mexico | 15 | 3.75 | 60 | Elections and stalled NAFTA talks cloud near-term prospects. |
| Peru | 11 | 4 | 68 | An upsurge in public investment spending will help the economy to pick up. |
| Serbia | 34 | 4.75 | 72 | Data for Q4 indicates that economic growth is accelerating. |
| Colombia | 16 | 4 | 74 | The centre-right candidate leads in polls ahead of May's presidential election. |
| Iran | 37 | 5.75 | 76 | Dun & Bradstreet downgrades Iran's country risk rating as the US reimposes sanctions. |
| Tunisia | 21 | 5.75 | 94 | Political tension rises within the governing coalition. |
| Morocco | 41 | 4 | 99 | The diplomatic breach with Iran will boost ties with both the US and Gulf Arabs. |
| Egypt | 45 | 6 | 104 | The government faces a challenge to reduce energy subsidies. |
| Nigeria | 48 | 6.5 | 106 | Commercial bank liquidity improves as both oil export revenues and FX reserves rise. |
| Senegal | 27 | 4.25 | 121 | A new sovereign bond raises USD2.2bn. |
The impact of blockchain within the financial services industry could be significantly delayed by the damaging PR currently associated with cryptocurrencies, new research suggests.
Insight gathered in a report by international law firm Gowling WLG reveals that financial services experts are fearful that if the negative headlines surrounding the likes of Bitcoin impacts industry opinion about blockchain software, it will perpetuate the common confusion between the two.
The report, entitled 'The ultimate disruptor – how blockchain is transforming financial services', states that an estimated US$2.1 billion will be spent on blockchain solutions[1] during 2018 and, by 2021, levels are expected to reach US$9.2 billion. In order for the system to reach these levels of growth and its benefits to be realised, it's essential for businesses to understand the capabilities of blockchain and other distributed ledger technology (DLT) beyond Bitcoin.
Dean Elwood, CEO of blockchain company Umony and contributor to the report, said: “Bitcoin is creating so much noise, much of it negative, that the genuinely useful and practical side of blockchain is getting buried. I think there is a real pressure on the industry and people like me, to make sure that everyone really understands the difference between blockchain and cryptocurrencies like Bitcoin."
The report features insight from specialists including NEX Exchange, Blockchain Hub, BTL Group and AgriLedger.
Many of the contributors believe that the development of blockchain technology will happen much faster if the industry collaborates and regulators are involved in the development process. This is because the very nature of DLT revolves around sharing information, not only internally, but also with customers and, in many cases, with competitors.
David Brennan, partner and co-chair of Gowling WLG's global tech team, said: "The business community has been quick to grasp the numerous opportunities blockchain solutions afford, but the key challenge will be communicating its significance to both the public and policymakers. Collaboration between governments and the private sector is key in order to facilitate widespread acceptance and adoption of the technology."
The firm's research also suggests that the appropriate industry regulators need to catch-up with the technological developments within blockchain and DLT, yet the majority of those interviewed do not believe that the technology itself requires regulation.
Andrew Gardiner, founder and CEO of Property Moose, said: "Cryptocurrencies need regulating, absolutely, 100%. But you can't regulate blockchain itself. It's just a piece of tech. For example, do you regulate Microsoft Word or Google for emails? They all have to be ISO compliant, so you’ll have industry standards, but these are not regulation.”
For a full overview of the research conducted with financial services experts, including insight on who will be affected by blockchain, the opportunities and threats facing the technology and the level of investment now going into blockchain development, see Gowling WLG's white paper 'The ultimate disruptor – how blockchain is transforming financial services'.
(Source: Gowling WLG)
[1] 1 Worldwide Semiannual Blockchain Spending Guide, International Data Corporation, 2018.
The need for financial institutions to be prepared against cyberattacks is doubly pressing this year, following a raft of new regulations. These have shifted the mandate from one of annual compliance exercises to an ongoing assurance that IT systems are prepared and secure.
Hiscox recently published its Cyber Readiness Report, surveying how prepared major institutions are to face cyber-attacks. Last year the report found many businesses underprepared for cybersecurity threats.
A variety of products offer security for financial services companies’ critical applications. But the growing complexity of banks’ systems means that the approach to cyber security products is not fit for purpose, warns systems integrator World Wide Technology.
