Embed Size (px)
Citation preview
BAI Banking Strategies
Executive Report
Banking’s digital transformation
June 2017
In this Issue
The ATM turns 50—and hits a digital crossroads
A vicious cybercycle: Hackers attack, banks react, hackers strike back
Capturing depositors for remote deposit capture
4
8
12
BAI Banking Strategies
Executive Report
BankingStrategies.com
2 3
The ATM turns 50—and hits a digital crossroadsThe ’60s innovation remains a retail banking staple—but a spotty marketing tool. Can the ATM mature into more than a cash dispensary?
A vicious cybercycle: Hackers attack, banks react, hackers strike backHackers now pursue valuable information and wealth from the inside as well as outside. They change tactics and refuse to give up—leaving banks in a race to keep up.
Capturing depositors for remote deposit captureFinancial institutions have been slow to promote RDC. But to bolster small businesses efficiency—and bank bottom lines—it’s more than worth the effort.
Four pillars of payments security, one solution: Welcome to the age of AKB The retail payments market relies on security, yet encryption hasn’t treated four distinct security fundamentals as a whole—until now.
4
12
8
16
Table of Contents
Letter from the Editor
In 1981, Citibank, Chase Manhattan, Chemical and Manufacturers Hanover launched the videotex home banking system. Perhaps it was ahead of its time, as videotex never caught on with consumers. (And fluorescent pink plaid jackets did. Go figure.)
It would take the industry until the middle of the next decade to tap the seeming magic of what was then still a novelty: the Internet. For financial services, this has amounted to nothing less than unlocking the opposite of Pandora’s box. We now deal in the daily realities of peer-to-peer lending, cryptocurrencies, data analytics, artificial intelligence and depositing checks simply by taking a picture of them. If someone spied you snapping such a photo 10 years ago, you might’ve been mistaken for a conceptual artist.
But the art and science of digital banking have brought us to this – and indeed, there is something of a creative bent to it, even if its ultimate expression continues to stump some of banking’s smartest marketers. In “The ATM turns 50—and hits a digital crossroads,” Karen Epper Hoffman shares how for all its staying power, the automatic teller is still largely thought of by consumers as a quickie cash machine.
“Despite their undeniable convenience for cash access and ongoing innovations in screen and back-end technology, ATMs have never quite caught on for marketing purposes,” she writes. And yet, industry
leaders have not given up on new possibilities to reinvent the ATM to serve the dual function of “marketing machine.”
Writer Howard Altman, who follows the cybersecurity beat, describes in sobering detail the one deep trouble digital transformation has unleashed on the banking world. He details a cycle where hackers adopt the very same test-learn-pivot ideology of the high-tech world at large in “A vicious cyber cycle: Hackers attack, banks react, hackers strike back.” Clearly, Altman notes, the financial services sphere has a lot of catching up to do, as hackers now exploit weaknesses from the inside of institutions as well as the outside.
As for the updated picture, if you will, of remote deposit capture, Lauri Giesen explores how this incredibly valuable innovation has more ground to gain among small business customers. “When they don’t promote RDC, banks miss the chance to form value partnerships by selling a service with small business benefits,” Giesen contends in “Capturing depositors for remote deposit capture.”
And on the subject of payments security, we learn that recent breakthroughs have led us to a point where the four crucial facets of security methodology—identification, authentication, authorization and confidentiality—can be addressed as a cogent whole. Priyank Kumar, product manager for Hewlett Packard
Digital’s next stop: The transformation highway
Enterprise Atalla HSM, explains how it works in “Four pillars of payments security, one solution: Welcome to the age of AKB.”
For all the digital transformations that have redefined every facet and aspect of banking, I can scarcely imagine what it will feel like to look back on this time ten years from now and consider how far a new wave of breakthroughs will have taken us. Artificial intelligence will soar to new performance levels. The Internet of Things will become an accepted part of everyone’s lives, customer and bank employee alike. We may even find that our cars do the banking for us, instead us driving to the bank in cars.
Even looking back a year from now strikes me as an exciting prospect. Thrilling even. The comeback of videotex, not so much. Let’s hope that’s as likely as the revival of the mullet.
A veteran journalist who has served with the Chicago Tribune, Reuters Money and U.S. News & World Report, Lou Carlozo is the managing editor of BAI. Connect with him on LinkedIn.
Louis R. Carlozo Managing Editor, BAI [email protected]
BAI Banking Strategies
Executive Report
BankingStrategies.com
4 5
In 1967, Thurgood Marshall became the first black U.S. Supreme Court Justice, Middle East fighting flared with the Six Day War and The Beatles released “Sgt. Pepper’s Lonely Hearts Club Band.”
