Connect with us

Business

WHAT SECURITY LESSONS CAN THE WORLD OF TRADITIONAL FINANCE TEACH CRYPTOCURRENCY FIRMS?

Source: Finance Derivative

By Michael Magrath, VP Global Regulations and Standards

Cryptocurrency has had a whirlwind of a year. The growth in popularity of currencies like Bitcoin and Ethereum saw valuations skyrocket, whilst government crackdowns in countries including China and Turkey – and even Tweets by Elon Musk – caused them to fall just as dramatically.

Meanwhile, financial institutions have bought and sold cryptoassets in vast quantities, mainstream consumer payment providers have started offering digital assets to their customers, and Bitcoin has even become legal tender in El Salvador.

However, these exciting developments have been punctuated by regular reports of significant cyberattacks on crypto exchanges and custodians. Research shows that $1.9 billion worth of cryptocurrency was stolen by hackers in 2020. And just last month, hackers successfully targeted Japanese blockchain-based platform Poly Network and extracted more than $600 million in Ethereum and Binance coins, as well as the stablecoin, USD Coin (USDC) tokens.

The crypto regulation challenge

Since the invention of crypto, regulation has lagged behind technological advancements in the space. Nonetheless, crypto continues to edge its way into the financial mainstream. Unlike cryptocurrency firms, banks and other traditional financial institutions are required to comply with complex and demanding security standards. These ensure that they’re equipped with the necessary resources and skills to continually adapt to the rapidly shifting cyber threat landscape.

Despite huge efforts from global regulators and international monetary organisations to effectively build frameworks for the secure, safe exchange and storage of crypto assets, the crypto space remains very underregulated. This can be attributed in part to the breakneck pace of innovation in the industry, which makes it nearly impossible for policymakers to ensure that consumers are protected.

Recently, Gary Gensler, US Securities and Exchange Commission chief, urged crypto trading platforms to register with his organisation on the grounds that many cryptocurrencies qualify as securities. He warned that, for the crypto market to still be relevant in ten years, firms would have to start operating within a public policy framework.

Today, many central banks are now working on releasing their own digital currency. These public currencies referred as Central Bank Digital Currencies (CBDC) will compete with private currencies like bitcoin and others. While this is an ongoing process, industry bodies and governments alike are seeking to establish regulations and guidance to ensure fair competition.

Lessons must be learned

Any technological innovation inevitably carries with it a degree of cyber security risk. Cryptocurrency is no different in this regard. Every new way to trade, store or monetise digital assets opens a new channel for hackers to exploit. It’s like when Apple releases an updated version of its operating system – a stream of security updates inevitably follows, as developers plug potential exploits and vulnerabilities. The difference is that most crypto firms have nowhere near the research and development resources of a major financial institution or tech giant.

All this doesn’t mean that the battle is lost, and crypto firms are condemned to a future of frequent cyberattacks. Instead, there are a series of practical, achievable steps that firms can take to protect themselves. Let’s examine the recent Coinbase hack. Though a disaster for the 68 million users at risk of losing their assets, by traditional finance standards, the cause of the breach was extremely simple – and therefore relatively easy to guard against in future. According to experts, the attack was a “SIM swap”, where hackers compromise victims’ mobile phone numbers and use these to authenticate themselves as a valid account holder.

For many years, SIM swap fraud was a method commonly used by malicious actors to gain access to the bank accounts of unsuspecting consumers. As a result, financial institutions moved away from using text messages as a form of authentication. Utilising text messages for multi-factor authentication (MFA) often puts the onus of protecting customer data on mobile network operators, whose systems are not designed to withstand such attacks. This is the security equivalent of locking the Mona Lisa away in a self-storage unit, rather than the Louvre.

The U.S. Federal Financial Institutions Examination Council (FFIEC) appropriately notes in its updated Guidance Authentication and Access to Financial Institution Services and Systems that not all MFA solutions offer equal usability and security pointing out that “certain MFA factors may be susceptible to ‘Man in the Middle’ (MIM) attacks, such as when a hacker intercepts a one-time security code sent to a customer.”  This is true as NIST uses this example in its Digital Identity Guidelines: Authentication and Lifecycle Management (Special Publication 800-63B). In July 2020, NIST published Special Publication 800-63: Digital Identity Guidelines FAQs reminding readers that SMS-OTP is a “restricted” authenticator.

Instead, most major banks now use Mobile PUSH notifications for MFA, verifying customer identities using a secure mobile app. These apps often employ the latest ID verification technologies – such as AI, biometrics and liveness detection – to ensure that access can only be gained by a genuine account holder. Looking forward, crypto firms urgently need to re-examine their user authentication practices, using these technologies to stem the flow of authentication-based hacks.

