Fighting financial cybercrime with data


By Carlo Lacota, Assistant Vice President, Banking and Financial Services, Cognizant
And Dushyant Kapoor, Director of Consulting, Banking and Financial Services, Cognizant

Cybercrime is a serious threat to anyone and everyone online. However, in the digitally connected world with online transactions far outnumbering those in hard cash, the threat couldn’t be higher for financial services and banking firms. For established brands, even the smallest data leak or security breach could rapidly balloon into a front page news story, costing more than just the loss of their data to cybercriminals: It could also lead to a loss of customers’ trust in the financial institution, ultimately leading to irreparable business loss and significant financial costs.

Banks are having to deal with a new generation of customers who expect to be offered a plethora of personalised banking services and would switch banks easily if they thought their data was not being used well or was being compromised.

Data: A path to customer centricity
In the digital world, customers are generating increasingly vast amounts of data through every online transaction and touch point. While on the one hand, protecting this customer data is a challenge for the banks, it is being used by the banks to better understand their customers and develop customised offers for them.

Banks and other service organisations understand that collecting client and industry-related data is the key to successfully digitising and retaining a tech-savvy customer base. However, it also makes them an ideal target for hackers who are using more and more aggressive and sophisticated techniques — including ransomware and mobile phone hacks — to get access to customer and financial transaction data.

Devising the right privacy and protection policies for the goldmine of customer data is critical for the banks to, on the one hand, deter potential hackers from getting unauthorised access to that data and, on the other hand, allow customers to transact effortlessly whilst allowing internal staff appropriate access to that data in order for them to provide customised experiences and relevant offers to the customers.

Understand, research, and then plan
The first step in implementing adequate controls is to understand the risks and their business impact. Banks need to invest time in properly assessing the risks they might have to confront.

To be relevant and give banks enough information to future-proof their business, this assessment should be based on the organisation’s size, channels, geographies, customer types, as well as product and service complexity. By mapping these risks against internal policies, procedures and controls, banks can assess their effectiveness in mitigating risks and fine-tune them accordingly.

Ownership of data within a bank or a financial services organisation is critical to clarify responsibilities for implementing controls and assessing their effectiveness on an ongoing basis.

Preventing before fighting
Implementing information security controls is necessary, but far from being enough. Ongoing risk assessments can help banks get ready in case of an attack — and banks should assume they will be attacked. More importantly, ongoing risk assessment and mitigation needs to be undertaken proactively by the banks to effectively prepare for situations when risks eventuate.

Once a bank’s system is hacked, the damage is done, and it can only try to control the damage, financial as well as reputational. Proactive security is not just about securing systems and reacting to attacks, but also about anticipating future attacks at every step of the way.

In an age where hackers are using ever smarter tools and techniques to gain unauthorised access to organisations’ data sources, the key objective of organisations should be to build a resilient system that can be restored and brought back online quickly in the event of a security breach.

While data is a part of the cybersecurity problem, it is also a part of the solution. Combining data management with advanced analytics can be effective in detecting and preventing growing threats. By collecting and analysing massive volumes of current and historic data within the organisation, as well as from external agencies providing financial crime data, banks can gain a comprehensive view of customers and transactions, as well as insights into hitherto unnoticed relationships between various entities.

Forensic data analytics can help banks identify and predict risk patterns and issues in advance, enabling them to pre-empt criminal activity, particularly insider threats and data breaches that involve gaining unauthorised access to sensitive data.

Working with the right data, and the right architecture
The key to integrating multiple risk strategies lie in the banks’ ability to get high-quality and consistent data from across the organisation. This is no easy task for large banks, many of which have accumulated multiple systems and technologies over the years as a result of mergers and acquisitions.

If banks and financial services organisations want to have an efficient and proactive information security strategy, it is key that they work towards standardising the large volumes of customer, transaction, crime and other unstructured and semi-structured data they own. By using best-in-class architecture and investing in the right data analytics platforms, organisations can significantly improve the overall data quality and accuracy needed to support real-time monitoring and data-driven decision-making. Proactive prevention is the best weapon against cybercrime.