This morning I got to work and went through my usual routine of catching up on the news online, posting articles on social media, and taking a quick scan of my Facebook feed. One particular Facebook post from one of my younger friends caught my attention. He and his wife recently adopted a child and I’m sure have been receiving a lot of paperwork these days as they go through open enrollment for medical insurance and things of that nature. They also started a college fund for him with large financial services company (which I will leave nameless). They just returned from a trip to Colorado and were going through the stack of mail to find six, yes six, letters from the wealth management firm all just regarding the confirmation of the account being setup for their son.
His comment is around the topic of “digital” that is often debated in the the financial industry (and other sectors too). In fact, I recently interviewed our wealth management practice director for our Perficient Perspectives series, “Building a Customer-Centric Model in Financial Services”. As part of this Q&A series we talked about the demand for digital during all phases of the customer interaction lifecycle – from engagement, transaction, and fulfillment to servicing the client. The pile of paperwork my friend received is a perfect example of where, even with little interactions, customers react to certain processes and interactions with their financial services provider. Not to mention, if this is the “typical” amount of paperwork a new client receives during the on boarding process, then I cannot imagine what the financial services company is spending to create, print and mail these documents to all of their clients! Then throw in the monthly or quarterly statements regarding a client’s assets or accounts – what kind of reaction does this cause? Well, here’s a quote from Hemant Jaiswal from our interview that puts it into perspective:
…we’re at a tipping point in the industry. Financial services companies must adopt more customer-centric operating models going forward or risk becoming irrelevant with consumers and corporate clients.
Research shows that this industry challenge and paradigm shift exists beyond Millennials and younger generations. In fact, according to the recent Capgemini and RBC Wealth Management World Wealth Report 2014, “nearly two-thirds of clients with at least $1 million or more in investable assets expect to manage most of their wealth relationships digitally in five years,” and these clients “would consider leaving their current firm if an ‘integrated channel experience’ is not provided.
Unfortunately, digital transformation for banks and financial services companies isn’t something that can happen over night either. For many of the larger financial firms, this is a multi-year engagement that requires a lot of integration and consolidation of legacy systems to reach the desired target state operating model. Throw in the demand for new mobile technology and digital marketing tactics, and the struggle to reach digital nirvana seems insurmountable or unobtainable. The below graphic represents a high-level overview of our approach to helping banks and financial services companies transform for tomorrow through new digital capabilities. To learn more about industry trends and how Perficient is helping top-tier financial institutions solve business and technology challenges, read the full Perficient Perspective with Hemant Jaiswal.
Many of Monday’s sessions at Money20/20 focused on the retail and commerce space. From demos of new payment platforms and systems, the use of BLE and beacon technology, the future of gift cards and prepaid to research on consumer shopping behaviors, its evident that the emerging trends and innovations in these areas are spilling over into the financial services and banking industry. Many of the attendees that stopped by our booth or that we talked to during sessions were here for two primary reasons. One, to look for answers and solutions to deal with current challenges. Two, to find out what’s next in payments in order to keep pace or move ahead of the pack.
In reflecting back on those sessions, opening remarks and Monday’s keynotes, I’d group most of the insights shared, business discussions had, and technology innovations we saw into three primary areas: those that are driving convergence and those that are disrupting the industry. Similarly, here are some Money20/20 highlights and emerging trends from Day 2 presented in a similar manner:
Payments Disruption Escalates
Bitcoin is everywhere at Money20/20! In fact, as of the end of September there were $5 billion worth of bitcoins in circulation. However, there still seems to be a lot of uncertainty around digital currency and how compatible the traditional financial system is with the new online and digital world people are shopping and transacting in. While banks are more heavily focused on digital banking services in other areas such as online and mobile banking, some banks are starting to experiment with this payment network in their innovation labs. Bank Systems & Technology offers some advice for development on the Bitcoin Blockchain and where banks should start.
