In banking, apps and security must mix
The app economy creates many security challenges, but financial institutions simply cannot ignore the need for banking apps.
In the application economy, there is a clear need to balance openness and security. Organizations working to provide the best, most competitive services possible need to quickly deliver feature-rich apps that constantly evolve to address emerging needs and to simply work better. Inevitably, this means opening up IT systems that have previously been kept locked down behind the enterprise firewall. And this means increasing the risk of unauthorized access.
For some organizations, the urgency of opening up to the app economy is so great that it far outweighs the risks involved. Witness the API security mistakes certain high-profile companies have made. But in sectors where IT systems are especially sensitive―healthcare and banking, for example—the risk may initially seem too great. Can these organizations adopt new security technologies strong and specialized enough to make the benefits outweigh the risks?
Some might argue they cannot. But in reality, this attitude won’t cut it. The fact is that, for many organizations in these sectors, ignoring the app economy is just not an option.
I recently argued that, for the healthcare sector, finding ways to secure the kind of digital connectivity associated with apps, APIs and the Internet of Things could not be shied away from. In healthcare, digital transformation can save lives. True, insecure digital technologies could (and have) put lives at risk. But that doesn’t mean potentially life-saving opportunities should be ignored. It just makes finding appropriate security solutions an urgent priority.
This may seem to be less relevant in banking where apps provide greater convenience, rather than saving lives. In terms of competitiveness, banks surely do feel that committing to digital strategies is absolutely essential. We live in an age where people see the quality of a bank’s app as a major differentiator. But for others, banks and apps simply don’t mix. Last month, the headline of a Bloomberg article provocatively argued just that.
In fact, this article digs deeper into the risks of digital transformation in banking than you might expect from its headline. It explores how Swift―the leading global system for financial messaging―offers software developer kits (SDKs) which enable the creation of apps that can interact with the Swift network and how this open approach may have been inadvertently aided in some major cyber-heists.
The Bloomberg article manages to vividly portray the myriad subtle ways in which a world of SDKs, APIs and third-party apps can negatively impact banking security. Nevertheless, it is simply not possible for today’s banks to avoid these key enablers of the app economy. Just look at the EU’s revised Payment Services Directive (PSD2), which will standardize regulations for digital payments, with a focus on customer-centric digital transformation.
In effect, PSD2 will require European banks to open up to the app economy and share data with third parties. Crucially though, it will require them to do so securely. Digital transformation and cyber security both pose major challenges for banks, particularly when taken together. But neither can be ignored or approached half-heartedly―for competitiveness, customer service or regulatory compliance.
There are two crucial steps that banks will have to take in order to effectively address these challenges. The first is a change of attitude―stop seeing cyber security as merely something that shuts down the bad guys and think of it as something that opens up a wealth of new business opportunities. Second, invest in technologies, like API security and advanced authentication that, at their core, exist to enable this attitude.