Home / Crime / How to secure an insecure world

How to secure an insecure world

Another major focal point of the debate last week was around
information security, something that I presented around in-depth.  My tenet is that banks should place themselves
firmly at the heart of information security and offer customers a secure data
vault

The bankers' reaction to this is: doesn’t that make us a target for hackers,
and yes, that’s the exact point.  Banks should
beat the hackers at their own game and make bold claims like: we guarantee your money and your data is 100%
safe with us.
  After all, if banks don’t
do this, who will?

The answer came from another respondent in the financial audience
from a major global bank: we are not
positioned to do this, we do banking.  You
should leave secure data management to people who know how to do this, like
Google and Facebook and PayPal.

Oh dear.  Let’s just
give the whole game away to someone else shall we?

Anyways, I won’t bang on about that too much, as I’ve done
so already, but it’s a very short-sighted banker who thinks that by letting others
securely manage data whilst they just focus upon managing money is a long-term
play.

But it is a serious issue, with €1.5 billion stolen in just
the European Union in 2011 through card fraud, 60% through Card Not Present (CNP)
fraud, according to the European Commission.

So what can banks do about it?

This question was answered firmly by Tavlaş Tolga, Vice President
of internet and Mobile Banking for Yapi Kredi Bank, the Turkish subsidiary of
Unicredit Bank (ed: another Turkish Bank?).

Tavlaş picked out a few key instructional videos to use in
his presentation. 

The first I loved.  It’s
an advert for being safe online that was promoted in Belgium through the SafeInternetBanking.be campaign that shows Dave, an extremely gifted clairvoyant, freaking out
innocent victims in a demonstration of David Copperfield levels of mind
reading.               

Well worth a watch (and a steal maybe).

The second came from Trend Micro that shows cybercrime
activity in the mobile world, and is less entertaining but equally
instructional.

I liked both videos, as they show our insecurities, but what
are the solutions to insecurity?

Security?

Certainty?

Confidence?

All things that have dissipated when even the Federal
Reserve can be hacked.

It was this point that got the heckles up of my banking friend,
who asked me: how can we claim to be
bulletproof, when even the Federal Reserve isn’t?

I couldn’t help but think maybe he’s right, but he’s not.

After all, the point of banks is to be secure and the
Federal Reserve is more like a Government Agency than a bank.

Note that the Fed is actually a hybrid of the
two, as it’s a Central Bank run by the Government of the United States as a
Private Entity, not as a government department.

So I hark back to more competitive commercial entities like
the New York Stock Exchange and still remember Steve Rubinow, EVP and CIO at
NYSE Euronext, talking at a conference a few years ago about the US Department of Defence being attacked by the Chinese (was it
really?) and compromised, along with other government departments, but their
systems deflected such hacktivism.

So it can be done, can’t it?

Either way, the Europeans have responded by created a new
division called EC3, the European Cybercrime Centre at Europol., and Paul Gillen, Head of Cyber Operations, provided a bit more background about their remit and charter.

The EU has had some form of activity to focus upon
cybercrime for years, but this is now a consolidated unit explicitly mandated to
tackle the areas of cybercrime:

  • committed by organised groups to generate large criminal
    profits such as online fraud;
  • which causes serious harm to the victim such as online child
    sexual exploitation; or
  • which affects critical infrastructure and information
    systems in the European Union;

… and launched on 1st January 2013.

The unit was created in recognition of the fast rise of new forms
of crime, and the ease with which it virally circulates.  For example, 2011 saw Android mobile threats
grow from zero to 450,000 distinct attacks in just one year, according to Trend
Micro who partner with EC3.

The fact is that we will always have criminals after where
the money is and, today, the money is in the data.

That brings me back to banks having to step up to the secure
data challenge and it will disappoint me immensely if they don’t.

Now I could make this blog a lot longer by getting into
issues of identity management, hacktivism, anonymous, wikileaks and more, but I’m
going to leave it there for the moment as I have a day job to get back to.

More tomorrow.

 

About Chris M Skinner

Chris M Skinner
Chris Skinner is best known as an independent commentator on the financial markets through his blog, the Finanser.com, as author of the bestselling book Digital Bank, and Chair of the European networking forum the Financial Services Club. He has been voted one of the most influential people in banking by The Financial Brand (as well as one of the best blogs), a FinTech Titan (Next Bank), one of the Fintech Leaders you need to follow (City AM, Deluxe and Jax Finance), as well as one of the Top 40 most influential people in financial technology by the Wall Street Journal’s Financial News. To learn more click here...

Check Also

The end of a ‘bank account’ as the digital me takes over

I had a really interesting conversation with Chris Barker, Head of Digital and Engineering for …

4 comments

  1. Chris —
    One of the facts that the clowns in “banking” (and, yes, I am in the industry) fail to understand is that they are no longer in the cash, vault, securities, safekeeping, business anymore.
    We are in the data arbitrage business.
    As items became dematerialized, and we started moving bits and bytes electronically, rather than counting banknotes and coinage, we need to understand what our role is now.
    And, as such, we should be developing, testing, implementing, and enhancing ever increasing, more sophisticated data encryption and protection protocols and techniques. Those that fail to do so, and the list is long (and “distinguished”) deserve the fate that will befall them.
    The problem is that through their laziness and slovenly actions, they will be subject to hackers, and data theft. When those result in clients (and the banks) losing money, we. the taxpayers. will once again be on the hook to bail the banks out.
    And, once again, Too Big To Fail will come to bite us all in the proverbial posteriors.

  2. Chris —
    One of the facts that the clowns in “banking” (and, yes, I am in the industry) fail to understand is that they are no longer in the cash, vault, securities, safekeeping, business anymore.
    We are in the data arbitrage business.
    As items became dematerialized, and we started moving bits and bytes electronically, rather than counting banknotes and coinage, we need to understand what our role is now.
    And, as such, we should be developing, testing, implementing, and enhancing ever increasing, more sophisticated data encryption and protection protocols and techniques. Those that fail to do so, and the list is long (and “distinguished”) deserve the fate that will befall them.
    The problem is that through their laziness and slovenly actions, they will be subject to hackers, and data theft. When those result in clients (and the banks) losing money, we. the taxpayers. will once again be on the hook to bail the banks out.
    And, once again, Too Big To Fail will come to bite us all in the proverbial posteriors.

Click on a tab to select how you'd like to leave your comment

Leave a Reply

Your email address will not be published. Required fields are marked *