During McKinsey’s keynote they highlighted six major payments “themes” and cryptocurrency was one of them. They identified four potential applications:
Bitcoin is indeed a departure from existing payment vehicles and is breaking barriers to traditional financial services. While there is support from PayPal and appeal from merchants, many believe there is far-reaching potential with Bitcoin but a lot needs to happen in terms of development and regulations before it truly disrupts the financial system at its core. During a session with Circle founder, Jeremy Allaire, said he believed banks were a few years away from integrating Bitcoin stating, “banks are reluctant to get into this market until they have a better understanding of the obligations under existing laws and regulations. I think they are reluctant to work with other companies if they are directly involved until they have that clarity.”
Opening the Doors for Digital Convergence
For the most part, a large number of new services and products we’re seeing at Money20/20 are bringing the payments, retail and financial services industries together. This technology convergence is happening in a number of different areas throughout the payments ecosystem: at the cash register, in bank branches, on the web, and even in consumers’ wallets with traditional debit and credit cards. What is driving this trend in the industry? Consumers’ appetite and demand for simplification, personalization and a more seamless user experience across channels. As a result, retailers, banks and payment brands are taking on digital transformations of all kinds enabled by emerging technologies such as mobile, cloud computing and APIs.
Banks and traditional financial institutions have traditionally been consumers of technology, not developers of technology but that mindset is changing. Banks are starting to have to think more and more like software companies and technology start-ups to keep pace with the digital demands of consumers and clients. I had a chance to chat with JP Nichols from the Bank Innovators Council about the interest from banks (both large and small) to roll up their sleeves, and work through ideation, design thinking and creative problem solving techniques to further innovation and combat disruption. Santander Bank’s hiring of Brad Leimer, is a perfect example of the digital transformation many banks are taking on. His attendance at Money20/20 will enable him to foster relationships with new partners, payments startups and even others outside the industry to help connect customers to the bank digitally.
While we’re starting to see more of this from banks, others companies at Money20/20 are also helping to more quickly facilitate digital transformation and ultimately bring payment networks, banks and retailers closer together. During Ryan McInerney’s keynote, Visa shared three key things they’re doing that will help build customer experiences that are intuitive, instinctive and inherently safe – reinventing the card through tokenization, moving services to the cloud, and opening up their payment network to developers. By tapping into the more than 10 billion connected devices in use today they’re able to build better relationships with customers. Startups are also changing the game for the industry. We’re hearing from companies like Plaid that are putting the tools in banks’ developers hands to integrate with their infrastructure to access financial data from credit and debit accounts.
Evolution in the Customer Experience
Ultimately, the core existence of Money20/20 has been around the rapid pace of innovation and learning from how others in the industry are evolving or helping others to evolve. Citi’s CEO of US Consumer and Commercial Banking openly discussed their plans for testing out a new operating model centered around its bank branch network. They’ve realized that branch banking today has changed and their clients expect more from their interactions with the bank through digital experiences. As a result, Citi is focusing on testing out a “branch of the future” in US test markets that brings in many aspects of the retail in-store experience with digital and mobile experiences.
On the merchant side, we got to experience first-hand Osama Bedier’s new startup Poynt, a payment platform for merchants, with a live demo. Not only are they getting backing from Chase Paymentech and Vantiv, the product also has partnered with a number of other products like Kabbage, Swarm, Vend, Bigcommerce, and others. They’re challenging and redefining industry boundaries with their “smart terminal”. Poynt accepts magnetic stripe, EMV, NFC, Bluetooth and QR code payment technologies. They’ve also already incorporated Apple Pay, and other payment methods including chip-and-pin, mobile apps, and whatever else the future brings. Their demo really was one of the top highlights of the day (and probably the show).
We’re experiencing some exciting and adventurous times ahead and Money20/20 is here to showcase it all.
