#HackersGonnaHack — The Real Challenges of Cybersecurity in Banking, FinTech and Transaction Environments
Hackers ‘Gonna Hack. As surely as Taylor Swift sings haters gonna hate and playas gonna play — hackers are gonna hack. Why? Because there are always people prepared to turn their coding skills to the dark side in order to get their mitts on (other people’s) money.
Transaction data: a goldmine for hackers
If your company is involved in transaction environments (especially banking, FinTech and partnerships within banking and FinTech), then it handles-, stores- and transfers lots of personal and sensitive data to do its job. Today’s transaction environments are both hostile and competitive, to say the least. Businesses in these sectors have no choice but to stop the hacker threat, or they’re finished.
How are they able to achieve security consistently when hackers and competition are both increasingly well organised and sophisticated?
To explain, step forward Cybertonica. Members of Cisco’s IDEALondon and cybersecurity experts; Cybertonica proudly fly the flag for the UK’s booming Fintech sector. We caught up with COO Alan Nagle and CEO Joshua Bower-Saul at their event: The Real Challenges of Cybersecurity in Banking, FinTech and Transaction Environments.
Q: Looking ahead to 2018, we will see PSD2 (Revised Payment Service Directive) come into force. Now that banks will be obliged to provide access to their customers’ accounts through (secure) open APIs (When customers want contextual financial services) – How much of an opportunity is this era of contextual financial services for you? Do you have any reservations about this open post-PSD2 world?
Alan Nagle: Cybertonica are pleased with the effect PSD2 will have on the payment industry, it will ensure a more open market and allow new businesses and innovation in services to gain share in the banking and credit markets. For Cybertonica it will in turn mean more businesses will require a sophisticated fraud technology to mitigate the risk on customer accounts, their payments and billing.
Joshua Bower-Saul:PSD2 is essentially a way of providing stronger authentication with a view to lowering the cost of payments across the EU and making the sector more efficient. It also will as Alan stated bring in lots of new incumbents and give rise to new services. Cybertonica is already a PSD2 ready service, particularly because, while respecting the other big regulatory shift that is GDPR (coming in 2018) we provide Risk Based Authentication that has now officially been admitted as a form of strong authentication in the recommendations, although whether primary or complementary remains to be seen. In any case it means that being able to provide secure, tokenised, anonymous payment services will be easier for Cybertonica clients.
Q: As an enabler of secure payment systems, how did you deal with compliance regulations imposed upon you by the Payment Systems Regulator? And (if you undertake any regulated activity) Financial Conduct Authority?
Alan Nagle: There are two areas for us to consider: PSD2 and Open Banking and the Privacy of Personal Data (GDPR Regulation). We are not a financial institution and do not have a payment license. Cybertonica review accounts through shallow histories and use pseudonym data which is outside of the compliance arena for GDPR. This provides our business with a lot of opportunity as our competition is gearing up to be compliant, while maintaining their risk scoring, Cybertonica has foreseen these compliance challenges and built our technology accordingly from the ground up.
Joshua Bower-Saul: Cybertonica built a technology on the basis that Security is Privacy and Privacy is Security. For that reason, all the data we manage is in tokenised form, even if we may pick it up from a bank stack and tokenise and then encrypt and tag it for use in analytics. We believe the future of online identity, authentication and fraud prevention all are linked to payment itself—the most individual and easily trackable of events that we follow to determine behavioural models and transaction safety.
The regulators therefore are keen to work with us and our peers to address the issues that the multiple new forms of payment and online/mobile behaviours and products can be seen and their risk level assessed in one uniform way—as we do at Cybertonica. AUTOMATICALLY.
Q: Are you aware of the FCA’s developer Sandbox (https://www.fca.org.uk/firms/regulatory-sandbox) and if so, in what ways did this tool help (or hinder?) you coming to market in the UK?
Alan Nagle: We are aware of this sandbox, but Cybertonica didn’t need to dig deep into the details as we were already compliant.
Joshua Bower-Saul: The sandbox approach is very important to innovation and we applaud its operation. As Alan said, we did our homework on regulations early, but I would say that although it is not a commercial necessity for us, it may be that certain of our customers would conduct a pilot with us through that environment just to see how the data and its treatment maps to official expectations.
Q: Are you confident of keeping hold of the best talent and attracting the best talent? How do you think UK FinTech as a sector will fare post-Brexit? Do you think London will maintain its position as a leading Fintech centre of excellence?
Alan Nagle: Only time will tell how Brexit will impact the financial services, however many businesses have already made plans to move their centre of operations to Paris/Dublin which will not be very good for the financial centre in London or the HRMC. When the top paying jobs leave the country, the top talent will surely follow the money. London in particular challenges with work life balance, without the salary to mitigate this, I believe the UK FinTech industry is on the losing end post Brexit.
Joshua Bower-Saul: We focus on the talent question mostly, since predicting what the financial industry may do has become a lot harder for me since 2008 when it collectively “set fire to its own house”. But I will say this—whereas in the past I and others with skills and talent in this segment spoke about London—it was THE MAGNET in the EU for talent and funding. This has changed perceptibly since June of 2016. In reality, other cities are making a grab on talent, particularly form Eastern Europe and Southern Europe. We have a new centre in Slovakia for our product development, others I know of have moved jobs to Romania, Poland etc. Because these talents do not feel welcome in the UK as much as before. I think short term there will be a talent shortage.
Q: What are the challenges and opportunities of a business model in which you work closely with a number of partners (all of whom are high value to hackers).
Alan Nagle: Our challenges are remaining industry leaders in delivering fraud technology, applying new technologies and ensuring we are one step ahead of the strategies professional fraudsters use to beat the system.
Joshua Bower-Saul: Hacking is endemic to the payments and the online industry as a whole. The estimates are that cash losses from scams and fraudsters to consumers, merchants and those who insure them against these losses is over $500Billion per annum. Indirect losses (such as the cost of administering fraud remediation, legal costs, lost merchant sales) may be just as high. With our partners, we have to ensure the integrity of our platform and the safety for the data flows. For that reason, we have expanded our product capabilities in system and multi-channel monitoring with built in alerts etc. In one bank we work with, they are even inserting our SDK in their mobile banking App to enhance both anti-fraud and cyber security. So we recognise the link between transactions and cybersecurity and we are one of the young industry leaders in this area. Opportunities are therefore massive as we can offer products that encompass several levels of security, monitoring of the hole traffic and detection of anomalies in one dashboard.
Q: Since you joined IdeaLondon, how has Cisco technology helped Cybertonica to perform in a challenging sector?
Alan Nagle: Cisco has been central to our development and growth. They have provided introductions to the top banks and industries within our sector and have opened doors it would have taken Cybertonica some hard years of work to get to the table. Cisco support and its people have helped us immensely in their knowledge, network and understanding of the technical landscape we are facing into. We hope to be a close partner to Cisco for the long term.
Hard to overestimate the impact of the CISCO IdeaLondon and the CISCO brand on our future. Already we have developed a lot of thinking about Cybersecurity alongside CISCO products and their higher level strategy. We intend in 2018 to complete the testing and qualification process that will makes us a CISCO product partner and qualified vendor. This rigorous approach will give our clients and the CISCO clients we are working with real assurance about robustness and support of the product, particularly for our Financial Institution clients. We began the build with technology experts from RegTech and Banking, so our documentation impressed even our CISCO partners!Tags: