By Adam Oldfield, Vice President Sales EMEA Financial Services at Unisys

The financial services market continues to evolve digitally to meet the rising expectations of customers, particularly in relation to their experience with digital and in-store services. Consumers expect banks to be accessible 24/7, from any location, and any device. As a result, security of access continues to be front of mind for everyone in the financial services industry, and the challenges that come with it.

 Multifactor authentication built into modern applications, the use of biometrics or analytics as well as artificial intelligence are all needed to be interwoven in the modern environment to keep security capabilities at a high – but why is cybersecurity such a pressing factor in the market over the last few months?

Legislative drivers

It is widely known about the multitude of financial, and reputational, incentives tied to increasing security standards in order to be compliant with a variety of legislative drivers, with the biggest and most impactful deadline being the General Data Protection Regulation. The GDPR brings consistency to the current data protection laws across EU member states, and provides guidance on how customer data should be stored and how companies must respond in the event of a data breach.

It is widely known about the multitude of financial and reputational incentives tied to increasing security standards in order to be compliant with a variety of legislative drivers, with the biggest and most impactful deadline being the General Data Protection Regulation.

The GDPR brings consistency to the current data protection laws across EU member states and provides guidance on how customer data should be stored, as well as how companies must respond in the event of a data breach. As we move towards the 2018 deadline a large proportion of companies including financial services, are still unsure on what they need to specifically do in order to be as compliant as possible.

Therefore, we are continuing to see the demand for cybersecurity advisory services, personnel as well as solutions at an all-time high - demanding higher and higher shares of annual and quarterly budgets within financial institutions.

The threat landscape and impending legislation has meant cybersecurity has moved from a once discretionary spend to a mandatory one in recent months. Financial services organisations are rapidly restructuring teams, hiring new talent and most importantly seeking advisory services to manage the journey to compliance. Cybersecurity maturity levels held with each organisation in the market also fluctuate, meaning each company has a different set of requirements, goals and timeframes to abide by.

However, legislative drivers forcing financial institutions to treat customer data with the utmost care are not withheld to just the GDPR. The Payment Services Directive (PSD2) and the 2018 mandate set by the Competition and Markets Authority (CMA) are some of the key drivers to raising data protection and security requirements as well as market standards, having a particular impact at the decision making, forecasting and budgeting level.

These legislative drivers will continue to move security up to a boardroom discussion, with advisory services taking the front line of demand as well as budget. As we move towards 2018, the stopwatch is on for new entrants, as well as established players to restructure teams, align ecosystems and improve data management. They must also fine tune effective cyber breach response strategies to ensure the legislations and regulations put in place have a positive impact on their business and customers.

No organisation is immune

Many financial services organisations are aware of technological developments taking place throughout security, as well as the evolving security postures needed to combat threats and reduce routes to entry. Biometric authentication is an example of this that adds an additional layer of personalised security for data and account protection purposes. The plethora of high-profile attacks, such as Petya and Wannacry, highlight how no organisation or industry, including financial services, is immune.

The need for flexibility and responsiveness is paramount in this ever-changing landscape, not only legislatively but operationally, driving companies to pull together best in breed solutions to ensure capabilities match fluctuating threats. Legislatively the PSD2, for example, forces organisations to contract and conduct payments in a certain way, as well as effectively store and protect sensitive data. In comparison, the CMA 2018 mandate is forcing all financial services providers to offer customers the ability to manage their products, regardless of provider, via a single mobile application of their choice. Operationally, customers are demanding seamless payment and verification options with a 24/7 responsive service. A best in breed and reactive approach is capable of managing these demands, meaning flexible and intuitive ecosystems for application roll out can be the route to success, and gone are the days of using one provider for everything.