In fact, less than 30 days after “Sgt. Pepper” hit record stores, another history-book moment took place just 12 miles due north of the Abbey Road studios where the band recorded their watershed album. On June 27, Barclays Bank rolled out the first automated teller machine at its Enfield Town branch.
The poignant question for 2017 could apply just as well to money as music: Is the ATM just a classic of a past age? Or has it matured—make that, is it maturing—into something that occupies an important place in 21st Century banking?
Indeed, banks have added or tested myriad capabilities through ATMs. Among them: scanned check deposit, video chat, personalized marketing pitches, and most recently, cardless withdrawal where customers use smartphones to authenticate themselves and transact. Some even sell stamps.
But in an age, that overwhelmingly prefers email, the stamp perk might say something about one nagging failure to keep pace with the times. That is: Despite their undeniable convenience for cash access and ongoing innovations in screen and back-end technology, ATMs have never quite caught on for marketing purposes.
According to most reports, the number of U.S. bank ATMs sits at about 440,000, and percentage growth is in the low-single digits, according to Troy Cullen, executive vice president and head of ATM banking at U.S. Bancorp. “We’ve seen several different types of ATM marketing experiences in the industry with varying levels of success,” says Cullen. “The challenge
is to be present with our brand but not disrupt the user’s experience.”
Nine times out of ten, customers use ATMs to withdraw cash, Cullen reports. “We run marketing campaigns at our ATMs that allow customers to ask someone to contact them if they’re interested in products or services we highlight,” he adds. “But more often than not, they want to get in and out quickly, and the experience we deliver is sometimes more important to their appreciation of the brand than the ads we run on the screen.”
Nonetheless, bankers agree that while ATMs may not pull their focus the way that the fast-growing mobile channel does (or even declining and changing branches do) the ubiquitous machines still represent “a critical aspect of delivery,” says Justin Dunn, senior vice president for WSFS Bank.
Last year, 13 percent of the $6.8 billion-asset bank’s overall customer interactions took place at one of 450 branch-based or off-premises ATMs, Dunn says. Whether the ATMs directly serve up advertising or marketing for the bank itself, Dunn maintains that they boost brand awareness—especially among prospects and customers from newly obtained institutions as WSFS continues to grow. “We’re seeing more of our acquired customers taking advantage of those off-premises ATMs,” he adds.
And in their simplest form, ATMs extend and expand a bank’s retail footprint, points out Dan Goodman, vice president of global products and solutions for Mastercard. Goodman stresses that consumer research still indicates that two key aspects of ATMs—proximity and presence—remain top criteria when consumers select a bank.
By Karen Epper Hoffman
The ATM turns 50—and hits a digital crossroadsThe ’60s innovation remains a retail banking staple—but a spotty marketing tool. Can the ATM mature into more than a cash dispensary?
BankingStrategies.com
6
The ATM turns 50—and hits a digital crossroads
“Consumers still feel that having an easy, anytime access to cash from their trusted bank brand provides significant peace of mind,” he says. “In a competitive field, where gaining access to consumer deposits is a top bank priority, the ATM can be a significant marketing tool in attracting local customers and their deposits.”
Since 2010, Boston-based Celent LLC has interviewed bankers about their channel preferences, according to Bob Meara, senior analyst and author of Celent’s most recent study, “A Survey of Retail Banking Channel Systems in North America” (released in February 2017). While mobile has skyrocketed in importance—transplanting online access as the most critical delivery method—the ATM has quietly fallen to dead last as a priority, according to bankers.
“I honestly don’t think it has become much of a marketing channel compared to others,” says Meara. “This year, it was all about customer relationship and experience and satisfaction scores.” While mobile and online channels have become more personalized to meet customers’ needs and preferences (and the branch has always been personal), the ATM has moved in fits and starts. It struggles to make a commodity experience more customized; Meara concludes that digital appointment booking through ATMs “never took off.”
There have been some pockets of promise in making ATMs more marketing-friendly. Cullen reports that U.S. Bank “found success [making] the message cause-related.” When disaster strikes in a community, for example, the bank allows customers to contribute money to the Red Cross via ATM.” Past causes have literally run the fire-to-water gamut: from wildfires in the west to the flooding in Louisiana last year.
Nonetheless, the ATM is increasingly taking a supporting role among retail delivery options—“meant to complement our other channels, not replace them,” Cullen says. Meanwhile, the notion of funneling more marketing messages—which might also include coupons or other perks—could mean less speed and convenience.
“Some institutions are starting to run videos on their ATMs,” he notes. That could happen at U.S. Bancorp with its next generation of machines, “but it’s a delicate balance. Customers really don’t want to stand there while the video runs.”
