Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels
Blog article
See all stories »

Channels

Security

Group

Trends in Financial Services
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

The next security target is not a bank

Most Australian banks have successfully rolled out two-factor authentication, which means the security spotlight is starting to shift to the weaker links in our online economy.

Whether its retailers looking to offer financial services, or online social finance sites like Wesabe or Mint, it seems security vendors and analysts have found a new fish to fry.

At Online Banking Review’s security forum AusCERT general manager Graham Ingram told the audience “Everybody talks about the banks, my real concern is everyone else…we need to raise our focus from the financial sector to the online economy, which is really where all the action is”.

And in June research house TowerGroup argued most new online personal finance sites posed a security risk because they only offered single-factor authentication. They also called on the US Government to consider applying the FFIEC guidance regarding online authentication to these and other online sites that requested personal financial information.

I think this argument misses the point of what social finance sites actually do. To begin with they aggregate data and then allow users to decide which data is kept private and which is shared. It’s the sharing of a collective pool of data that helps users gain the most benefit from the service, while still protecting their individual information.

Secondly, and probably most importantly, consumers can’t use social finance sites to move money. The sites are simply a way of gaining access to information in a more convenient format, and where consumers feel comfortable about it, sharing that information with others.

While some analysts argue non-bank social finance sites should take a leaf from the book of their major bank counterparts, I would argue the opposite may be true.

For example, if you compare the Commonwealth Bank’s 24-page privacy policy statement with Wesabe’s Data Bill of Rights, you’ll get a feel for which group is doing a better job of educating consumers about how to manage what is essentially their data.

It could only be a matter of time before bankers start pointing the finger at social finance sites arguing they are less secure. Rather than help consumers I think this type of competitive behaviour would add to the overall level of confusion in the market about the protection of financial information.

I’ll be speaking on the topic of marketing security at next month’s Australian BankTech forum, so I’m interested in your opinion. Should businesses compete on security? Do social finance sites like Wesabe deserve greater scrutiny over data management?

4475

Channels

Security

Group

Trends in Financial Services
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Report abuse

Comments: (2)

John Fitzgerald
John Fitzgerald - AIB - Dublin 22 August, 2008, 08:41Be the first to give this comment the thumbs up 0 likes

I think banks have been competing on security for centuries. Marketing around security of investment and guaranteed returns are the norm. These notions are shorthand for getting a message across to consumers without having to go into the small print of financial detail.

Even architecturally, the main message of banks has been one of solidity - massive stone columns designed to imply impregnability ..

Competing on security is nothing new.

Report abuse
Nick Collin
Nick Collin - Collin Consulting Ltd - London 22 August, 2008, 11:21Be the first to give this comment the thumbs up 0 likes

This is an interesting subject - I wrote a paper on it for the CSFI about 15 years ago! (see http://www.csfi.org.uk/pubslist.htm).

John is right - although banks in public always claim security is not a competitive issue, in practice, as with many aspects of banking, they actually all do a delicate act of both collaborating and competing on security simultaneously.

They need to collaborate to establish the security and trust of the banking industry as a whole, in competition with other industries - this trusted status is one of banking's main strengths.  Then they compete with each other on top of the common trusted infrastructure.

The best example of this is the Identrust scheme (see http://www.identrust.com/) where after many years the banks have now established a common infrastructure based on PKI and individual member banks are now beginning to launch applications on top of this infrastructure which they sell competitively to corporate customers.

Report abuse
Join the discussion

Member since

0

Location

0

More from member

This post is from a series of posts in the group:

Trends in Financial Services

A community to discuss the future of financial services and any other interesting trends, strategies, ideas, views.

See all
Community
See all blogs »
Fintech 

How innovation in encryption is helping secure the credit card approval process

Ghazi Ben Amor

Ghazi Ben Amor

Operational Risk Management 

DORA – Navigating the EU’s Operational Resilience Landscape

Antony Fung

Antony Fung

Fintech 

The importance of risk management in trading

Kate Leaman

Kate Leaman

Digital Identity Management 

Navigating the digital identity landscape: A blueprint for financial services competitiveness

Adam Preis

Adam Preis

Now hiring

See more