Fintech Talk: January 25, 2017
Cyber-attacks aim to destroy and minimise the collective trust in financial institutions. Via the exploitation of trust, cyber-attacks can alter the population's views, and hinder one's ability to distinguish right from wrong. Over the past few years, it seems that organisations, government agencies and individuals have all been constant victims of cyber-attacks. Within the last year alone, institutions such as Yahoo!, PayAsUGym, Deutsche Telekom, Three Mobile, Central Bank of Russia and The Clinton Foundation have experienced cyber-attacks.
One of the biggest issues with cyber-attacks is the anonymity of the cyberspace and the difficulty in establishing someone’s identity. This has forced financial institutions that operate within strict regulations, such as banks and fintechs, to increase safety measures in order to safeguard their client’s information and identity. The existing systems and measures in place, including the control of physical access to hardware, firewalls, passwords, protected network access, as well as data and code injection, seem to be ineffective at tackling the ongoing issue. Can the current measures in place prevent misused anonymity and ongoing cyber-attacks?
The short answer is yes, but we need a different approach from the one currently being implemented. A method that challenges the core problem and establishes an identification credential that can be used across multiple services, standards and technologies, while simultaneously being simple enough for individuals to access, use, and more critically trust. Without trust, it doesn’t matter how innovative the platform or service is, there is no foundation for the survival and success of the business.
Regulators, organisations and security platforms are developing and implementing solutions to manage and overcome the issue at hand. For example, regulations are requesting that providers enable strong authentication as part of PSD2’s efforts to harmonise the single market in Europe. PSD2 which must be implemented by 2018, seeks to further standardise and make interoperable card, internet and mobile payments to reduce entry barriers for card and internet payments. Platforms like Token are creating open API banking, which turns PSD2 into a catalyst for growth. Additionally, organisations such as Google are developing solutions that banks and other individuals can use to authenticate customers, without a password but rather via a mobile phone's sensors, which are able to gather data about the person using it.
These different innovations are taking on the current issues and providing solutions. Continuous assessments such as on-going testing of security protocols, development of recommendations for technology policy options, development and deployment of trustworthy networked information systems are necessary and involve significant investments. These actions are essential to generate protective measures that foster technological advancements and, thereby, reduce the likelihood of cyber-attacks and enhance individuals’ ability to trust financial institutions.