Security is always a top priority for banks but generally doesn't generate the "buzz factor" of newer topics such as customer engagement or big data. But in recent weeks security has been very much a hot topic -- not just for banks, but also for retailers and telecom firms, among industries that have been subject to high-profile and large-scale breaches. Put these developments within the context of increased public awareness of privacy constraints (and lack thereof) due to the ongoing revelations about National Security Agency (NSA) surveillance of citizens and political leaders, and you have the circumstances for a new round of discussion and debate -- educated and otherwise -- over corporate and governmental security practices.
Just as technology is now pervasive in all aspects of banking, so security concerns are inherent in all types of banking transactions and functions, including payments, data management, account opening, cash management, marketing and core banking. This probably has made it relatively easier for security and IT executives to get funding for firewalls, encryption tools, identity management systems and other solutions geared toward protecting customer and corporate data. But it also probably makes the cultural, political and economic aspects of security management all the more complex and challenging. When something is pervasive we tend to take it for granted. With engagement, simplicity and access the watchwords for customer as well as employee (at all levels) interactions, I would imagine it's becoming harder -- not easier -- to impose procedures and policy on people who "want what they want when they want it."
Another aspect of security that's not new but that's been pushed to the forefront is cooperation. In our global and connected economy, fraudsters and crooks have many ways to communicate and transact with each other. Increasingly crimes such as the Target card breach are not the work of a lone hacker, but rather are the result of a series of deals among a variety of nefarious buyers and sellers. In the meantime, while financial services firms have begun to do a better job of communicating and cooperating with each other to share information about threats and crimes, banks now find themselves at odds with retailers as to who is responsible for the most recent crimes.
[Who's at fault for recent security breaches at major retailers? Banks and Retailers Face Off Over Target Breach and EMV Adoption]
Bankers know only too well that security is a moving target -- something that can't be solved, but that can be anticipated, understood and identified. It remains to be seen whether or not the current debate will ultimately improve financial services security capabilities, or if it peter out when the next "hot topic comes along (and in the process make banks even more vulnerable). To that end, this week Bank Systems & Technology will provide a variety of perspectives on the state of security management and steps banks should take to prepare for future attacks.
There probably won't be consensus but there won't be hype, either. What do you think is the biggest challenge banks face in balancing security concerns with customer and employee demands for real-time access and convenience across multiple transaction channels?