As financial technology (Fintech) has become increasingly ubiquitous in our everyday financial activities, the need for data security across platforms has risen dramatically.
Fintech firms must protect sensitive, personal data and privacy for their clients, and improve their control over this data. At the same time, these companies have to balance security needs with their customers’ and employees’ needs for convenience to deliver easy, frictionless experiences.
In this webinar recap blog, we’ll cover the following topics:
- How security impacts your CX strategy, and
- Ways to balance both across your communication channels, with a focus on maintaining security while navigating a cloud migration
Psst – This blog is a recap of our webinar: How to deliver a great CX without sacrificing communications security. If you’d rather watch a webinar, you can check it out.
This blog is a recap of a webinar!
Would you rather watch the webinar? Check our the recording of “How to deliver a great CX without sacrificing communications security.”
Now, back to our regularly scheduled programming.
Current risks and challenges facing the finance industry
Some security challenges facing the finance industry include a rising amount of ransomware, fraudulent calls/spoofing, botnets & DoS, and “the human element”–employees who are vulnerable to phishing or smishing attempts and can unintentionally allow hackers into your core systems.
To combat this, security must become everyone’s responsibility – not just your IT department’s. Data protection and privacy is a table stake concern for securing customer business in the financial industry.
It’s the expectation that when organizations build applications that have privacy and security protocols in place, they are taking the right steps to protect their customers. If there is a significant data breach and trust is lost, 80% of consumers report that they would defect and find a new provider.
Aside from customer impact, security breaches can also have a significant financial impact. According to LexisNexis, “The cost of fraud for U.S. financial services and lending firms has increased between 6.7% and 9.9% compared with before the pandemic. Every $1 of fraud loss now costs U.S. financial services firms $4.00, compared to $3.25 in 2019 and $3.64 in 2020.”
With these potential costs, it’s no surprise that in a survey of 2,650 risk management experts, 44% reported cyber incidents as one of the top risks facing businesses today.
However, you can’t prioritize security at the expense of all else. In an ideal world, security is assumed by the customer but never seen. In the real world, it’s important to keep the impact of security on business interactions in balance. Seventy-four percent of customers expect more from brands, not only in their products and services but also in how they treat their customers. They desire a frictionless CX and will take their business elsewhere if they face too many impediments.
So how can you protect customers AND the customer experience when Fintech security & privacy is so challenging?
The three-step security framework for your communications
You need a framework to address security and strike the right balance of security and UX for a seamless customer experience. This framework can be boiled down to 3 steps: Prevention, Detection, and Response.
- Prevention
Find the right measures to protect the various aspects of your platform, to the degree necessary for the type of information you process.
It can be beneficial to seek out third parties and AI automation that can help you build out your security measures.
You also need to balance user convenience with the level of security necessary. In some cases, there are ways to get up to ultra-grade security without unnecessarily impacting your users. One method you could use is the Zero Trust security approach.
Zero Trust assumes that you can’t trust any person or any space to be secure, and must continuously authenticate and validate your users. For example, using two-factor or multi-factor authentication after an initial level of authorization. You can also target these additional authorizations for more ‘risky’ services, such as large money transfers.
With Zero Trust, it’s important to remember that you can’t trust an individual just because they passed one level of authentication. Experts recommend that you should continuously validate that they are who they say they are and are on a secure device. And just because you know who someone is, doesn’t mean they need access to everything.
- Detection
Hackers are always evolving their methods; your security protocols need to evolve too so you can catch vulnerabilities or breaches fast. There are different threats to be aware of in the communications space, such as phishing and smishing (phishing via SMS), so it can be beneficial to partner with a vendor who is a specialist in threats specific to the industry.
At Bandwidth, we’ve become experts in telecom. We know the different vectors and attack paths hackers may come in through. We understand what those weaknesses are, how they can be taken advantage of, and have developed a resilient, secure network to protect critical communications against these threats.
It’s helpful to be able to lean on your vendors to better understand the threats you’re faced with, and how to catch them early. For example, we’ve seen significant growth in smishing attempts which can be automated and very aggressive. It can be difficult to track these, so it’s important to know what to look for ahead of time – you don’t want to be setting up detection measures in the middle of an attack.
- Response
Experts agree the best way to reduce the impact of a data breach is to respond quickly and effectively. You can be ready for the worst with an incident response plan.
Here are some key elements to consider when building your incident response plan:
- Run drills and get your team prepped.
- Know your stakeholders and who needs to be aware vs. involved.
- Have an internal and external communication plan. In an effort to be transparent with customers sometimes you can overshare, which can help hackers.
- Your goal is to contain the incident to prevent further damage before moving into eradication and recovery.
- Always end with lessons learned. There’s a lot of follow-up needed after a breach to learn and grow. Your security measures will grow stronger and better for it.
Moving to the cloud
Today, many organizations manage their telecom with on-prem systems designed with specific firewalls, SBCs, and interconnects. While it may feel more secure to manage your telecommunications in-house, these systems could be vulnerable to attack. These specialized systems have significant administrative and maintenance needs and can be difficult to keep updated against the latest fraud mechanisms and security issues–especially if telecommunications isn’t your team’s core competency. Yikes.
In comparison, with cloud providers, you’re able to outsource non-core competencies to the expert. You can trust that your communication platforms will be protected against new and emerging threats from a specialized provider. You can also reduce the surface area and complexity of your cybersecurity to support risk reduction goals. In addition, you can promote resiliency and security with built-in redundancy and failover.
By moving to the cloud, you can end up with a higher level of resiliency, security, and redundancy and unlock your ability to scale.
How to maintain security & reliability during a cloud migration
Here are some best practices for maintaining security & reliability during a cloud migration:
- Plan for your cloud migration
- Test up front (and do it interactively with the provider!)
- Monitor performance
- Validate cloud security
- Assure compliance
- Ensure data portability and interoperability
Improving the Customer Experience
Users desire convenience, but trust and feelings of security are key parts of the customer experience. Unfortunately, these can lead to competing requirements when building your platform so you must strike a balance that works best for your customers.
No matter the mix, you’ll want to find a balance that achieves the following:
- Consistent user experience
- Robust cyber security monitoring
- Tailored authentication methods
- Regionally appropriate and globally minded data storage and retention practices
- Privacy-forward processes and policies
If you choose a vendor to help manage your telecommunications with security in mind, it can give you more bandwidth to focus on what truly differentiates your business: customer experience. By outsourcing your non-core competencies, your development team can focus more on building an accessible and intuitive UX while relying on vendors for guidance around authentication, threat detection, and (if applicable) global compliance.
Wrapping it all up
If you’d like to build a best-in-class brand experience, it’s important to integrate customer needs and desires across convenience, security, and privacy.
Start by building a communication security & privacy framework that works best for your business. You can leverage vendors and partners to layer security features throughout communication channels, and make sure you have robust prevention and detection measures. Don’t forget to include these resources in your response plan.
Minimize friction by making use of technological advances that enable you to authenticate more securely, without your customer even noticing (ex. facial recognition, voice biometrics). Consolidate your security tech stack to reduce complexity, and create consistency across the user experience.
Finally, make exceptional customer experience your core competency. Give your development team the room to focus on differentiators that will make you stand out in the market, instead of security measures you can outsource with the experts.