Connect with us

Business

Facilitating open finance through secure services

Source: Finance Derivative

Travis Spencer, CEO of Curity

Open banking has revolutionized financial services forever and this is thanks to the integration of third-party financial institutions. This proposes a wealth of new opportunities to businesses and customers alike. Transparency and innovation – two words not traditionally associated with banking – are now at the forefront of the industry. Europe’s onboarding of PDS2 regulations, the UK’s OBIE, and more recently Brazil’s efforts, represent a global change in traditional banking attitudes. The tides have now turned towards progress, paving the way for different technologies to enhance financial processes. APIs are a great example of this, and are at the heart of the open banking movement. They have enabled an environment where “platformification” is happening all around us, and it is happening now.

Naturally, the prospect of moving financial data around is always something to do with care. The consequences of this information falling into the wrong hands have the potential to be disastrous for consumers, businesses and banks. That’s why financial-grade API security is paramount when it comes to the exchange of data and financial information between institutions and third parties such as fintech vendors and other partners.

With security being of such importance, there are a raft of measures that financial services companies should adopt to set themselves up safely for success.

Authentication First

In a highly regulated system, it is important to have strong confidence in the users’ identity. This requires a Strong Customer Authentication (SCA) method, which usually translates to a high Level Of Assurance. This is achieved in part by using multi-factor authentication. Equally essential, users must prove their identity as part of the registration process and authentication process. To achieve this, the regulators require standards-based proven methods that ultimately result in a token (i.e., a ticket or memento) that is cryptographically bound to the bank and codifies the identity of the user, their authentication method, and the bank’s assurance level that the user represented by that token really is who they claim to be.

Always ask for consent

Authentication is important, but, alone, it isn’t enough. Open Finance regulations are clear that users must consent to a business accessing certain data or performing an action such as creating a transaction. But it must also be possible for users to manage and even revoke their consent through an easy-to-use user management service(https://curity.io/product/).

Protect data at all costs

Protecting users’ data can be a challenging task, but it’s a critical one. It takes a long time to build up trust – particularly when finances are involved – and it can be slashed in seconds if users lose confidence in a business’s ability to look after their users. As well as costing customers time, money and frustration, this can ruin a business’s reputation.Consequently, the safety of user data must be prioritised.

A combination of different techniques, frameworks and processes can be introduced to mitigate the risk of fraud, leaking or manipulating data and violating privacy. This is an opportunity to ensure standards are implemented across the board. Standards and directives such as PSD2 are designed to protect user data, as well as securing bank services. Businesses need to ensure they are investing in the right technology to adhere to these standards. By choosing solutions that automatically implement these specifications, businesses can reap the benefits of a secure customer database and improved customer relationships which they are exposing via APIs.

Skills are a priority

In order to do this, businesses must also invest in their teams. It’s not enough to simply put protocols in place. Design and execution requires a specific set of skills which, unfortunately, are high in demand and low in supply. Recent research commissioned by the Department for Culture, Media and Sport found that half of UK businesses (approx. 680,000) have a basic skills gap, lacking staff with the technical, incident response and governance skills needed to manage their cyber security. Meanwhile, a third (approx. 449,000) are missing more advanced skills, such as penetration testing, forensic analysis and security architecture.

Despite being essential – even more so as services are increasingly digitalised, cyber security skills are often poorly understood and undervalued by both management boards and within IT teams. This can lead to a lack of investment in training, mishiring, and poor retention of staff in security roles. This only exacerbates the challenge of building a team that possesses the requisite skills.

Hiring can be hard when there’s a shortage of skills, so businesses need to be creative. This means  considering new recruitment avenues and, importantly, breaking free from the traditional model of what cyber security professionals look like. Curiosity is key, so, for more junior roles especially, attitude should be a key qualification. Businesses should trust that many skills can be acquired on the job if the candidate has the essential fundamental knowledge and drive. To aid in this, employers should provide training and mentorship.

We are seeing a dramatic shift in the financial services sector; something that has not been seen for a very long time. It is an exciting time to be in banking and to be involved in major changes to the sector. There are many opportunities to come with this, but also unforeseen challenges as well. This is the same in cyber security, with prior measures no longer sufficient to guarantee the security of user data. This future requires a financial grade security architecture, implementation of valid user authentication protocols, and the developer competence to maintain such a system. The skills gap in security needs addressing for this future to become a reality. A joint effort is required – a solid, functional team paired with a secure product, and no less.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

Resilient technology is the most important factor for successful online banking services

Source: Finance Derivative

By James McCarthy, Director of Solutions Engineering, NS1

More than 90 percent of people in the UK use online banking, according to Statista and of these, over a quarter have opened an account with a digital-only bank. It makes sense. Digital services, along with security, are critical features that consumers now expect from their banks as a way to support their busy on-the-go lifestyles.

