As companies and the clients they serve increasingly rely on Internet-based applications to do business, the privacy and security risks they are exposed to on a daily basis grow exponentially. Cyber-attacks are no longer limited to high-level targets; they now affect any business that depends on network applications, devices and systems.
Furthermore, cyber-attacks not only take advantage of the vulnerabilities associated with software or with computer devices, but they also benefit from insufficient security awareness and behaviour of the people who manage them or use them. The growth of the complexity of web sites and the fast development of applications increase the possibilities of suffering this kind of attacks.
The SOTER project takes a holistic research approach, combining technological development with human factor-based cybersecurity training to transform critical aspects of cybersecurity within the finance industry.
Cybersecurity and the financial sector
The financial sector is one of the critical fields in terms of cybersecurity, which is why it must have complex and powerful infrastructures to fight against these attacks. However, social awareness and specific training for employees are required, since the absence of these factors can generate, without warning, a vulnerability that could be exploited to carry out a cyber-attack.
In addition, the Payment Services Directive (PSD2) has let banks open their systems to authorised third-party financial service providers, with these companies being able to initiate and process payments. This implies, for example, that third-party providers can offer applications that enable consumers to check several bank accounts from different financial institutions from a single application. This new scenario, which is characterized by a new multiplicity of actors, devices and applications in the financial sector, carries several risks in terms of security, privacy, data protection and fraud. Banks have the responsibility to implement advanced controls and robust tools to mitigate these risks in what we call the new extended financial sector.
SOTER is developing a complete set of tools to improve the current levels of cybersecurity. To achieve this goal, a combination of non-technological measures (Social Science and Humanities disciplines) and the development of different innovative technologies will be used.
Throughout the SOTER project, a digital onboarding process will be deepened by applying innovative solutions to provide a robust infrastructure. The solutions applied in the SOTER project will deliver a new interdisciplinary state of the art approach for improving cybersecurity and which could be extended and adapted to other business sectors such as insurance, retail, public services, etc.
Digital onboarding platform
Currently, we find ourselves before the necessity of improving digital onboarding platforms as these are at an early stage in terms of adoption and acceptance on the consumer side. User experience, interoperability, and reliability are often unexpected and do not comply with the quality standards required by the market. If inherent security risks are added to this, there is an extensive task ahead which requires developing innovative technologies that can tackle these challenges.
These innovative technologies will make use of, among others, customer multi-factor authentication; recognition technologies of the clients’ regularly used devices to avoid fraud; and Blockchain technologies to ensure immutability and data integrity while allowing integrability. All of these platform-integrated technologies will allow complying with the quality and security standards required by the market. Furthermore, the SOTER digital onboarding platform will provide a marketplace where financial institutions can choose the perfect solution for their onboarding process.
Multi-factor authentication means a security system that requires, as its name suggests, more than one authentication form to verify the transaction legitimacy. In an entirely digital environment, the aim of multi-factor authentication consists in creating a defence layer that will make performing a transaction more difficult for a non-authorised person.
Within the SOTER Project, biometrics and logic validation are among the solutions to be developed for identity documents in the European scope. Biometric solutions consist in applying mathematical techniques to physical or behavioural features that allow people to be authenticated. These kinds of solutions are nowadays one of the least impenetrable authentication levels available.
Recognition technologies for regularly used devices
Taking into account fraud prevention politics, SOTER intends to integrate in-platform data capture from the device where the consumer onboarding is taking place. This data capture will permit, in the consumer’s future transactions, verifying that the device used for those transactions has been used before.
This is an additional factor that will allow authenticating the client. The consumer is not only identified or authenticated by means of passwords and biometrical patterns as there is also another factor, something that the consumer owns – their device. For example, if a user tries to make a transaction from an unusual location or through a different device, the system will trigger an alarm in the finance entity which, if needed, could block the aforementioned transaction.
On the whole, blockchain technology is a decentralised database consisting of blocks designed to avoid their modification once data has been published. SOTER will adopt this disruptive technology, which will allow guaranteeing data immutability and, also, to share onboarding data between different companies. This data-sharing between different companies will always take place with the client’s explicit consent, as they are the sovereign owners of their data.
Author: Manuel Abiega Vizcaya, EVERIS