As customers demand 24/7 digital access to banking in the post-pandemic reality, fraud and security breaches have become top of mind in this interconnected environment.

By Ria Pinto: GM and technology leader of IBM South Africa

For the financial services industry, the pandemic outbreak was a moment of reckoning for security and fraud prevention programs and today, it has never been more important to combine data across security functions, to predict and respond proactively and make well-informed risk decisions that drive business performance.

With society leaning more heavily on digital interactions during this pandemic, we’ve seen new financial business models gain industry momentum – along with the accelerated adoption of digital processes with anything from customer onboarding, to authentication, secure transaction authorisation, and verification processes. All of which have had to take place without service providers ever meeting a customer or seeing a tangible piece of ID.

With data breaches now costing South African companies R46 million on average, it comes as no surprise that financial services institutions are finding they need to do more to help protect sensitive data entrusted to them by employees and consumers.

 

Changing customer identity

For financial services organisations, cybersecurity demands are about to increase drastically in this sector. The once “connoisseurs” of security controls will soon be faced with an urgency to redesign and recreate a whole new security construct to secure their environments and customers. This is the case for banks that are seeing the era of the Digital Native come into full swing and have to adapt quickly.

What lies ahead for banks is a “faceless” threat, which the current security constructs will need to adapt to. Digital Natives are the next generation customer profile that is already beginning to shape the future of the financial industry. Their demand for speedy, frictionless, and fully digital experiences are augmenting the industry’s investment into hybrid cloud, AI, and modernisation. But banks will need to understand a truly unique characteristic of the digital native customer: it is largely someone that they don’t know, nor will they ever physically meet.

With a growing number of customers seekinG online banks that are nimbler and more cost-effective, and this push is thrusting the industry into challenging security territories. The risk scale will begin increasing many-fold as more customers begin to flow in from anywhere, unlimited by physical locations, and using a variety of devices to access their banking vendors’ services.

What started as a necessity during the pandemic, has become a stronger than ever preference for digital and mobile channel experiences. To understand these digital behaviors and to detect anomalies in these unlimited spaces at the growing pace of speedy access and transactions, technologies such as AI and machine learning will prove to be table stakes. Those who fail to evolve with these trends may cease to exist in a post-Covid world.

 

Fighting crime with AI

Over the years, we have seen how the financial services industry has been a pioneer in AI adoption, using advances in natural language processing, machine learning, automation and more to transform tedious processes like audits and even help pick stocks for investors.

As the onus to spot financial crimes falls on the banking and financial institutions that can face significant fines for failures to detect, report, and pre-empt criminal activities, existing approaches and systems which typically detect suspicious activities that align to predefined rules and controls are not enough.

To combat emerging attack trend and tie together suspicious webs and patterns, leading financial services organisations are developing unique AI models that fuse together criminal patterns across institutions.

One area of this is using AI in fraud detection. Rules-based fraud detection can result in false positives, creating headaches for consumers and banks alike when, for example, consumers use their credit on vacation and transactions are blocked. Advanced use of AI can reduce the number of false positives in fraud detection and make the overall experience of keeping customers’ money and personal information safe with amore frictionless process.

AI will increasingly be used for the identification, mitigation and resolution of cyberattacks, especially the most common breaches, allowing expert talent to focus their attention on the most complex and serious attacks.

 

Pull the plug on trust

The reality for most organisations is that the most successful cyberattacks are ones are the ones you don’t even know are occurring –  making a zero-trust security architecture which permeates every business environment at all times essential.

While banks are now turning to the power of hybrid cloud and the rise of specialised clouds to deal with the stringent regulatory and compliance requirements – complexities continue to grow. The many variables that digital native customers introduce to financial services environments and the expanded relationships that standalone digital banks rely on are adding to a growing attack surface.

Companies studied that adopted a zero trust security approach were better positioned to deal with attacks and data breaches. This approach operates on the assumption that user identities or the network itself may already be compromised, and instead relies on AI and analytics to continuously validate connections between users, data and resources. South African organisations with a mature zero trust strategy had an average data breach cost of R29 million – which was R25 million lower than those who had not deployed this approach at all.

It’s essential that banks design a strategy on the assumption of compromise. By operating with the notion that an environment is exposed by default, and an adversary has already exploited that exposure to compromise a financial services network, the business is more readily prepared to scrutinise its trusted relationships.

With a growing risk footprint, organisations have to do more to improve cyber security. Every organisation needs to have the right tools leveraging AI, machine learning, analytics and other forms of security automation in place to be prepared and ready for the evolving threat landscape.