Financial firms failing to secure documents delivered online - survey

Financial firms failing to secure documents delivered online - survey

Just a third of financial institutions sending confidential documents to third parties via the Internet are using a secure electronic delivery system, according to a survey from Wolters Kluwer Financial Services.

A poll of 347 banks, credit unions and mortgage companies reveals that nearly 62% are using the Internet to transmit confidential documents to customers, partners and service providers.

Yet of these, only a third use a secure electronic delivery system. Approximately another third are using traditional e-mail, which does not encrypt data. The remainder use less secure document delivery methods such as password protected e-mail and Web sites, regular or overnight mail, or are not sure of the method they use.

Jason Marx, general manager, mortgage, Wolters Kluwer, says the growth of identity theft and other forms of electronic fraud makes it harder to send documents or information safely via traditional mail, e-mail and Web sites.

Even with password protection, he says, fraudsters can hack into systems to access customer information.

"A secure, electronic delivery system that encrypts sensitive data so only the sender and receiver can view can help better protect confidential data and documents," adds Marx.

The growing concern within the industry over document security prompted a move in November by Origo, the technology standards body for the UK life assurance industry, to partner with IFA portal Sesame, Norwich Union and Skandia to pilot an e-mail service for the exchange of confidential business documentation.

Comments: (3)

Ted Egan
Ted Egan - ThreatMetrix Inc. - Sydney 23 January, 2009, 12:33Be the first to give this comment the thumbs up 0 likes

Firstly, securing or encrypting the confidential message or document is one key next step but secondly it is also advised to ensure when the message is being compiled sent and received (de-encrypted) .......the computer being used is secure from known and unknown or potentially dangerous malware.

As we know most computing devices used by consumers and even many enterprise environments are not actually secure. In addition you can combine this issue with the fact most traditional AV solutions are not picking up the sophisticated malware quick enough or the consumer is lax in their security practices, or so called secure browsers are flawed and even some sandbox solutions are failing..... then we need the ability to assure the end user is aware of their computers security health state or environment, can make a decision based on realtime feedback and before receiving or sending confidential documents.

This could be seen as a compliance requirement. 

A Finextra member
A Finextra member 23 January, 2009, 15:39Be the first to give this comment the thumbs up 0 likes

Even when you have overcome the issue of secure delivery, there is an increasing awareness of the growing threat of leaking sensitive / damaging (financially, or to reputation) document metadata. A recent blog by Fran Howarth, principal analyst, Quocirca (see http://quocirca.computing.co.uk) covers in more detail, from the angle of e-Discovery and new data protection standards.

A Finextra member
A Finextra member 24 February, 2009, 13:54Be the first to give this comment the thumbs up 0 likes

With the heightened srutiny on counterparty documentation in the evolving global regulatory environmnet, there will be increased demand for all parties to manage and exchange their myriad documents in a secure environment. 

Featured Job
All Jobs »