People unlock their phone and, increasingly, shop and pay with the touch of their finger. They don’t get locked out when they forget a password because it has been replaced with a simpler, more secure option – mobile biometrics.  Whether using a fingerprint, an iris scan or a “selfie” to confirm identity, banks see biometric technology as a way to provide greater convenience and security to customers as they use their accounts. But, it’s still early days in mobile biometrics, and a new report from Mastercard and the Department of Computer Science at the University of Oxford highlights a big barrier. Only 36% of relevant banking executives feel they have adequate experience to deliver.

To overcome this knowledge gap, ‘Mobile Biometrics in Financial Services: A Five Factor Framework’ explores this fast-evolving technology landscape and provides bank executives with guidelines to successfully bring mobile biometrics to life. Simply put, they need to focus on Performance, Usability, Interoperability, Security and Privacy.

Some of these factors are more visible to the consumer, having a real impact on user experience, while others operate behind the scenes. But, long-term success for a bank requires that they address all factors equally to protect against threats. The framework can help financial service companies avoid the trap of focusing only on the ones their customers see.

“Biometric authentication has a lot of potential, but it is important to address the objectives of each of the Five Factors when designing solutions. Working together with Mastercard enables us to solve for realistic threats to the industry with the best technical and scientific ideas. Users will need consistency, quality and assured security for this technology to thrive,” said Professor Ivan Martinovic, Department of Computer Science at the University of Oxford.

Ajay Bhalla, president, Global Enterprise Risk & Security, Mastercard, commented on the research initiative in a blog, saying: “Effective mobile biometrics melt into the broader experience of consumer-centric financial services, giving people the power to instantly access their financial information or make a payment. They’re driving the trend toward a password-free future where digital identity is all about who we are, not what we remember.”

Considering that global sales of smartphones are expected to reach $400 billion by next year, people everywhere will increasingly have access to the tool that makes mobile biometrics possible. Banks see that as an opportunity, and with initiatives like the collaboration with the University of Oxford and pioneering biometrics solutions like Mastercard Identity Check Mobile, Mastercard is a partner to deliver widespread and responsible adoption of mobile biometric solutions in financial services.

As Bhalla continued, “This framework is fundamental to accelerating the deployment of mobile biometrics for consumers and industry alike, but collaboration is key. We can only achieve this if industry, academia, governments and technology vendors understand and contribute to the evolution of the Five Factor Framework for mobile biometrics.”

“Mastercard and Oxford have done important work in exposing some of the root causes for the inconsistent adoption of mobile biometrics in financial services,” said Ravin Sanjith, Program Director: Intelligent Authentication, Opus Research. “We expect the Five Factor Framework to become an indispensable aide for industry professionals and decision makers to have better informed, strategic discussions that drive towards more efficient and successful high-scale implementations.”

Anthony Duffy, Director of Retail Banking, UK and Ireland at Fujitsu told Finance Monthly:

“The news that biometric authentication is now consumers” preferred choice for their financial services security is further evidence that biometric technologies are coming of age. Biometric solutions have been used overseas for many years, with Brazilian, Japanese and Turkish banks all using Fujitsu biometric solutions to support day-to-day banking transactions. However, it is only recently that British banks have started to deploy the technology on a significant scale. We are seeing a growing confidence in the security and effectiveness of biometric technologies, perhaps in part brought about by both Android and Apple mobile devices using finger/thumb print scanner technology as an unlocking option. After all, as the technology goes from new to familiar, there’s a natural acceptance and understanding, which breaks down previous barriers to entry.

“Financial institutions are keen to enhance their security measures further and to improve customer service. Biometric technologies, by being unique to the individual, help achieve both goals. Their use often reduces the use of passwords, or even eliminates them altogether, while often also providing an audit trail. When deployed to help identify customers, their use can speed up the identification and log-on process, by removing the need for security questions.

“The reliability, security and accuracy of biometrics make them ideal for banking. Add to that the widespread adoption of biometrics on mobile devices, and it’s clear the technology is set to flourish. Consequently, at Fujitsu, we believe that the use of biometrics in banking is something we will see much more of in coming years.”

