A look at cyber risk trends in financial services

Cyber risk trends in financial services are often cited in the media. Cyber incidents are growing at high double-digit percentages (or more) year-on-year. And the business of insuring cyber risks appears to be growing even faster. Banks and insurers are subject to ever more cyber-oriented regulation that ranges from identifying required controls to more specific regulatory technical standards or reporting requirements. Among these challenges a competing objective is to maintain or enhance customer experience while applying the required controls.

Looking more closely at some of these trends provides further insight. Especially in financial services, social media has emerged as a source of attack. And attacks directed at people have increased—for example, by obtaining credentials through deception—and may exceed those such as network-directed attacks, per Chubb Cyber Index.

So-called “outside-in” analysis of business exposure to cyber risks has also emerged in the past few years with a number of vendors providing risk estimates for a business based on information that can be sourced or detected on the internet.

Trends in cyber risk underwriting

More widespread cybercrime reporting—including the publication of crime indices and the emergence of incident-reporting standards—is improving the potential for more robust actuarial analysis of cyber risks and therefore more accurate pricing of coverage. Some insurance and reinsurance market participants have started to develop deeper competencies in cyber risk underwriting. In the future, greater industry-wide sharing of anonymized security and incident data might help in this space.

Coverage of cyber risk will likely continue to increase (in terms of volume of written policies) and may become more widely accessible—and not just in the enterprise market, but perhaps for small businesses and individuals, as well. The prerequisites for obtaining coverage or improving rates or terms may mature over time. While independent or self-assessments are often required for both coverage and for general risk reporting, insurers may move to offering deeper guidance on risk management. Indeed, insurance may also be offered in partnership with vendors who have these insights.

How Microsoft is investing in solutions for cybersecurity

Microsoft is working on ways to help financial services customers keep ahead on cybersecurity, whether by reducing cyber risk or by reducing the effort required to manage this risk on an ongoing basis. Below are several examples of our cybersecurity investments.

• Microsoft has licensed the Unified Compliance Framework (UCF), which Microsoft customers can access through the Microsoft Common Controls Hub. This allows financial institutions to de-duplicate and assess the risk controls implied by more than 800 laws and standards and to map these to controls applied in, for example, the Azure platform.
• We recently provided blueprints for running common financial services workloads in the cloud that observe Federal Financial Institutions Examination Council (FFIEC) compliance—including listing security control implementation mappings and a responsibility matrix. Similar blueprints are provided for Payment Card Industry Data Security Standard (PCI DSS) compliance.
• We see identity management as a key pillar of cyber risk management. For many years we have been helping our customers implement hybrid identity solutions for employees with Azure AD and to view attack information and manage risk policies using Advanced Threat Protection. More recently we have been helping insurers and banks implement Azure Active Directory B2B and B2C with threat protection for their partner/intermediary and customer facing solutions. We’ve also helped secure API access using these technologies in open banking scenarios in line with the second Payment Services Directive (PSD2) Secure Customer Authentication (SCA) standard.
• As we describe in a recent post, Microsoft Services has used the Azure platform and AI features to help with the detection of various types of fraud detection in real-time in mobile banking scenarios. While we are not alone among technology vendors in using AI in our threat protection solutions, this example shows how banks can use the power of AI to secure their custom applications. Some of our customers are also starting to investigate how to use the cloud and AI more broadly for fraud hubs, which bring together activity, log, and transactional information from disparate systems in real-time for insights into financial crimes as well as customer behavior.

In addition to our efforts in these specific areas, Microsoft Services teams work with banks and insurers around the world to plan cybersecurity initiatives, improve management of security operations, and to recover business operations as the result of a compromise.

• Find out more about our perspective on the future of cybersecurity and identity in banking.
• Hear what our experts have to say on using innovative technologies to fight financial crime.

The post Keeping ahead of cybersecurity challenges in financial services appeared first on Microsoft Industry Blogs.

New technology-enabled customer experiences have tended to achieve greater customer adoption in emerging markets, where new entrants have been able to identify opportunities to meet entirely unfulfilled needs or leapfrog legacy financial services offers. In markets with very mature financial services—such as the UK, where the regulatory environment leans heavily toward simplifying and encouraging account switching—the actual number of customers switching to new digital banks (some with great digital customer experiences) has not been as high as one might expect. Celent offers some interesting research on this very point.