Nick Hammond, lead advisor for financial services at World Wide Technology, comments: “The Hiscox report will serve as an important reminder to financial services firms about the importance (and difficulty) of securing against the cyber threats.
“This kind of protection is all the more necessary this year, in the wake of new regulations such as MiFID II, PSD2 and GDPR. Unlike older rules that only required yearly tick-box compliance exercises, these new regulations require continued assurance of critical applications.
“But with the complexity of existing IT systems, which have been built with different and sometimes opposing metrics over the years, this is easier said than done. Legacy infrastructures are often formed from an extremely complex patchwork of applications, which communicate with each other in convoluted ways.
“This web of opaque interdependencies is creating problems for cyber security. Without a clear view of how the system is plumbed together, there can be knock-on effects downstream when one application is prevented from sharing data with another system or user.
“To meet changing regulatory requirements, companies in the financial space need to access infrastructural expertise, to generate a working, real-time picture of the entire framework. Only after gaining this level of visibility can the right security policies be fitted to each application in a way that fits within the functioning of the existing system, allowing components to communicate as they need to whilst closing them off from external threats.”
(Source: World Wide Technology)
Investors now have little alternative but to support risk assets if they want to beat inflation, affirms one of the world’s largest independent financial advisory organisations.
The assertion from Tom Elliott, International Investment Strategist at deVere Group, comes as global stock markets enter 2018 with positive momentum, including the Dow Jones which has surpassed 25,000 for the first time in history.
Mr Elliott explains: “Market confidence is supported by a reasonably strong cyclical upswing in world GDP growth. This is being translated into corporate earnings growth, by a belief that central banks will not significantly tighten monetary policy unless justified by growth and inflation data, and by the U.S. corporate tax cuts announced in December which will boost Wall Street corporate earnings.
“In the face of continuing low interest rates and bond yields, investors now have little alternative but to support risk assets such as equities and non-core government bonds, if they want a yield that will beat inflation.”
An acronym is currently being popularised that describes how many investors see markets unfolding in 2018: MOTS, standing for ‘more of the same’. That is to say, solid returns for stock markets with continuing low volatility, and positive returns from investment grade corporate bonds.
“The risks to the MOTS scenario include central bank policy error, Trump turning America away from its traditional support for free trade, a credit crunch in the Chinese financial system and from geopolitics such as North Korea and the Middle East. However, as supporters of MOTS would argue, none of these risks are particularly new and they failed to de-rail markets in 2017,” confirms the strategist.
He continues: “We favour a long-term multi-asset approach to investing, whereby investors choose a suitable combination of global equities and bonds - depending on their risk profile and investment horizon - and leave the portfolio unchanged. Regular re-balancing ensures winners are sold and losers are bought – which financial history, and common sense, supports but which is so hard for us to do in practice.”
Mr Elliott goes on to say: “Looking forward to 2018, Japanese and emerging market stock markets appear to some commentators to offer most value, the U.S. less so. The Japanese economy, which grew at an annualised rate of 1.4% in the third quarter 2017 (despite a shrinking population), continues to benefit from a weak yen and the upturn in global demand for its exports. Fiscal reform, in particular lower corporate tax rates for companies that increase wages by 3% or more, comes into effect in April. It is hoped that this will lead to improvements in household demand growth, which has been weak in recent years. Emerging market equities continue to look undervalued relative to their developed market peers on most valuation measures, despite their outperformance in 2017.
“Wall Street is the most overvalued of the major stock markets, with the attractiveness of equities against bonds diminishing as Treasury yields creep up. However, the increase in yields is likely to be modest and U.S. corporate earnings growth will remain strong, limiting any pull-back in share prices. The weak dollar boosts export earnings, while strong consumer confidence supports domestic-focused sectors. Tax cuts will be a net benefit to U.S. corporate earnings, but the impact of changes to the tax code on individual sectors is as yet unpredictable. Fourth quarter earnings statements and outlook comments, from mid-January, will hopefully offer clues.”
Mr Elliott is not so confident about fixed income. He concludes: “Once again we begin the year with commentators generally nervous of bonds, fearing that an inflation problem is around the corner. Some fear that central banks will tighten monetary policy faster than is priced into the market in an accelerated effort to ‘normalise’ policy.
