Payment trends in 2019 are wide and varied, but cybersecurity is set to take the limelight. Douglas Blakey speaks to experts on how to foil the conniving cyber criminal over the next year
Benjamin Hosack, Chief Commercial Officer, Foregenix
Businesses will be more proactive in their cybersecurity strategies in the next 12 months. New legislation such as GDPR, and continuing high-profile hacks and their consequences – including resignations at board level – are starting to change minds.
Increasingly, the board – rather than just IT or operations departments – is realising that it has a responsibility to understand cybersecurity and ensure comprehensive procedures are followed. The trend is moving away from viewing issues such as compliance as a tick-box exercise and towards a procedural framework that improves security. After all, what is the point in just trying to get through a sign-off process if the breach happens and the results are costly?
Many businesses appreciate that it might be a matter of time before they experience a major incident, so a more proactive approach to cybersecurity is necessary. One result will be more investment in solutions that want to cut through the data, and see alerts that really matter so action can be taken quickly. Will also see a switch to managed detection and response (MDR) services. Continuing skills shortages will mean businesses that lose cybersecurity expertise will be left facing the challenge of operating security systems and determining the real threats within all the noise of day-to-day business-as-usual alerts. The solution could be greater use of specialist MDR services for many businesses. SMEs that are unable to afford or warrant a full-time cybersecurity professional will see MDR services as critical to monitoring assets and detecting threats early in the breach cycle – before data assets are stolen.
Old vulnerabilities will remain an issue. While cybercrime is constantly evolving, many criminals continue to exploit old and tested vulnerabilities. Research we conducted in October on over 170,000 Magento websites worldwide found that no region registered less than 78% of its sites being at less than high risk from hackers for the failure to update security patches – a very simple oversight. There is no reason to see this changing in 2019 until there is a shift in the effectiveness of vulnerability management governance.
Companies will start to focus on the broader enterprise, as opposed to just the sensitive data environment. There has been a shocking lack of investment and interest in the greater environment, and very often that less-protected environment is used as a beachhead to gain access to the sensitive areas. The growth in the Internet of Things and the media attention it will gain in relation to security will bring this issue to the fore. While many businesses are starting to move in the right direction regarding preparation and responses to cybercriminals, the threats constantly evolve. Boards need to take necessary steps to keep the risks as low as possible.
David Jones, VP – Product Marketing, Nuxeo
Many large financial service institutions have struggled with the task of managing increasing volumes of information plus locating important information that lives in multiple customer systems and transaction repositories, and many will continue to find this challenging for payments in 2019.
But AI-empowered classification of content with a Content Services Platform (CSP) approach – as introduced by Gartner – offers financial services CIOs a promising new way of searching for useful information, allowing banks to at last identify what is useful and get rid of content that is past its sell-by date.
The difference is that old-school enterprise content management systems adopted a fixed set of metatags for each document, and changing these classifications requires a lot of development work along with mass updates to all content related to that metadata.
In a CSP, if you want to add a new metadata field, you can. Plus, much richer metadata can be stored and used than ever before – think image resolutions, language of a document, geophysical data and more, giving context, intelligence and insight into your information management ecosystem and allowing you to make those disconnected systems truly useful once again.
Emma Huntington, Strategic Development, Innovation and Venturing lead, Nationwide
It has been an interesting year as we launched our Venturing Fund and made our first three investments while continuing to explore the challenges and opportunities of a rapidly changing world. From the changing housing market, the opportunities of working with start-ups and how we can unlock the power of new technologies to help tackle societal issues, we are looking at the long-term and evolving needs of our members.
While Nationwide has helped over 300,000 first-time buyers into homes of their own in the last five years, the reality for many is that they will be renting for longer periods than previous generations. Technology has transformed the way we manage our lives, from grocery shopping to booking a taxi, and the home-rental industry is now ripe for a similar transformation, where technology enables renting a property and getting help with any issues to become easier for renters, while managing a property becomes easier for landlords – and communication between both sides is also improved.
The first investment from our Venturing Fund was with acasa, which is exploring how to transform the rental experience, and we are exploring how we can support our members in this growing area.