Implementing user verification policies

Unlike online banking fraud or card identity theft, it’s extremely difficult for crypto firms to mitigate the effects of a hack. This is because cryptocurrency transactions are irreversible and can only be refunded by the recipient. So, once a hack happens, funds are usually lost forever. This makes preventing hacks from occurring in the first place even more important.

What’s more, crypto networks typically rely on pseudo anonymity, where users are identified only by a string of random letters and numbers known as an address. This makes it very difficult to identify the perpetrators behind a hack and bring them to justice. Plus, since networks are decentralised and trustless, there is no way to identify transactions subsequently made with stolen cryptocurrency.

By contrast, traditional banks have for many years been subjected to stringent Know Your Customer regulations, designed to prevent money laundering. In 2019, the Financial Action Task Force (FATF) adopted strict AML/CTF requirements on Virtual Asset Service Providers (VASPs), which include crypto exchanges.  In its latest draft to revise its 2019 requirements, it states, “regardless of the nature of the relationship or transaction, countries should ensure that VASPs have in place effective procedures to identify and verify, on a risk basis, the identity of a customer, including when establishing business relations with that customer; where VASPs may have suspicions of ML/TF (money laundering/terrorist financing), regardless of any exemption of thresholds; and where they have doubts about the veracity or adequacy of previously obtained identification data.”

There’s no doubt that crypto firms need to take security more seriously. The risks of not doing so are enormous. On the one hand, every successful hack chips away at already shaky consumer trust. On the other, there’s the very real possibility of inspiring the ire of regulators, who have the power to impose draconian regulation that would stifle the growth of this nascent industry.

When it comes to security, crypto firms can learn a lot from their older, more established peers in the world of traditional finance. If they are to build and maintain the credibility needed to become trusted, mainstream providers of financial services, they need to avoid repeating past mistakes made by banks and financial institutions. It’s now up to crypto firms to take advantage of the wealth of security resources available to them.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

Leveraging Technology for Sustainable Logistics and ESG Compliance

by Will Lovatt, General Manager and Vice President, Deposco Europe

A growing number of consumers are demanding packaging that is sustainable and environmentally friendly.. Consultancy, McKinsey, recently launched a survey to explore people’s attitudes to the topic across 11 countries worldwide. In all surveyed countries and across end-use areas, the majority of respondents claim to be willing to pay more for sustainable packaging,

Of course, features and functions remain important, but the sustainability and ESG (Environmental, Social, and Governance) aspects of the logistics process are becoming increasingly significant in consumers’ purchasing decisions.  The entire supply chain, including the sourcing of raw materials, manufacturing processes, packaging, delivery methods, return policies, labour practices, and initiatives for regeneration, is under scrutiny. Today’s informed consumers are making deliberate choices, favouring brands and delivery services that align with their values on these fronts. Therefore, it’s essential for brands to not only maintain high standards of service but also to provide a variety of delivery options. This range should cater to immediate needs as well as offer solutions like batched deliveries at convenient pick-up points, catering to the growing demand for flexibility and sustainability in the shopping experience.

Regulation and risk management

Consumers are undoubtedly a driving force in ESG-focused logistics transformation, but businesses must also meet a growing number of regulations that are driving the need for ESG considerations in the logistics sector. For example, the European Union’s Sustainable Products Action Plan includes several requirements for businesses to provide information about the environmental impact of their products. Now, we expect regulators to be closely monitoring final mile delivery and whether zero emissions vehicles are being utilised, at least within urban areas.

From a risk management standpoint, ESG considerations are critical. Neglecting ESG risks exposes businesses to reputational harm, financial penalties, and legal repercussions. Today’s consumer sentiment is such that unsustainable logistics practices can prompt consumer boycotts or lead to regulatory fines, underlining the importance of ESG compliance in modern logistics operations.

The role of technology in greening logistics

So what can businesses do to mitigate ESG challenges? To address ESG challenges, businesses must transition from traditional paper-based systems to advanced technology solutions. These solutions enhance visibility across the entire supply chain, from production to delivery. Distributed order management systems, for instance, offer real-time insight across extended fulfilment networks, enabling the optimised allocation of consumer orders to the most suitable stock sources, balancing cost and speed. In today’s era of stringent ESG and sustainability standards, it’s crucial for organisations to have comprehensive oversight over the movement of goods and the various stakeholders involved, beyond mere timing. This technological shift is essential for meeting the evolving demands of ESG compliance and sustainable logistics.

