Financial Conduct Authority urged to establish tougher cybersecurity regulation to combat continuing consumer distrust

27 November 2014

  • One in four Brits still don’t trust the security of their banks’ digital systems, according to new research revealed by Intelligent Environments today 
  • The financial services software provider urges the Financial Conduct Authority to establish mandatory cybersecurity tests for banks 
  • Intelligent Environments believes a new standard could help keep customers safe from “daily” cyber-attacks on banks 

A year on from some of the biggest ever cyber-attacks on banks, research from Intelligent Environments shows over a quarter (28%) of Brits still don’t trust the security of their bank’s digital systems.[1]

In light of these findings, leading financial services software provider Intelligent Environments is urging the Financial Conduct Authority (FCA) to establish a more robust security regulation framework for the financial services industry, such as the one already in place for the payments industry.

While the payment card industry has a mandatory testing process to assess the threat of credit card fraud, known as The Payment Card Industry Security Standard (PCI-DSS), there is currently no similar cybersecurity compliance process for the financial services industry as a whole.  Given the continuing growth in the sector, Intelligent Environments claims a compulsory testing process similar to PCI-DSS is key to protecting the financial services sector from the ever-evolving cybercrime threat.

Clayton Locke, chief technology officer at Intelligent Environments, said: “Bank fraud and cybercrime are industrial-scale problems that present a critical threat to the financial services industry, as has been clearly demonstrated by previous attacks on prominent providers. Many customers feel their banks aren’t secure enough. This lack of consumer confidence in itself represents a major threat to the financial industry. By creating a tougher industry-wide standard for financial services security, banks and financial services providers can improve services, increase customer security and reclaim consumer confidence in their products.”

To help combat the threat of cybercrime to banks’ digital services, the Bank of England recently created the CBEST testing framework for banks. This framework gathers intelligence from commercial and government sources to provide a holistic assessment of a financial services provider’s capabilities for dealing with cybercrime, by testing processes and technology. However, unlike PCI-DSS, CBEST’s assessments are not compulsory, meaning banks and financial services providers are under no obligation to comply with the recommended measures.

The British Standards Institute (BSI) is now offering a kitemark for secure digital transactions. Intelligent Environments welcomes this new development in cybersecurity standards, but believes the industry should go further to make compliance mandatory.

Locke continued: “It’s clear the cybersecurity arms race favours the criminal. Banks now have to fend off cyber-attacks on a daily basis.  The FS industry therefore must respond more aggressively to these threats. While the CBEST testing framework is a strong step forward, the fact these assessments are still voluntary highlights an inherent weakness. It would be much more effective to make these assessments compulsory as is the case for PCI- DSS. It’s ridiculous card providers are required to adhere to a standard while banks are not. It’s time to develop a similar standard across our industry.”

¹ Online survey of 2,000 UK consumers undertaken by One Poll in September 2014

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development