Here’s what they do want, more or less: to take the money and run. Customers expect that after a few seconds, their cash will be dispensed and they’ll get on their way. “It’s similar to watching a video online—the commercial that comes on is fine for the first few seconds but if it doesn’t allow you to skip it, it can be a turnoff because it gets in the way of what you want to do,” Cullen points out. “We aren’t there yet with ATMs.”
That established, it’s not as though a mobile phone or laptop can put cash in your palm, either. Perhaps banks will break the code that allows them to meaningfully market, too; perhaps not. Regardless, this much remains true: As a dispensary of currency and convenience, the ATM after 50 years remains golden.
Karen Epper Hoffman has written about banking and technology issues for nearly a quarter of a century for publications including American Banker, Bloomberg Businessweek and Financial Times’ The Banker. She has also spoken at and moderated panels for industry conferences. She lives in Olympia, Washington.
7
Illuminating the Future of Banking
Register now at BAIBeacon.com
BAI Beacon is a new light in the world of financial services. It’s an immersive, fast-paced, financial services conference backed by respected industry powerhouse BAI. The 1.5-day conference will help you chart a path to revenue growth, evaluate your strategic alternatives, and make smart business decisions.
You’ll be inspired to fully capitalize on trends in innovation, from artificial intelligence, design thinking and customer experience on the front end, to cybersecurity and RegTech on the back end. This is where you’ll connect with thought leaders, collaborate with peers facing similar challenges, and explore solutions from the most relevant FinTech companies and solutions providers in the industry. Let BAI Beacon be your guide forward.
October 4–5 | Georgia World Congress Center, Atlanta
Register by Aug 30 and Save $300
Use code C33
BAI Banking Strategies
Executive Report
BankingStrategies.com
8 9
In banking’s cash-and-coin-only days, robbers walked up to tellers, pulled out a gun and said “stick ’em up.” These days, thieves can just walk up to an ATM, unarmed, and perform a digital variation you could call “stick ’em out.”
Case in point: In April, a man walked up to a Russian bank automated teller machine—which started spitting out money, literally into his hands, without his touching anything.
It was caught on closed circuit video after authorities discovered hackers robbed at least eight ATMs in Russia that way and stole $800,000 in just one night, according to SecurityAffairs.co, citing a Kaspersky Labs report.
Malicious code was injected into the ATM’s memory system. And that’s just the latest way bad guys known as “financial threat actors” electronically rob banks.
In the ceaseless attack-and-response Whack-a-Mole—hack-a-mole, if you prefer—the cycle is speeding up, the threats are getting worse and the response has been less than adequate says FireEye, one of the world’s leading cybersecurity firms.
All this comes at a time when IBM says financial institutions are now the top target of those actors. From both the outside and inside, financial institutions find themselves more under siege because they store both personal identity information and wealth. Trillions of dollars worth.
So more than ever, financial institutions attract unwanted attention from people with the means to crack into their electronic systems that store and disseminate all their data.
As quickly as banks can react, the financial threat actors become rapid reactors. The cycle, says one expert, is driven by banks acting to shore up their defenses.
“The attackers don’t evolve unless they have to,” says John Miller, FireEye’s manager of threat intelligence. A recent FireEye study shows that there “has been a marked acceleration of both the aggressiveness and sophistication of cyberattacks.”
Defensive capabilities “have been slow to evolve and respond.” And most victims and those working to protect them “are still lacking fundamental security controls and capabilities to either prevent breaches or to minimize the damages and consequences of an inevitable compromise.”
Sophisticated raiders
When it comes to being targeted by cybercriminals, the financial services industry is now the top victim, leapfrogging healthcare and manufacturing according to a recent study by IBM Managed Security Services, “Security Trends in the Finance Industry.”
Increasingly, the financial threat actors are going for the wealth, not merely the data, says IBM.
“Hacking groups that target financial institutions are now focusing more on financial gain rather than on digital sabotage,” according to IBM.
It is difficult to keep up.
“Attackers are more sophisticated than ever before,” according to a recent report on cybercrime trends by FireEye. “State-sponsored actors continue to set a high bar for sophisticated cyberattacks, but some financial threat actors have caught up—making them difficult to detect, and challenging to investigate and remediate.”By Howard Altman
A vicious cybercycle:
Hackers attack, banks react, hackers strike backHackers now pursue valuable information and wealth from the inside as well as outside. They change tactics and refuse to give up—leaving banks in a race to keep up.
