For Finextra's free daily newsletter, breaking news and flashes and weekly job board.
One of the main challenges Digital Banking professionals face is to find the equilibrium point between security and functionality. At the end of the day we all want to provide the best digital banking experience in the most secure way. So is this possible?
I think it is, I like “functional security” expression which means security enabling the business, rather than disabling.
When I started my career as internet security professional back in 1998, before we started to work on online banking project, the very first task given by the bank to me was to monitor erotic web site visiting employees! For the last 17 years, I have not
met single “porn site visitor bank employee attack” so far then this made me think that some risks are real, some are not.
This is the short version of the post.
Starting from Tip 2 to Tip 30 only short versions of my posts are available at Finextra. From Tip 31, full (long) versions of my posts can be read here.
Very interesting post Tolga. I agree that in all the payment services I launched over the past 15 years getting the balance right between security and consumer experience was the hardest thing.
It has therefore been interesting to hear from FIDO about the many implementations of a Passwordless Experience http://www.finextra.com/blogs/fullblog.aspx?blogid=10476 .
Is this somthing your bank and others in Europe are considering?
Thanks a lot Charmaine. I heard about FIDO, you also wrote an excellent article about it - that I enjoyed a lot. Currently, we work intensively on Biometric (not necessarily only Apple fingerprint) solutions and EBA guideline's compliance - that would be
started to be enforced starting from August 2015.
In my opinion FIDO still needs some time, the main challenge is device dependency (either in the form of biometric reader featured smart phone or another stand alone device) - plus some demographic issues too. In Europe, not all countries and not all customers
have the same level of access to the prequisites of FIDO. Even so, it is where we should go as I mentioned in my blog -our devices will be our IDs.
Also please note that sophisticated attacks start with getting control of clients' PC - that may mean that regardless of security tool used in the PC, they are vulnerable. As you know, EBA (European Banking Authority) Guidelines on internet payments security
- would not like browser related security tools.
19 Mar 2009
This post is from a series of posts in the group:
A discussion of trends in innovation management within financial institutions, and the key processes, technology and cultural shifts driving innovation.