RSA Security: cybersecurity in financial services
The risk of cyber attack for financial services companies only increases. With that in mind, we revisit a conversation we had with RSA Security's Daniel Cohen
Cohen is Director of Fraud & Risk Intelligence at RSA Security. We originally spoke with him at the end of last to discuss the evolving threat to fintechs and incumbents from cyber hackers and other forms of attack.
It is a subject, he told us, that only gets more complex as the industry develops and diversifies. For example, he explained, while digital innovation has opened a lot of opportunities for companies in the sector, it has also created new risks that need to be managed.
Widened attack surface
"Take, for example, the number of digital touchpoints that consumers can engage with to access financial services, which have increased dramatically through initiatives such as Open Banking and PSD2 regulations," Cohen said.
"This widens the attack surface that hackers can take advantage of. For example, cybercriminals expanded to social media platforms, hosting cybercrime websites on the blockchain and launching attacks from IoT devices - there’s many more avenues for adversaries to exploit in their quest to compromise banks and consumers for financial gain. New types of attacks have emerged that take advantage of the digitalisation of finance; they’re finding ways to exploit vulnerabilities in innovations like open APIs and digital payments, creating rogue mobile applications, mobile-based card-not-present fraud, and even adapting banking malware to exploit current trends and pose a more sophisticated threat."
On whether the growth of new fintech businesses and a consumer focus on digital banking increases risk, Cohen agreed that it certainly widens the threat landscape. "With a growing array of digital banking channels available, customers seemingly have infinite possibilities for conducting financial business," he told us.
"At the same time, this has expanded the number digital risks that banks must manage. More channels mean that the number of potential points of compromise and potential vulnerabilities in systems has increased. When it comes to fraud, there’s now a far higher risk of fraudulent transactions slipping through the net because of the rise in the volume of digital payments, for example. The total value of money being transferred through digital channels is also increasing, which is exposing the sector to more potential losses from reimbursing victims."
Getting risk right
Conversely, he explained, risk also arises when not embracing innovation. "We live in a hyper-connected world and organisations that don’t engage in that will be left behind as customers have such high expectations of service," he noted.
"So it’s really about balance: organisations need to understand the digital risks they’re exposed to and assess these in the context of the business to determine the right digital risk strategy that balances the needs of the customer and the business with the need for security."
Read the full article here.
- Money20/20: six payments and banking predictions
- FinTech profile: Robinhood, the commission-free pioneer
- Fintech in Five: Apple Pay
- Read the latest edition of FinTech Magazine, here
For more information on all topics for FinTech, please take a look at the latest edition of FinTech magazine.