|
||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The financial services industry deals with a commodity that is primarily electronic—money. Consequently it spends more per employee on IT than any other industry. Despite this, there is a worrying tendency for information that should be confidential to end up in the public domain. Why is this and what can be done?
 The financial consequences of data theft for banks are direct and indirectWhen a customer‟s money is stolen electronically, the onus is on compensate. The bank can also face fines if the loss is caused by management on its part and publicity can lead to brand damage.
Banks have to share data and it is often not a bank itself that is responsible for data leaksConsumers get caught unawares by email scams, businesses are careless with customer information and public sector bodies, with which banks are obliged to share information, have proved to be reckless in the way they handle data.
Banks need to review their IT infrastructureUltimately, for thieves to achieve their goals they need access to financial services and products that the banks have ultimate control over. Strict management and auditing of all IT assets is essential. The software development process needs rigorous quality controlExamples are on record of backdoors being built into banking systems by rogue developers. Testing and auditing must be exhaustive and carried out using dummy, not real, customer data.
Processes need to be well defined and auditedThe way in which data and transactions are handled internally needs to be governed by strong processes. Those responsible for weak processes or those who ignore strong ones must face the consequences.
Education and awareness needs to be driven by banksBanks need to keep up awareness campaigns for consumers and encourage best practice amongst their business customers to prevent data leakage.
The level of potential risk is not going to decreaseNew financial products, such as e-wallets and the continuing growth of internet shopping and other online services, will mean more and more opportunity for would-be thieves. In order for this growth to continue, people need to have more confidence in the way their financial data is being managed.
CONCLUSION:
Banks alone have the ultimate responsibility for who is able to authorise transactions of any sort. They can control access through better managed infrastructure and processes and ensure better awareness among employees and customers. Unfortunately, banks will always have to share the details of their account holders externally and there will continue to be breaches through the carelessness with which those details are handled. Only tight security and practices at the core can render such information useless to all but the rightful users.
Quocirca is a leading primary research and analysis company with native language research capabilities across the whole of Europe, along with North America and the Asia Pacific region.
Full report available free of charge, click here [Registration required]
| |||||
|
|||||
| |||||
|
||||||||||||||
|
||||||||||||||
|
|
||||||||||||||
