Connect with us

Business

Banking on legacy – The risks posed by ‘stone age’ banking infrastructure

Source: Finance Derivative

By Andreas Wuchner, Angel Investor of Venari Security

Introduction

If you consider the most significant motivating factors behind cyber-attacks – the promise of large financial reward and the opportunity to cause maximum business and social disruption – it’s little wonder that banks and financial institutions are amongst the most inviting targets for would-be cyber criminals. In fact, according to IBM’s recent report, ‘banking and finance’ was the most attacked industry for the five years between 2015 and 2020 – surpassed only by threats to critical infrastructure in recent years. Successful attacks can provide aggressors with a mass of sensitive personal and financial information, and even access to people’s money itself. Furthermore, a suspension of withdrawals and deposits can cause huge social disruption and reputational damage. 

As banks have reacted to years of new regulation and emerging technologies, they often operate with a hugely complicated and disparate technology estates. This provides malicious actors with a wealth of potential attack vectors. A small breach from anywhere in this network can have enormous consequences, and lead to entire systems being overrun. As such, it’s crucial that security teams operate with the highest-grade security possible, including ensuring the strongest level of encryption standards. Banks need to look beyond regulatory tick-box commitments and ensure they are taking proactive and preventative steps to monitor and combat malicious attacks across their entire network.

Andreas Wuchner

However, the ability to react to cyber-threats across a vast estate requires speed and flexibility to quickly react and update security protocols. The sheer volume of legacy infrastructure slows this process down considerably leaving many security teams in a vicious cycle. 

The threat of legacy infrastructure

A sizeable proportion of the banking industry still maintains a reliance on systems first developed more than 40 years ago. In fact, many ‘core banking’ systems, like payments, loans, mortgages and the associated technologies, are still coded using COBOL (Common Business-Orientated Language), an otherwise defunct programming language that is older than the internet itself. In the UK and Europe, COBOL remains the ‘backbone of banking services,’ while in the USA, as much as 43% of banking systems are built on COBOL, meaning it underpins much of our financial system.

This presents a huge security risk. While code has been regularly updated over the years, these systems were built when security threats were far less sophisticated, less well-financed and the burden of data was far less pronounced. For several years, governments have pointed towards legacy systems, built using COBOL, as a major cybersecurity threat, incompatible with modern security best practices and solutions, including multi-factor authentication. For example, data from Kaspersky found that businesses with outdated technology are much more likely to have suffered a data breach (65%) than those who keep their technology updated (29%).

A further security consideration is the diminishing number of people who are trained in maintaining COBOL systems. Every year, experienced professionals exit the industry, making it increasingly difficult to service legacy technologies and creating significant delays in patching threats once they’re identified. This lack of supply of sufficiently trained experts, and the demand they face, makes any updates extremely expensive and time consuming.

Furthermore, legacy infrastructure is preventing the secure application of encryption, posing its own distinct cybersecurity and regulatory risks. Encryption is often heralded as a silver bullet solution for data privacy and has been a continuing area of focus for regulatory bodies in recent years. However, banks remain guilty of poor deployment, maintenance and management of encryption – using outdated protocols and inefficient methods of analysing and understanding network traffic. This, coupled with legacy ‘core banking’ systems that are incompatible with modern encryption techniques, equates to a regulatory and security headache for security teams.

Adopting a new mindset

The risks posed by legacy systems and the volume of cybersecurity threats facing banks, mean a concentrated re-think of overall cybersecurity strategy is needed to prevent breaches and ensure data is protected long-term. Traditionally, banks have taken an ‘outside-in’ view – dedicating capacity, finances and knowledge to dealing with threats that are existing, known and well publicised. However, to aid long-term security, this should be superseded by an ‘inside-out’ proactive approach, whereby security teams are cognisant of their own internal systems and where the key vulnerabilities are found. Once banks have a detailed view of the security risks posed by their legacy systems, and specifically what data is threatened, they can address flaws, update these systems and build a stronger overall security posture.

The secure path ahead

Many of our successful high-street banks today have centuries of experience in dealing with social, economic and regulatory upheaval. However, the rapid development and deployment of technology continues to present a unique challenge. Many ‘traditional’ banks have built a complex technology infrastructure through decades of adjustment to new legislation and emerging technologies. While serviceable in the past, fintech start-ups are pushing the long-term viability of these systems to the limit.

Challenger banks have the luxury of being built from the ground-up, prioritising convenient digital services and features, and modern security processes. As the user base of these banks increase, customers are increasingly expecting these features and security from their existing banks, meaning even more complexity added to legacy infrastructures. As outlined by Deloitte, existing firms simply aren’t positioned to support the rising expectation of the market, exposing banks to additional risk and liability.

