Keeping Pace With Security

By Michael Scheibach, Executive Editor, BankNews

As small and mid-sized banks continue to grapple with increased regulation, an erratic economy, customer retention and revenue growth, technology is not making the path to success any easier. In fact, a recent Javelin Strategy & Research survey found that members of Generation X, Generation Y and Core Millennials are gravitating toward the big banks, which can provide personal financial management tools, mobile remote deposit capture, person-to-person payments, mobile payments and other leading-edge services, while allowing them to participate in their own protection against fraudsters. They want anytime, anywhere, any device, all-encompassing financial capabilities. Speaking at last month’s Payments 2012 Conference in Baltimore, Chris Cox, vice president, mobile commerce solutions, First Data, summed it up this way: “Winners will be those that deliver on needs that go beyond payments to the heart of daily life.”

Delivering on these needs is challenging because of the escalating issue of online and mobile banking security. As banks expand their services to keep pace with customer demands, they become increasingly susceptible to fraud, much of which emanates from consumers’ infected computers. Since 2007, for instance, Microsoft has detected more than three million computers in the United States with suspected infections of the Zeus malware, which provides a means for fraudsters to steal user IDs, passwords and other financial information. Even though Microsoft and NACHA recently announced the disruption of the most harmful botnets using the Zeus family of malware worldwide, it is only a matter of time before another threat emerges.

Whether it is online banking or mobile payments, customers want to be assured that their transactions and accounts are secure; financial institutions, in turn, must implement the most effective technologies to provide this assurance. The importance of security, authentication and fraud prevention was evident throughout the sessions and exhibit at Payments 2012, with much discussion focused on how to secure the rapidly expanding mobile channel.

“There’s a distinction to be made between online and mobile banking security,” said Ajay Nigam, senior vice president, product management, at IronKey, a Payments 2012 exhibitor. “According to Juniper Strategy & Research, malware targeting mobile devices doubled in 2011. For online banking, banks must start with the assumption that their customers’ browsers, PCs and Internet connections cannot be trusted.” IronKey, located in Sunnyvale, Calif., offers Trusted Access, which delivers multiple layers of security, including a protected browser that users download, thus eliminating the threat of malware.

Banks need to consider four major points before deciding to move to a cloud/SaaS service, according to Nigam:

1. Look at how to establish security. Start with the assumption that the end user’s PC, browser and network connection are all compromised. Protect them anyway. 
2. Consider how to leverage cloud/SaaS service fully to lower infrastructure costs without risks of security or data loss. 
3. Layer security, starting from the client browser, extending through the network, and incorporating analytics and monitoring at the service connect level. 
4. Make the user experience seamless. 

The challenge is balancing budget restraints and the need for new technology investments. Fortunately, cost-effective, cloud-based solutions are pushing the transformation of information technology to business technology. In other words, cloud-based solutions allow expenditures previously targeted at equipment maintenance and personnel to be shifted to strategic initiatives, such as online and mobile banking security. Community banks need to be part of this transformation in order to remain competitive in this new era of technology-driven financial services.