“It seems prudent to heed such warnings, even while acknowledging that the fear of imminent inflation has been voiced by monetarist hawks – and proved wrong- ever since central bank’s policies of quantitative easing and ultra-low interest rates began nearly 10 years ago. This suggests favouring short duration core government bonds, since the cash can be re-invested in a few years in higher bond yields.”
(Source: deVere Group)
Financial technology start-ups such as Ratesetter and Lendable pose a significant threat to the dominance of established banks in the UK’s £200bn personal loans market, according to new research.
In the ‘Battling for Buyers’ report, behavioural science experts Decision Technology (Dectech) explore consumer openness to fintech providers across a range of banking products, such as loans, current accounts, and mortgages. The experiments found consumers are more open to considering fintechs for personal loans than for other products.
Nearly half (43%) of consumers are happy to choose a fintech provider for a personal loan. This compares to one in three (33%) being open to having their current account with a fintech and only one in four (26%) considering a fintech for a savings account.
The research shows that one of the biggest barriers to fintechs is low brand recognition. The most recognised fintech brand, online investment manager Nutmeg, was only recognised by one in four (26%) consumers, compared with five out of six (83%)recognising Virgin Money, the least recognised big bank. Few fintech firms were found to have name recognition in double figures.
According to Dectech, behavioural science may provide the answer to why consumers are willing to consider a fintech provider for some banking products more than others. The report explains that loss aversion – people’s tendency to be more sensitive to potential losses than potential gains – means customers are more willing to trust unrecognised brands when borrowing money than when saving.
In addition, the research found consumers on average change personal loan provider once every three years, versus once every 12 years for a current account. Due to the higher churn rate and greater openness to new competitors for personal loans and other borrowing products, Dectech recommends that banks focus their efforts on these markets.
The report suggests established banks emphasise the trust that comes from being an established brand to hold onto customers in savings markets, while ensuring their offer remains competitive for lending products, where established banks are more liable to be outcompeted on price and speed in lending by newcomer brands with lower overheads.
Dr Henry Stott, Director of Decision Technology, said: “These findings are a stark warning to incumbent banks. There is considerable consumer appetite for fintech providers already, especially when buying products based on price rather than brand trust. As name recognition for challenger brands increases, the threat they will pose will do likewise, and we’d expect them to start taking market share across a wider range of products.
“Established banks should pick their battles, leveraging trust in their brand for savings products where customers are more focused on reliability and aiming to stay competitive on price and speed for lending products where customers are most open to newcomers.”
(Source: Decision Technology)
With the worldwide number of robots in smart factories now topping a million, Ross Thomson cites a lack of awareness as the reason most operators haven’t tackled the threat.
“Many firms believe hackers only want personal or financial data, but there is a credible risk to industrial robots,” says Mr Thomson, Principal Consultant at Amethyst Risk Management, which advises government and industry on cyber security.
He points out the risk is growing as robots, like other devices, are increasingly connected to wider networks and the internet. That gives hackers more ways in, and the consequences are potentially disastrous.
In one example, attackers locked up a robotic assembly plant in Mexico and demanded a ransom from the operators. Mr Thomson also highlights the safety risk for human factory operatives if a robot were to be hacked.
Lack of awareness and preparedness for a cyber-attack extends to robot makers. Mr Thomson points to an experiment where researchers hacked a robotic arm and forced it to mis-perform, compelling its manufacturer to plug the security hole.
Nightmare scenarios
The threat might come from disgruntled employees, criminals, recreational hackers or nation states.
One kind of attack would inject faults or defects in the production process, or lock it down completely as in the Mexican incident, leading to loss of production and revenue. If defective products make it to market, they can cause reputational damage, a potential advantage that could motivate an attack by unscrupulous competitors.
By manipulating safety protocols, hackers could cause the robot to injure human operators, or to damage itself or the factory environment. Alternatively, attackers might attempt to steal sensitive data from the machines themselves or the wider company network through remote access.
How easy is it to hack a robot? Ease of access to the software varies, making an inside job more likely in some scenarios. Firmware may be freely available online or retrievable from used robot CPUs, and some manufacturers allow programmers to access code in a simulation environment, creating a potential practice ground for would-be robot hackers.