The frequency of cash transactions is dropping as contactless and card payments rise and the key to this is convenience. It is faster and easier for customers to use digitally-enabled services than traditional over-the-counter facilities, cheques, and cash. The Covid pandemic, which encouraged people to abandon cash, only accelerated a trend that was already picking up speed in the UK.

But as bank branches close—4865 by April of 2022 and a further 226 scheduled to close by the end of the year, Which research found—banks are under pressure to ensure their online and mobile services are always available. Not only does this keep customers satisfied and loyal, but it is also vital for compliance and regulatory purposes.

Unfortunately, their ability to keep services online is often compromised. In June and July of this year alone, major banks including Barclays, Halifax, Lloyds, TSB, Nationwide, Santander, Nationwide, and Monzo, at various times, locked customers out of their accounts due to outages, leaving them unable to access their mobile banking apps, transfer funds, or view their balances. According to The Mirror, Downdetector,  a website which tracks outages, showed over 1500 service failures were reported in one day as a result of problems at NatWest.

These incidents do not go unnoticed. Customers are quick to amplify their criticism on social media, drawing negative attention for the bank involved, and eroding not just consumer trust, but the trust of other stakeholders in the business. Trading banks leave themselves open to significant losses in transactions if their systems go down due to an outage, even for a few seconds.

There are a multitude of reasons for banking services to fail. The majority of internet-based banking outages occur because the bank’s own internal systems fail. This can be as a result of transferring customer data from legacy platforms which might involve switching off parts of the network. It can also be because they rely on cloud providers to deliver their services and the provider experiences an outage. The Bank of England has said that a quarter of major banks and a third of payment activity is hosted on the public cloud.

There are, however, steps that banks and other financial institutions can take to prevent outages and ensure as close to 100% uptime as possible for banking services.

Building resiliency strategies

If we assume that outages are inevitable, which all banks should, the best solution to managing risk is to embrace infrastructure resiliency strategies. One method is to adopt a multi-cloud and multi-CDN (content delivery platform) approach, which means utilising services from a variety of providers. This will ensure that if one fails, another one can be deployed, eliminating the single point-of-failure that renders systems and services out of action. If the financial institution uses a secondary provider—such as when international banking services are being provided across multiple locations—the agreement must include an assurance that the bank’s applications will operate if the primary provider goes down.

This process of building resiliency in layers, is further strengthened if banks have observability of application delivery performance, and it is beneficial for them to invest in tools that allow them to quickly transfer from one cloud service provider or CDN if it fails to perform against expectations.

Automating against human error

Banks that are further down the digital transformation route should consider the impact of human error on outage incidents and opt for network automation. This will enable systems to communicate seamlessly, giving banks operational agility and stability across the entire IT environment. They can start with a single network source of truth, which allows automation tools to gather all the data they need to optimise resource usage and puts banks in full control of their networks. In addition it will signal to regulators that the bank is taking its provisioning of infrastructure very seriously.

Dynamic steering 

Despite evidence to the contrary, downtime in banking should never be acceptable, and IT teams can make use of specialist tools that allow them to dynamically steer their online traffic more easily. It is not unusual for a DNS failure (domain name system) to be the root cause of an outage, given its importance in the tech stack, so putting in place a secondary DNS network, or multiple DNS systems with separate infrastructures will allow for rerouting of traffic. Teams will then have the power to establish steering policies and change capacity thresholds, so that an influx of activity, or a resource failure, will not affect the smooth-running of their online services. If they utilise monitoring and observability features, they will have the data they need to make decisions based on the real time experiences of end users and identify repeated issues that can be rectified.

Banks are some way into their transformation journeys, and building reputations based on the digital services that they offer. It is essential that they deploy resilient technology that allows them to scale and deliver, regardless of whether the cloud providers they use experience outages, or an internal human error is made, or the online demands of customers suddenly and simultaneously peak. Modern technology will not only speed up the services they provide, but it will also arm them with the resilience they need to compare favourably in the competition stakes.