The Perficient team is back in Vegas for another year at Money20/20! Before I jump into discussing a couple of the key themes from the first day of sessions, let me just say that the Money20/20 picked up right where they left off with last year’s show and has added some nice new touches of “flair”. As usual, conference attendees are immersed in branding from all of the top sponsors and the Money20/20 logo is EVERYWHERE you look. In addition to the nice big screens with video footage of the panel discussion, they’re now showing a live broadcast of several of the panel sessions on big screen TVs outside the rooms for people to watch. Several of the track sessions have been full or standing room only so this is a great way for others to still get to see and hear what all the buzz is about. Everyone seemed to be pretty excited about the Hackathon too. Now onto the good stuff…
There were several key themes and buzzwords we heard repeatedly throughout Sunday’s sessions:
1. Governance & Education - Virtual, digital and cryptocurrency…whatever you want to call it, the topic of how consumers viewed it, how financial institutions were handling it, and innovative products built on it was predominant during many of the sessions so far at Money20/20. So why was this brought up so much the first day? There are so many unknowns around it being a regulated and secure form of payment yet we’re seeing tons of new innovative products and payment systems that accept it or are built on it. The consensus was that there needed to be more standards around electronic money and cryptocurrencies like Bitcoin before it will ever reach critical mass. Simply put, TD Bank’s Hisham Salama said, “card-based payments will prevail until new regulations exist around digital currencies to protect consumers.” This form of payment is not backed by the government or insured by the FDIC. Eric Goldberg, Senior Council for the CFPB, was a panelist on the session, “Accelerated Innovation: Balancing Innovation and Regulation” and echoed this concern. The CFPB was attending Money20/20 to learn from what others are saying and doing in payments so they can better advise the industry on regulations intended to protect consumers.
In fact, the CFPB recently issued a statement warning consumers about the concerns and potential issues with virtual currency. Here’s a quote from the statement:
In a nutshell, while virtual currencies offer the potential for innovation, a lot of big issues have yet to be resolved – some of which are critical. If you are interested in using or buying virtual currencies, you should be aware of the associated risks.
At one point during the session with the CFPB, an attendee asked the question why wasn’t there just one governing body to help standardize and advise financial services, payment companies and consumers on how to deal with electronic money and new forms of payment like cryptocurrency. I think all the panelists looked at each other and there were several seconds of silence before one of them jumped in to try to tackle the question. The answer is – there isn’t. And the better question in response may be – will there ever be? In a perfect world, I”m sure everyone would love for this to be the case. It would make everyone’s jobs easier and the future of payments innovation much more predictable. However, that’s not the case in the current environment so as companies look to better balance innovation and regulation – they’re focusing on several key areas: security and privacy, the user experience, understanding the customer value chain and leveraging tools and technologies (like Apple Pay) to extend payments not disintermediate them for consumers.
2. Collaboration is Key – During the panel, “Managing AML and OFAC Risk in a Dynamic Regulatory Environment” led by PwC’s Daniel Tannebaum, it was apparent that the word collaboration would be the predominant theme during this session. Joined by FinCEN’s Jamal El-Hindi, panelists from PayPal and AMEX offered some great advice for Money20/20 attendees. First, Rick Small from AMEX talked about engaging with the business early and often when it came to developing and launching new financial services and payment products. Tone, implementing a risk-based approach and clearly understood the organization’s risk appetite are three critical aspects of managing AML and OFAC compliance.
In talking with the Perficient team after this session, one of my teammates commented that compliance isn’t compensated like the business is, and as a result is often a challenge integrating this aspect to make ends meet and help the business grow. However, AMEX’s Small commented on how compliance can add value and reduce risk for an organization. Making sure the proper controls and requirements are in place helps minimize cost inefficiencies up-front and can drastically reduce the risk of penalties, fines and reputational risk for an organization.
PayPal’s Gene Truono talked about businesses needing a cross-functional approach to compliance with collaboration from fraud, technology, product development and delivery channel teams. Without this having a “culture of compliance” will be nearly impossible. Panelists across the board also encouraged Money20/20 attendees to reach out to not only Federal regulators but state to help them better understand and interpret the dynamic regulatory environment and plan for the future. In reference to managing regulatory compliance, Truono jokingly said, “Can’t we get an app for that?” Among the thousands of personal finance management and payments apps added daily, I don’t think there is one available yet in the iTunes Store for regulatory compliance. Who wants to jump on developing that one?