What’s more, it’s estimated that banks spend as much as 80% of their yearly IT budgets on the maintenance of legacy systems. While an immediate switch away from these systems is unrealistic, there is an opportunity to reduce wasted spend and divert spend towards modernisation efforts. However, while traditional banks may want to adapt quicker to technological advancements, they need to do so while continuing to minimise cyber risk and without jeopardising the security of their data or systems. This means placing cybersecurity at the heart of any modernisation efforts and maintaining a steady rate of change. As more of the technology estate begins to be modernised, the potential risks of regulatory non-compliance will also reduce.

Legacy systems need a considered update

Banking systems have heavily relied on legacy infrastructure for too long now, bringing difficulties in maintaining the highest-grade cybersecurity and in facilitating innovation. The risks presented by novel cybersecurity attack vectors and competition from new and emerging digital services offered by challenger banks are exacerbating these issues. As such, legacy systems need a managed modernisation in the long-term, facilitated in part by a managed redistribution of existing IT spend. However, to ensure long-term security overall, cybersecurity needs to be central to be at the very heart of modernisation efforts.

 

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

Overcoming intricacies of premium processing in the insurance industry

Source: Finance Derivative

By Piers Williams, Global Insurance Manager at AutoRek

Complexity is an unavoidable reality for the intricate world of insurance. For program administrators, including brokers, managing general agents (MGAs) and managing general underwriters (MGUs), accurate management of insurance premium payments and complex workflows like bulk payments and diverse data sources is essential – there cannot be room for error. Unfortunately, poorly executed and complex processes can lead to costly mistakes. This is especially true for essential financial control processes that directly impact the performance of insurance businesses such as premium payment processes – also commonly known in corporate industries as account receivable and payable processes.

In particular, the traditional, manual management of insurance premium payments is what can often lead to unresolved outstanding debt and large balances of unallocated cash. When you combine this with the 30% growth in delegated/program businesses (over 30%+ in the last 3 years), using Excel sheets and the ever-increasing policy volumes, the approach becomes unsustainable and inefficient.

This article will outline the transformative benefits automation offers and the key actionable strategies that will enable program administrators to optimise the management of insurance premium payments for greater efficiency and effectiveness in their financial operations.

Embracing automation: the future of insurance

The future of insurance lies in automation – this is where premium payment processing comes in. Automation enables businesses not to erode margins through write-offs but accelerate cash flow and protect revenue. The primary goal is to accelerate premium reconciliation and allocation by implementing an automated straight-through process, minimising the need for human intervention to ensure that minutes – not hours – are spent on the reconciliation process.

By leveraging automated systems and advanced data integration, premium payment processing has the potential to offer a more streamlined, accurate and effective insurance ecosystem. Automation minimises the likelihood of human error and delays in transaction times; ensuring that precision is at the forefront of the financial processes. This shift towards automation addresses one of the key challenges faced by the insurance industry – eliminating inefficiencies which can lead to costly mistakes and unnecessary delays.

Producing scalability in a competitive market

Program administrators are confronted with a multitude of pain points in their day-to-day operations. Given that program administrators handle a significant amount of insurance policies across multiple binders/programs in the market, considerable admin effort is required to process a vast number of internal and external data sources as well as payments and policy data. As a result, program administrators risk losing valuable time and resources – giving them less time for value-added tasks, like resolving breaks, addressing downstream issues, and creating better partnerships with insurance partners.  

The impact of such operational inefficiencies can impact not only accounts receivable, collections and credit control processes but also business profitability, binder/program performance, competitiveness and reputation to name a few. Without the adoption of more advanced technologies like automation, program administrators are increasingly at threat of not being able to produce scalability in a competitive market.

Whilst automation offers huge efficiency upside for businesses there are also many benefits delivered by simply having a single premium data control platform. One of the most notable challenges with premium payment operations is the often-large numbers of internal and external data sources that must be managed and processed. This data needs to be continuously processed to ensure reporting is up to date and management has a comprehensive view of outstanding premiums, allocated premium and cash positions at any point in time. The management of this data, if not performed within a platform, presents a huge risk from a control perspective, as often premium payments will not be allocated for 30, 60 or 90 days, therefore needing a solution to keep track of all data automatically to ensure efficiency and control to ensure.

The opportunities premium payment platforms unlock not only when reconciling and allocation premium but also from a financial data control, consolidation and audit perspective, can be transformative. When this is further combined with the new reporting that is unlocked and streamlined operations using features like workflows leads to a drastically enhanced and often very different operating model. This model, however, enables businesses to work in near real-time, enhance relationships and most importantly remain competitive.

Identifying and addressing inefficient processes

Investing in modern technology like automation is often the first step in streamlining operations and eliminating inefficient processes. The goal is to encourage program administrators to focus less on manual administrative tasks that are time-consuming and instead, focus on key business decision making to improve financial gain – automating manual processes does exactly that.