(Source: University of Oxford)

IBM (NYSE: IBM) Security recently announced it has completed the acquisition of Agile 3 Solutions. The software is used by the C-Suite and senior executives to better visualize, understand and manage risks associated with the protection of sensitive data. IBM Security had previously announced it had entered into a definitive agreement to acquire Agile 3 Solutions. Financial terms were not disclosed.

The company, now known as Agile 3 Solutions, an IBM Company, joins the IBM Security business unit and will be part of the IBM Data Security Services portfolio of offerings. The acquisition also builds on the growth of IBM's end-to-end Guardium data security and protection platform, which helps to analyze the risk associated with sensitive data, monitor and protect sensitive data at rest, and in motion.

Agile 3 Solutions marks the 20th security-related company IBM has acquired as part of a series of investments to deepen its expertise as one of the world's largest enterprise security companies. IBM Security has hired approximately 1,900 security experts since 2015, and has invested in innovative new programs to help the industry collaborate to battle cybercrime, including IBM's X-Force Exchange and the IBM Security App Exchange. IBM has also closed the acquisition of Ravy Technologies, a subcontractor to Agile 3.

(Source: IBM Security)

I read an interesting article recently that outlined the way in which cloud adoption has changed the business landscape, causing a seismic shift in how organisations operate. Depending on your source, UK cloud adoption rates are currently anywhere between 78% and 84%, and whilst cloud is no longer a new phenomenon, its importance to not only the CIO but also the full c-suite of decision makers such as CEOs, CMOs and CFOs, is paramount as they jostle to gain a competitive advantage over competitors.

It has been argued that cloud adoption heralds the largest disruption in enterprise computing since the advent of the PC, with many industries embracing cloud-based platforms to not only cut costs but also drive efficiency. Despite this, there has been a certain amount of trepidation from the financial services sector to make the transition and fully embrace cloud and its many advantages.

At the mere utterance of the word ‘cloud’ we used to hear a plethora of reasons why financial services organisations could not make the leap. There were concerns over regulatory compliance as well as the complexity of functional replacement, security and control. And, in an era where financial institutions are more highly regulated than ever before, one could forgive these organisations for a tentative approach to change – especially when it came to new technologies that cloud put compliance at risk. To further validate this hesitance, financial services firms are reportedly hit with security incidents 300 percent more frequently than other industries.

However, over the past year, the UK financial services sector has taken a more confident and proactive approach to cloud computing. In mid-2016, following the publishing of the Financial Conduct Authority’s (FCA) final guidance for UK regulated firms outsourcing to the cloud, it was made clear that there is no fundamental reason why financial services firms cannot use public cloud services, so long as they comply with the FCA’s rules.  This statement and the guidance provided will certainly be welcomed by those UK financial institutions that have been hesitant to embrace cloud due to the lack of regulatory certainty over its use. This also serves as good news for the cloud sector too, providing a boost in the uptake of cloud services in the sector. Certainly, there are many examples of financial services firms using cloud while remaining in compliance with FCA regulations.

Regulatory compliance and managing cyber risk do not need to be the enemy of innovation. In fact, taking a risk-avoidant approach to experimenting with new business models, technologies or user experiences will be a fast path to obscurity in today’s business landscape, where innovation and competition can come from anywhere. Banks, hedge funds, asset managers, insurance firms and other players in the financial services ecosystem should seek out technologies that meet compliance and security needs but also enable agility and flexibility.