Some of the most successful implementations represent a novel approach to risk management, whether in terms of leveraging technology to simplify customer experience that might otherwise have included more tedious onboarding, origination, or other steps; or by using technology as part of managing the actual product or service risk (e.g., credit risk or fraud risk).

Improvements from innovations in managing identity and KYC risks

Consider the following examples of managing identity and know-your-customer (KYC)-type risks in a way that improves customer experience:

• Document verification. Banks and insurers are incorporating document verification technology, including facial verification, into their apps and services to optimize initial onboarding processes that requires identity and sometimes address-verification steps. An example of this is the technology provided by Onfido* that scans and checks identity documents from many countries, matches a selfie to a document, and performs other required background checks by means of an API.
• Identity verification. To reduce identity verification risk, banks have also used behavioral biometrics technology such as that from Microsoft partner Biocatch. Biocatch tracks behavioral patterns during login, form completion, and other activities to identify possible fraud in a unique way without intruding on the customer experience by adding additional anti-fraud steps.
• AI-based application log analytics. Microsoft Enterprise Services is working with customers to build artificial intelligence (AI) models that review application log files representing customer activity in internet- and app-based banking services along with transaction information. The objective is to improve fraud detection by modelling the use of features available in their custom applications.
• New technologies for user authentication. Microsoft Enterprise Services is also working with a number of banking customers to implement Strong Customer Authentication (SCA) for PSD2 as described in the European Banking Authority’s Regulatory Technical Standard. With the help of identity technologies available on Azure, the aim is to achieve a seamless yet secure experience for bank customers consuming services from third parties (such as fintechs) by invoking the bank’s own app to validate the user identity through multi-factor authentication when required. Microsoft’s identity technologies can also open the path to securing subsequent customer communications—for example, an email confirmation of a new account just opened—using capabilities provided by Azure Information Protection.

In each of the above cases, customer experience is improved through improved fraud detection as well as the reduced incidence of annoying false positives.

Improvements from innovations in risk evaluation or management

Better customer experiences also result from innovations in evaluating or managing financial risks. The following scenarios illuminate the possibilities:

• Credit risk scoring. Credit risk scoring—and, in particular, so-called “thin-file” scoring that works with limited customer data—has seen significant innovation. Solutions such as MyBucks Haraka and Tala use mobile device usage patterns (including how apps are used) with a customer’s permission to judge risk and to offer small and mid-sized loans to those who might struggle to access traditional financial services. These solutions have transformed the customer experience of accessing a loan for hundreds of thousands of individuals and entrepreneurs in sub-Saharan Africa.And in the UK, Microsoft partner AdviceRobo has developed psychographic credit scoring that can also solve the problem of thin credit file decisions in a different and innovative way. Applicants answer a series of online questions that are scored by a continuously updated model. The score is used as one of the determinants in deciding to grant credit. Their analysis shows that this method of credit scoring improves acceptance rates without increasing average default rates.

• Payment initiation. Apart from well-documented major e-wallet solutions that may provide a more secure method of presenting a card for a transaction, there are various simple solutions that enhance usability while retaining security. For example, PayKey* gives banks the ability to include payment initiation services in popular chat interfaces while still managing the delivery of the service from the bank’s own app.
• Account-to-account payments. Innovative approaches to account-to-account payments—particularly in areas where new instant payment schemes have launched or are launching— have also seen success. In the US, participants in the Zelle instant payments scheme have incorporated new customer-friendly payments experiences in their banking apps, resulting in significant uptake to a degree that compares favorably to established peer-to-peer payments vendors. Australia may see similar innovation with the arrival of the NPP instant payments scheme and its associated tokenization technology, which allows payments to be directed to email addresses or cell phone numbers to make for an easier customer experience and reduced risk through disclosure of banking details. And in India, participating banks have experienced remarkable success with the IMPS instant mobile payments scheme, which delivers a simple, user-friendly experience based on some of the same principles.

Innovative approaches to managing various types of risk are at the heart of some of the most exciting developments in enhancing customer experience in financial services. Financial services organizations interested in envisioning the best new customer experiences may benefit from including multiple risk disciplines in their teams from the outset and considering case studies such as the above as they generate their next round of ideas.

*Disclosure: Microsoft Ventures is a shareholder in Onfido.  Paykey was part of the Microsoft Accelerator program.

For more insights and findings, download Microsoft’s The Future Banking Ecosystem ebook.

