Layered security in the banking industry: from physical to digital
Today's banks are facing numerous challenges. No longer is it acceptable to only focus on the physical security of the bank, but now they must also focus on the digital security of its data and applications. Putting encryption, firewalls and cloud providers' policies alongside alarms, security cameras and locks in their security infrastructure. What's more, is that the best solution is for the physical and digital security to live in an integrated solution.
What has created the need for this solution? From FinTech's to brick and mortar banks with mobile apps, security threats possess massive challenges:
- Increased cyber-attacks - Daily threats of attacks on bank systems resulting in low customer confidence and financial losses. In 2016, data breaches in the United States hit an all-time record high (Source: Copyright Identity Theft Resource Center 2017. All Rights Reserved.);
- Increased mobility - Consumers have come to increasingly rely on online and mobile services, and have escalating expectations for these services. Currently, 41% of consumers expect their banking apps will be hacked (Source: Copyright 2017. ARXAN. All Rights Reserved.) and 52.4% of global users say security is their top concern for mobile banking (Source: The Neilsen Mobile Shopping, Banking and Payment Survey, 2016.);
- Stricter compliance - Compliance requirements represent a never-ending effort for IT and security teams in banks, as regulatory updates have more than doubled in the last three years (Source: The peak of regulatory management may be sort of way off, Thomas Reuters.);
- Cost-pressure - Increased competition in many segments serves to intensify pricing pressures as governance, risk and compliance costs account for 15-20% of the total "run the bank" costs (Source: Copyright 1996-2017. Bain & Company.).
A financial institution employs thousands of people, has numerous offices, data centers, and call centers all storing vast amounts of data and sensitive information. In many cases, these employees use a badge to enter secure areas and then a different credential to access the systems on which they do their work. There's no connectivity between the two systems -- although both are designed and deployed to meet a common goal: protection from loss, damage, or theft through knowledge of who is doing what, when, and where. Financial institutions are recognizing that the integration of physical and online access control is a game-changing approach to enterprise-wide security.
Why are financial institutions going this route? The growing reliance on mobile workforces only increases risk and cost, not to mention the massive increase in bank customers relying on mobile and online applications possess further threats for digital security.
Banks creating successful business cases look at physical and digital access as the same problem that can -- and should -- leverage the same solution. Convergence of the two systems saves money and improves security, a rarity in this space. Decisions are now being centralized because what is physical and previously considered not "connected" is no longer. Now a physical door and its events are built into the overall security framework and structure of a bank. So, the centralized decision is no longer managed by the individual facilities manager but rather by a CISO or CTO who manages all events, globally. The only blocker is finding a solution which does just that as digital security is a rather new technology compared to the legacy systems of physical security in banks. It becomes difficult to find a solution that allows for a seamless integration of the two, but the benefits are huge.
The resulting identity strategy in converging the two systems offers significant benefits. This includes the ability to identify and authenticate a user once and use that identity information across multiple systems, including web and mobile applications for customers and employees. It improves compliance and auditability, offers a better end-user experience, and lowers the cost of issuing multiple badges/credentials and reducing the risk caused by lost credentials.
By stacking a varied range of complementary security measures throughout their business lines, banks can establish physical and digital protections that are comprehensive, strong, and reliable for their employees and customers enabling a higher level of sophistication in detecting potentially malicious behavior.
The financial services industry is experiencing the largest change in standards and regulations, forcing a transformation in current practices. The joint solution with BioConnect ID Enterprise allows Genetec to enable biometrics in a scalable, cost-efficient and secure way. Eliminating the need for dual management of users and devices. Creating seamless enrolment experiences without compromising security and saving costs.
To learn more about how BioConnect and Genetec are helping the banking and finance industry benefit from more secure access control tools, visit https://info.bioconnect.com/genetec.