Continue Reading

Business

Solving the Future of Decarbonisation in Real-Time

Source: Finance Derivative

Jamil  Ahmed, Distinguished Engineer at Solace

The energy sector has faced many disruptions and challenges in recent years, from pipeline disruption to the growing demand for hydrogen. However, the most significant of all of these is the global desire to decarbonise. The growing concern over fossil fuels has created intense pressure for businesses to transition towards renewable energy sources and cut carbon emissions. Governing bodies have begun to impose regulations on organisations to force them to cut emissions by 3.4 gigatons of carbon dioxide equivalent (GtCO2e) a year by 2050, which amounts to a 90 per cent reduction in current emissions.

The constant development of markets and digital transformations will only increase the demand for energy in the future across all industries. Therefore, reducing emissions, in reality, is no small feat, however harsh or impressive the targets may be. To make decarbonisation a reality in the near term, businesses must adopt an inward-looking strategy to reduce emissions through their own operations. These are termed Scope 1 emissions and refer to emissions released as a direct result of one’s own current operations. Achieving this requires companies to streamline their operations, and improve their internal visibility to measure and track energy consumption.

Detecting emissions

The major challenge companies face in accurately measuring their energy consumption lies in overcoming the mass amounts of siloed data within their system. These data silos not only diminish productivity but also bury these useful insights, compiled into a mountain of data that is hard to identify and analyse. Ultimately, data silos are a result of organisational infrastructure built for a previous era, one with limited technological adoption, and limited pathways for dataflows. Over time these have created complex organisational barriers.

The lack of data transparency in organisational infrastructure is severely undermining businesses’ ability to gain insight from their existing data. This also impacts their ability to share data with external partners in search of meaningful solutions for decarbonisation. The value of data sharing cannot be overstated when searching for innovative solutions. A recent study shows that 45% of businesses in the energy sector see analytics and innovation as critical tools. With the entire energy sector’s ability to effectively decarbonise hinging on data sharing to drive innovation, gaining greater data insights are non-compensatory.

Another major consideration in decarbonisation is power reliability planning when transitioning to renewable energy sources. Solar and wind energy rely on changeable weather factors for operability, the varying levels of power readiness in these energy sources make them difficult to implement into the national grid. This makes reliably planning this an increasingly complex and important part of the decarbonisation journey as the sector must test for long-term stability and the potential for energy transfers and storage. A solution must be found that can address these real-time concerns.

Reliability in Real-time

Real-time data is the information that is delivered immediately after collation and enables businesses to respond to information at lightning speed. Real-time data has a host of usages in the energy sector, from alerting major weather changes that may impact power reliability to detecting overheating or electrical wastage in appliances. These information transfers are known as an ‘event’ that requires further action or response.

Real-time capabilities play a major role in overcoming data transparency issues associated with the sector, in its ability to connect interactions across systems and processes could enable energy providers to effectively identify opportunities in reducing energy wastage.

Event-driven Decarbonisation

Enter event-driven architecture (EDA), the structure that underpins an organisation’s ability to view event series that occur in their system. EDA decouples the events from the system so that they can be processed and then sent in real-time as a useful information resource. This can then be analysed by resource companies to assist with optimising decarbonisation initiatives.

The strength of EDA is its scalable integration platform, as this allows companies to manage enormous quantities of data traffic coming from multiple data streams and energy sources. From this, energy companies can develop durable systems by aggregating information. This can then be sent to control systems to identify power outages or extreme weather events and conditions.

To achieve this, an architectural layer known as an event mesh is required. An event mesh enables EDA to break down data silos and facilitate the real-time integration of people, processes and systems across geographical boundaries. Implementing an event mesh also upgrades and streamlines existing systems/processes to enable better data transparency in real-time data sharing. It is unsurprising that given the great benefits of EDA both in terms of its scalability, durability and agility that a recent study found 85% of organisations surveyed view EDA as a critical component of their digital transformation efforts.

Decarbonising for the future

Regulations on the energy sector are rapidly increasing, most recently the US Senate passed the Inflation Reduction Act (IRA) on August 6th of this year. This Act signals the intense pressure on the energy sector to immediately undertake significant decarbonisation initiatives. It is designed to accelerate the production of greener and more renewable energy sources such as wind and solar. Once nations like the US have begun higher production of the technology that can harness these energy sources, others will follow suit. The only way the large-scale adoption of renewable energy sources will occur is if businesses build real-time capabilities to become event-driven businesses. Only then can the transition to decarbonisation and achieving net zero become a reality.