Hackers have other ways to infiltrate, other than via the internet. They may attack from within the factory, for example connecting to the robot directly through a USB port, or physically accessing its computer controller directly or via remote service.
Once they have penetrated the system, they can potentially alter the controller’s parameters, tamper with calibration programmes or production logic and alter the robot’s perceived state, for example to show it is idle when it is not, or its actual state causing loss of control.
How big a risk?
The scale of the threat could be enormous. It’s estimated there will be 1.3 million robots in factories worldwide by next year (2018) and that 12 per cent of jobs will have been taken over by automated systems within a decade anda half. Robots are operating across almost all industrial sectors from car manufacturing to aviation and food processing.
The UK’s National Cyber Security Centre has highlighted hacking of robotic, unmanned and autonomous systems as a subject for attention, both by itself and by the intelligence organisation GCHQ.
A survey of robotic engineers by Italian academics found three quarters had never properly checked cybersecurity in their infrastructure, a third of robots were internet accessible and half of respondents didn’t see a realistic cyber security threat. To make matters worse, industrial robots often have weak authentication protocols and outdated software running on vulnerable operating systems
Operators need to take the necessary precautions
Mr Thomson urges operators of industrial robots to conduct a professional review of cybersecurity risks, have an incident response plan in place in case of a security breach and ensure that software is regularly updated, especially with security patches. The security review should look at what data robots hold and how they are potentially connected to sensitive data elsewhere on the network.
“Considering the risk to production, people and facilities, it must be taken seriously from board level to operational level,” he says. “An internet-connected robot should be treated with the same security precautions as any computer on the network, including setting long, complex passwords rather than relying on manufacturers’ default. There is a temptation to neglect updates because they may cause production downtime, but it needs to be given a higher priority.”
He advises operators to make security a key factor when sourcing new industrial robots, selecting a manufacturer that shows commitment to the issue and provides frequent software updates with security patches.
“Limiting who has access to robots and segmenting machines from networks where possible can also reduce risk,” he advises.
Ultimately, one of the most effective precautions is also one of the most prosaic, and may comfort those who fear their jobs will be stolen by robots, as Mr Thomson explains: “It’s hard to imagine a time when we dare leave robots to get on with it, so until and unless that day comes, we need humans to keep watch on robots at work.”
(Source: Amethyst Risk)
Here Kevin Wilbur, Senior Vice President of AP Automation at Tungsten discusses with Finance Monthly the practicalities of implementing new technologies in supply chains.
Trust in business is more vital than ever today. At a very basic level, it underpins what is required to agree employment contracts, retain customers and grow a business. However, when it comes to monetary transactions for the exchange of goods and services, trust is even more crucial.
Unfortunately, even when payment terms have been set and assets exchanged, trust can often be undermined. A delayed payment from a buyer is something many suppliers will have experienced, resulting in unnecessary stress and a loss of confidence in the trading relationship. Equally, supplier challenges, where data security is compromised or orders are not fulfilled, can cause headaches for buyers.
Certain sectors face greater supplier risk than others, making it even more important to ensure they have a robust supply chain. Finance businesses in particular hold a vast amount of sensitive data, so the ramifications of poor supplier service can be significant.
Widespread supply chain failures
Worryingly, our research shows that 84% of businesses have suffered from supply chain failures such as these. The biggest supplier risks were found to be security (ensuring data security and privacy standards) and information risk (accuracy, timeliness, and security of information exchanged with suppliers).
These risks or failures can have a huge financial impact, with 30% of firms reporting a loss in revenue or business partners. In addition, 22% of buyers said they faced higher insurance premiums, damaged reputation, a loss of customer trust, and/or significant legal and regulatory fines as a consequence of supply chain failures.
Many of these breakdowns in the supply chain arise from poor supplier management processes. Regrettably suppliers are often managed on an ad hoc basis with no consistency and very little attempt made to track and monitor spend. In many supply chains the sheer volume of suppliers involved means that it can be hard to stay on top of each relationship, and with the added pressures of cyber fraud, siloed customer data, insufficient cash for investment, and legacy technology systems, there are often layers of overlapping bureaucracy and confusion.
