“Alexa, how secure are my digital financial services?”

Big banks and financial companies are further enhancing their digital services through virtual personal assistants (VPA), such as Amazon’s Alexa, Apple’s Siri, and Google’s Assistant. Customers in the UK and the US, as well as in more than five countries in Asia-Pacific, can now check their balances, pay bills, and in some cases even send money with voice-activated commands.

More countries and digital services are set to follow. Yet while this enhances the digital offerings of banks and makes sense from the standpoint of a competitive edge, the ability to undertake sensitive financial tasks through a smart speaker, such as the Amazon Echo that connects to Alexa, raises data privacy and security issues.

Sharing sensitive personal data

Asking Siri to play a song or Google for a restaurant recommendation is one thing, but it’s another issue when it comes to sharing sensitive personal data. VPAs and smart speakers are developing technologies, and using them for financial tasks offers another possible entry point for cybercriminals.

At present, Amazon and Google dominate the smart home virtual assistant market and provide open-platform systems that make them well suited to utility needs. Alexa and the Google Assistant can each control more than 5,000 smart home devices from thousands of brands, and the number of supported languages and features offered is continually expanding. Gartner forecasts that, by the end of 2020, end-user spending on VPA-enabled wireless speakers will reach $2.1 billion.

Maintaining the trust in data privacy

The challenge for banks is not to squander one of their most valuable assets in the rush for a competitive advantage. Historically, the banking business is built on trust: even as customers increasingly open up to data-driven digital and mobile services, they want to be assured that personal data will be protected.

WBC a must for ultimate cybersecurity

The most fundamental critical aspects of a comprehensive cybersecurity strategy for digital services is to protect the source code of the banking programs and ensure secure communication with the back end, including the encryption.

White box cryptography (WBC) is an essential technology when it comes to minimizing security risks for open devices. Devices have to be secured to avoid being analyzed or rooted. WBC enables operation to be performed securely without revealing any portion of confidential information. Without WBC, attackers could easily grab cryptographic keys, used for making payments from memory, or intercept critical information.

In addition, a holistic approach ensures that the environment in which an app is running is also secure. For example, apps must be prevented from being copied or cloned from one device to another. Digital fingerprint touch ID technology can help identify if their quest is coming from the original device and that the device is in a secure operating state.

Cybersecurity for life

Fundamental to the security approach is lifecycle management. In addition to protective measures on the devices themselves, an extra security component is provided on the server side to ensure the app is comprehensively managed over its lifecycle. For example, this ensures that updates are installed safely, and customer credentials securely managed.

The desire of banks to be front-runners in providing powerful, new attractive digital financial services needs to be carefully balanced against the need to ensure the security of those services, as well as data privacy. While digital banking services may ensure a competitive edge, banks need to maintain the trust that has been fundamental to the success of their business model.

Only a holistic strategy and a well-integrated approach to cybersecurity across all devices will convince customers to continue to trust financial service providers in this age of digital disruption.

Published: 19/05/2020