3. Policies and Procedures - Right now security, privacy and fraud are probably the biggest concerns in the financial services industry today. The almost daily news of data breaches and reports of cybercrimes has made it a tough challenge to tackle for financial institutions and payment providers. From having the latest analytics tools to the proper controls in place, businesses are constantly having to find new ways to stay one step ahead of fraudsters. While there’s no “one size fits all” solution for global fraud and AML, panelist urged Money20/20 attendees to take a good hard look at several key areas within their business.
One, businesses need to have sound AML and KYC policies and reporting procedures in place to monitor and prevent fraud and money laundering. These areas continue to consistently be an ongoing area of investment for the larger financial institutions and has trickled down into smaller businesses and even into how firms are dealing with controlling cryptocurrency. If you happen to be a target or a subject of a federal investigation, you’d better hope you’ve crossed your t’s and dotted your i’s when it comes to the adequacy and effectiveness of SAR content and sanctions screenings.
Two, the industry as a whole needs to do a better job of knowing who their customers are and how personal financial data sharing can aid and streamline efforts. We’re starting to see financial institutions come together to back things like the Swift KYC Registry initiative. The industry needs to see more of these kinds of standards and utilities around compliance to help lessen the burden of dealing with the cost of compliance and using it as a competitive advantage. As several of the sessions mentioned, “smart” regulations can help foster payments and fintech innovation. They’re also designed to help keep a level playing field in the industry – most firms are just stuck in the unfortunate position of just trying to keep up. The shift towards a new operating model (one that harnesses regulations as opposed to just coping with them) in financial services is indeed a concern. As Money20/20 has proven, the pace at which payments and financial services innovation is occurring is rapid. Often times this means turning to the experts outside your doors – after all, that’s what we’re here for and there’s no shame in that.
We’re looking forward to Day 2 at Money20/20 and the shift in discussion around innovation and what’s ahead in payments. Don’t forget to stop by and see the Perficient team in booth #104 and continue the bank risk and regulatory compliance discussion with our experts!
The role of corporate finance in financial services firms has evolved as the demands for balancing growth, regulatory compliance and risk management become increasingly important. According to CFO Magazine and an AlixPartners survey, 71 percent of finance executives polled said their companies need to have access to more robust business information. What’s driving this demand? Firms must be able to improve visibility, insight and control over financial performance, and this can be done through technology-enabled transformation initiatives.
Going forward, successful financial stewardship and the corporate finance function for organizations will require new strategies and ways of thinking about:
In our finance transformation webinar on Wednesday, Sanjay Balan, a finance and accounting expert for Perficient’s financial services practice, will guide you through the strategic vision and components of successful finance transformation projects that will help your enterprise to: identify gains in operational efficiency, improve forecasting and reporting, reduce risk, and optimize the strategic functions of the finance organization.
To register for the webinar, click here.
Improve Efficiency, Compliance and Productivity Through Finance Transformation in Financial Services
Wednesday, October 29, 2014
Life is an adventure and weekends are meant to embrace the new…as long as you are carrying cash.
Spending time in the community and randomly stumbling upon fairs or carnivals is one of the great joys of life. But without cash, these joys can quickly turn into frustration.
In the past few weeks, I can recall at least three times where my spontaneous adventure was turned into a joy ride through the city looking for cold hard cash.
We loaded up the family in the car and drove to the museum. Once the museum was in sight, it was impossible for my 5-year old daughter to contain her excitement. There’s the museum!!! Right there!!!
We pulled into the lot and were pretty excited that we arrived early enough to score rock star parking…until we saw the sign:
We decide to double check and ask the attendant, “Do you only take cash?”
“Yes, but you can go to the lot down the street. They take credit cards.”
We drove to the other lot and they did, in fact, take credit cards, but only at a walk-up machine. So we had to pull over and block traffic while we paid with our credit cards. I felt like the person holding up the line at the grocery store by paying by check. Except I wasn’t.
Everyone loves a parade! Again, we loaded up the car dressed in festive gear and covered in sunscreen. We left early so we wouldn’t have to walk a mile. We were pretty proud of ourselves as we approached the parking lot, until we were notified:
And we turned around and drove about 2 miles until we could find an ATM, pay the fee and turn around to sit in 20 minutes of traffic where we ultimately parked about a mile from the parade route.
