What are the challenges and (cybersecurity) issues the financial sector is currently facing?
Financial institutions were traditionally the most targeted organisations by cybercriminals, but now in the pandemic scenario cyberattacks have considerably increased (around 238% in April 2020). Our customers, employees, contractors are all targets of these attacks which are becoming increasingly more sophisticated.
Additionally, we are at the beginning of an “Open Banking” era, which means a new way of doing banking and completely different interactions with customers. The Cloud is also a change in paradigm, which means we need to be more efficient to compete with FinTechs and Tech Giants, but it could also bring new kinds of threats that we need to deal with. Moreover, in the near future, 5G/IoT will open the gates to more intelligent devices acting on our behalf, potentially demanding payments or financial support, which means that the cybersecurity approach needs to be holistic and definitively a priority in our organizations.
Given that banking is about trust and reliance, we are possibly facing the biggest challenge we have ever had before. Our focus is to comply with the highest security standards and regulations, and at the same time we aim at providing the best customer satisfaction in a more efficient way.
What solutions would ideally help tackle these challenges?
From our point of view, and taking into account the context that we have just related, we think that new solutions leveraged by artificial intelligence (e.g. biometrics, big data, behavioural analysis etc.) and improving cybersecurity practices by raising awareness about the importance of cybersecurity are the only way to understand the complex context and make the right decisions in real time.
Liberbank has recently joined the SOTER project, which is developing a biometric-based identification and authentication platform and a training programme for employees to enhance cybersecurity in the financial sector.
We think SOTER and Liberbank share the same values:
- A customer centric vision, providing the best onboarding process to become a customer of Liberbank in a few minutes with the best user experience.
- Regulation Commitment: compliance with KYC (Know Your Customer), GDPR (General Data Protection Regulation), eIDAS (electronic IDentification, Authentication and trust Services), AML (Anti Money Laundering) etc. This part is non-negotiable.
- Security, creating a “bullet-proof” Digital Identity including device fingerprinting, ID scanning, biometric patterns and even national blockchain schemas to securely store those valuable data.
- Open Innovation as part of the methodology, and the way the consortium works, pooling together each partner’s expertise and skills to build something valuable together and make a difference in the financial sector.
What does Liberbank bring to the SOTER project?
In 2017 we started an ambitious Digital Transformation plan to make Liberbank a point of reference in the market, with a customer-oriented approach and technological capabilities that will allow us to compete in this new context. All these objectives are being developed with the best guarantees of security and robustness by prioritizing actions that cover cyber-security in our services and digital capabilities.
Within the SOTER project, as a bank we can provide a realistic point of view of current pains and challenges that the financial sector is facing and inspire the whole team to transform them into frictionless solutions.
All the industry – financial and payment institutions – have made a big effort in adapting their systems to payment directives and regulations meeting the deadlines and guidelines. We strongly believe that despite this, there is a big room for improvement in doing it in a better way in terms of customer experience.
Liberbank is strongly committed to cyber-security, we have dedicated the last three years to an ambitious transformation plan to improve customer experience while reinforcing security measures. The idea is to go beyond it being a point of reference in the market.
Furthermore, the Digital Transformation Team at Liberbank has a successful track record for researching new technologies and business models that can then be prototyped and introduced into the market. For example, we have launched a full digital account opening process using face recognition biometrics technology. We have also developed an account aggregation process to facilitate our customers with a single vision of all their finances within different financial institutions. All this experience around the digital process can be used within SOTER.
Finally, given our experience, and as the main end-users within the project, our role is to make sure the tools that are being developed meet user needs as well as security and privacy requirements. As part of this process, Liberbank is defining the pilot use cases for
- testing the developed technology in real settings (pilot case #1) and
- cybersecurity awareness training (pilot case #2).
What is the added value of the SOTER pilots and how can they help improve cybersecurity and data protection within the financial sector?
The SOTER project proposes two pilot scenarios: one focused on testing the technical solution, and a second pilot focused on cybersecurity awareness training for banking employees and other new key players in the financial sector, such as fintech entities and Third-Party Providers.
These pilots will test our tools to improve cybersecurity and data protection, the Digital Onboarding Platform and our innovative methodology to tackle human factor-based aspects of cybersecurity.
On the one hand, the end users’ feedback from the pilots will help us fine-tune the SOTER solutions to meet their needs and expectations, and ensure the architecture, design and deployment of the platform meet crucial security standards, as well as ethics, privacy, and data protection aspects.
On the other, cybersecurity awareness is a relevant factor to decrease the risk of cyberattacks and therefore, it is a way to increase security and reduce fraud. With this in mind, the second pilot will help us define a list of activities/actions for enhancing cyber security awareness that will be included in our training handbook for employees.
SOTER adopts a holistic approach combining technology development with training activities for employees. What topics should the trainings cover to increase cybersecurity awareness and improve effectiveness in creating operational standards?
When seeing the types of financial crime our industry is suffering from, usually human omissions or oversights are the Achilles heel and the clear target for cyber criminals.
Creating a cybersecurity culture and making sure our employees (also contractors, suppliers, partners etc…) have a clear understanding of the threats and the consequences of not meeting security standards is key, so we would include real cases of how small details have brought about big losses in terms of money and reputation for companies in the past.
Also, a module about the types of attacks they could suffer from in their daily work (e.g. phishing, ransomware, passwords easy to break etc…) and the best ways to avoid them, the proper use of email, devices, password selection and so forth, will be extremely beneficial.
We are sure the planned contents will meet our expectations.
Authors: Sergio Hermida, Marina Rodriguez Hidalgo – Liberbank
Corinna Pannofino – Trilateral Research