Securing digital

Security is a key aspect of digitalisation, with millions of dollars being spent on ensuring the cyber resilience of new products. As a constantly evolving process embedded into product development, cyber security is one of the key factors in ensuring smooth digitalisation.

HSBC’s Diane Reyes said: “Hundreds of millions if not billions of dollars are going towards cyber security,” emphasizing that safety-testing is a key component of product rollout.

As digitalisation becomes the norm, financial compliance standards developed by various stakeholders are becoming more stringent and it is common practice for banks such as HSBC to go beyond compliance to ensure security best practice in product rollout by including both mandatory and optional security components.

Technology such as biometrics, tokenisation, digital IDs and private cloud-based systems¹ are introduced to ensure cyber security, which means that in real terms, the level of security checks that banks and payment gateways have for digital transactions are far higher than traditional banking practices. “We’ve invested in biometrics. In 2018, we rolled out facial identification in our digital product offering, in our channel offering, in 40 markets,” Reyes said.

However, optimal security is reliant on more than technology. Rahul Tyagi, Co-Founder, Lucideus, said: “Cyber resilience is reliant on proactively securing process, people and technology,” pointing out that human error or user behaviour is a crucial component of securing processes.

Secure processes include ensuring compliance with various types of protocols. Financial institutions comply with multiple regulatory and mandatory requirements instituted by various stakeholders. Payments Card Industry Data Security Standards (PCI DSS) are developed and employed to ensure security.

Tyagi recommended regular security audits as part of the process to keep transactions secure.

Keeping up with emerging security technology is the other key area. As newer technologies are introduced, organisations need to build them into their systems. Regular updates of software need to be made part of an internal process, Tyagi said.

However, it is seen that while payment security remains a step ahead of threats, human error can lead to breaches. Commonly encountered attempts at breaching corporate treasuries demonstrate the importance of cyber security drills and resilience to phishing phone calls and emails.

Nadya Hijazi, Global Head of Digital, Global Liquidity and Cash Management, HSBC, said that hackers tend to rely on the human factor rather than dealing with complex security technology. The most predominant form of hacking attacks is persuading key users to reply to an email seemingly from the CEO, sharing critical details. Targeted phishing attacks remain the number one concern of IT security decision makers².

The importance of security drills cannot be overemphasised. Statistics show significant reduction in fraud and attempted attacks when organisations have include regular safety training on simple points such as not sharing OTPs, following security protocol while responding to emails, or sharing mobile devices.

Being truly cyber secure is a combination of compliance with best practice, updated technology and informed users.