Managing and monitoring
To manage suppliers effectively and efficiently, supplier-related processes should be measured. From there buyers are able to optimise processes, which in turn enables automation. However, only 23% of buyers in our study achieved this level of maturity, and just 12% had optimised processes.
Buyers who describe themselves as having good supplier relationships have taken the time to map supplier activity, to establish a clear onboarding process, and to define a strategy that not only makes supplier management a priority, but also establishes responsibility between themselves and the suppliers they work with. Optimised firms ensure compliance with regulations and corporate social responsibility (CSR) standards by constantly monitoring their suppliers.
Low process maturity, revealed in more than a third of businesses (35%), can lead to poor sourcing decisions, because buyers lack high-quality, up-to-date information about suppliers’ past performance when awarding new contracts.
Technology that transforms
The research, which was conducted by Forrester Consulting on behalf of Tungsten Network, concludes that for businesses to thrive, they need to be properly managed using modern tools and processes that establish accountability, reduce uncertainty, and foster trust. This in turn enables the exploration of mutual growth opportunities for both buyers and suppliers.
Increasingly sophisticated technology exists that can genuinely strengthen supply chain relationships. For example, through a secure e-invoicing platform such as Tungsten Network, buyers and suppliers can have clear visibility on whether an invoice has been received and approved, and when payment is due. This means businesses have a single source of truth for invoice status information, which is monitored in real time. It can also help remove manual processes around invoice validation and compliance. This is a good example of where technology is enabling growth across the board, through developing trust in business relationships.
Often networks such as this provide value-added services that can serve as a source of competitive advantage. For example, through analysis of the real-time data generated from end-to-end e-invoicing capabilities, decision makers can more effectively predict demand and manage disruptions. Buyers and suppliers of all sizes can also find each other more easily and can build capabilities that benefit them both. They can also experiment with managing cash in new ways, such as by negotiating more flexible payment options like dynamic discounting and invoice financing.
The winners in the digital age will be the companies that best use technology to win, serve, and retain customers, and to enhance relationships throughout the supply chain. Technology can enable buyers and suppliers to more effectively use their data and manage their interactions, removing friction from the supply chain and strengthening trust, to the mutual benefit of all.
Less than a month ago, Fintech Week arrived in London with a bang, attracting hundreds of delegates from across the biggest FinTech organisations across the globe. Here Anthony Persse, Director of Strategy at Ultimate Finance, talks Finance Monthly through the challenges FinTechs face in delivering services that meet the needs of small to medium ventures.
A packed schedule awaited them, with ‘hackathons’, insurance innovation showcases and discussions on blockchain. What struck me when looking at the programme was the total absence of the word ‘customer’.
Not one talk, panel or roundtable event was planned to discuss what those using FinTech products actually wanted from the sector. Perhaps the recent successes and the incredible influx of investment has led the industry to believe it has it right already? It’s an easy assumption to make; FinTech is growing at a rate of knots, forcing the banking giants to sit up, take notice and fight to get their piece of the pie.
But, in the SME sector FinTechs are not having such a big impact and I think it’s because they are failing to ask that all important question – what does my customer need from me? Our recent research showed that the majority of SMEs in the UK still look to their main bank for financial support, even though the same research showed that small business owners didn’t feel their bank could always offer them what they needed. It’s a gap that needs filling, but it doesn’t look like FinTechs will be the plug.
That does not mean that technology does not have a huge part to play in the SME funding sector. Through an advanced online platform and a smart use of data, we were able to launch one of the fastest loans on the market, offering savvy SMEs who know what they need the option to access quick cash in an instant. We are continuing to develop our online capabilities because some SMEs do want a digital solution – it suits their needs.
And some need more of a helping hand. A human at the end of the phone who can sympathise, offer credible guidance based on their experience with hundreds of other SME customers and work through the funding options available. Those SMEs might lack experience of borrowing while others might have hit a patch of tough trading and simply not know where to turn. For these small businesses, an app isn’t going to cut it.
So will FinTechs ever meet the needs of SMEs? The answer is yes, and no. Some SMEs will find the agility that FinTechs offer works for them and that they can save money as online-only services can be cost effective. But ‘people do business with people’ is an old but still very true adage and it’s my opinion that lenders which offer a truly fair and flexible service, aligned to what SMEs really want and not what we think they want, will play an increasingly large role in the support of UK small businesses.
