One of the most important challenges the European Banking is facing is the compliance with the PSD2 regulatory framework
We would like to share this interview conducted by IT Digital Security to Jesús Rodríguez, CEO of REALSEC, regarding the Financial Cybersecurity special issue.
Banking and financial services are now digital, mobile and increasingly customer-geared. At the security level, what challenges do you think the financial sector is facing?
Indeed, at the moment, we are witnessing important changes in Banking, of which most are determined by digital transformation processes. Among these, we highlight the emergence of financial technology companies or Fintechs, which relying on digital technology, are offering a wide variety of innovative services for the consumer, at a lower cost.
Faced with this situation, given the cost and time to fulfill their digital transformation, some financial institutions, being unprepared to compete, are choosing to reach agreements with these new financial actors and in some cases, to participate in shareholding.
With regard to challenges, in my opinion, one of the most important challenges facing European Banking, at the moment, is to comply with the PSD2 regulatory framework, which establishes the obligation to share and make the data of their customers available to these new financial tecnological actors, as well as protect and prevent the impersonation of the operations and transactions carried out by them. Therefore, forcing financial institutions to establish SCA (Strong Customer Authentication) robust authentication systems and procedures.
In Spain, compliance with this new regulatory framework must be effective, as established by the Bank of Spain, at the end of this year.
Banking also has other important challenges to face, such as extracting more value from their data, fighting fraud, or increasingly sophisticated cyberattacks which are faced every day.
How ready is the financial sector to adopt appropriate security measures?
Spanish banking has always been committed to security and, in many cases, has been a pioneer in the definition of the policies and security procedures and measures necessary to avoid the risks inherent in its business operations.
In my opinion, it has broad knowledge in terms of logical and digital security, as well as sufficient capacity to be able to adopt and implement any type of measure, whether or not determined by the regulations to which it is subject.
Do you think employees and customers are being trained to securely adopt new financial banking environments?
More than train, I believe that Banking is informing its customer users to take certain measures to avoid the potential risks of fraud or cybercrime when they operate with Digital Banking.
From there on, Banking cannot control what users do nor follow their recommendations and take the recommended steps.
The situation is similar to having a plated security door at home but leaving the key in the keyhole.
What impact does regulatory compliance of regulations like PSD2 have on this market?
In the case of the PSD2 European regulations, compliance has a high cost to Banking because it is obliged to develop the necessary APIS to make its customers’ data available to third parties. This is the new concept of OPEN BANKING.
In addition, as I stated above, financial institutions are required to implement robust authentication solutions (SCA) to avoid the risks of phishing in transactions made by their customers.
Such robust authentication solutions use keys that should be generated and custodied on cryptographic devices (HSM or hardware security module) to provide the authentication process with the highest guarantees of security and trust.
So far, many financial institutions have chosen to save the situation by sending an SMS message to their customers, with a one-time authentication key, but its high cost for each transaction will lead them without hesitation to implement authentication technological solutions more efficient and less expensive.
What points do you think the financial sector would need to improve?
In terms of security, everything is always improveable, but we can say that the financial sector, in general, is concerned about the high increase in malware, increasingly sophisticated and aimed at mobile banking, as well as the increase in phishing mobile devices.
This requires the incorporation of more efficient and sophisticated tools and solutions for prevention.
Moreover, Banking would have to improve its authentication systems by implementing more robust two-factor or three-factor solutions to achieve greater protection of payment systems in Mobile Banking; while improving data protection systems, keys and certificates and advancing the usability of Blockchain technology for certain business processes.
What is your proposal to protect the financial sector?
REALSEC, as a developer of hardware-based encryption systems (HSM), has several solutions to protect banking operations and methods of payment.
One of our most implanted solutions in Banking is our HSM financial and for payments “Cryptosec-BANKING”. It is an HSM that incorporates complex cryptographic functions and commands, defined for Universal Banking by the PCI Consortium (VISA and MASTERCARD) and that have been developed using standard symmetric and asymmetric encryption algorithms. These commands protect banking transactions and provide a secure environment at the methods of payment level.
Cryptosec-BANKING features include: the generation, validation and verification of the PIN codes of the credit and debit cards, competence as a card authorizer center, authentication functions, message generation, tokenization, etc.
REALSEC, has other cryptographic hardware-based solutions to strengthen robust authentication systems (SCA), centrally manage and protect keys and certificates, encrypt data and files, or strengthen new platforms for Blockchain.