As frontrunners in cybersecurity and compliance trends, the FSI’s adaptive and proactive measures can be a guidepost for other organizations.
Adoption of contactless payments and e-commerce has been radical this year. Once these habits change, they are unlikely to go back to how things were pre-pandemic.
Of course, new technologies and business processes also bring new risks. It is critical for financial services industry and their customers to practice good cyber hygiene to protect against criminals and fraudsters, who are always looking for vulnerabilities in new trends and technologies.
Naturally, due to the coronavirus’s contagiousness, consumers have become more conscious about what they touch, and are less inclined to use cash, credit cards, and any payment methods that require them to enter a pin number on a machine. We expect this trend to accelerate around the region.
China’s central bank has deep cleaned or destroyed physical cash to contain infections, and other countries have followed suit. More payment types will emerge to fill the demand for a no-touch retail experience. As this progress, all parties must be vigilant about cyber risks and ensure that touchless payments are accompanied by strong authentication mechanisms.
Higher security without lower CX
Even when lockdowns ease, more people will avoid physical stores and shift to e-commerce and delivery services over the long term. As the volume of online shoppers grows, more people will be susceptible to fraud.
As more people opt for online banking and payments, financial institutions will need to invest more in new types of authentication to ensure safe and secure internet and mobile payments. We will see a rise in facial and voice recognition technology as well as other forms of biometric authentication such as fingerprints, iris scans, and even palm vein scans.
However, to get customers to adopt these technologies, companies will need to both design simple, intuitive user interfaces and convince customers that this personal data will be secure. In the US, it was reported that there is racial bias in facial recognition technology where algorithms are more likely to fail to identify Black and Asian faces compared to Caucasian faces. This may make consumers less likely to implement them, despite their promise of enhanced security.
Facial recognition systems can also be fooled by deepfakes and even virtual reality equipment. So, these types of security controls will need to be verified by other safeguards, such as text messages, emails, and mobile notifications. Some institutions also send follow-up notifications after an online or mobile transaction is completed, in order to re-verify that customer did indeed perform the transaction.
Banks will normalize WFH
Beyond the impact on how we transact, the pandemic has also fundamentally changed how work gets done. Some institutions, such as American Express and Morgan Stanley, are implementing remote-working operations for the remainder of 2020, and many expect at least some remote-working to become part of the mix permanently.
The models that banks adopt for their work-from-home (WFH) initiatives will set new best practices from a cybersecurity and data security perspective going forward—much like how banks traditionally lead the charge in other areas such as fraud detection. Both institutions and individuals have a role to play in securing systems, technologies, and data in the new distributed-workforce paradigm.
The cloud adoption security myth
Rapid digitalization of products and services, the shift to remote-working, and the renewed focus on cost-saving are accelerating the adoption of cloud computing. But while individual components that make up cloud architecture have the potential to be more secure, the responsibility for security falls squarely on corporate customers to find the right combinations of components that work for their business.
This requires an entirely different skill set than previous security models. Security teams must change their thinking to adopt a more continuous development mindset in which code, controls and patching processes are always being improved to successfully manage the transition to the cloud.
Shared threat intelligence
With all these rapid changes, institutions do not have time to re-invent the wheel. With such time pressures, the only way to stay secure while embracing DX is to collaborate as a community through intelligence sharing.
Intelligence sharing communities allow participants to not see and therefore defend against specific threats before getting hit themselves, but also to share best practices on topics like incident response and third-party risk.
This can save valuable time and resources that can be better spent on building nimble cybersecurity programs, rather than on expensive experiments on new technologies or vendors that ultimately may not suit the business needs of the firm.
Intelligence sharing is one of the financial sector’s key tools in learning to adapt and thrive in a continuously changing and evolving world.