I live in Missouri where the fall is an explosion of color. We decided to head out to a farm to pick pumpkins and get lost in a corn maze. We drove down one country road after another until we reached our destination. We walked up to the kiosk where they informed us:
CASH OR CHECK ONLY
We, of course, didn’t have cash, but we did have a check! Otherwise, we would have been heading down the road for a few miles to get to the local gas station.
Who is at fault here? My family, obviously. How many times do we need to go through this same Groundhog Day type situation before we start carrying cash?
I’m guessing, many more. We just aren’t cash people…and more and more people are trending that way.
According to a report from Bankrate, 40% of Americans carry less than $20 on them (with women being more likely to not have cash), 9% carry no cash at all. Almost half of all Americans are carrying little or no cash on them.
“Consumers prefer to pay with plastic, debit or credit or some other type of mobile technology,” says Greg McBride, chief financial analyst for Bankrate.com
In a situation like this, you can either change the person or change the path. The data is showing that consumers are moving away from cash. The path needs to be changed so business can meet consumers where they are. They are already at your doorstep, but they can’t come in.
According to Javelin Research,
“plastic cards purchases comprised 66 percent of all in-person sales, with nearly half of them, or 31 percent, made with debit cards”
With players such as Square, PayPay, Google and Apple, it’s time for the small mom and pops to take a step toward the future and make the path easier for potential customers.
Getting consumers in your door is one of the biggest obstacles for any business. Once they get there, don’t leave them sitting on the doorstep holding onto their credit cards.
Follow Perficient on LinkedIn here.
Four years after the signing of Dodd-Frank, financial services firms have a better understanding of both the challenges and potential benefits for their organization. While financial institutions are starting to get a better grip on Dodd-Frank reforms, one area where regulators are still coming to grips with and finalizing guidelines is incentive compensation. In fact, Section 956 was proposed in April 2011 and still has not been finalized. While this does mean we’re still in limbo with many of the Dodd-Frank regulations, banks still need to be prepared.That means financial institutions covered under this rule should have a formal review process in place for managing incentive compensation. Additionally, banks need to have the governance structures in place to ensure excessive compensation is not paid and the organization itself or their customers are not at risk.
During an upcoming webinar, led by Perficient’s financial services practice and our IBM team, we’ll be discussing the challenges and implications of Dodd-Frank on incentive compensation and how an integrated sales performance management solution can benefit your organization. Check out some of the highlights and key takeaways over on the IBM blog and register to attend.
For a more in-depth discussion on the application of sales performance management solutions to satisfy some of the regulatory requirements under Dodd-Frank, download the recent white paper, “Overcoming Strategic Challenges of Dodd-Frank with IBM Sales Performance Management Solutions”.
New market forces and key drivers have forced financial services companies to redefine the way they do business with consumers and corporate clients. To enable long-term competitiveness, firms are thinking about new ways of thinking, innovation and executing winning business and technology strategies around: growth and profitability, new business models, risk management and efficiency and cost control.
Ongoing regulatory changes, new budgetary constraints and rapid advancements in digital technology are making it hard for financial firms to transform for tomorrow while managing the customer and operational challenges of today. Perficient recently published a new interactive digital guide, “Transform for Tomorrow: Navigating New Forces in Financial Services”, providing valuable insights and an outlook on the most important issues facing decision-makers within banks, mutual fund companies, capital market firms, hedge funds, private equity firms and insurance carriers.
Key Findings and Takeaways
Technology is considered to be one of the top enablers for transformation in financial services. Arguably, it can be a differentiator for firms in an increasingly competitive financial services landscape. Throughout the entire customer interaction lifecycle (Engage, Transact, Fulfill and Service), technology is at the core of business strategies designed to help firms interact with and better serve their customers. Keeping pace with technology advancements and consumer demand for new banking and financial services is an ongoing challenge.