Here are three quick benefits that cloud can provide for the financial services sector:

1. Enhanced Security – Contrary to popular belief, businesses who take advantage of cloud computing may actually enjoy stronger security than those who try to go it alone or rely on their on-premise security technologies. The cloud is certainly more secure than many legacy platforms, so if financial organisations choose the right cloud service provider, they can actually experience a higher level of security than they would via legacy solutions.
2. Reduced Infrastructure – As your financial services firm grows, so does its information technology hardware and software needs. By migrating to the cloud, your company can reduce the amount of infrastructure stored onsite, share liability with qualified technology partners, eliminate much of the hassle associated with procuring hardware and software, and reduce costs in the process by moving IT CAPEX to OPEX. There is no longer a need to purchase multiple servers and supporting equipment, store it on-site and pay for the space and utilities to support the operation of that infrastructure.
3. Increased Business Agility - Cloud computing brings with it a number of benefits related to agility. First and foremost, cloud computing is all about scalability and flexibility on demand and financial services firms benefit from being able to roll out new applications very quickly or use the cloud for dev/test to drive innovation. Additionally, cloud computing is built with mobile productivity in mind. Employees need no longer be tethered to their desks. Applications and information can be accessed from virtually any device with Internet connectivity, allowing your staff the access needed to be effective, without being tied to the office.

By embracing cloud computing services, companies in the financial sector are able to add vast efficiency to their operations. As long as the risks can be managed, and with the right cloud service provider they can, there are many benefits. Cloud services – ranging from Production to Dev/Test to Disaster Recovery and backup - can help financial firms reduce setup and operating costs related to installing new IT infrastructure and negate the need to invest in more data centre space by making the necessary infrastructure resources available on demand. Perhaps most importantly for such a regulated industry, cloud services can help financial services firms gain IT innovation while protecting them against cyber-attacks, ransomware as well as maintaining compliance.

If your financial services firm has been hesitant about a migration to cloud computing, it may be time to reconsider. Enjoy stronger security, lower your maintenance costs and unleash the productivity potential of employees by migrating to the cloud.

Authored by Monica Brink, Director of Marketing, iland.

The infamous year 2016 is now behind us and we all have a fresh start moving into the new year - one which could perhaps be one of the most unpredictable since the market crash in 2008. Low confidence and an anxious approach to ambition could stunt the growth of startups, so here are my key resolutions that small enterprises should adopt if they want to thrive in 2017.

1. Smarter marketing, not larger

It’s good business sense to always look after the pennies, but with unknown economic territories ahead of us, it’s important for start-ups to tighten up the side of the business where thousands could be wasted when hundreds could take you further = marketing. Social media and SEO will be the most cost-effective ways to drive brand awareness, so invest in consultants and training sessions to help you cover the basics that will ensure your business is heard in a world full of competitors. What’s most important for you to take note of in these workshops is the efficiency of micro-targeting – put spend purely into targeting where your audience digests content and news. Don’t look to reach large numbers, look to reach relevant numbers.

2. Inspiration comes from the workplace

It might sound simple, it might sound unimportant - but neither is true. Your working environment plays a huge role on your energy, motivation and inspiration – three characteristics you’ll need in bundles to take a start-up off the ground. Walk into offices up and down the country and they can be flooded with unnecessary paper, overcrowded desks, folders upon folders and general mess. Take action and declutter your office by taking more of your work online – with the rise of cloud-based services such as Google Docs, sharing working documents has never been easier. What’s more, the cloud has been utilised across industries, and some services even allow you to take your accounting spreadsheets and numbers purely within the cloud. This takes me nicely onto…

3. Re-evaluate your business tools

The beginning of the year is an opportune time to calculate all tools your business subscribes to, and analyse what’s working and what’s not. It could be that you’re paying for three different tools that can all be done by one, this will drive costs way down. For instance, Xero is a tool that allows you to take control of payroll, pay bills, send invoices, creating POs and more – it’s time to research what tools out there will optimise your business.

4. 2017 will be the year of networking

Business owners will need to keep their finger on the pulse of trends that result from Article 50 being triggered. You can make predictions based on what you’ve read online and how your business has been performing, but to get a deeper understand and grasp on where trends will head, you will need to discuss the industry with your peers. Like Open Data, everyone will benefit from each other’s learnings and can adapt accordingly. SMBs are the backbone of the UK economy, and a united effort to thrive this year will help us prosper as we leave Europe.