Turning to the fintech industry, it looks as if the increase in the number of big businesses working with start-ups will continue, while regional disparities in the support available for start-ups will still be an issue. Having launched our venturing arm, NBS Ventures, in the summer of 2018, we are investing for the long term in supporting great startups to scale. With investments in three companies so far – acasa, Hazy and Moneyhub – we will continue to work with great start-ups to do things together that neither of us could do alone.
It is not just in London that we’re seeing innovative companies starting up – but support for early-stage businesses outside large metropolitan hubs can be hard to come by. That is why we’ve started a regional mentoring pilot, going out to some of the hardest regions in which to start a business and providing space, advice, mentoring and a community to support each other. The scheme is being piloted in Swindon, and we are now looking to expand the pilot to the areas that need it most in 2019.
A year ago, we were anticipating the imminent arrival of Open Banking legislation in the UK. Now that is established, finance-focused businesses including fintech start-ups, established banks and comparison sites are looking to use Open Banking in new ways. The full potential of Open Banking is still yet to be unlocked, but we predict big strides will be made in 2019 in this area. We recently announced the launch of Open Banking for Good, which will see us bringing organisations and people together in 2019 to create and scale solutions around Open Banking that will improve financial capability in the UK. At the heart of Open Banking for Good is a big goal: to use Open Banking to solve some of society’s biggest challenges, creating solutions that bring practical help to the ‘financially squeezed’ – the one in four households (12.7 million people) who are struggling financially in the UK.
It has been an exciting 12 months, and I am looking forward to 2019 as we continue to push the boundaries to ensure we deliver for our 15 million members
Mark Gazit, CEO, ThetaRay
The complexity of attacks will continue to grow as criminals increasingly use artificial intelligence (AI) to conduct their schemes.
Banks will receive more fines for money laundering, because they will have a decreased ability to protect themselves. Rogue regimes will also use AI to achieve their cybercrime goals, including election fraud, social media manipulation, money laundering and more.
Perhaps worst of all, AI-enabled money laundering will create a greater flow of money to criminal organisations to finance narcotrafficking, human trafficking and terror attacks.
On the bright side, new advances and AI technology will help financial organisations, critical infrastructure and enterprises to better protect themselves if they choose to deploy such systems.
Russell Robinson, MD – Customer Communications Services, EMEA, FICO
2019 will be a challenging year for payments and compliance. With less than 12 months to go until EU banks implement their Strong Customer Authentication (SCA) solutions, project teams are facing tough decisions about the most important aspect of the business – customers making payments. I meet many banks that are in the process of compiling their requirements and vendor selection, and know some of these final designs are either non-compliant or will create an unacceptable customer experience.
Some banks believe they can achieve SCA compliance by relying too heavily on sending one-time passcodes. While this will suit many consumers, based on consumer research across the EU (October 2018), 60% of consumers do not want a one-time passcode by SMS. In addition, 30% of consumers said in a recent survey that they would complain if they are unable to select their preferred channel to enable SCA — for example, not with an SMS.
The industry is making moves to prepare customers for SCA with requests for current contact details. However, we are seeing signs that prescriptive demands to enable future user access are not being well received. That is evident by the John Lewis article in the Guardian and comments from readers. It is well worth reading some of these comments, if you are in any way involved with SCA.
My prediction is that many banks are going to implement point solutions to achieve compliance, and the programme managers that executed this will move on. Due to these point solutions not meeting consumer acceptance, lack of up-to-date contact details, meeting regulations and many other issues, there will be a significant number of complaints, unacceptable fraud false-positive rates, and consumer payments not completed to a level we have not seen before.
If this happens, the people who inherit the SCA programmes of 2019 are going to have their work cut out unpicking this stuff and looking to replace them with a platform approach to SCA. They will need to enable SCA extensibility and rapid integration to new authentication use cases and channels as consumer demands require or novel fraud attacks appear in the new environment.
On a related point, many banks understand phone device profiling, and SIM-swap or call-forwarding solutions are essential. However, many are expecting that SIM-swap services offered by MNOs will have evolved before SCA implementation. I believe this will be true for some MNOs, but suspect alignment will not be in place across all UK MNOs in 2019. Therefore, banks need to plan better around how they secure the SMS channel, and deal with the higher false-positive ratio using traditional methods.