17 June 2019

Securing digital

Security is a key aspect of digitalisation, with millions of dollars being spent on ensuring the cyber resilience of new products. As a constantly evolving process embedded into product development, cyber security is one of the key factors in ensuring smooth digitalisation.

HSBC’s Diane Reyes said: “Hundreds of millions if not billions of dollars are going towards cyber security,” emphasizing that safety-testing is a key component of product rollout.

As digitalisation becomes the norm, financial compliance standards developed by various stakeholders are becoming more stringent and it is common practice for banks such as HSBC to go beyond compliance to ensure security best practice in product rollout by including both mandatory and optional security components.

Technology such as biometrics, tokenisation, digital IDs and private cloud-based systems1 are introduced to ensure cyber security, which means that in real terms, the level of security checks that banks and payment gateways have for digital transactions are far higher than traditional banking practices. “We’ve invested in biometrics. In 2018, we rolled out facial identification in our digital product offering, in our channel offering, in 40 markets,” Reyes said.

However, optimal security is reliant on more than technology. Rahul Tyagi, Co-Founder, Lucideus, said: “Cyber resilience is reliant on proactively securing process, people and technology,” pointing out that human error or user behaviour is a crucial component of securing processes.

Secure processes include ensuring compliance with various types of protocols. Financial institutions comply with multiple regulatory and mandatory requirements instituted by various stakeholders. Payments Card Industry Data Security Standards (PCI DSS) are developed and employed to ensure security.

Tyagi recommended regular security audits as part of the process to keep transactions secure.

Keeping up with emerging security technology is the other key area. As newer technologies are introduced, organisations need to build them into their systems. Regular updates of software need to be made part of an internal process, Tyagi said.

However, it is seen that while payment security remains a step ahead of threats, human error can lead to breaches. Commonly encountered attempts at breaching corporate treasuries demonstrate the importance of cyber security drills and resilience to phishing phone calls and emails.

Nadya Hijazi, Global Head of Digital, Global Liquidity and Cash Management, HSBC, said that hackers tend to rely on the human factor rather than dealing with complex security technology. The most predominant form of hacking attacks is persuading key users to reply to an email seemingly from the CEO, sharing critical details. Targeted phishing attacks remain the number one concern of IT security decision makers2.

The importance of security drills cannot be overemphasised. Statistics show significant reduction in fraud and attempted attacks when organisations have include regular safety training on simple points such as not sharing OTPs, following security protocol while responding to emails, or sharing mobile devices.

Being truly cyber secure is a combination of compliance with best practice, updated technology and informed users.

1https://www.ey.com/Publication/vwLUAssets/EY-treasury-management-systems-overview-june-2018/$FILE/EY-treasury-management-systems-overview.pdf

2https://www.cyberark.com/resource/cyberark-global-advanced-threat-landscape-report-2018/

This information is not intended as an offer or solicitation of the purchase or sale of any instrument referred to herein abroad or within the country. Should you wish to undertake transactions in any instrument, please refer to your local sales contact at HSBC.

There may be cross border restrictions to undertake any of the products or services contained within the information here. The information provided here is by no means to analyse these restrictions and make a recommendation and is purely for informative purposes. All kinds of transactions shall be subject to business conduct of HSBC Bank A.Ş. and compliance to local legislation. No information in this document is provided by HSBC for the purpose of offering, cross border marketing and sale by any means of any banking services outside of Republic of Turkey.

You are leaving the HSBC Commercial Banking website.

Please be aware that the external site policies will differ from our website terms and conditions and privacy policy. The next site will open in a new browser window or tab.

You are leaving the HSBC Commercial Banking website.

Please be aware that the external site policies will differ from our website terms and conditions and privacy policy. The next site will open in a new browser window or tab.