May 16, 2020

Swedish fintech Trustly's 8 tips for protecting your data

Data Privacy
Dimitrios Stergiou
Dimitrios Stergiou
4 min
Dimitrios Stergiou is theChief Information Security Officer at Trustly

Today, our digital lives are more active than ever. Consumers and businesses b...

Dimitrios Stergiou is the Chief Information Security Officer at Trustly


Today, our digital lives are more active than ever. Consumers and businesses both understand the need to protect themselves and their customers, given that data is now worth more than its weight in gold. Whether it’s our everyday data for online banking or ecommerce, or business-level security around regulations or ethical AI,  efforts to protect us online are more widespread than ever – and the introduction of the General Data Protection Regulation in 2018 only served to further strengthen our defences by putting the privacy rights of individuals front of mind. 

Even though we’re more privacy and security aware cybercrime still seems like a bigger threat than being pick-pocketed in the street. Why? Because the line between our digital and real lives is only getting blurrier and we’re embracing it, expecting services and speed that deliver the best experiences. Even lifestyle products are getting in on the action, embedding RFID blockers in anything from wallets to travel luggage to help us manage our privacy.  

While we navigate this bold new world of better experiences, we need to continually educate people about the critical importance of data security. At best, it’s wrong to assume that we’re all technically equals – as anyone who has tried to teach a parent how to spot a data scam will know. At worst, the frequency with which we see the words ”cybersecurity” and ”attack” together have given us a preview of the damage that cyber-insecurity might do.    

So for what it’s worth, let’s tally up the tips: 

1. Avoid using public and open Wi-Fi networks, or use a VPN if you really need to use an open Wi-Fi network.

2. Install software updates on your devices, and make sure they’re from proper sources.

3. Don’t use the ‘Remember me’ functionality for online banking. Instead, use a password manager to store your secure passwords.

4. Choose a bank’s native mobile app before mobile web, but never “side-load” a banking app – always access from the proper sources.

5. Use security questions to protect your account, if available. However, don’t use questions where someone could easily guess the answer by looking at your social media, for example your pets’ or children’s names. 

6. Use two multi/factor authentication, if available. In addition, put pressure on your service provider to establish it if it’s not available.

7. Set up banking alerts for possible breach attempts, and make sure you monitor them.

8. Only use trusted sites for your online shopping, and only provide personal information or credentials over secure links (check if the site address begins with “https://” and that the certificate corresponds to the site you are communicating with). 

Raising awareness is important. But what can we do to raise the importance of data privacy further?  After GDPR, companies are obliged to show what data they have and what they do with it, and risk paying hefty fines for anything less than transparency. If we assume that no one is going to look after our money as well as we do ourselves, then are the financial services that go beyond regulation – and build a name in data trust – the ones who will win our digital hearts?  


Today, we should all feel as secure with our online payment transactions as we do with our banks. How can we ensure this? By using your own bank details to make payments online. There are several providers of this payment method around Europe and there is growing interest because of its convenience and speed while having the same security level afforded by banks. Customers should always know exactly how their bank and payments provider are using their data, and feel confident that their transactions are registered with the consumer’s bank using the same encryption that the banks themselves use. Further, all consumers should feel safe in the knowledge that their payment provider only collects the data they need to protect big picture concerns that businesses should handle on our behalf – anti-money laundering, counter-terrorism and monitoring payment flows. Paying with your bank details actually helps your bank to tell that one payer is not another. 

In conclusion, data privacy has never been more critical to how we live our lives. How we learn about the value of our data, and who we trust to understand it as well as we do, is evolving fast. There’s a very human need to stay close to the things that belong to us – our money and our data.

Share article

Jul 18, 2021

Reimagining operational risk management for business value

Tom Ballard, Program Manager, ...
6 min
Tom Ballard sets out a thorough new vision for operation risk management in finance, using advanced AI and analytics technology to drive business value

The events of 2020 and 2021 have fundamentally changed how we do business, upending every industry, including investment banking. Once bustling trading floors went silent as the switch to work from home led traders to disperse locations – and gave rise to new operational risk challenges. 

Today’s dynamic regulatory landscape coupled with ongoing technological innovations have made legacy approaches to operational risk management ill-suited to tackle current challenges and complexity. And while many financial institutions have turned to digital automation and transformation projects to adapt traditional ‘revenue generating’ functions to meet their challenges and help drive growth, they must now do the same with their Operational Risk Management (ORM) functions - or risk being left out in the cold. 

The Basel Committee defines operational risk as the “risk of loss resulting from inadequate or failed internal processes, people and systems or from external events.” Unfortunately, many financial institutions still view ORM as a regulatory and compliance necessity rather than a business function that delivers real value. That means executives and risk management departments must now change their risk approach to ensure they are dynamic and flexible, can guide their organizations through complex situations, and can readily meet the evolving expectations of regulators and their clients. 

