Financial Institutions Need a Can-Do Attitude

 “Don’t mistake activity with achievement.”
– John Wooden, former UCLA basketball coach and 10-time NCAA Basketball Champion

Target, Neiman Marcus and Michaels recently compromised sensitive customer data to hackers, joining Facebook, Gmail, Twitter, and Yahoo!. And those are the ones made public.

Financial institutions (FIs) aren’t safe either: Global Payments (processor for Visa and MasterCard), Bank of America, Citibank, JP Morgan, and Fidelity National Information Services all suffered data breaches recently. Hundreds of millions of dollars stolen and boatloads of personal data exposed to criminals.

Companies, especially FIs, are not doing enough to safeguard sensitive information. FIs scramble to buttress their systems to thwart attacks, while criminals easily elude the safeguards.

If you shop online your information could already be on a hacker’s hard drive, waiting to be bundled and sold to another criminal, making you vulnerable to identity theft and other crimes.

The protection plans offered by credit card companies and FIs do provide additional protection. But, it isn’t enough, and why would consumers pay for safeguards that should be provided automatically? Especially when the “safeguards” aren’t really all that safe.

EMV (Eurocard, MasterCard, Visa) (covered on this blog) would be a step in the right direction, erecting additional layers of protection between FIs and hackers. EMV has been adopted by most of the world, but not in the U.S.

EMV replaces the magnetic strip on cards with a microchip used for authentication and  encrypts the information during the transaction, making it more difficult for thieves and card skimmers to steal. Security is further bolstered when used with a PIN or signature. It is by no means a panacea.

Retina scans and fingerprints could also thwart criminals. Those systems require expensive investment in hardware and new software to support them. FIs and their customers should implement anything that makes it more difficult for hackers.

Dual-factor authentication (2FA) is another, more feasible, option. It adds another level to the standard password login. The FI would send a code via text message to one’s mobile phone, which then is entered by the user to execute the transaction.

Ninety-one percent of Americans already have a mobile phone, according to Pew Research. Convenience alone makes 2FA via text message a logical solution.

Sending out text message codes would require investment in software, but the cost would be meager compared to implementing a scanner or other hardware solution. Twitter, Google and Facebook already support 2FA as an option at login. It should be made mandatory.

2FA has been around for decades but never took hold. If a mobile phone was compromised though, it would carry frightening ramifications. And transactions are still susceptible to Trojan horses, Man-in-the-Middle attacks, and other malware. In fact, all computers are vulnerable to these types of attacks.

Tokens like RSA’s SecurID, 1Password, Toopher, YubiKey and the like that provide one-time passwords have weak points as well, which can serve as gateways for criminals. If breached, they would expose all users’ passwords at once. Not good, and hardly safe.

So what’s the answer?

Disappointingly there isn’t one that ensures total protection in all situations. Hackers are clever and will continue to exploit weaknesses in any, and every, system.

2FA is easy to implement with current technology and is a formidable additional security layer.

Coach Wooden said, “Do not let what you cannot do interfere with what you can do.” FIs need to heed this advice.

About David Sutton: David has a BA in economics and a MS in business journalism, and his articles have appeared on and in the Boston Business Journal. David has had a bank account since he was three.

What We’re Reading: Fewer Data Breaches, M&As and Social

Below are interesting stories the staff has been reading over the past week. What have you been reading? Let us know in the comments section below or Tweet @bankingdotcom.


  • Data Losses Overall Are Up, But Bank Data Breaches Are Fewer: Report

American Banker

A report released by KPMG on Tuesday finds that globally, there’s been a 40% increase in the number of publicly disclosed data loss incidents in the past two years. However, financial services firms have seen an 80% decrease in number of incidents in the past five years. The improvement is a result of effort on the industry’s part, Greg Bell, global and Americas service leader for information protection at KPMG says; “Financial services organizations have done a much better job at defending themselves from cyberattack,” he says.

Read more

  • JPM Plans ‘Organic’ Growth Through Technology, Job Cuts

American Banker

JPMorgan Chase, the country’s largest bank, on Tuesday convened its top executives to discuss its growth strategies. A major component: cutting a net 17,000 jobs over the next two years. But more notable than the job cuts, composed largely of planned attrition in JPMorgan’s consumer bank and about 15,000 cuts in its mortgage operations, was the bank’s resigned attitude about boosting business while waiting for interest rates, regulatory pressures and the overall economy to improve.

