26 September 2017

Dave Lock

David Lock - Insider Technologies

12Posts 31,808Views 7Comments

Banking - Mission: Impossible in disguise?

19 June 2013  |  1945 views  |  0

Bankers have a reputation of being very conservative and well, frankly, boring. As an ex-banker I’d like to defend this and say that rather than the image of grey suited accountants, they should be seen as heroes like Tom Cruise in Mission: Impossible. After all – bankers are in the risk business – and are taking risks every day.

Here in Malaysia, bank branches have a little more edge to them, with armed guards casually caressing shotguns and looking very bored – you don’t get that in sleepy Norfolk where I live when I’m in the UK. The point is that bankers adapt locally to the risk, and balance it on how to mitigate the risk. A branch has the possibility of getting robbed – and the bank puts in compensating controls to reduce that risk – but short of never letting anyone in the branch it will always have the possibility of getting robbed.

A recently published report by an ethical hacking group about industries and their protection against security breaches, gave me a new perspective on data security in banking– especially in light of the recent frauds against Middle Eastern banks. Some interesting things struck me about their figures. The banking industry was one of the better protected – but does take a long time to close loopholes once discovered. Also, 71% of banks had systems that track for online fraud. Which put another way, means staggeringly, 29% do not.

The reality is – like being robbed, banks will suffer data breaches. This is a worldwide threat. The risk can be mitigated by many security controls and some recent breaches were made remarkably easy by merchants and processors using non secure ‘root’ passwords. This is the equivalent of leaving the vault door open and letting the security guard have an afternoon sleep.

It is equally as important that, should a breach happen and a bank is impacted financially, they know as soon as possible and can reduce the impact. In the card world they need to ensure they are checking for unusual transactions. This cannot be done the next day looking at a couple of paper reports that reach a desk around lunchtime, an approach still used by a surprising number of banks.  This needs to be done on a 24/7 basis – after all it only took 24 hours to take out $40m in one recent fraud.

I appreciate none of this is quite as exciting as Tom Cruise swinging from very tall buildings, but in this age of the cyber heist being one of the most lucrative criminal occupations, diligence is the key attribute to reduce fraud risk.

TagsPaymentsRisk & regulation

Comments: (0)

Comment on this story (membership required)

Latest posts from David

There's one thing worse than being talked about.

07 April 2014  |  1806 views  |  0 comments | recomends Recommends 0 TagsInnovation

Data hoarding - or Big Data

01 April 2014  |  1249 views  |  0 comments | recomends Recommends 0 TagsPaymentsRisk & regulation

Prepaid cards: a maturing market?

20 November 2013  |  3164 views  |  0 comments | recomends Recommends 0 TagsCardsPayments

Little Big Data

20 September 2013  |  4266 views  |  2 comments | recomends Recommends 0 TagsPaymentsInnovation


05 July 2013  |  3374 views  |  2 comments | recomends Recommends 0 TagsPaymentsInnovation

David's profile

job title Business Solutions Manager
location Manchester
member since 2013
Summary profile See full profile »
Providing solutions and support with Insider Technologies Monitoring solutions

David's expertise

Member since 2013
12 posts7 comments
What David reads
David's blog archive
2014 (2)2013 (10)

Who's commenting on David's posts