Mr. Filip Cotfas, Channel Manager, CoSoSys
Over the past few decades, the development of financial technology has produced a number of improvements and developments, according to Mr. Filip Cotfas, channel manager of CoSoSys.
The history of money is tightly intertwined with the history of the banking industry. Banks and functions have been around for centuries now. Some of the banks have been around longer than others. Perhaps customers trust their banks to keep their money safe and safeguard their information.
While banks have always had large amounts of personal and financial information about their customers, today, all of that data has become easily accessible to anyone who has permission to access it. The growth of financial technology has led to many innovations and changes over the past few decades, like wire transfers, credit/debit cards, online banking, and mobile payments. Banks have had to upgrade their systems to accommodate these changes and transform their processes to ensure continued security when implementing new technology. Protecting sensitive information and implementing security measures to prevent attacks carried out by cybercriminals, including phishing and malware attempts, are also essential nowadays.
Banking regulations are constantly changing according to the requirements imposed by modern banking systems. Banks are legally responsible for keeping customer data safe and protecting it from cyberattacks or unauthorized access. In this article, we will see how modern banks and financial services companies ensure that they fulfill this responsibility.
Data Security Best Practices for Banks
To secure sensitive data, banks must follow a 360 degrees approach to ensure that a data breach does not occur internally or externally. This implies securing both the customer-facing end of banking processes and the internal processes related to employees, vendors, systems and processes. Following are some of how this is done.
1. Authentication
Authentication requires that every transaction in the bank takes place after confirming the identity of the person initiating the transaction. This applies to the customers logging in to online or mobile banking systems, those visiting the bank in person, or those using credit/debit cards at POS terminals and ATMs. It also applies to bank employees accessing customers’ and banks’ data. While earlier authentication simply required an ID and a password or PIN, many banks have now implemented two-factor and multi-factor authentication to ensure that the person is actually who they claim to be. Banks also use biometric authentication techniques to verify customers’ identity, including behavioral biometrics, when they interact with banking systems like IV.
2. Audit Trails
A history of banking transactions was always available as a statement or passbook. Additionally, banking systems maintain an audit trail for every event that occurs during a customer’s interaction with the systems. Whether it is a customer using phone banking or online banking, the time of the interaction is recorded along with the details of the interaction. This data is backed up daily and is never purged completely but archived at defined time intervals.
3. Secure Infrastructure
Secure infrastructure implies the database systems and servers where data is stored and the boundaries established to secure these. Production data is usually encrypted in any core banking system. If required for testing, important data like bank account number, customer name, and address must be masked. Access to production systems is restricted. Vendors who deal with infrastructure are generally different from those who deal with applications. Bank employees are usually given special equipment where access to social websites, personal emails, and USB ports is blocked. Employees can only access the banks’ network over a VPN.
4. Secure Processes
Banks have established many processes to ensure that security is implemented and tested. This includes KYC (Know Your Customer) updates for customers, NDA (Non-disclosure agreement) for employees and vendors, and securing special zones within the premises and remote data centers.
With Data Loss Prevention (DLP) solutions, banks can mitigate insider threats and safeguard customers’ personal data like names and credit card numbers. Processes related to global and local regulations are also implemented, and risk assessments are carried out to ensure these processes align with the requirements.
5. Continuous Communication
While multiple communication channels are available, the set-up is flexible to cater to customers’ convenience. Banks also communicate regularly with consumers on upgrades to systems, the introduction of new authentication procedures, etc., in addition to the periodic account statements that are generated and sent to customers. Customers can also set limits and alerts based on different conditions to ensure that they are informed if any unexpected activity takes place concerning their accounts. Thus, banks work round the clock to ensure that they do everything that needs to be done to secure their data.