Likewise, the insurance industry is constantly evolving so the adoption of premium payment processing will be crucial in remaining competitive in a shifting market dynamic. With this in mind, legacy systems, once the backbone of insurance operations, must go. These systems are outdated and unable to meet the demands of a data-driven, regulated market, leading businesses to embrace digital transformation and no longer depend on inefficient processes.

Continue Reading

Business

Who’s Scared of Embedded Payments?

Source: Finance Derivative

Johannes Kolbeinsson, CEO at PAYSTRAX

Embedded payments have been swiftly integrated into the e-commerce ecosystem, showcasing their transformative potential in reshaping how we make transactions. There is a bright future for embedded payments, but we must emphasise the significant untapped potential within the space as it currently stands, as the user experience still isn’t quite seamless, and third-party payment processors still present a fraud risk to companies. 

A Rapidly Expanding Market

The growth of embedded payments is undeniable. Driven by the rise of digital wallets and one-click checkout systems, the global market for embedded finance as a whole is projected to grow from $92 billion to $228 billion between 2024 and 2028. Recent shifts in consumer behaviour, especially toward frictionless digital experiences, have been accelerating the adoption of these solutions across sectors. Embedded payments offer that seamless one system approach, not only quickly processing payments on app, but building a one app relationship with consumers that develops brand loyalty.

This trend directly mirrors the business strategies of the major players in the tech world. Companies such as Apple, with its mobile wallet and credit card ventures, and Shopify, combining e-commerce with embedded payments, have demonstrated that blending payments directly into platforms can drive user engagement and boost conversions. The logic is plain and simple: by keeping consumers within the app, businesses streamline the purchasing process, increasing the likelihood of finalising transactions, and building brand and customer loyalty.

The Embedded Payments Boom

Embedded payments have become the latest hot topic in fintech. In fact, just a few years ago, in 2020, embedded finance payments were generating around $16 billion in revenue. Looking ahead to next year, forecasts suggest that number will skyrocket to over $140 billion. The success of platforms like Uber with one-click payments and the buy-now-pay-later (BNPL) models from companies like Klarna are clear indicators of this shift. Consumers increasingly seek ease and convenience, and embedded payments are meeting those demands head-on.

However, for all the excitement, embedded payments still face challenges in adoption. Fraud prevention, authentication, and user experience remain key barriers that need to be addressed on an industry wide level to truly deliver the seamless, instant payments these systems promise consumers.

Addressing the Friction

While the promise of embedded payments is enticing, friction remains. One of the most critical challenges for businesses adopting embedded payments is ensuring robust risk management. Creating an online experience that feels as secure as an in-store transaction should be a top priority, especially as financial fraud becomes more prevalent.

Currently, many companies are jumping into embedded payments without fully understanding the complexities involved. The lack of in-house expertise in building the necessary infrastructure across digital services, transaction processing, and enablement layers can lead to implementation issues and security vulnerabilities. Businesses need to conduct proper due diligence to avoid potential pitfalls, as hasty implementations can compromise both functionality and security.

User experience is another key factor in determining the success of embedded payments. Historically, we’ve seen how PayPal revolutionised online payments with its email-and-password system, setting a new standard. Embedded payments, while advanced, are still evolving to achieve a truly frictionless experience. Authentication processes frequently occur outside of the platform or app, and the range of payment options can be limited. To fully realise the potential of embedded payments, businesses must balance security, usability, and convenience.

Trust and Security Concerns

Security and trust are paramount when it comes to anything finance related, and these are areas where embedded payments must improve to gain widespread consumer adoption. With growing concerns about data privacy and the rise in online fraud (40% of all reported crime in the UK last year were fraud), it’s clear that consumers need reassurance before embracing embedded payments.

While embedded payment systems offer unparalleled convenience, their inherent vulnerabilities could make them a prime target for cybercriminals. The lack of standardisation and regulation in the sector, coupled with a general shortage of expertise that comes with a new industry, poses significant risks for users. Nevertheless, history suggests that consumers are willing to trust new technologies over time. Just a decade ago, saving card details online was met with hesitation; today, it’s commonplace. Similarly, as security concerns are addressed, embedded payments will likely gain traction as consumer trust grows.

The Path Ahead for Embedded Payments

Despite the array of payment methods available today, the potential for embedded payments to dominate the future of finance is undeniable. Their speed, ease, and ability to facilitate in-app purchases with a simple click make them an attractive option for both consumers and businesses.

Yet, for embedded payments to live up to their promise, key challenges remain. User experience and authentication are the primary obstacles. Truly embedded payments should enable users to complete transactions within the app, without being redirected elsewhere for authentication. As instant payments become the norm, any requirement to leave an app to verify a purchase could deter adoption. Addressing these issues will be critical to the future success of embedded payments as they continue to evolve and reshape the digital landscape.

