Dealing with the dark side of rapid digitisation in financial services
Anton Jacobsz, MD at Networks Unlimited, says mobile payments and digital banking are evolving at breakneck speed across Africa, raising new digital security risk.
Across the African continent, organisations offering banking, lending, insurance, trading, and payments services are seeing the opportunities for technology to increase levels of financial inclusion, and delight customers with superior experiences, says Anton Jacobsz, MD at Networks Unlimited.
In fact, due to vast geographies and generally poor branch-based infrastructure, many African countries are ideally placed to embrace new digital (and particularly mobile) financial services tools. A recent McKinsey paper pegged mobile payment penetration in Kenya at a staggering 86% of households, for example.*
Closer to home, South Africa's major banks, insurers and wealth professionals are embroiled in a fast-paced competition to provide the broadest array of financial services on smartphones and tablets. This year, the first bricks-and-mortar banking branches started to close, with more on the cards over the coming years.
And the digital journey is only just getting started.
Aruba delivers mobile-first networking portfolio to accelerate the move to the digital workplace
However, the side effect of embracing technology in financial services is that the cyber crime threat landscape is becoming ever-more complex and dangerous. Banks, commerce portals and payment services are the main targets of attack in the new era of sophisticated cyber crime. Today, attacks can happen in a matter of minutes or seconds, and with devastating consequences.
PWC's Global Economic Crime Survey of 2016 succinctly describes this ‘digital paradox': "Organisations today are able to cover more ground, more quickly, than ever before – thanks to new digital connections, tools and platforms which can connect them in real time with customers, suppliers, and partners. Yet at the same time cyber crime has become a powerful countervailing force that's limiting that potential".
The most common forms of attacks in this evolving threat landscape – malware/crimeware, Web application attacks, point of sale attacks, insider compromises, and distributed denial-of-service attempts – pose massive financial and reputational risk to organisations.
Social engineering is also evolving – from the badly-written faux bank e-mails we previously viewed with chagrin, to sophisticated multi-phase efforts at collecting different data sets to commit digital identity fraud. Financial services providers across Africa, like the rest of the world, have the two-fold responsibility of ensuring their technical security measures outpace cyber-criminals, as well as educating their staff and customers on the latest social engineering techniques.
Dealing with this requires financial services organisations remain continually alert to attacks, and conduct regular threat assessments. The highly-coordinated nature of modern cyber crime requires an equally well connected overall information security strategy – which offers real-time identification analysis and organisation-wide protection from threats.
Looking slightly further ahead, in the next phase of our digital economy, APIs and integrated systems will connect various financial services players, to provide the optimal customer experiences. Loosely termed ‘FinTech, this era will see traditional financial players partnering with providers of mobile wallets, new payment solutions, cryptocurrencies, social lending, crowdfunding services, and personal financial management tools, among others.
Effectively and securely connecting with these various players will further complicate the threat landscape. An organisation's security posture must enable new business opportunities within digital ecosystems, while simultaneously addressing all of the security, privacy, regulatory compliance, and governance requirements.
By partnering with leading security experts, deploying the right technologies, and taking a cohesive, enterprise wide view of security, it becomes possible to detect and prevent malware, phishing and other attacks in real-time – effectively securing digital customers across all channels, and dramatically reducing the risks of online identity theft.
As Neill Burton, VP Channels and Alliances UKISSA at F5 Networks – a leading cyber-security company, states: "F5 are witnessing a significant increase in organised cyber crime within the financial industry, with such activity driving adoption of our anti-fraud solutions in addition to more traditional network and application protection offerings. Having a capable organisation such as Networks Unlimited driving awareness in this area in the African markets is a welcome ally in this war on crime."