Sponsored: A delicate balance

Today’s financial institutions will need to rethink how to better align their business with the need for privacy, security and convenience, says Nicholle Lindner, Industry Director, Financial Services Asia Pacific, Unisys.

I owe the title of this article to the name of the play A Delicate Balance by the American playwright Edward Albee. It premiered in 1966 and won the Pulitzer Prize for Drama in 1967. Its action centres on a group of people attempting to balance their expectations of freedom with the fear of an unknown threat or terror which exists somewhere outside of their comfortable suburban existence. Like all balancing acts the trade-offs become harder to maintain as time progresses and the tension mounts.

Technology has brought us unprecedented levels of financial freedom – however, this freedom has its risks.”

Dramatic devices aside, we are in a very similar position today in the financial world. Technology has brought us unprecedented levels of financial freedom – however, this freedom has its risks. And these risks are getting more serious and widespread in their impact each year.

The 2017 Unisys Security Index™ results show that data privacy remains the top security concern for Australians with 58 percent of consumers either extremely or very concerned about data privacy, identity theft and unauthorised access or misuse of personal and financial information. Fifty-five percent of Australians were also very concerned about people fraudulently obtaining and using their credit / debit card details.

These concerns also relate to increasing fears around internet and computer security generally, fuelled by widespread reporting of both malicious and accidental data breaches worldwide. Recent reports about Australia’s largest bank, CBA, and alleged breaches of the AML regulations may also add to a general feeling that banks and financial institutions are not as secure or compliant as they should be, which could cause further widespread increases in public concerns around banking systems and processes generally.

There are also the added questions about how banks can continue to balance 24x7 customer access while reducing service costs and staffing levels via a heavier reliance on technology and automated processes. Reputation is often the first casualty of any data breach, and banks are particularly vulnerable since their business models are based on maintaining a very high level of customer trust. This reputation loss is immediately detrimental and often long-lasting.

Even more distressingly, we are also seeing many new disturbing trends in international financial crime which are becoming more serious as business becomes more global. Geographic separation will no longer protect Australia as we live in an increasingly interconnected world. These new threats include:

• The rise of ransomware and malware attacks as demonstrated by the recent global “Wannacry” and “Petya” attacks;

• Increased criminal use of data, as data is a key commodity for cyber-criminals. It is usually procured for direct financial gain but it is increasingly used for more complex fraud, encrypted for ransom, or used directly for extortion;

• “Cyber Crime-as-a-Service” whereby the digital underground and dark web network is supported by a growing service model that interconnects specialist providers of cybercrime tools and services with an increasing number of organized crime groups. Terrorist groups are accessing this sector and Bitcoin is their currency of choice;

• Social network exploitation via an increasingly sophisticated social engineering scams on the vulnerable, elderly and superannuants, call centre and application fraud and phishing. CEO fraud, a refined variant of spear phishing, has become a key threat for senior business leaders; and

• Payment fraud is increasing although EMV (Chip and PIN), geo-blocking and other measures continue to slow the rate of card-related fraud within Australia. However, malware attacks and AML activity via ATMs continues to evolve and grow. Organised crime groups are now starting to manipulate or compromise payments involving contactless (NFC) cards.

So, what can we do to ensure consumers fears are acknowledged and managed effectively while also balancing the need to improve the customer experience?

We can’t afford to be complacent in the face of such criminal innovations, however we cannot take a one size fits all or heavy-handed approach. As an industry, we need to continually evolve our systems and processes to meet those of the criminal technological enterprise as it evolves. While the list of potentially helpful actions is long, Unisys recommends three actions that organisations can take now for significant and tangible improvements without sacrificing the customer experience:

1. Tackle data breaches with a multi-pronged approach that emphasises collective responsibility and a culture of compliance from the top down, via 5 key actions – educate, analyse, deter, detect and contain;

2. Carefully balance privacy and security with convenience and speed and prioritise data privacy as a non-negotiable. This includes investing in emerging technologies like “confidential computing” that maintain data privacy while enabling cross domain data sharing; the adoption of biometric tools for the seamless protection of customer identity; and machine learning and predictive analytics which proactively target new financial crime scenarios through real time analysis; and

3. Understand Privacy + Transparency = Trust. We must always ensure the privacy of client data and strive to Know Your Customer. Being transparent as to how you use, share and protect their data will ensure this trust continues.

These actions are necessary for us all as an industry to adopt if we are to come even close to maintaining this delicate balance between privacy, security and convenience.