In the coming years, as innovations like AI-driven fraud detection and biometric authentication become more integrated, the potential for embedded payments to achieve a truly seamless experience will grow. This could be the defining shift that cements embedded payments as the default mode of financial transactions in our increasingly digital world.

Continue Reading

Business

The need for speed: Why fintechs must supercharge background checks to stay competitive

Source: Finance Derivative

By Luke Shipley, Chief Executive Officer and co-founder at Zinc

In the fast-paced world of finance, and particularly where finance and technology intersect, hiring candidates with the right skills is crucial for staying ahead of the competition. For fintech firms, conducting fast yet thorough background checks is key to balancing regulatory compliance with the need for speed.

However, financial regulations in the UK demand rigorous oversight to safeguard consumer data, prevent fraud, and maintain financial stability. As part of these regulations, fintech companies must conduct thorough background checks to ensure new hires align with compliance standards, mitigating risks to both the company and its customers. These checks involve verifying critical information such as financial history, credit reports, criminal records and employment history, which are essential for determining the suitability of candidates handling sensitive financial data. These checks are both time-consuming and resource-intensive, slowing down the hiring process.

Fintech firms can sustain rapid growth and meet regulatory obligations without sacrificing operational efficiency by streamlining this crucial part of the hiring process with the right tools. This also enables HR teams to focus on creating a positive experience for new hires, rather than burdening them with additional administrative tasks. Implementing efficient systems that reduce these checks from weeks to days allows companies to swiftly onboard talent, maintain customer trust, and stay competitive.

Challenges of traditional background checks

Traditional background checks in the fintech industry are complex and time-consuming due to the stringent regulatory requirements that financial organisations must follow. Verifying candidates’ financial history, running credit reports, conducting Disclosure and Barring Service (DBS) checks, and confirming employment history for the past several years are all critical tasks. These checks are not only meticulous but also require coordination with external agencies, which often slows down the process.

Manual handling of these background checks can extend the hiring timeline by weeks or even months, creating operational inefficiencies for fintech companies that need to scale quickly in a competitive industry. Prolonged hiring cycles can also lead to delays in onboarding vital talent, putting added pressure on already stretched teams.

For HR departments, managing these extensive checks manually places a heavy administrative burden. The time spent gathering documentation, verifying information, and coordinating with third parties diverts HR professionals from focusing on more strategic initiatives, such as talent acquisition and improving the candidate experience. As a result, the manual process not only hinders recruitment efficiency but also affects the company’s ability to attract top talent in a timely manner.

Role of technology in streamlining background checks

Here, technology plays a crucial role as it revolutionises the background check process in fintech by reducing manual interventions and simplifying time-consuming tasks. Automated platform systems now handle complex steps like identity verification, credit checks, and employment history validations far more efficiently than traditional methods. These technologies not only speed up the process but also provide one centralised place for employee documentation and improve accuracy by reducing the risk of human error in verifying critical information.

Automation also allows fintech companies to complete thorough background checks in a fraction of the time, continuing to ensure global compliance without delaying the hiring process. HR teams are freed from the burden of manual data gathering by automating repetitive tasks and reminder emails so they can focus on higher-value activities, such as candidate engagement and talent strategy.

Moreover, integrating background check platforms with existing HR systems streamlines recruitment workflows. This integration ensures a seamless transfer of data, and provides real-time updates on the status of each candidate’s background check. The result is a faster, more efficient hiring process that allows fintech firms to onboard new employees quickly, creating a positive reflection of their brand at every stage of the onboarding process.

Improved candidate experience

Technology in recruitment not only benefits HR teams but also significantly enhances the candidate experience. Automated systems cut down lengthy waiting periods, helping candidates move through the hiring process more swiftly.

From digital applications to real-time status updates, candidates enjoy a seamless, transparent process, which minimises stress and uncertainty. This streamlined approach improves communication and ensures that candidates are informed at every stage of their check progress, fostering trust and keeping them engaged. Additionally, modern tools like AI-driven assessments or automated interview scheduling save time, allowing candidates to focus on showcasing their skills rather than dealing with logistical hassles. Fintech companies can improve their overall employer branding by providing a more efficient and organised hiring process, attracting top talent who appreciate a modern and tech-forward experience.

It is why speeding up background checks is crucial for fintech companies aiming to stay competitive. By leveraging modern technology, these companies can benefit from greater efficiency, regulatory adherence, and an enhanced candidate experience. Fintech firms should embrace tech-driven solutions to balance speed and regulatory requirements, ensuring a smooth, transparent, and efficient hiring process.

Continue Reading

Copyright © 2021 Futures Parity.