BAI Banking Strategies
Executive Report
BankingStrategies.com
10 11
Howard Altman covers the military and national security for the Tampa Bay Times. He has won more than 50 journalism awards and his work has appeared in the New York Times, Daily Beast, Philadelphia magazine, the Philadelphia Inquirer, New York Observer, Newsday and many other publications around the world.
A vicious cybercycle: Hackers attack, banks react, hackers strike back
A lethal command injection
To achieve their goals, financial threat actors have deployed new versions of well-known techniques to rob the financial sector. The main culprit, according to IBM, can be found in attacks called SQLi and OS CMDi—two mysterious-sounding acronyms that belong to a spy-worthy, stealthy series of processes known as command injection. These attacks get into an information system, bore through security and take over various system aspects.
Attacks of this type were responsible for almost half of those suffered by IBM’s financial services clients, “perhaps the most popular attack vectors within this sector because these vulnerabilities provide attackers with the ability to read, modify and destroy sensitive data.”
Like a castle under siege, the financial services sector has responded to cyberattacks by building a moat and lifting the drawbridge—controlling access to systems and the authentication to use them, according to IBM.
Banks have invested heavily in such measures, say cybersecurity experts.
But the bad guys “are always one step ahead,” said Brian White of the RedOwl cybersecurity firm, pointing to the example of “sandboxing” as just one instance.
Sandboxing is a method for detecting malware before it enters the system. The bad guys, said White, countered by writing even more sophisticated malware that would detect if it was being placed in the sandbox.
Much like the white hats in the high-tech world, “They are always going to be iterating and innovating,” White said.
Clearwater, Florida-based cybersecurity expert Stu Sjouwerman, who runs the KnowBe4 cybersecurity firm, agrees. In the past, companies have used techniques such as whitelisting or “gateway security” to prevent infections by letting known good files run, blocking bad or unknown files, Sjouwerman says.
But the marauding hordes of cyberattackers have found ways to get around that. IBM says that subverting those controls has become the second-most popular form of attack on financial services firms.
When the inside is the dark side
The castle isn’t only under siege from the outside— but the inside as well.
The “Subvert Access Control” attack—essentially opening the drawbridge—comes from “insiders to gain control of end systems,” according to IBM.
“Insider threat is emerging as a key risk” for the financial services industry, White notes. “They’ve done a great job shoring up external attack service, so employees and contractors and others with legitimate access often may be a weak link.”
The insiders aren’t necessarily doing the damage themselves but letting the bad guys inside to do the dirty work.
Sieging cyber crooks can get inside the castle because they find legitimate access from an
“Insider threat is emerging as a key risk” for the financial services industry. “They’ve done a great job shoring up external attack service, so employees and contractors and others with legitimate access often may be a weak link.”Brian White, RedOwl cybersecurity firm
illegitimate source—the “dark web,” where anonymity reigns. “We did report with a threat intelligence company that discovered people selling credentials on the dark web,” White says.
Once bad actors have legitimate credentials to access a system, they can “masquerade around the network as a privileged legitimate employee.” To counter that, White suggests banks need “better systems to detect individuals” who may be more likely to go rouge from the inside.
“Banks have realized that security comes down to individuals now,” he said. “So, there’s a need to monitor individuals—and that requires precision analytics and deep expertise. But that is ultimately needed to enhance overall security as you move forward.”
Financial institutions need to step up their game, says FireEye.
“Sophisticated intelligence integration, automation, and threat hunting should be the end-state goal,” according to the findings of its Mandiant M-Trends cybersecurity report for 2017.
If only it were as simple as looking for a smoking gun—or for that matter, any kind of gun.
BAI Banking Strategies
Executive Report
BankingStrategies.com
12 13
Financial institutions have been slow to promote RDC. But to bolster small businesses efficiency—and bank bottom lines—it’s more than worth the effort.
John Leekley likes to vacation at a remote cabin in Upstate New York’s Adirondack Mountains. But as CEO of RemoteDepositCapture.com, he always looks out for how different businesses handle their payments. This may not be as much fun as spotting a black-billed cuckoo in the local woods. But it still gives him cause for pause.
Like: When he spotted the owner of the 16-cabin resort accepting a lot of checks, he asked him how he handled those checks. The owner replied that he bundles them for deposit when he visits the nearest branch of his bank—80 miles away.
Leekley asked why he didn’t use RDC and instantly send the checks electronically rather than make the hefty trek. The man’s answer was simple: Nobody had ever told him that he could.
Black-billed or otherwise, it’s enough to drive a banking entrepreneur cuckoo. Yet Leekley says he’s more or less used to it. A lot of banks don’t promote RDC to the small businesses that often need it most.
“To push the needle on RDC volume, banks need to step up their game,” Leekley contends. “Today, any business that accepts checks is a candidate for RDC.”