Continue Reading

Business

Know Your Business (KYB): Exceeding KYC

Source: Finance Derivative

Victor Fredung, CEO at Shufti Pro

Money laundering costs the UK more than £100 billion pounds a year, according to the National Crime Agency, emphasising the need for stringent ID verification of individuals and businesses.

ID verification, however, remains a moving target. The UK’s fraud prevention community CIFAS has warned of surging ID theft. The National Fraud Database increased by 11% in the first six months of 2021, with almost 180,000 instances of fraudulent conduct filed in the first six months of the year. This reflected the aftermath of the 2008 financial crisis, which recorded a 32% increase in identity fraud the following year. CIFAS is warning UK businesses and consumers to expect a continuation of the steep rise in identity fraud for 2021 and 2022 as criminals exploit businesses under pressure.

Businesses can respond with resilient Know Your Customer (KYC) software and protocols. KYC establishes customer identity; understands customers’ activities; qualifies the legitimacy of funding sources; and assesses money laundering risks associated with customers. To date, almost 6,000 financial institutions are using the SWIFT KYC Registry to publish their KYC data and receive data from their correspondent banks.

KYC regulations and procedures are appropriate when the customer or consumer is a named individual.  However, it’s not enough to verify the identity of individuals. It is also important to verify the identity of businesses.  Know Your Business (KYB) tools and regulations are designed for cases where the customer is a business or corporate entity. KYB is particularly important as criminals seek to exploit crypto currencies which can thwart verification techniques, such as anti-money laundering (AML) and KYC.

KYB verifies businesses by obtaining official commercial register data via APIs. By using the registration numbers and jurisdiction code of a business, a digital KYB service can collect confirmable information for the business. This enables corporate organisations to determine if they are dealing with authentic businesses or fake shell companies. KYB services particularly help financial institutions handling the funds of a large customer base and corporate entities.  During this process businesses must improve the customer digital enrolment and authentication experience. End-users resist proving their identity through for example, showing scans of their bank account statements and may abandon service providers whose online enrolment processes increase friction.

Usefully, KYB uses access to automated commercial registers through a data-powered business verification service, expedites due diligence and eliminates errors.  With advances in digital technologies and virtual data sets, KYB compliance and verification tools can mark businesses involved in undercover activities, gathering background data on the company including the registered address, status, company type, ultimate beneficial ownership structures, previous names and trademark registration. A financial summary of the company’s operational accounts is also provided by the authentication service, to help validate its authenticity.

Here, Artificial Intelligence (AI) can come into its own, determining the identity of individuals and the financial risk attached to that person with AML Compliance solutions. AML services can check the involvement of an individual company in any watchlist or financial risk database, at scale. Machine learning algorithms can detect forged documents or disguised ownership structures. Nationality verification and geolocation targeting can determine the true country of origin of international clients and the jurisdiction of the company.

However, adoption of KYB processes has been sluggish: last year research undertaken by kompany indicated only 5% of financial institutions (FIs) have an automated B2B or corporate banking onboarding process, with 75% of FIs still relying on Google searches to identify Ultimate Beneficial Owners (UBOs), annual filings and financial accounts. Financial services organisations also struggle to manage the complexity of KYB, and the siloed approach to managing information within an FI can make KYB adoption more challenging.

A further challenge for KYB compliance lies in accessing beneficial ownership information, especially in jurisdictions that do not require companies to submit relevant documentation. A lack of shareholder information makes it harder to investigate money trails and business authenticity. Timely availability of data, across international borders in the right format, is another hindrance, especially as company structures and management change over time. This is why geography and industry specific vendors will be of value to businesses needing to conduct ID checks. It is also why businesses must find the right vendors who can be a one stop shop to manage their KYB adoption and must prioritise the user-experience for frictionless onboarding and regulatory compliance.

Banks have experienced difficulties with KYC verification for their customer onboarding, transaction authentication, and remote banking services. This why they may find it hard to trust a KYB service provider. However, FIs and businesses face a pressing need to determine the ultimate beneficial ownership structure of the corporations they are dealing with. The need for a credible, cross-border KYB provider has rarely been more pressing, and according to Forrester, Know-your-business IDV will ‘make or break Identity Verification players.

Know-your-business IDV can make critical difference in identity verification.  With the increase in B2B commerce it has become more urgent to verify both individuals and organisations and their representatives.