Back-office functions such as Human Resources, IT and Finance have been forced to refocus on cost reduction. As a result, financial services companies are evolving to more centralized operating models in the form of shared services to more strategically address regulatory compliance, engage and service customers, as well as enable the development of new products and services. Heading into next year, we’ll continue to see a heavy focus on long-term initiatives to support new operating models that will generate savings and improve operating performance. Firms are evaluating which functions can be outsourced, identifying global location strategies and maximizing the use of nearshore, offshoring or multishoring capabilities.
Evolving business needs, increased cost pressures and slow growth in new markets is making aligning operational efficiency with enabling technologies a critical area of investment for companies. Trading institutions are embracing low latency infrastructure and other practices to accelerate and improve trade lifecycle efficiency. Banks are rationalizing branch network performance and optimizing digital delivery channels. As a result, the stakes have never been higher, nor the opportunity greater, to employ new practices, tools and platforms to help firms overcome performance challenges.
A significant amount of financial IT spending is allocated to risk and compliance initiatives. This will continue to be the trend in the near-term for financial services companies, as firms look to leverage technology to control costs and better manage reputational, financial, operational and IT risk.
To learn more about these issues and how your organization can respond to these challenges with forward-thinking strategies and innovative technology solutions, download this new interactive and digital guide from our financial services industry experts.
In addition to the iPhone 6, iPhone 6 Plus and Apple Watch unveiled this afternoon, Apple also announced Apple Pay, the long-awaited mobile payments platform, creating quite a buzz in the payments and financial services industry. Apple has taken a leap of faith jumping head-first into contactless payments, biometrics, wearables and tokenization with the new iPhone 6 and Apple Watch. Many payment startups, mobile operators and even tech giants like Google, have failed to see widespread consumer adoption of mobile payments platforms for a number of reasons: a lack of added value, a poor user experience, data security and privacy concerns, retailer resistance and countless other barriers. I think this move will solidify not only their ability to disrupt payments, but is only the beginning of their master plan to revolutionize consumers’ financial lives and shake up the financial services industry.
What will make Apple Pay successful and why does it matters to financial services companies?
Apple’s Leadership Position and Stakeholder Buy-in
Apple is known for its ability to not only disrupt but also be recognized for its leadership position in the industry pushing the boundaries of technology innovation as they’ve done in the past with the iTunes Store, iPad and MacBook products. Few can rival the success Apple has consistently had and will continue to have as the company expands its business beyond the traditional smartphone and tablet market into new areas. This is can be a very important “win” for banks and financial services companies looking for ways to help make consumers’ financial lives better.
To gain consumer adoption of mobile payments, it takes a lot of promotion, education and collaboration on the parts of the banks, retailers, and technology developers. Already we’re seeing a partnership with and collaboration from the three major payment networks: MasterCard, Visa and American Express. Debit and credit cards issued from banks like Capital One, Bank of America, Chase, Citi and Wells Fargo, will be an important component to bring Apple Pay’s seamless mobile payment experience to their customers. These banks account for 83 percent of credit card purchase volumes in the US. According to Apple’s press release, some of the nation’s leading retailers will support Apple Pay, and Apple Watch will also work at over 220,000 merchant locations across the US that have contactless payment enabled.
Facing Vulnerability and Privacy Concerns
Data security and privacy are often viewed as top concerns for mobile banking and mobile payment applications. The almost daily news of data breaches has tarnished consumers’ trust in the credit card industry and the recent iCloud hack leaves Apple with something to prove. The Touch ID, Find My iPhone, and Secure Element features may very well be the missing links to improve consumer sentiment toward mobile payments and finally ditch their credit cards and physical wallets. Apple Pay is a also step in the right direction for card issuers abandoning magnetic stripe cards and aligns well with EMV adoption that will require retailers to upgrade point-of-sale systems with NFC readers. NFC stores encrypted ‘Device Account Numbers’ tied to an iTunes account, and the use of tokenization technology adds another level of security to the transaction building consumer trust. Another interesting bit of news, Apple won’t collect or save transaction information, purchase history or sell credit card data like other merchants and other third-party providers. This is a good move by Apple to build loyalty and trust with customers. Read the rest of this post »
Banking organizations continue to face a changing regulatory landscape. Compliance failures can result in stiff financial penalties and reputational damage that can negatively impact an organization. Some bankers may view compliance as a necessary evil. An opposing point of view is that regulatory exercises are an opportunity to achieve organizational growth.
