MyPrivateBanking Blog
Daily Comments on the World of Wealth Management

Posts Tagged ‘security’

Biometric authentication to go mainstream in 2016

Friday, January 8th, 2016

Digital banks become more and more attractive to millennials who expect secure and convenient banking solutions when on-the-go. Atom Bank (based in the UK) is the latest online bank promoting innovative features that put brick-and-mortar retail banks and wealth management firms under pressure as they have difficulties to keep pace with the latest technology trends. Atom Bank uses a combination of biometric technology empowering clients to authenticate password-free by means of face and voice recognition technology. Another example is the more staid USAA financial conglomerate that already uses IdentityX, the biometric platform by Daon.

The increasing popularity of biometric authentication methods will surely challenge the banking industry and tech giants like Google to offer improved client experience and secure login options. Google’s new password free login allows invited users to sign in their Google account by responding to a notification sent to their smartphone; the new login option fails to add security to mobile users whose smartphones have no lock-screen protection or fingerprint identification option in case their smartphone is stolen. Google will be challenged to offer something more secure and customer friendly – something that could be delivered by biometric authentication.

Client habits and potential regulatory hurdles may slow down the move to biometric authentication but we have no doubt that the future lies beyond manual passwords and (SMS) token. The future will offer a seamless digital experience to every client – from log-in throughout the complete customer journey.

 

Mobile banking: How a convenient user experience may threaten your clients

Friday, August 7th, 2015

The smartphone business is booming with breakout successes like the iPhone 6 and 6 Plus and the mobile usage is growing at a fast-pace to the detriment of laptops/ internet from home use. It should not be surprising that criminals have also adapted to the new trends and more than 1.3 million unique smartphone attacks have been reported from January to October 2014.

While one of the main causes is the increasing amount of mobile transactions and payments, the multitude of digital communication tools like the real-time apps helping advisers improve communication with their clients also keep clients engaged with their mobile devices. High-net worth clients are attractive targets for mobile security breaches as they mostly manage their wealth while on the way and use unsecured Internet access points (see our report on the mobile behavior of the affluent and HNWI).

But what are the main factors driving security breaches of mobile apps in the banking field? MyPrivateBanking’s recently released report on Mobile Apps for Wealth Management 2015 found that secure client authentication is still being neglected by many wealth managers. Few of the evaluated wealth managers /private banks are using the gold standard to protect clients’ data by making use of a full two-factor authentication procedure plus adding a multi-layered anti-fraud framework. Striving to provide their clients with a convenient, easy-to-access information, some wealth management apps even allow users to log-in with only their 5-digits passcode thus ignoring the fact that these weak security measures make their clients easy prey for hackers who illegally try to access personal data.

One of the main areas of risk, which is often being neglected by banks, is that criminals are targeting not only the secured spaces where transactions are being made by clients but also other apps/features where they are able to identify personal data (for instance address, birthdate or trivial things like shopping coupons). Putting together this information can easily lead to so called identity theft, enabling criminals to break into even better secured systems.

Wealth managers should think hard about an integrated and broad security strategy, even if they have to sacrifice a bit of convenience for their clients to gain gold standard security.

 

Why wealth managers need to communicate about app security

Wednesday, June 17th, 2015

Given the recent waves of massive security breaches and the increasing data manipulation, high-net-worth clients are justified in being anxious about their personal data being stolen and used by hackers and fraudsters.

Banks and wealth managers continue to ignore the fact that their clientele and prospective clients do not want to lose control over their information. As our new report on Mobile Apps for Wealth Management 2015 shows, out of the evaluated mobile core apps of 30 leading wealth managers worldwide, only 40% use the app store to inform clients about security.

Security measures of most mobile banking apps are not clearly communicated in the available app stores. An accurate description of banking or trading apps should certainly make it clear how users’ personal data is being used and protected in the app.

Initiatives that already give users the right and ability to learn what security measures banks integrate in their apps are successful in inspiring a feeling of transparency and trustfulness. Keeping the language easy to read and reflected in a clear and concise style is key to inform about the app’s necessary high security and encryption standards.

Wealth managers need to understand that their wealthy clients expect to be informed about an app’s security means before downloading it.

 

Poor HSBC Security Standards

Thursday, December 10th, 2009

Yesterdays reports on an employee of HSBC Private Bank in Geneva, stealing data of up to 3,000 French people suspected of holding Swiss bank accounts to avoid paying tax in France and turning them to the French authorities underlines why offshore banking faces a dead end: Offshore clients will loose all trust in their providers.

It is one thing that US and European authorities use all legal and illegal means to get hold of data on offshore accounts of their citizen. But it is another issue that obviously the banks have not established sufficient security routines to protect their confidential data. In this case, the employee supposedly “hacked” into the HSBC client database after foiling its security system. I am wondering how difficult this really was, given that for instance the contact form on the website of HSBC Private Bank is not even encrypted by the absolutely standard  https-protocol. If privacy and data protection is already handled in such a reckless matter on the website it tells you something about the overall security standards.

To be fair: It is not only HSBC having such low security standards for their website. Wait for our new report on Private-Banking-Websites due next week providing more examples on poor security standards.

 
Subscribe