Thoroughly Explore the Security Framework of a Digital Banking Vendor
The sophistication of fraudsters and other cybercriminals requires that your financial institution (FI) ask very direct questions of prospective digital banking vendors. Because security is such an important investment and an FI’s reputation can be deeply tarnished if infiltrated, detailed vendor responses are required to assess detection and prevention capabilities.
Q2 not only will provide some of the questions to ask, but also offer a few thoughts on beneficial newer security technologies in this fourth blog in our series to help FIs prepare for an RFP.
The onus is on the FI to deliver top security
The majority of consumers believe an FI is responsible for protecting payments and personal information, and 50% of them said in a poll by nCipher that they’d lose trust in their FI if it didn’t seem in control of data security. Could any FI expect to recover from a loss of confidence—and potential loss of account holders—of this percentage?
Business account holders are even more concerned given the always-present threat of check fraud and their uncertainty of Same Day ACH and RTP (real-time payments) security. Too often, vendors tackle these threats with what can be best described as a piecemeal approach.
A more unified technology solution can play a decisive role authenticating and verifying payment senders, payment recipients, and transaction amounts from origination to receipt. This means automation and risk scoring aided by analytics will be more critical to transaction risk management.
Preventing fraud requires real-time response
Innovative prevention and detection technology and techniques are required to prevent fraud in digital banking, and seasoned security experts need to be in place at any vendor your FI reviews.
Increasingly, these security experts will be data scientists who are effectively using machine learning to home in on anomalies in transaction and deposit activity and root out illegal activity in real or near-real time.
Another evolving technology that will play a greater role in fraud prevention is visual learning – essentially, machine learning applied to recognize visual patterns and call out likely fraud perpetration. This will play an important role in preventing check fraud conducted through mobile RDC (mRDC).
Fraudsters have become more adept at producing near-perfect counterfeit checks, entering them via mRDC into transaction and business processes, and moving money out of the accounts of consumers and businesses. Right now, there are even forged checks being offered on multiple markets on the dark web.
Blockchain is another innovative technology that can play a role in protecting files from tampering. For example, at Q2 the technology is in place to mitigate breaches in real time and safeguard critical data by fragmenting personally identifiable information across a private, low-latency blockchain network.
Multi-layered security with an innovation focus is what to look for
Besides active monitoring and response, FIs must work with a digital banking vendor that can “out innovate” cybercriminals, staying many steps ahead of their activity—this is especially the case in business lending fraud, which has increased markedly since 2020.
This requires multi-layer security that includes 24x7x365 monitoring and response—and is maintained through active assessment of effectiveness. To get an idea, Q2’s layered approach includes:
- Securing the perimeter, preventing bad actors from reaching internal systems
- Enabling a zero-trust framework to continuously authenticate and authorize access to systems and our network
- Deploying a secure access service edge (SASE) and identifying sensitive data or malware
- Hardening endpoints to secure entry points through which accepted traffic is allowed to enter an FI environment
- Protecting the data layer if a breach occurs, making critical data inaccessible
Five Questions to Ask
Here are five important questions to ask when it comes to security. Asking them will give your FI a better sense of how well-thought-out the vendor’s security approach is.
1. Does your company provide best practices, multilayer security? Provide an in-depth explanation of each layer.
2. To date, what is the amount of investment that your company has made to digital security?
3. Do you actively invest in emerging security technologies and best practices? Provide the cost allocation and where investment dollars are going.
4. Do you have 24x7x365 monitoring and response to possible security breaches?
5. Do you have in-person and intelligent fraud monitoring, particularly in the lending and payments areas?
See other important security questions to ask in our Your Digital Banking RFP Evaluation Guide and Checklist. The last blog – the fifth in our RFP series – will discuss what to ask about when it comes to a digital banking provider’s overall innovation efforts.