5. Prioritise your employees’ happiness

Hard workers are hard to come by. You’ll remember sitting in your office interviewing countless candidates who simply weren’t right for your company, so use that experience to treasure what you have now. Research what the larger organisations are doing and you’ll see a host of perk packages, health schemes and away days. While this is great and a real morale booster, employees really respond to one-on-one time with their boss. Simply showing your appreciation of their work and reassurance of their career path will give them the confidence to work for you, and the ambition to achieve for you.

6. Protect yourself against security threats

Hackers and cyberattacks are becoming more sophisticated by the day, and the threat of a data breach is more likely than ever before. It’s vital that businesses of all sizes who use online and financial services ensure they have strong security practices. Using the most up to date virus protection and firewalls is a given, but extra layers of security such as multi-factor authentication (requiring a username and password as well as a piece of information that only the user knows) can help your accounts from being compromised by phishing and malware.

Authored by Gary Turner, UK Managing Director and co-founder of Xero.

(Source: Xero)

In the last couple of years, a number of high-profile businesses have had large amounts of customer data stolen due to a cyber attack. Furthermore, hackers and other malicious parties are always looking for new ways to intercept the information users send to businesses via the web or gain such information directly from users by deceptive means.

In this blog post, David Midgley, Head of Operations at payment gateway provider Total Processing, outlines why making the move to HTTPS protocol goes a long way to helping to eliminate these problems while also helping to improve a business’ reputation and trustworthiness.

For the uninitiated, HTTPS is a way of securing all of the information that is sent between a website and a browser. It works by adding a Secure Sockets Layer (SSL) or Transport Layer Security (TLS) encryption layer to the basic HTTP protocol, meaning that the information is still being sent in the same way and in the same ‘language’ to each other. However, all the requests and responses are now encrypted before being sent and then decrypted before the webpage loads for the viewer to see.

This means there is less chance of those requests and responses, and crucially the information contained within them, being intercepted and exploited by external forces. More and more people now do their banking, buy their shopping, book holidays and make other transactions online, and all of these actions require them to share financial information or the level of personal information that can be used to commit identity theft. Therefore, it is vital that the websites processing this information make sure they are using a secure channel to send and receive the information.

However, you would be mistaken to think that only sites that send and receive personal and financial details from users need to protect the communications that take place between their sites and a user’s browser. In fact, all the information a site sends through to a browser, be it cookies, java scripts or HTML code, can also be intercepted by an external party who can tamper with the information before it is seen by the end user.

These external parties can range from those with malicious intentions, such as hackers, seeking to trick users into giving them sensitive information or install malware, ransomware and spyware all the way to respectable, well-known organisations looking to present their own adverts to the user.

While the latter is relatively harmless and there is no real ill intention, as their aim is to sell products or promote a service, I would argue the insertion of adverts onto web pages is still an intrusive practice and can be very disconcerting for users as they can begin to feel that they are being ‘followed’ from site to site by an advertiser. In turn, users can then lose confidence in sites where their browsing experience has been interrupted by adverts as they can begin to feel that their browsing history and the information they’re sharing isn’t secure.

I would argue the above is also harmful to a business’ reputation as a company’s website is a reflection of them, and thus, having an insecure website sends out a very negative message about the company.

Furthermore, Google, which accounts for over 80% of all searches, has also revealed that it gives a ranking boost to those who use HTTPS protocol to secure their website. This is a very important point that could potentially have a huge effect on a business, as according to Moz, unless your site is listed in the top four of a search engine results page, it will have a click-through rate of less than 2%. Essentially then, if you’re a small business in a competitive market, you can’t afford to ignore this point, as you are immediately at a disadvantage and have given up ground to your competitors who are using HTTPS if you’re still operating a site that only uses HTTP protocol. In addition, Google have also recently revealed that, from January 2017, they will alert users of their Chrome browser when a site doesn’t use HTTPS encryption, thereby making the link between the use of HTTPS protocol and the security of information transmitted online even clearer for web users.