Actively tracking the credentials and integrity of every checkpoint in the supply chain is now everyone’s problem. Consumers care deeply about the ethical sourcing of raw materials and the labour practices of third-party logistics firms involved in product sourcing. Technology can allow organisations to map the complete movement of a specific customer order, from acquisition to  final shipment, and then notify that customer directly.

Organisations then need to implement sustainable practices in the warehouse, leveraging technology to optimise operations. This includes using technology to determine the most efficient customer packaging sizes, reducing waste, and guiding staff on consolidating orders to minimise shipments and cut carbon emissions. Additionally, offering consumers options like click-and-collect can align with their existing plans, promoting sustainability rather than just delivery speed. Providing flexible delivery options is increasingly seen as crucial, as the fastest route is typically not the most eco-friendly.

A sustainable future

As data and computer security threats evolve, we’re now transitioning to increased controls around how our products are made, procured, packaged and shipped to the public. For a variety of reasons, from ethical to legal and public sentiment, ESG considerations and controls are becoming increasingly important in logistics and fulfilment.

Alongside this, the trajectory is for more sales to be made via Direct-to-Consumer channels, the desire for more convenient services and customer willingness to hop brands means that businesses  must prioritise sustainable practices. Consumers now expect the ability to customise delivery parameters and choose from transparently-priced options, or they will take their business elsewhere. Brands must manage their order and delivery options effectively to stay competitive.

The key to improving supply chain management lies in adopting sustainable order management and fulfilment technologies. Companies should invest in the latest platforms that support best practices in ESG strategy. These advanced solutions enable compliant processes, cost-efficient operations, increased sales, efficient DTC fulfilment and positive customer experiences.

Continue Reading

Business

How AI is turning IoT data into actionable insights in the public sector

By Mark Gannon, Director of Client Solutions at Netcall

The use of IoT devices within the public sector is growing rapidly, presenting opportunities for greater efficiency, cost savings, and vast service improvements among a plethora of other benefits. From transportation, infrastructure and even waste management, the ability to monitor and capture data in a range of critical areas has the power to transform organisations across the sector.

Health and Social Care is one setting where IoT devices can drive real impact by significantly improving the day-to-day lives of vulnerable people. In fact, late last year, it was announced that the Glasgow City Region would receive over £3 million to deliver a Health and Social Care-focused project driven by IoT technologies, as part of wider 5G connectivity funding to make public services better. Remote sensors can be used within social housing to detect and control factors such as damp and mould whilst motion sensors can alert emergency services if a vulnerable resident has fallen – not only helping to provide better care, but enabling care to be delivered more efficiently and rapidly to those that need it.

With public sector spending under constant scrutiny, and wider budget cuts increasingly forcing those operating in the sector to achieve more with less, technology that can easily connect and exchange data from device to system, removing a number of manual workflows and processes, is proving invaluable. Taking that one step further, being able to leverage that data and turn it into actionable insights in the future is fast becoming an exciting reality.

So, what’s holding the public sector back from leveraging IoT devices in this way?

The short answer: Data.

Mark Gannon

Managing IoT-associated data adds a layer of complexity to those responsible for it. With IoT devices typically uploading data multiple times a day,  analysing, and actioning the torrents of data can soon become a mammoth task.

IoT and AI: a winning combination

The application of AI alongside IoT is rapidly being recognised as a key solution to this rising data deluge. Not only can it ease the administrative burden by ensuring the IoT devices and any associated workflows are working effectively, but it can also be used to spot any trends and patterns within the device data. Insights such as these can inform longer-term solutions and decisions whilst also acting as predictive analytics to anticipate the likelihood of certain events occurring in the future. 

In the case of Health and Social Care, this could mean predicting the probability of a vulnerable resident having a fall based on previous data gathered and putting preventative measures in place to reduce this. IoT wearables are another rising trend in the healthcare setting and can be used to track vital signs and detect anomalies that may need urgent attention. Meanwhile for social housing, using smart solutions including intelligent automation and IoT can help housing providers significantly reduce their risk management burden. For example, the data gained from IoT sensors in tenant homes can be used to proactively identify damp and mold risks and automate alerts.

Looking at the public sector more broadly, we could also see the combination of AI and IoT optimised services such as traffic management, waste management right through to public safety and even managing air quality. By using AI to analyse and draw insights from IoT devices, the concept of the smart city is much closer than we think. AI can use IoT sensor data alongside cameras already in position to adjust traffic signals, optimise routes and even detect incidents and alert public services. It is also expected to play a key role in managing and reducing public service energy consumption, by monitoring and controlling street lighting and other public infrastructures.

Turning insight into action

Whilst AI can take care of the initial analysis, to truly extract the value from IoT data, public sector organisations must ensure these insights are fed into the right systems and married up with the correct workflows to turn them into action.

