To help banks and financial institutions (FIs) anticipate and respond to cybersecurity trends in 2019, we’ve brought together some of our top security, technology, and industry experts. Here we share predictions for 2019, along with our thoughts on the technologies of choice critical to building digital trust and customer loyalty.
This year, the impact of regulatory change tops our list as the GDPR pushes FIs to better prepare for data breaches, while Open Banking gains ground around the world. As Open Banking fosters greater innovation between banks and third-party payment service providers, security concerns will move to the forefront.
In addition to banking security regulations, we anticipate higher adoption of smart technologies, such as continuous intelligent authentication, to deliver better experiences, lower costs, reduce risks, and increase revenue. Driven by machine learning, new approaches to digital identity verification will enable FIs to process high volumes of new account opening applications at a rate unachievable by human experts. We also expect renewed focus on automation, with FIs applying artificial intelligence (AI) to reduce manual fraud monitoring and improve fraud prevention. Combining real-time fraud detection with mobile app security will become even more important, considering the rate at which mobile app threats are growing.
Predictions and Cybersecurity Trends in 2019
1. Tighter Regulations Will Drive Breach Response Initiatives
Christian Vezina, CISO, OneSpan
For the past few years, every year has been dubbed “the year of the data breach”. This trend will not go away, and the need for data breach response initiatives, not just compliance, will become essential. As data breaches continue to increase in number and severity, the ability for organizations to respond in a timely manner will be of utmost importance.
Regulations like the GDPR require organizations to immediately respond and report breaches of personal information. Now, six months since the GDPR came into force, failure to meet the 72 hour deadline to report data breaches seems to be common, yet it is subject to fines of up to € 10M or two percent of annual global turnover. With the increasing number of countries adopting strong data protection laws, it is surprising to see that many organizations are still not equipped to respond to a data breach. As data breaches continue to increase in size, so will the costs to deal with their aftermath, including the fines imposed for failing to detect and respond to incidents in a timely fashion. In 2019, we will see organizations dedicate more resources to prepare for an eventual data breach.
2. Open Banking and New Technologies Will Bring Innovation to Financial Services
Frederik Mennes, Senior Manager Market & Security Strategy, Security Competence Center, OneSpan
One of the most important cybersecurity trends in 2019 we’ll see is the global adoption of Open Banking, especially in the United Kingdom, the EU, and Asia Pacific (primarily in Singapore, Hong Kong, and Australia). Open Banking allows third-party payment service providers (TPPs) to obtain consumer data from banks about financial history, and to initiate payments directly through bank accounts. As such, TPPs have the ability to build innovative financial service solutions for consumers and enterprises, such as account aggregation applications and new payment methods, around APIs provided by banks. This should give rise to more diverse payment mechanisms, with lower cost and increased convenience for users.
In the context of Open Banking, we will see a lot of discussion around the convenience of the authentication process. When the user wants to access a bank account application through the application of a TPP, the user has to be authenticated by the bank, and the authentication flow needs to be integrated into the TPP’s application. The authentication needs to happen in a secure way that is convenient for the user at the same time – otherwise user adoption will suffer. There’s still a lot of discussion between financial institutions, TPPs, and regulators about how this authentication can happen, and different approaches (e.g. embedded, redirection, decoupled) are on the table. This will be a priority discussion in the EU, as financial institutions need to provide Open Banking APIs by September 2019, in line with the timeline set out by the Regulatory Technical Standards of PSD2.
3. Consumer Power Pushes FIs to Better Security and Experiences
Will LaSala, Director of Security Solutions, Security Evangelist at OneSpan
A financial institution’s most valuable asset is its customers. In 2019, intelligent authentication will become a necessity for financial institutions to deliver better experiences, lower costs, reduce risks, and increase revenue – all providing a competitive edge. Consumers do not want to see or pay for security anymore; they just expect it.
Today, banks and financial institutions are already looking to simplify and secure their customers’ online and mobile transactions. This begins with the use of adaptive authentication and orchestration within their platforms and infrastructure. What will come next is complete and continuous intelligent authentication that prevents missteps like stopping a user at the front door during login or asking all users to jump through the same hoop regardless of the potential risk associated with an individual transaction.
