Biometrics and tokenisation among key technologies to combat cybercrime for financial services sector
Financial services firms will need to adopt more widespread use of emerging technologies to neutralise the threat of damaging security attacks. This is the advice from leading managed service provider, Advanced 365 (Advanced).
The ongoing rise of cybercrime is directly impacting the financial services industry. A survey of senior financial executives, conducted by McKinsey, has revealed that almost two-thirds (60%) believe the pace of security attacks will increase more quickly than the ability of their organisation to defend themselves.
Neil Cross, Managing Director of Advanced 365, says, “Many organisations have left themselves vulnerable due to historically perceiving data security as a cost with little benefit, as opposed to a strategic driver of the business. With attacks becoming more sophisticated, there is considerable need for financial institutions to embrace emerging technologies to maintain the trust of their customers and remain compliant.”
Below, Cross outlines seven tips which financial services organisations should consider to tighten their security policies.
1. Bring Your Own Identity – By 2020, banks will adopt a ‘Bring Your Own’ identity approach by using biometric verification technology to reduce fraud. A growing number of consumers would be prepared to make payments via biometric scanning, such as retina or fingerprint scans, in addition to paying for goods and services using voice authentication.
2. Look into mobile virtualisation – Mobile devices are prime hacker targets due to holding diverse sets of data containing often lax security controls. Mobile virtualisation enables multiple operating systems to run simultaneously on a smartphone. By ensuring sensitive personal and corporate data is isolated the technology can protect end users from threats, without them having to compromise on privacy and choice.
3. Implement tokenisation – The Visa Token Service (VTS), launched by Visa in September 2014, replaces sensitive credit card information. The ‘tokens’ are a unique series of numbers that can be used to make payments without exposing actual financial information. To date over 500 financial institutions have implemented VTS and tokenisation is set to expand to mobile devices.
4. Leverage real-time analytics – By analysing accounts, users or other entities, and looking for inconsistent transactions against those profiles, big data could identify known patterns of security violations. The use of real-time analytics across multiple data sets – both structured and unstructured – could increase operational efficiency and facilitate faster time-to-remediation when investigating possible fraud.
5. Use cognitive computing – Security professionals are often in the dark about whether their business systems have been breached, and when. Cognitive computing, which combines computer science and data analytics, could provide the answer. Cognitive computing can rapidly sift through huge volumes of data generated by network hardware and information systems to identify security incidents that humans often miss.
6. Use forensics software to monitor criminal activity – Advanced forensics is evolving from simply analysing a security breach after the event to being able to profile hackers and their attack methods. The technology can be used to help build bio data patterns of criminal and malware activity to help firms remain agile and stay one step ahead.
7. Invest in quantum cryptography – Emerging quantum cryptography technology may eventually replace encryption as the most secure communication method. By using photons of light to physically transfer data in secret between two entities, known as encryption keys, quantum cryptography generates random numbers which cannot be cloned by hackers.
Cross adds, “The biggest challenge for financial services firms is to identify a starting point to assess the maturity of their security strategies. Having established the nature of the risks, the organisation should then undertake a complete systems, process and staff audit to identify areas of weakness within each scenario.”