Therefore, it makes sense to use HTTPS – your users’ personal details are safe, as is other information that can be used to track them, such as their browsing history. In addition, securing your business’ website with HTTPS should also help to instil trust among site users too. Finally, the biggest search engine with the vast majority of all searches has also made it plain that they will give your site a boost in their rankings if you use HTTPS protocol. Arguably, a higher ranking in Google, and other search engines, should also help to further instil trust in a business among consumers and bring business to your site too, as, by ranking a site higher in its’ SERPs, Google is effectively saying to its’ users “this is a relevant and trustworthy site”.

It has to be said that HTTPS protocol can’t protect your site and the information it sends and receives secure from every possible threat, and it isn’t without its’ problems. For example, some would argue that a site using HTTPS is slower than one that uses HTTP protocol, while others could point to the fact that buying and renewing SSL or TLS certificates adds to the costs of a business. However, the effect on page loading time is marginal and barely noticeable to most users, while the page ranking, reputational and security benefits will far outweigh the financial cost of renewing security certificates in the long run too.

For these and many other reasons, you need to switch over your business’ website to HTTPS protocol if you haven’t already.

Mobeus has invested £3.7m to support Redline Assured Security Ltd (“Redline”), a world leader in the provision of security training, quality assurance and consulting, primarily to the aviation sector. The funding will be used to accelerate the roll out of Redline’s products and services in a number of new international markets.

Andrew Lock and Craig Hewitt-Dutton from LockDutton Corporate Finance were the Corporate Finance adviser to the company Redline Aviation Security Ltd and the shareholder / directors Paul Mason and Jim Termini. They prepared a comprehensive Information Memorandum setting out the investment opportunities for an investor and worked closely with both their client and the team at Mobeus VCT plc, led by Richard Babington and Jonathan Gregory throughout the whole process which lasted 6 months, resolving issues as and when they arose, so as to ensure that the transaction will be completed within a sensible timeframe.

Richard Babington, the Mobeus Partner who led the transaction, commented: “Britain is renowned worldwide for the quality of its aviation security, and Redline is the pre-eminent provider of aviation security training and quality assurance in Britain. We are delighted to be backing Paul, Jim and Redline as it continues to accelerate its development into Europe, the Middle East and Asia.”

Paul Mason, CEO of Redline, said: “The chance to work with a progressive, supportive equity house like Mobeus is an extremely exciting prospect for the whole team at Redline. We intend to maximise the opportunity to make a real difference in a very uncertain world.”

Gordon Young, UK Sales Director at Promon

Norwegian security specialist Promon has announced that its customer base has now surpassed 11 million customers worldwide.

The security specialists, who have set about delivering true app security and mitigating against increased risk in mobile banking apps, has built up the large customer base over six years, since its launch in 2009. The firm launched its flagship app security product PromonShield in the UK in 2014, and now plans to overhaul security in the UK banking sector.

Promon’s technology centres on the idea of self-defending apps built or linked into an application or application runtime environment, capable of controlling application execution and detecting and preventing real-time attacks. The software is a proactive solution designed to stop malware attacks before they do any harm, without changing the customer experience, even on devices that have been compromised or when vulnerabilities are caused by the user.

Gordon Young, UK Sales Director at Promon, said: “There is no product available on the market that can both detect and prevent against mobile breaches in the same way that we can and our huge growth is testament to this fact. Almost the entire number of mobile banking apps are lacking vital security and are therefore highly vulnerable to attacks which unless addressed properly now, will lead to a loss of confidence in UK mobile banking.

“Given the uptake of mobile banking apps for both day-to-day use and larger transactions, bank customers should be very concerned. Banks cannot afford to stand by and watch the continued rise of banking cyber fraud and must embrace the idea of self-defending apps.”