The post Customer experience management in banking: the risk perspective appeared first on Microsoft Industry Blogs.

The fast-changing payments landscape

Beyond providing real-time capabilities, some payment infrastructure initiatives are also introducing new features such as managing the addressing of payments to customers using identifiers like cell phone numbers or email addresses. Over time, consumer payment instructions may increasingly originate from new sources such as the interfaces organizations are implementing to support open banking. 

These initiatives are also expected to place new demands on complementary business capabilities such as financial crime prevention. In addition, day-to-day IT operations processes in the payments environment are evolving to support not just the move from batch to real-time processing, but also to cover actions like the management of new interfaces and the onboarding of new partners who make use of these interfaces. 

A recent survey (Finextra’s 2017 AI in Payments) has shown that dealing with legacy systems and achieving the agility needed to meet new payment demands rank among the top technology challenges financial institutions face in the payments space. The study indicates that banks may be expending significant effort in roughly equal measure deploying payments solutions from ISVs and developing systems or enhancing existing in-house systems. 

The growing importance of the cloud

It should come as no surprise that the cloud is emerging as a key enabler for these projects. Many major payment solution vendors have announced the availability of their solutions (or plans for their release) on cloud platforms such as Microsoft Azure. One of the primary reasons for this choice is that the cloud delivers capabilities that can be crucial to success in building, integrating, and operating such solutions.

What are some of these capabilities? To begin with, the cloud is ideal for running development environments and enabling DevOps processes, providing the agility required for developing and testing payment solutions.  Further, it also facilitates managing partner API connections and handling the accompanying identity, security and sandbox requirements.  Capabilities such as these are essential to managing interactions with external parties, from payments originated through APIs to payment execution on industry platforms. Microsoft is working with banks today to deliver these capabilities on Microsoft Azure.   

Further, the analytics and artificial intelligence capabilities available in the cloud are useful not just for reporting, but also in areas such as enhancing financial crime detection. And, finally, the sophisticated operations management features of cloud platforms like Azure offer deep insights on the performance and behavior of payments solutions running in real-time. 

In sum, financial institutions are increasingly turning to the specific capabilities and agility of the cloud to transform their payments businesses and corresponding partner ecosystems.

Empowering our customers in financial services to innovate is central to our mission: we understand that transformation can be challenging, but we also believe that it holds incredible promise. Our approach is to leverage technology in novel ways—enabling business agility with the tools that will define the future of banking. As your trusted technology partner, we offer both industry know-how and enterprise-grade solutions. We can help no matter where you are on your digital transformation roadmap.

The post The cloud: a great fit for payments appeared first on Microsoft Industry Blogs.

• Industry consortiums, regulators, consultants and others for whom secure collaboration in the creation of documents, distributed co-working, and conferencing are among the key capabilities that facilitate a fruitful partnership.
• Fintechs that innovate and offer services complementary to a bank’s own when given the chance to interface with bank systems. Several banks have started encouraging these partnerships by facilitating “hackathons” to identify innovative opportunities for leveraging their core banking platforms.
• Market participants in markets where distributed ledger technology (i.e., blockchain) has the potential to define new markets or replace existing exchanges or middlemen.
• Vendors of major assets financed by banks where new devices attached to those assets track their usage patterns and location. Data provided in these scenarios may provide banks greater security over assets and may also enable new financing constructs more closely linked to asset use or value depreciation.

The Microsoft cloud is unique in offering the potential to enable a full range of capabilities to support these banking industry partnership scenarios. Microsoft Services helps banks envision these opportunities and define their roadmap, addressing aspects such as:

• Protecting and reporting the use of information including documents, email, and other content when shared outside the bank’s traditional boundaries and allowing the bank to revoke access to previously shared information when the status of a partnership changes.
• Offering secure well-controlled access to interfaces into their systems using Microsoft cloud API management capabilities in a way that encourages discovery and innovation.
• Accelerating their efforts to enable new partnerships or consortiums using blockchain technologies available on the Microsoft cloud.
• Leveraging Internet of Things (IoT) scenarios with Microsoft cloud technologies that allow the bank and asset vendor to partner in offering new asset-backed financing solutions.

Find out more about Microsoft Services and how we can empower financial institutions and their partners to collaborate and offer differentiated services to their customers.

The post How Microsoft Services helps banks digitally enable new partnerships appeared first on Microsoft Industry Blogs.