The combination of the Internet, technology and instant communications today affords a great deal of convenience, but with such convenience comes a plethora of security issues. Given the proliferation of debit and credit cards, online banking and innovative methods of payment (Apple Pay, Square), the financial services sector is at great risk for data breaches or identity theft.
The ability to access money and make purchases instantly is meant to make life easier, the online presence of such sensitive data poses the potential for stolen money, fraud and identity theft. On a larger scale, The Financial Services Authority (FSA) imposes a number of compliance regulations, which while intended to increase security and protect businesses and customers, can be a complicated burden to maintain. Poor information security is not an option. Financial organizations must be prepared to both mitigate risk and remain audit-ready.
The information security realm for financial services continues to evolve into a more demanding and complex set of regulations in order to account for all of the potential threats. In recent years, bank breaches, merchant credit card hacks and compromised retail information security have made headlines repeatedly. Thus, keeping up-to-date with industry and government compliance requirements such as PCI-DSS, Sarbanes Oxley and Dodd Frank is absolutely essential.
Staying aware of today’s greatest security threats is also key. Mobile banking is one potentially dangerous area: as devices become more capable and adaptable, the greater the amount of sensitive data users are trusting to store on personal devices. The risk?
Phishing and infections. Then there’s the threat of SMS and malware; actors can use fraudulent text messages and malicious applications to breach the security of an Android device. Further, it’s a known fact that businesses are likely to leave a bank after a breach, so the need for a dependable reputation in information security is critical for maintaining a healthy reputation and relationships with clients. The ever-growing Internet of Things means that data will be stored and processed on billions of objects and devices, which means the potential for hackers to manipulate vulnerable areas increases exponentially.
According to Gartner, IoT devices will grow to 26 billion units in 2020. Another security concern on the horizon is the continuance of attacks on retailers’ point-of-sale systems. The good news is, the inception of EMV (Europay, MasterCard and Visa), a new global standard for debit and credit cards equipped with computer chips and technology for authenticating chip-card transactions, is on the verge of deployment for retailers around the world. It is predicted that this new technology will protect consumers and reduce the costs of fraud.
Today, there’s a lot at stake for banks and financial institutions in terms of maintaining compliance requirements, protecting against theft and fraud and having a plan of action in the event of a breach. There is no compromise when it comes to ironclad information security measures in the financial services sector.
One of the largest U.S. private passenger auto insurance groups, with annual premiums over $15 billion needed a solution to ensure that they could document which customer purchased an online insurance policy and when to prove in court that a driver had valid policy in effect at the time of an accident. While the Internet opened up a great new way for customers to quickly and efficiency acquire a policy, a unique challenge emerged.
The key issue to be addressed is an uninsured driver involved in an accident. If there is nothing in place to prevent the driver from buying an online policy within hours the insurer could be on the hook for claims that were caused by an accident not covered under the actual policy timeframe. The solution came in the form of the design and deployment of a PKI infrastructure and digital certificate management system that allowed for each online policy to be time and date stamped based on when the purchaser digitally signed the policy documents. Drivers are able to purchase policies, policy documents are signed electronically, and a digital certificate verifying the time and date of the purchase is archived and stored with millions of policies. Not only was CSS able to assist with authenticating a digital signature, but CSS also equipped the insurer with a certificate management system to help manage the large volume of certificates for quick reference to satisfy legal non-repudiation requirements of their online policy purchase service.