Banks no longer have to compromise between security and effective online tools

By, on 16 February, 2018

Digitalization has reshaped the way financial services are structured, marketed and  provided. Customers today want personalized, flexible service regardless of when, how and where they want to bank. Banks are churning out smart solutions, cloud platforms and mobile apps, and consumers are embracing the change.

In a bid to speed their online presence many banks are collaborating with smaller tech firms (like us!) to build an environment that nurtures innovation and meets the ever-evolving expectations of customers. This collaboration helps all parties; smaller companies can offer banks the benefits of high specialization without major investments. In return they gain market visibility and a brand boost from collaborating with well-known banks. The collaboration also serves as an excellent platform for sharing ideas, experiences and know-how.

Until recently, however, many smaller companies have struggled to meet the bank-level security requirements. This has often forced banks to choose compliance over great technology. In an industry where confidentiality means everything, security is considered near-sacred. Banks are also faced with increasing legal requirements, most recently in the form of the tough new General Data Protection RegulationFortunately this is finally being recognized by companies like giosg that are investing into security like never before. 

When it comes to cyber-attacks, some industries are targeted more than others. Banks and financial institutions are at the top of the list. According to Accenture consumers trust their bank over all other institutions to securely manage not only their money, but also their personal data. This puts banks in an enviable position, but only if they can continue to manage data well. It also means that if something goes wrong, the customer response is likely to be ugly. This is why banks should expect no less from the companies they partner with - especially when personal data is involved.

We decided to let you in on some common security risks, and how they can be avoided:

1)    Encrypt Baby Encrypt!

Encryption involves translating information content (such as a chat conversation) into a form of gibberish code before it's stored on servers. The conversation can then only be decrypted and read with a private cryptographic key. Essentially this means that even if the data were to fall in the wrong hands, the information contained in it would not. It is one of the best forms of protection against the hacking of the servers or data traffic. 

Encryption is required by most banks (this is usually stated in the security policy), but rarely provided with standard online tools. This is why we introduced it as part of a security feature for high-security industries such as the banking and insurance sector. This means that all messages, logs as well as API data are fully encrypted before storage.

2)    Set a Tough Love Password Policy

When it comes to passwords, people tend to get lazy. Some of the most popular passwords in 2016 were “12345” and “password.” Needless to say, these types of passwords are easily hacked, allowing direct access into an employee user account. The hacker can then proceed to hijack the account by changing the original password. 

Most organizations already have a password policy in place for  how to create a proper password, how to store it (hint: probably not written on a post-it note stuck to your keyboard) and how often to change it. Ideally a strong password should contain both capital and lowercase letters, numbers and symbols – these type of combinations are far more difficult to crack.  It is also a good idea to avoid terminology that can be found in a dictionary. This is because some hacking software work by running through all words found in the dictionary.

As part of our security tool, we enable the customer to adjust the level of password strength required on their giosg user accounts – from less stringent to high security. We have also introduced a password trial limit, which locks the account for some time after too many unsuccessful trials. Finally, we offer customers the possibility to control the physical locations from where their accounts can be accessed from. This is done with ip access controls, which can be used limit user access to a certain building or office space.

3)    Careful where you Store

When it comes to data storage, very few European companies are completely relaxed with having their customer data transferred outside of the EU, even when it is done securely. Following the events that led to the Safe Harbor agreement being struck down and replaced with the EU-US Privacy Shield, many EU-based companies decided to skip the hassle and not transfer data outside at all.

Yet as a big percentage of service providers originate in the U.S, they also tend to store their data there – including the personal data of their European customers. Therefore, when choosing a service provider, make sure to ask where they store their data and how are the server areas safeguarded.

Giosg has from the very beginning made the choice of storing all data inside the borders of the EU. This includes everything from chat logs and API data to cryptographic keys. We feel this ensures long-term safety and predictability. It also makes audits easier, as well as taking action if a data breach is suspected. All of our data center providers are ISO27001 certified, which means that they have gone through major security testing and auditing.

Data protection and security need to become part of company culture. It requires training, time and effort, but at giosg we believe it is one of the best investments a small company can make.

For our customers in banking this has meant that they no longer have to compromise between security and epic online tools; they can finally have both. 

If you want to discuss how to offer effective but secure online tools just come and chat with us!

Read Next : giosg compliance with GDPR 



Topics: Financial services, Best practice