IT in the Banking Industry: Checking the Box Is Not Enough

Advances in digital technology have changed the way the world conducts business — and that includes cybercriminals. Unfortunately for the banking industry, cybercriminals’ favorite targets are financial institutions. In this post, we explore banking compliance efforts and why checking the compliance box is not enough. So read on for ideas on attaining true security.

PWC’s Global Economic Crime Survey

According to the PWC 2016 survey, cybercrime is now the second most reported economic crime. To improve on proactive security measures, financial institutions must evaluate threats and determine their imminence in real time. PWC says that cybercrime is not just an IT problem. Responsibility for keeping data secure starts in the C-Suite and trickles down to all staff.

The findings of this study are fascinating. Respondents said:

  • About 50 organizations had cybercrime losses above $5 million
  • One-third of those reported cybercrime losses in excess of $100 million
  • Survey respondents considered the loss of the business’s reputation the most damaging impact of a cybersecurity breach

Checking the Compliance Box Is Not Enough

There are many standards and guidelines, some on a national or global level, directed at helping financial institutions assess their cyber risk and improve their management of that risk.

These guidelines are good initial steps, but stopping sophisticated cybercriminals requires a more hands-on process. For instance, the ECB requires banks to disclose cyberthreat information to a real-time alert database. Since 2016, the agency has collected such information with the goal of instituting an early warning system for banks. ECB expects to provide the database to its 129 member banks sometime in 2017. ECB will also share the information collected with the U.S. Federal Reserve and the Bank of England (BoE).

BoE also has a cyber-stress test program that performs hacking exercises with U.S. regulators to imitate a large-scale attack on the global financial system and gauge the attacks’ impact on financial networks.

Conduct Insider Threat Assessments

One way to protect against insider security threats is to analyze behaviors within the network.

  1. Identify the various roles that employees play within the organization and the network authorizations assigned to them
  2. Assess the data access rights for each employee and list each piece of equipment they have authority to use
  3. Analyze usage to determine unauthorized use of equipment or to identify anyone trying to access data they are not authorized to access

Penetration Testing

Cybercriminals take advantage of network vulnerabilities. It follows then that cybersecurity involves knowing what and where those vulnerabilities lie. Penetration testing means your IT staff — or a third-party provider if you outsource the task — gathers information about your system in order to identify possible points that a hacker might use to gain entry. Once you’ve identified potential entry points, IT staff will conduct penetration testing — which means they will try to break into the system through the entry point to determine the vulnerability threat level.

  • IT staff can test penetration manually or by using special software
  • Penetration testing can also tell you how well your employees comply with your security policies and how well they understand their roles in the organization’s security
  • Penetration tests are sometimes referred to as “white hat” tests because the good guys are doing the testing

Learn more about penetration testing tips: read the article entitled Three Penetration Testing Tips to Out-hack Hackers.

The Impact of IT on the Banking Industry

All industries are being heavily influenced by new changes in information technology, and this is certainly true for the banking industry. There has been a lot of discussion about the influence of IT in the banking industry, and how it might fundamentally change the manner in which a lot of people perform banking transactions.

The Rise of Blockchain Technology

As blockchain technology becomes more and more common, there won’t be as many centralized banking systems. Many of the specific banking transactions that people perform will be faster as a result of blockchain technology, so this is something that plenty of bank customers might support. The fact that this technology will get so much consumer support should only make it more economically viable.

Paper Checks May Become Obsolete

A lot of people have already dropped paper checks in favor of making online payments. This is starting to become enough of a trend that paper checks may eliminated in the near future. In some countries, paper checks have already become a thing of the past.

Cash might be used more frequently than paper checks in the near future, but people are still starting to rely on cash less and less as well. Online payments are becoming convenient enough that most of the advantages associated with cash payments are disappearing.

Bitcoin and Similar Currencies Will Become More Popular

It’s clear that Bitcoin isn’t going anywhere, even though some people in the industry were skeptical of Bitcoin initially. Given how useful Bitcoin is when it comes to international banking, increasing rates of globalization should only make Bitcoin more relevant.

Many of the new technological changes should be positive for customers overall. They will also certainly have a huge effect on the experience of customers in general.

What Is Cognitive Banking?

Cognitive banking is the use of advanced technology to make banks more effective. By using machine learning, AI and data science, financial institutions use data gathered from customers and internal sources to optimize processes.

How Does Cognitive Banking Work?

Banks already collect significant data on interactions and events. Cloud-based machines that understand natural language can learn from all of this data. A machine that has accumulated considerable knowledge can give evidence-based advice to both customers and bank employees. By using these techniques, a bank can provide more value to customers while improving its internal procedures.

Benefit to Customers

When a cognitive system analyzes real customer interaction data, it can gain insights from data by identifying patterns that lead to customer satisfaction. When banks allow it to interact directly with their clients, further learning continues with each new interaction. The system can learn how to provide a better user experience. It gives smart advice to users on how to optimize their finances using the products the bank offers. In this way, cognitive systems can provide true value to clients.

How Banks Benefit

Banks that adopt cognitive banking strategies are well prepared to adapt to a changing future. Hard-coding of procedures becomes unnecessary as they are constantly evolving to fit the needs of the bank. Smart machines are on the front line of customer interaction instead of human operators. This both saves money and has the potential to provide a more optimized experience for clients. Smart machines can also learn banking regulations and security protocols to determine in real-time how well the bank is meeting these requirements. Employees receive notifications if the system needs changes to meet regulations or improve security.


In the rapidly evolving banking industry, banks need strategies to stay competitive. The use of cognitive banking techniques improves customer satisfaction while allowing banks to run more efficiently. For more information on cognitive banking, check out this page from IBM.

New Identity-Access Management Developments: IT in the Banking Industry

Just like in many other businesses, identity-access management is becoming the make-or-break factor for creating dependable IT security in the banking industry. That’s why new technological advancements in access-management strategies for banks are such a hot topic right now.

Ever since The New York Times reported in 2014 that JPMorgan Chase banks suffered a security breach that leaked the details of at least 76 million personal accounts and 7 million small-business accounts, banks have been scrambling to protect their networks better with more strict authentication measures.

BankTo improve identity-access management security, more banks are looking at evolving ways of integrating multi-factor authentication among their network’s users. For example, HSBC bank announced in March of 2016 that they’ll begin using new alternatives to standard password authentication that include both fingerprint scanning and voice-recognition technology to protect online accounts, according to ProofID Ltd.

Meanwhile, the U.S. DOD has started a “soft certificates” test program to evaluate the security of new wirelessly-derived credentials on mobile devices that access some of their private networks. Mobile devices store such soft credentials and use them to encrypt data and authenticate VPNs, for example.

Banks are more than interested in following suit, as evidenced by Payfone’s developments in mobile-payment authentications to create online transactions that they claim aren’t possible to hack or duplicate. Their number of transactions has tripled in just one year as they expand to network with more banks.

FingerprintExpect more fingerprint-activated payment systems to take off as well as more smartphones than just the iPhone and new Samsung models adopt fingerprint-scanning features in the future.