Read more

  • What Banks Need To Know About Vendor M&As

Bank Systems & Technology

The recent Fiserv/Open Solutions and FIS/mFoundry deals suggest that the banking industry is going through another wave of vendor consolidation. In 2009, within IDC Financial Insights’ FinTech 100, we lost only two vendors through acquisition. Last year, the number doubled again to eight. The main reason continues to be that companies must increase scale in order to make money in such a competitive environment. Vendors have realized that they need to figure out how to grow organically, acquire competing or complimentary solutions, or become an acquisition target themselves.

Read more

  • Intuit Founder: ‘Success Makes Companies Stupid’

Business Insider

Intuit’s founder, Scott Cook, believes that success can actually be dangerous to the company. At a seminar with Harvard Business School faculty, he said that “Success is a powerful thing, it tends to make companies stupid, and they become less and less innovative.” According to Harvard Business School Working Knowledge, Cook argues that companies need to adopt the lean startup model pioneered by Eric Ries. That means “launching as quickly as possible with a “minimum viable product,” a bare-bones creation that includes just enough features to allow for useful feedback from early adopters. The company then releases a quick succession of product upgrades, forming hypotheses and conducting experiments with each new version along the way.”

Read more

  • Seven Killer Apps All Small Business Owners Should Add to Their Everyday Operation

Business 2 Community

If you don’t already know about Mint, you’ll be glad you do now. A subsidiary of Intuit (the makers of TurboTax and Quicken) Mint is a free web-based tool that manages your personal finances, provides an in-depth look at all of your expenses, and even helps set budgetary goals to help you stay on track. By organizing all of your expenses, you can keep a close eye on every penny you spend on business supplies, gas, food, utilities, etc. When your budget is limited, it’s certainly important to stay on top of your finances in order to reach your goals

Read more

  • As Financial Firms Go Social: The Key Is Integration

Actiance provides a customizable platform Socialite that firms can use to monitor social media as it is used by its advisors, and ensure that it’s compliant. “Companies are starting to realize that doing social media is not a point product,” Actiance CEO Kailash Ambwani said when asked about his expectations for 2013. “It’s something that needs to be integrated into the firm’s enterprise platform. And it requires resources, overseeing and management.”

Read more

  • It Was A Wonderful Life: How Banks Can Revive Their Reputations

Fast Company

The banks’ Financial Trust Index remained stagnant at 28 percent for December 2012. In other words, three out of four Americans don’t trust their financial institutions. That’s a far cry from the days when public confidence sat at 75 percent–a figure that stood for more than three decades after Clarence got his wings. More specifically, Ernst & Young’s Global Consumer Banking Survey 2012 finds that the number of consumers planning to change banks grew 5 percent last year; that customers with only one bank (also known as brand loyalty) fell 10 percent last year; and that customers with three or more banks are up 11 percent from 2011.

Read more

  • The Future Of Mobile Banking Fueled By Smartphone Cameras

The Financial Brand

The impetus for financial institutions to provide mobile remote deposit capture and mobile photo bill pay is growing. A full 58% of iPhone users finding mobile deposit desirable, and 42% of mobile bankers say they’d like to use photo bill pay. Currently, 40% of all consumers and 66% of mobile bankers find mobile RDC desirable. Another 15% want it but their financial institution doesn’t offer it. This according to a report from Javelin Strategy & Research, who also says that 64% of the top 25 retail banks in the U.S. are now offering mobile deposit.

Read more

  • Card Networks Take On Plastic With Mobile Platforms

Wall Street Journal

The world’s largest payments networks are angling to capture more electronic transactions by eliminating plastic from the equation. Visa Inc. and MasterCard Inc. on Monday unveiled industry partnerships and technology systems intended to make it easier for consumers to make purchases online, on mobile devices and in physical stores without having to pull out a credit or debit card. MasterCard said its new MasterPass platform will allow cardholders to store their card information in a single software program that can be used to make payments through merchants who sign up for their service.

Read more