The cost of not adopting KYB technology is dwarfed by the prospect of data breaches, fraud and reputational damage. For financial institutions, legitimacy and verification of the business is key for growth. The software solutions exist and are ready to be implemented.  he National Fraud Database increased by 11% in the first six months of 2021, with almost 180,000 instances of fraudulent conduct filed in the first six months of the year. This reflected the aftermath of the 2008 financial crisis, which recorded a 32% increase in identity fraud the following year. CIFAS is warning UK businesses and consumers to expect a continuation of the steep rise in identity fraud for 2021 and 2022 as criminals exploit businesses under pressure.

Businesses can respond with resilient Know Your Customer (KYC) software and protocols. KYC establishes customer identity; understands customers’ activities; qualifies the legitimacy of funding sources; and assesses money laundering risks associated with customers. To date, almost 6,000 financial institutions are using the SWIFT KYC Registry to publish their KYC data and receive data from their correspondent banks.

KYC regulations and procedures are appropriate when the customer or consumer is a named individual.  However, it’s not enough to verify the identity of individuals. It is also important to verify the identity of businesses.  Know Your Business (KYB) tools and regulations are designed for cases where the customer is a business or corporate entity. KYB is particularly important as criminals seek to exploit crypto currencies which can thwart verification techniques, such as anti-money laundering (AML) and KYC.

KYB verifies businesses by obtaining official commercial register data via APIs. By using the registration numbers and jurisdiction code of a business, a digital KYB service can collect confirmable information for the business. This enables corporate organisations to determine if they are dealing with authentic businesses or fake shell companies. KYB services particularly help financial institutions handling the funds of a large customer base and corporate entities.  During this process businesses must improve the customer digital enrolment and authentication experience. End-users resist proving their identity through for example, showing scans of their bank account statements and may abandon service providers whose online enrolment processes increase friction.

Usefully, KYB uses access to automated commercial registers through a data-powered business verification service, expedites due diligence and eliminates errors.  With advances in digital technologies and virtual data sets, KYB compliance and verification tools can mark businesses involved in undercover activities, gathering background data on the company including the registered address, status, company type, ultimate beneficial ownership structures, previous names and trademark registration. A financial summary of the company’s operational accounts is also provided by the authentication service, to help validate its authenticity.

Here, Artificial Intelligence (AI) can come into its own, determining the identity of individuals and the financial risk attached to that person with AML Compliance solutions. AML services can check the involvement of an individual company in any watchlist or financial risk database, at scale. Machine learning algorithms can detect forged documents or disguised ownership structures. Nationality verification and geolocation targeting can determine the true country of origin of international clients and the off shore status of a company.

However, adoption of KYB processes has been sluggish: last year research undertaken by kompany indicated only 5% of financial institutions (FIs) have an automated B2B or corporate banking onboarding process, with 75% of FIs still relying on Google searches to identify Ultimate Beneficial Owners (UBOs), annual filings and financial accounts. Financial services organisations also struggle to manage the complexity of KYB, and the siloed approach to managing information within an FI can make KYB adoption more challenging.

A further challenge for KYB compliance lies in accessing beneficial ownership information, especially in jurisdictions that do not require companies to submit relevant documentation. A lack of shareholder information makes it harder to investigate money trails and business authenticity. Timely availability of data, across international borders in the right format, is another hindrance, especially as company structures and management change over time. This is why geography and industry specific vendors will be of value to businesses needing to conduct ID checks. It is also why businesses must find the right vendors who can be a one stop shop to manage their KYB adoption and must prioritise the user-experience for frictionless onboarding and regulatory compliance.

Banks have experienced difficulties with KYC verification for their customer onboarding, transaction authentication, and remote banking services. This why they may find it hard to trust a KYB service provider. However, FIs and businesses face a pressing need to determine the ultimate beneficial ownership structure of the corporations they are dealing with. The need for a credible, cross-border KYB provider has rarely been more pressing, and according to Forrester, Know-your-business IDV will ‘make or break Identity Verification players.

Know-your-business IDV can make critical difference in identity verification.  With the increase in B2B commerce it has become more urgent to verify both individuals and organisations and their representatives.

The cost of not adopting KYB technology is dwarfed by the prospect of data breaches, fraud and reputational damage. For financial institutions, legitimacy and verification of the business is key for growth. The software solutions exist and are ready to be implemented.

Continue Reading

Copyright © 2021 Futures Parity.