Operational Risk Management is still a young field compared to other risk sectors in the financial markets, but it has always been viewed under a broad umbrella that encompasses risks and uncertainties difficult to quantify and manage in traditional manners. ORM has also been the convergence point where corporate governance issues overlap with revenue-generating business activities, causing potential confusion between departments. 

Investment banks have too often placed undue emphasis on creating governance frameworks designed to ensure they meet Basel Committee on Banking Supervision (BCBS) standards instead of recognizing that a sophisticated ORM function can bring quantifiable value. Their desire to merely meet BCBS standards and avoid historic risks has in effect led to an outdated, analogue approach in an increasingly digital world. Savvy investment banks have grasped the value potential of ORM and begun to drive a shift in awareness about the importance of a comprehensive risk identification, measurement, and mitigation program. 

Embracing a data-driven approach

Market players now recognize that adopting a digital strategy will allow them to deploy diverse and agile risk management mechanisms. It will also empower them to develop a strong and dynamic understanding of risks while adding real value to the business. This value goes beyond meeting regulatory and compliance mandates introduced as part of the Standardized Measurement Approach developed under Basel 3. A robust approach to risk allows the ORM functions to provide actionable intelligence to support business decision-making and assume a more commercial role that supports the various business units’ day-to-day activities. And that requires an intelligent, data-driven approach with a mandate to match, one that is championed at all levels of the organization.

This type of aggressive approach and embrace of digital transformation can also strengthen how ORM functions handle ambiguous and/or improbable events, especially as traditional methods of risk analysis prove unable to manage the ever-increasing volume of data. In 2010, the total amount of data created, captured, copied and consumed equaled about two zettabytes, compared to 2018 when volumes reached about 33 zettabytes. This 26% compounded annual growth rate means that if the rate of growth steadily continues by 2024, we can expect 149 zettabytes of data created per annum. 

Available data levels will make it difficult for analogue ORM functions to successfully meet the executive expectations, however organizations that adopt a data-driven approach will find increased data volumes provide them the insights to gain a competitive advantage and ability to proactively manage their risk. 

Leveraging AI and advanced analytics for high impact

Cognitive computing technologies like artificial intelligence (AI), data mining and natural language processing (NLP) can supplement a data-driven approach and help financial institutions confidently automate decisions, optimize processes and provide a deeper insight into available data. These cognitive computing technologies can help reduce or eliminate time-intensive and repetitive tasks, often related to data collection, handling and analysis which are better suited to automation. That in turn can free up critical employees to deploy their experience, knowledge of policies, and powers of assessment to support ORM functions and achieve their goals and focus on high-impact, high-value deliverables. 

Cognitive computing can teach computers to recognise and identify risk, which is especially useful to handle and evaluate unstructured data – the kind of data that doesn’t fit neatly into structured rows and columns on a spreadsheet. Natural language processing (NLP) can analyze text to derive insights and sentiments from unstructured data, which a 2015 study by the International Data Group estimates accounts for 90% of all data generated daily. When combined with the estimated future data volumes, cognitive computing functionality presents an immense opportunity for ORM functions to add additional business value in ways previously impossible. A detection model built on cognitive analytics can manage risk on a near real-time basis and can also unlock organizations’ historic datasets that have been compiled for internal, regulatory, or compliance purposes. These datasets often contain free text descriptions that contain a potential wealth of untapped, institution-specific information and could provide valuable insight into historic operational risk losses, providing data to augment employee’s qualitative experiences.    

Teaching an old dog new tricks

There are certainly challenges to launching digital transformation projects, implementing new data-driven approaches, and introducing cognitive computing technologies, including employee uncertainty and ethical considerations. That means financial institutions must preemptively address and prepare for potential challenges before they adopt a technology-enabled approach to Operational Risk Management. They must also secure employee buy-in to ensure stakeholders use these new technologies to their full potential and to assuage any concerns that technology diminishes employees’ important role in the organization.  

It’s critical that investment banks now shift their Operational Risk Management functions and focus on becoming more adaptive and agile in an increasingly volatile, complex, and uncertain world. Over 66% of banking executives report that adopting new technologies like AI and NLP will be a key driver in IBs development through to 2025. Yet for many investment banks, their ORM functions do not leverage the powerful new tools available to them – including increased computing power, digitization, advanced analytics, and data visualization techniques – much less harness the power of cognitive computing technologies. Until ORM functions leverage these tools, executive leadership cannot allocate resources and solidify ORM’s role in business strategy, performance, and decision-making processes. 

Old habits die hard, but it’s time for ORM functions to keep pace with these new technologies, methodologies, and approaches to position themselves and their organizations for success in today’s ever-changing world. If they do not adapt, there is a real risk they may stifle the wider organization, impede new opportunities and inhibit paths to valuable business growth.

This article was contributed by Tom Ballard, Program Manager, Broadway Technology

Share article