While most organizations are focusing on improving the efficiency, and reducing the cost, of compliance to not just survive but thrive in the current regulatory environment, compliance efforts can deliver other benefits for banks. Financial institutions who have undergone the stress testing programs can leverage insights for not only capital planning decisions but day-to-day business decisions. Unfortunately there is no “one-size fits all” solution for banks; however, there is one key ingredient to success – automation.
I recently wrote an article featured on Wall Street Technology Association that discussed two key areas of automation as banks shift toward a more “hub and spoke” model to manage the requirements for stress testing programs. Maintaining a forward-looking view of enterprise risks and applying those processes elsewhere in the organization may not only change your view on compliance efforts, but may be a game-changer for your organization in the years to come.
While attending a recent Wall Street Technology Association (WSTA) seminar in New York, I participated in a discussion with other members (financial institutions) and service providers around the topic of data security. I think it’s safe to assume that everyone acknowledged the cost of handling a data breach far outweighs the cost of proactively securing data as long as the threats are broadly identifiable in advance. However, a vast majority of financial institutions are still working towards a more proactive and less reactive approach to handling this common problem. As the diversity of types of data and their physical locations continues to expand, the threat of stolen data and DDoS attacks is increasing exponentially. As a result, firms are having to be more diligent which requires collaboration between the business, application and infrastructure stakeholders.
Below is a summary of six key things on every IT department and compliance officer’s mind when it comes to the corporate governance of their organizations’ cyber security framework and infrastructure.
Business Architecture and Secure Data
Most secure data threat-modeling efforts take an asset-centric view (i.e. which of your IT assets are the most critical). Taking this approach, 30-40% of assets are often deemed ‘critical’. A better approach is to start with business architecture to determine criticality from a business perspective.
Looking Ahead: Cybersecurity Meets Physical Security
Cyber attacks against financial services institutions are becoming more frequent, more sophisticated, and more widespread. One sophisticated bank heist involved hackers eliminating the withdrawal limits on prepaid debit cards and common street criminals making more than 2,000 ATM withdrawals. New York City prosecutors noted that this is one of the biggest heists in city history.
According to a cyber security report by the New York State Department of Financial Services, a vast majority of institutions – irrespective of size – utilize a wide variety of security technologies aimed at systems monitoring and preventing a cyber breach. While most financial institutions have deployed anti-virus software, spyware, firewalls, vulnerability scanning tools, and encryption, many firms are still exploring data loss prevention (DLP) tools and policies and procedures around cloud computing.
Stop Moving the PII
PII stands for Personally Identifiable Information. We all have it, and the criminal element wants it. With this information, a hacker can create a credit card account for you, not just use your existing account. Financial services firms need to ensure that they properly authenticate their users without moving the clients’ information to places where it can become vulnerable.
The BYOD Dilemma
Many firms are moving to a Bring Your Own Device (BYOD) solution where employees use their own phones, tablets, laptops on the company network. This approach requires a well-thought-out data security strategy for selecting and separating user and corporate data, selective encryption, user and device blocking and wiping, mobile content management (MCM) and access control. Global companies should pay even closer attention. In Germany and France the individual owns the data on their device.
Approximately 66% of data loss is due to human or system error from an insider. The cost of a data breach starts in the millions of dollars. Most organizations do not have the knowledge or experience to identify all of the gaps in their infrastructure. Prevent unauthorized information disclosure or exposure by encrypting files, using audit trails and dynamic permission controls with a security solution that can monitor data at rest, data in transit and data in use.
Contact Center Fraud
Ever wonder why automated menus at a bank’s contact center take so long? It’s partly because they’re conducting a fraud investigation. And if they’re not, they should be. Fraudsters are known to be repeat callers to the same call center and to stay ahead of them, financial institutions will need flexible architectures that can support a repetitive analysis while regularly refining the criteria to catch new trends and patterns.