MyPrivateBanking Blog
Daily Comments on the World of Wealth Management

Archive for the ‘Internet security’ Category

Biometric authentication to go mainstream in 2016

Friday, January 8th, 2016

Digital banks become more and more attractive to millennials who expect secure and convenient banking solutions when on-the-go. Atom Bank (based in the UK) is the latest online bank promoting innovative features that put brick-and-mortar retail banks and wealth management firms under pressure as they have difficulties to keep pace with the latest technology trends. Atom Bank uses a combination of biometric technology empowering clients to authenticate password-free by means of face and voice recognition technology. Another example is the more staid USAA financial conglomerate that already uses IdentityX, the biometric platform by Daon.

The increasing popularity of biometric authentication methods will surely challenge the banking industry and tech giants like Google to offer improved client experience and secure login options. Google’s new password free login allows invited users to sign in their Google account by responding to a notification sent to their smartphone; the new login option fails to add security to mobile users whose smartphones have no lock-screen protection or fingerprint identification option in case their smartphone is stolen. Google will be challenged to offer something more secure and customer friendly – something that could be delivered by biometric authentication.

Client habits and potential regulatory hurdles may slow down the move to biometric authentication but we have no doubt that the future lies beyond manual passwords and (SMS) token. The future will offer a seamless digital experience to every client – from log-in throughout the complete customer journey.

 

Mobile banking: How a convenient user experience may threaten your clients

Friday, August 7th, 2015

The smartphone business is booming with breakout successes like the iPhone 6 and 6 Plus and the mobile usage is growing at a fast-pace to the detriment of laptops/ internet from home use. It should not be surprising that criminals have also adapted to the new trends and more than 1.3 million unique smartphone attacks have been reported from January to October 2014.

While one of the main causes is the increasing amount of mobile transactions and payments, the multitude of digital communication tools like the real-time apps helping advisers improve communication with their clients also keep clients engaged with their mobile devices. High-net worth clients are attractive targets for mobile security breaches as they mostly manage their wealth while on the way and use unsecured Internet access points (see our report on the mobile behavior of the affluent and HNWI).

But what are the main factors driving security breaches of mobile apps in the banking field? MyPrivateBanking’s recently released report on Mobile Apps for Wealth Management 2015 found that secure client authentication is still being neglected by many wealth managers. Few of the evaluated wealth managers /private banks are using the gold standard to protect clients’ data by making use of a full two-factor authentication procedure plus adding a multi-layered anti-fraud framework. Striving to provide their clients with a convenient, easy-to-access information, some wealth management apps even allow users to log-in with only their 5-digits passcode thus ignoring the fact that these weak security measures make their clients easy prey for hackers who illegally try to access personal data.

One of the main areas of risk, which is often being neglected by banks, is that criminals are targeting not only the secured spaces where transactions are being made by clients but also other apps/features where they are able to identify personal data (for instance address, birthdate or trivial things like shopping coupons). Putting together this information can easily lead to so called identity theft, enabling criminals to break into even better secured systems.

Wealth managers should think hard about an integrated and broad security strategy, even if they have to sacrifice a bit of convenience for their clients to gain gold standard security.

 

Internet Security: “Fight or Flee”

Monday, October 27th, 2014

(by Francis Groves, Senior Analyst)

Little by little Internet security is moving towards center stage. At MyPrivateBanking, we’ve been focusing on the importance of security issues in Internet and mobile banking in our reports on websites and mobile apps.

Two recent developments to hit the headlines were the attack suffered by JP Morgan Chase in August. This is suspected to have been the work of Russian criminal, not government hackers, who found a way into the bank’s systems through one or more of its older components. The hackers gained access to data about 76 million personal accounts and 7 million business ones, though no JP Morgan Chase customers suffered loss as a result.

Last week the launch of the iPhone 6 in China was accompanied by a widespread outbreak of ‘man in the middle’ hacking of purchasers first time connections to iCloud. In this case the new iPhone’s reputation for being highly secure may have been part of the problem. It is believed that the authorities may have initiated the attack because they are unhappy about the increased data privacy that Chinese citizens gain through the iPhone 6’s use of encryption. Given that Apple is hoping that the enhanced security of the iPhone 6 qualifies it with the Apple Pay app for use as a payment system, this widespread hacking is worrying.

Significantly, many (but not all) Chinese users would have received a warning from their browser that the verification certificate from iCloud was actually fake. But how many of them carried on regardless and ended up by compromising their log-in details?! The problem for many of us is that we need or want to use the Internet at such speed that we risk exposing ourselves and our money to danger. Maybe we do need to bring into play the split second responses to danger signals that we’ve inherited from our early ancestors.

We also need a lot more education from our financial institutions to develop a more vigilant mindset. The problem of Internet security and banking and payments systems is certain to grow in the coming months.

 
Subscribe