Mike Kiser, Senior Identity Strategist, Office of the CTO, SailPoint, discusses the cybersecurity challenges faced by the new generation of ‘Challenger Banks’
The moment of reckoning has come.
A party of eight sit around a table, the white tablecloth strewn with the detritus of a communal meal. Coffee is slowly sipped as they contemplate how to divide the bill. Unlike in years past, this is a simple operation: mobile devices come out and money is rapidly exchanged as modern technology facilitates a multiparty transaction. In mere seconds, the issue is resolved and conversation continues unabated.
This scenario is a prime example of the impact of innovation in the financial sector. New methods for individuals to govern and access their money are emerging monthly, and a new mode of banking continues to evolve.
When the Financial Services Act of 2012 came into force, the barrier to entry into the banking industry was lowered significantly; over the past seven years, this has enabled various Challenger banks to provide more nimble alternatives to the larger banking groups. These nascent entities have changed the way many utilize personal financial services; in-person interaction has been replaced by the ubiquitous mobile app, and new technologies such as digital currency are being rapidly introduced as ease-of-use demonstrates its importance to younger generations.
This convenience does not come without a cost, however. Maturing — either as a human or as a financial institution — is not easy. Compliance with regulations is proving difficult for many of these new entrants into the market, and they also face unexpected challenges with rise of cybercrime and tactics such as phishing. For these new enterprises to grow past their initial user base, they will have to develop capabilities to address these challenges.
Compliance with consumer protections, both great and small, has long been a task for any business that serve the general public. The regulations placed on financial institutions are showing themselves to be formidable for newcomers to the market, and that’s even with an extension for certain portions of regulations such as the strong customer authentication (SCA) portion of PSD2. And as customers place a higher premium on security as a core value, proper cybersecurity features will become essential to successful institutions.
This continued emphasis on cybersecurity is a natural consequence of growth. As these new entrants into the banking market gain more market share, they become consequently more attractive for cybercriminals. Capabilities such as two-factor authentication (2FA), high-grade encryption for data (both in transit and in storage), identity-proofing, and a zero-trust security strategy based on identity will need to be woven into the very fabric of the financial solution. Ideally, these facilities would have been part of the base offering from the beginning; regardless, consumers are increasingly focused on security. The ongoing surge in financial innovation can only be sustained by a continued demonstration that new technology is safe — and that it can be trusted with valuable assets. These measures will reduce the risk to the consumer and demonstrate that these new banking institutions are taking their responsibilities seriously.
The banking industry has been accelerated into the future by these upstarts, but for them to be viable in the long term, they must come to terms with the fact that true growth is marked by the capability to address the security needs created by success. By addressing these needs now — by investing in the security tools and infrastructure now — they will be prepared before the bill comes due, and their conversation with their clients can continue unimpeded.