Customers expect their banking applications to be secured from the moment they download the application, through the everyday use of the application, and consumption of new features and products. Banks and FIs will have no choice but to reinforce their core systems and technologies, including everyday banking apps, with smart technology that ensures the correct level of authentication at the correct time.
4. DevSecOps Will Play a Pivotal Role in Enterprise Security Applications
Will LaSala, Director of Security Services, Security Evangelist, OneSpan
The role of DevOps and DevSecOps has moved beyond protecting consumer-facing apps and is now looking at how to protect internal enterprise security applications, such as an organization’s single sign-on applications. We will see DevSecOps turn to intelligent authentication technology to help protect and simplify the potential risks associated with employee application platforms. With approximately 30 percent of all breaches resulting from a vulnerability at the application layer, organizations will need to adopt a mature, secure software development process that goes beyond just scanning and fixing security flaws.
Advanced technologies, such as intelligent authentication that ensures the correct employees use the correct level of authentication at the correct time, will be key to a successful security infrastructure and prevent future application vulnerabilities within the organization. We will see the role of DevSecOps fully embedded into enterprise security teams, and in 2019, we will see these teams rapidly expand within organizations to help protect enterprise applications.
5. Securing the Mobile Channel Will Continue to be a Wild Ride
Will LaSala, Director of Security Solutions, Security Evangelist, OneSpan
Cybersecurity trends in 2019 are likely to bring about an even brighter future for mobile app development. Although it’s nothing new to the app world, several high-profile companies have been attacked and users are more concerned than ever with privacy. New and old attacks on mobile devices and applications seem to appear daily, yet financial institutions and organizations are still not taking proactive steps to protect the user’s apps on their devices. Expect some of the best minds in the industry to work harder to provide the best protection against hacking and phishing attacks to help tame this major concern.
In 2019, application shielding will continue to play a major role in protecting mobile applications. Mobile app shielding technology can detect and mitigate any tampering with a mobile app to stop the malicious code before it can cause damage. In addition, we’ll see some of the scariest threats in mobile – overlay attacks, phishing attacks, and mobile app threats – get even more dangerous. Studies show that users are three times more likely to fall for phishing attacks via mobile devices than they are other channels, and we will see this cybersecurity trend take off in 2019. Ransomware and code injection attacks on mobile devices will also continue to increase. These multi-payload attacks will be one of the most serious threats in 2019, even more so since they are easy to for anyone to create.
6. AI Will Increasingly Replace Manual Fraud Monitoring Efforts
Ralitsa Miteva, Business Solutions Manager, Risk Analytics and Fraud Detection, OneSpan
In 2019, we will see more use of advanced technologies in transaction risk analysis processes. We saw this cybersecurity trend taking form at the end of 2018. More and more, FIs are looking for a solution that leverages AI and machine learning for their analytics. Thanks to significant development in this area, FIs will increasingly rely on machine learning algorithms to decide which transactions are suspicious.
The use of artificial intelligence in fraud detection reduces false positives, because AI is capable of analyzing a much larger set of data points, connections between entities, and fraud patterns — including fraud scenarios not yet known to fraud analysts. With AI, in-depth analysis is completed in milliseconds. This reduces manual work spent monitoring transactions, because fewer cases require human attention. The quality of fraud analysts’ work also increases as their workload is reduced, allowing them to focus only on the most important cases. As a result, the cost of anti-fraud operations is reduced, and the rate of successfully processed, genuine transactions is increased due to better risk assessment.
7. Machine Learning Will Further Power ID Verification Methods for Account Opening
Rahim Kaba, Global Head of Product Marketing at OneSpan
As fraudulent transactions continue to rise, the need for strong, customer-friendly identity verification becomes critical. This is especially true in faceless delivery channels, such as online, mobile, and call centers, where frontline employees are not face-to-face with prospective customers.
In the banking and finance industry, ID verification during a new account opening process is still largely a manual function. However, FIs are increasingly looking to machine learning-powered platforms to drive more accurate, real-time ID verification results. Machine learning will increasingly be used to improve identity checks (i.e., discerning between real and fraudulent IDs) by learning from data collection mechanisms. This will ultimately enable FIs to process high volumes of new account opening applications at a rate unachievable by human experts. Using an automated, self-learning identity verification approach ensures that organizations can continually detect and stop fast-changing fraud mechanisms, while providing frontline employees the opportunity to focus on building customer loyalty and engagement.