When it comes to choosing a bank, for consumers, it’s increasingly about the app. It’s then up to the bank to ensure the app is safe. For the January Digital Identity Tracker™ cover story, PYMNTS spoke with Don Bergal, CMO at financial tech firm Avoka, about the challenges of protecting financial institutions in an increasingly digital world. Find that, along with the latest headlines and a directory of the biggest players in the space, inside the latest Tracker.
Like so many other industries, banking sure isn’t what it used to be. Modern technology has revamped everything from retail to shipping, and financial services has been transformed from a brick-and-mortar business, with most transactions being conducted in person at bank branches and other physical locations, to a digital endeavor.
These days, digital transactions rule, as consumers have become more comfortable making purchases and sending money across digital channels, thanks in large part to the convenience and simplicity these new banking features offer. According to a 2016 report from the United States Federal Reserve, more than 70 percent of adults have used online or mobile banking services in the past year. More people are embracing these new financial solutions each year, with mobile banking usage growing from 22 percent of adults in 2011 to 43 percent in 2015.
Offering these convenient digital services has become crucial for financial service providers if they hope to keep pace with their competition. In a recent Wall Street Journal study, 80 percent of consumers said that online and mobile features had become the most important services that banks offer.
But while these new features may entice consumers, they also present nefarious opportunities for fraudsters. Late last year, for example, British savings institution Tesco Bank was hit by a breach that stole money from more than 20,000 customer accounts. In light of this potential for theft and other security failures, financial institutions and other large bodies offering online services need to ensure the data they store is safe.
That’s where platforms like Avoka are pressing to find a middle ground between simplicity and protection. The company provides digital sales and service transactions for companies in financial services, government and other large fields and, according to Don Bergal, the company’s CMO, has to balance customers’ desire for convenience with the need for security on a daily basis.
PYMNTS recently caught up with Bergal to discuss how the company works to secure convenient transactions and the challenges of protecting financial institutions in an increasingly digital world.
More money, more problems?
In many ways, Bergal noted, security concerns for financial institutions are largely the same as those of retailers. Banks are eager to earn their customers’ trust and want consumers to feel safe when using their products or services.
According to a report released by Capgemini Consulting, “Privacy Please: Why Retailers Need to Rethink Personalization,” 93 percent of roughly 220,000 consumers surveyed expressed serious doubt about retailers’ abilities to protect consumer data in the event of a cyberattack. And according to the The Wall Street Journal, safety was the third most important factor for consumers when choosing a bank.
The difference is that the stakes are much higher for banks, Bergal said. He noted that, while retailers like Target or Home Depot have recovered after suffering major security breaches, if a bank was to suffer a hack, it would likely have a much tougher time than most retailers.
“If you have a major breach at a bank and people’s accounts and money are stolen or their personal information is disclosed, that bank will not get a second chance,” Bergal explained, because consumers would not be willing (or able) to trust or feel confident in the bank again. “So, the degree of rigor and the stakes for the institution are much higher than they would be for a retailer. Whether that’s fair or not, it’s just the standard the market holds.”
As a result, he said, Avoka has to be especially careful when designing protection protocols for banks and other financial service providers. He explained that the company’s architecture is designed to store customer data for as short a time as possible, reducing the likelihood that the information is accessed by hackers or other bad actors.
“Our security strategy as a result of that is to handle it very carefully,” Bergal said about the high standards of customers. “We take great pains to make sure that, while the data is in our care, everything is always encrypted, and there are very rigorous controls over it. Once it’s out of our hands, we take very explicit steps to make sure none of it still exists in our system.”
Adding mobile to the mix
The advent of mobile banking has given security professionals at companies like Avoka one more device to worry about. But, Bergal said, while mobile devices do present some challenges when it comes to security, they also present a range of protective resources and abilities.
“When wireless and mobile first came out, there was this concern that, ‘Oh no, the password and private information is just flying through the air; someone is going to grab it because it’s insecure,’” Bergal said. “But that is actually not the case at all.”
Specifically, he said, because virtually all mobile devices contain a GPS tracking device, they are much easier to locate than even devices on a wired connection. Thanks to these devices, companies can know the location of a user at any moment and use that information to help determine whether or not a user and their transactions are authentic and verified.
He also pointed out that most public data networks for mobile devices are designed with security in mind, meaning that using them could be safer than other devices.
“If you’re using a mobile phone over the public cellular data networks, that data is going to be heavily encrypted,” Bergal explained. “It is, in many cases, more secure than using a wired connection. In a wired connection, it’s possible to have listeners, other unauthorized users, on that wired network, but the mobile physical connectivity is really very secure, so that should be the least of [consumers’] worries.”
Stopping the next threat
While Bergal believes that security features offered by mobile devices and other technological advancements could mean safer transactions, he noted that there are still vulnerabilities in the way sensitive data is stored.
“The places where breaches are going to happen are where the data is stored, at the financial institution or some other intermediary. That’s the same whether the data came in the form of a mobile device or a desktop device,” Bergal said.
He added that solutions should be designed to store information for as short a time as possible so that fraudsters have less time to access information.
If Bergal is correct, keeping customer data safe may just be a matter of time.
To download the January edition of the Digital Identity Tracker™, click the button below …
About The Tracker
The PYMNTS.com Digital Identity Tracker™, powered by Socure, is a forum for framing and addressing key issues and trends facing the entities charged with efficiently and securely identifying and granting permission to individuals to access, purchase, transact or otherwise confirm their identity.