The rising spectre of cyber security - do banks hold the solution?

Retail Financial Services

01 June 2017

Retail Financial Services


pbf-solutions1.png    affinion-uk-logo-240-x-120-1.jpg

Moderator: Kevin Mountford, PBF Solutions

Expert: Anton Baboglo & Sarah Collinson, Affinion


In the digital age, online fraud is a constant challenge for businesses. The annual Crime Survey of England and Wales (CSEW) revealed that online fraud is now the most common crime in the country, with almost one in ten falling victim. Hackers are finding increasingly sophisticated ways to gain access to, and harvest, personal data across multiple industries. 

As custodians of highly sensitive customer data, banks are now under more pressure than ever to keep their customers safe online. Banking systems are the most secure in the world but their customers are vulnerable at the point of mobile Wi-Fi so what can they do to limit the dangers?

Beyond banking platforms, is there an opportunity for banks to build on their relationships with customers by helping to keep their entire online identities safe? 

  • Delegates were asked for their overall objectives from attending the session. In the main, the aim was to listen and learn with a clear recognition that the rise of new technology and resulting changing consumer behaviour made this issue of cyber security increasingly more challenging. Recent events with the likes of Tesco bank have highlighted the problem and made it all the more real for both the industry and its customers. 
  • Experts from Affinion outlined that the session was not about IT security and was not a technical session. They raised the question of what happens to customer’s data outside a banks secure environments and particularly when undertaking browsing in non-secure, mobile Wi-Fi hotspots. They emphasised the economic aspects of ID theft and fraud and the possible risks of damage to customers’ credit, reputation and financial wellbeing. They asked whether banks have an opportunity to expand their role in customer’s lives by helping customers keep their entire online identity safe and therefore reducing customer anxiety.
  • We discussed whether banks have a duty of care to do more to protect their customers outside the banks secure environments? The general view was that it is the bank’s responsibility to protect customers and that there is a need to deliver better education on the risks customers face.

However it also tabled that customers need to play their part, that there is a danger that consumers have become complacent. There is an acceptance that we live our lives on the move and mobile technology means this can by 24/7, however, there is an assumption that if something does go wrong the industry will put things right and if they don’t, there is always the consumer rights, i.e. regulatory route to take. 

  • Although the issue of cyber-attacks has been highlighted for events outside Financial Services, in general, customers trust banks to protect their interests. 
  • This can also be an opportunity for banks, given their continuous experience with customers, to take the high ground, increase trust and build goodwill by offering greater transparency and education using all channels and means of communication. However it was raised organisations need to be mindful not to be seen as scaremongering, and that is some cases this may be why the industry stays quite on such matters. Also, that there is a fine line between achieving greater transparency and education and the inconvenience that is caused for customers when ID theft or fraud occur. 
  • In recent times we have seen a variety of products aimed at protecting and insuring against ID theft but generally people are cynical and don’t believe that they offer value for money, “we all know someone who has suffered a cyber related attack but it won’t happen to me”. 
  • Products need to be better positioned to take into account all of the above to enable them to really support customers. Customers are anxious and there is an opportunity to earn their goodwill. 
  • In summary it was accepted that the threat of cyber-attacks will be an everyday one and that the industry and customers it services need to play their part. It was further noted that a major lead has to come from the government and regulators, but not to the extent that it stops us all doing business!