Digital Transformation: A Risky Proposition?

Retail banks are having a hard time. They know digital transformation is necessary, but they are faced with competing priorities and concerns about risk. After all, large changes traditionally come with their own set of risks.

But what exactly are those risks? While working alongside our clients, we have seen common risk themes developing. To help equip other digital transformation leaders, we highlight three key threats to retail banks in the digital transformation landscape.

The Threat of Open Banking

Naturally, any area of banking over which you have limited control invites risk. With open banking initiatives and open APIs, customers are afforded greater convenience in sharing their financial data with other financial institutions and third parties. They can easily transfer funds, compare products and switch financial institutions, among other things. Overall, this not only provides them with a better banking experience, but it also allows customers and third parties to execute direct transactions without going through the bank.

This exposes a risk challenge for traditional banks that are still working on how to best handle these open standards. Tied to outdated processes and lagging legacy systems, these banks do not have the means to prepare for, detect or respond to security threats stemming from open APIs. Often the aggregated transaction, balance and payments data are often housed in third-party providers’ infrastructure. Given the sheer multitude of providers and the various choices each has for storing and securing customer data, confidence in the safety of that data is low at best.

Then, there’s customer behavior surrounding these open standards, which banks also cannot control. For example, a customer may download and use a third-party app to help manage his finances, which means giving the app access to his account. As others have called out, such as in an article by PTP, this creates a security gap. Unbeknownst to the customer, the third-party app may be malicious in nature and use the permissions the customer has provided to steal his funds. An ill-equipped bank may not be able to identify this activity as fraudulent.

Money Is Being Laundered Through the Crowd

As the digital revolution marches forward, criminals continue to come up with more complex, and increasingly deceptive, ways of committing fraud. Transaction platforms that previously raised no fraudulent suspicions are now being used to move money internationally. One key example of this behavior are crowdfunding platforms. And while the JOBS Act provided ample opportunity for growth companies to seek funding from “the crowd,” without a slew of regulations halting their progress, it also introduced a financial vehicle for bad actors on both sides of the crowdfunding equation—scammers, fake investors and terrorists, among others.

Here’s how it works: The crowdfunding campaigns, whether public or private, are presented as legitimate business transactions, while behind the scenes there are illicit dealings. The laxer regulations of crowdfunding, enacted by the JOBS Act, enable these bad actors to integrate their nefarious activities into the financial system.

Case in point, an illegal drug transaction is set up by a narcotics distributor that owns an enterprise entity. Installed as a legitimate business, the distributor creates a crowdfunding campaign for what appears to be “real” products. A bad actor, posing as an investor, who is knowledgeable of what is really being sold, “invests” in the campaign. The exchange occurs, with the distributor receiving the funds and the “investor” receiving the products (narcotics). For appearance sake, the fake investor also receives equity, but this is of course part of the overall sham.

Similarly, crowdfunding can be used to fund terrorism. In this case, a seemingly legitimate company is installed as an honorable entity, such as a charity. Under the guise of lending aid to a worthy cause, participating investors in effect funneling money abroad to terrorist organizations. In the financial system, this would be present as an acceptable set of transactions, and not raise any concerns.

Legacy Systems Are Hindering Transformation

The last threat concerns an aspect that is already within the bank: legacy systems. Beyond the cost of maintaining these technology burdens— usually three-fourths of a bank’s IT spend, according to Celent research—they hinder progress to digital transformation.

Modern capabilities require modern technology. Outdated infrastructure simply cannot keep up with, not to mention replace, the specialized knowledge required of IT personnel. As these knowledge workers retire, so do their skills and experience with legacy systems.

These systems were not built to handle the complex applications and services of today’s digital landscape. For example, big data is a big ask for older mainframes that is not built to handle the sheer volume and types of structured and unstructured data points. They struggle to capture, store and analyze this data to the degree bank leaders need them to.

The typical response is to patch or upgrade the system, but attempting to mimic the standard capabilities of modern, cloud-based infrastructure through this approach is both costly and dangerous. For one thing, patching adds further complexity to an already convoluted technology ecosystem, increasing maintenance costs and the chance of system failure.

There are many such stories over the past few years. Notoriously, the Royal Bank of Scotland experienced a massive system failure in 2012 that left customers without bank services for weeks. Why? Because of a failed upgrade to its batch processing system. As if that wasn’t bad enough, RBS experienced another failure the very next year, leaving customers without key banking services for Cyber Monday.

That’s not the only notable example. The CEO of British bank TSB was forced to step down after migration issues while switching from a legacy IT system. A number of customers reported being locked out of their accounts, while others reported having access to strangers’ bank accounts.

These are just three risk examples but each presents significant threats to banks and their customers. Bank leaders will need to seek out solutions, such as Feedzai, that safeguard their digital transformation efforts and protect their operations and customers. Secure, frictionless customer experience and transactions are the key.

To learn more about the digital transformation in banking, and the risks that go along with it, download our ebook here.

 

RELATED:

The Digital Transformation Puzzle: No more shying away from technology

Subscribe to stay infomed