Fortunately, with the use of application development tools such as low-code application platforms, organisations can rapidly create processes that utilise IoT and AI-driven data, connecting it to internal as well as third-party systems. These solutions move away from traditional development, which can be costly and time-consuming, and can empower broader teams to rapidly build and develop their own applications using a visual drag-and-drop interface. By doing so, organisations can quickly integrate systems and technologies to access actionable data.

As AI and IoT technology continue to advance, we can expect to see more innovative and impactful use cases in the future. Unlocking the benefits, however, will hinge on having the systems and processes in place to trigger next steps. By leveraging the tools that enable this, public sector organisations can use the data from connected devices to create powerful, proactive and dynamic services that fulfil the growing needs of its customers.

Continue Reading

Business

Enhancing sustainable commitments in retail banking

Source: Finance Derivative

Mikko Kähkönen, Head of Payment Cards Portfolio at Giesecke+Devrient

Today, more consumers are keeping environmental pledges from banks at the forefront of their financial decisions, and those banks that fall behind their competitors on sustainable action are risking the loss of customers, particularly among the younger generation. This shift highlights a growing expectation from consumers for their banks to make and uphold sustainable commitments, signalling a change in consumer priorities where environmental responsibility is increasingly seen as essential, not just an optional extra. Giesecke+Devrient research shows that as many as 64% of Gen Z consumers would be happy to switch banks if their current provider didn’t meet their expectations.

However, sustainable commitments must be authentic to avoid any accusations of greenwashing. Unfortunately for the banking sector, consumer trust is being strained as greenwashing incidents have risen by 70% around the world. Banks can’t simply make claims that can’t be backed up; pledges must be supported by evidence. There’s a number of practical steps they can take to prove their credentials.

Banking on the evolution of cards

The bank card has increasingly become a physical symbol of the relationship between consumer and bank. As such, banks have taken steps to ensure that it is designed with sustainability in mind. Many are now created with recycled PVC material, commonly up to 100%, with a lower carbon footprint.

Some banks are elevating their sustainable credentials by utilising cards that are made from plastic collected in oceans and coastal regions, helping to clear up the world’s beaches. Alongside this, others are issuing cards made of polylactic acid sourced from (inedible) corn starch. This is a fully renewable biomass that could be industrially composted.

Sustainable cards can then encourage further sustainable initiatives. We’re more often seeing issuers now actively taking part in local conservation, community development and educational projects around the world to help benefit the planet. Communicating these efforts to customers can help reinforce sustainable credentials and leave tangible evidence that proactive action is taking place.

Contributing to the circular economy

Powering the sustainable credentials of issued cards is one aspect, but it’s also vital that banks encourage their customers to do the right thing with them once they expire and they need to be discarded of. We’re already seeing prominent banks making progress in this area. UK retail bank, Santander, has launched a pilot scheme in branches and ATMs that encourages customers to return their outdated credit and debit cards for recycling, for example.

The collected cards are then turned into plastic pellets to be used elsewhere, for instance to make outdoor furniture, sponsored by Santander, for local communities. As more banks opt for card recycling, consumers will be empowered to dispose of their old or expired cards in a green way and help to reduce ecological footprint.

Into the digital world

Outside of card innovations, retail banks can add to their credible green claims with digital solutions. As an example, the card issuance process has typically involved paper letters, with additional PIN letter, that are posted out to customers to activate their payment cards. Instead, an ePIN service can enable customers to instantly access their PIN via their choice of a mobile app or SMS message, reducing paper waste and waiting times.

There are also innovations taking place in terms of QR codes and augmented reality (AR) solutions to enable digital marketing offerings. This means that printed collateral doesn’t need to physically sent out in the post. The more that these types of communications are sent out digitally, the more that consumers see a tangible commitment to sustainable practices.

Banks can even take an additional step by deploying third-party partners to track the CO2 footprint involved with every purchase or payment. By opting for organisations that have a solid track record in green practices, such as supporting product certifications and information on eco-products and their claims, they can make steps to compensate for each transaction carbon footprint.

Contributing to the green story

To ensure they don’t come under any criticism regarding their environmental claims, banks and financial institutions have the opportunity to adopt sustainable practices that align with their customers’ expectations for eco-friendly commitments in both their physical and digital services. They can introduce banking cards made from recycled or entirely compostable materials, eliminating plastic waste.

Digitally, banks can minimise unnecessary paper use by employing online applications to simplify the process of delivering PINs. By innovating in these domains, they can fulfil their environmental responsibilities and establish that essential trust with consumers, contributing positively to the planet’s wellbeing.

Continue Reading

Copyright © 2021 Futures Parity.