And therein lies the problem: Small businesses need RDC, but banks acknowledge there’s room for improvement in getting the word out.
“While we’re seeing significant interest and growth in small businesses moving toward the use of digital channels, only about 15 percent of checks are deposited using RDC, so there is a long way to go,” says Amir Madjlessi, executive vice president and managing director of business banking for Santander Bank N.A.
By Lauri Giesen
Capturing depositors for remote deposit capture
And when they don’t promote RDC, banks miss the chance to form value partnerships by selling a service with small businesses benefits.
Why is this? “A lot of financial institutions feel a disintermediation with small businesses,” Leekley says. “But this could be a way for banks to show that they care about them by offering solutions that matter.”
Donna Stundon, senior product manager of check clearing receipts in global transaction services for Bank of America, Merrill Lynch, agrees that RDC offers partnership opportunities.
“With small businesses, it’s important to really listen to them and find out what their needs are,” Stundon says. More efficient use of time, for example, is often an issue. “So instead of shutting down their business to make a trip to a bank branch, they can remain at their workplace and use RDC to make their deposits.”
Strengthening relationships with small businesses is particularly important since many now turn to FinTechs—not banks—to meet their payment needs.
“Businesses have the ability to get help in the open market today from companies such as Square or Amazon,” says David Peterson, CEO of i7strategies. When that happens, banks not only lose fee income but also the role of business finance expert.
So how can banks leverage RDC in their marketing? For starters, it’s about speed: as in faster check deposits. How fast? Some banks allow customers to scan and deposit a check via smartphone in less than 60 seconds. By comparison, that makes even the shortest teller line look like a slog.
BAI Banking Strategies
Executive Report
BankingStrategies.com
14
That kind of velocity also means quick funds availability. “We have found that 99 percent of checks sent through RDC clear the same day or next day,” Leekley says. “That’s even better than automated clearing house, which can take up to two to three days.”
Adds Madjlessi: “Small businesses are cash-flow sensitive and funds availability is an important feature to them. Banks offering faster funds availability with RDC, versus branch and ATM deposits, may see a greater appetite for this service.”
As for the cost, RDC is a far cry from the pre-iPhone days when businesses needed a significant stream of checks to justify buying a desktop scanner.
“Mobile is great for customers who have just one to two checks a month,” Stundon says. “It’s more cost effective and very convenient since it feeds directly into their online banking programs. Using mobile deposits, business owners can see the deposit immediately go into their account. The transparency is great for managing cash flow.”
What’s more, businesses with technicians or sales representatives in the field can have them accept and send checks directly to the bank. And an unlimited number of employees can utilize it, “so long as their bank’s mobile app has the necessary entitlements to manage who uses RDC, and offers controls such as limits and audits,” Madjlessi says.
That said, promoting RDC will take some creativity on the part of banks. Bank of America is running demonstrations of RDC in select branches in New York and Massachusetts. “Customers can see the whole process and how it works,” Stundon says. “It’s very helpful for taking away the fear people may have of depositing their funds in a different way.”
Lauri Giesen has spent more than 25 years writing about banking technology and payments for numerous business and financial publications. In the 1990s, she founded and edited Financial Service Online, a magazine covering Internet-based forays into banking and investment services.
Capturing depositors for remote deposit capture
15
Helpful for customers in BofA’s case has meant helpful for the bottom line. In 2015, the bank had a promotion that offered free scanners to businesses who signed up for RDC. That year, account use shot up 350 percent.
Santander launched a small-business friendly app for mobile deposits last July. “Business customers often have more checks to deposit and may need higher deposit limits than consumers,” Madjlessi says. Santandar is also tailoring business limits to meet specific, individual needs, and more changes may be on the way.
“Right now, we’re still in a listening mode,” he says. “We’re seeing that some clients are looking for cutting-edge features such as the ability to batch deposits and link more advanced fraud solutions.”
Ultimately, if banks are to succeed in selling RDC, they may need to rethink how they price it: “Banks often nickel and dime their customers in pricing this,” says Peterson.
Instead of charging separate fees for every individual service, Peterson suggests banks analyze each customer account and assign higher costs for expensive services and give credits for “good behaviors” that lower bank costs or increase revenue. That would add up to a bundled fee that more accurately reflects the value of the relationship—and make the overall RDC proposition more attractive to businesses.
At the very least, it would mean far fewer 80 mile drives for the Adirondack Mountain resort owners of the world. Time after all is money, too—and gas isn’t exactly cheap, either.
BAI Banking Strategies
Executive Report
BankingStrategies.com
16 17
By Priyank Kumar
In this ever-growing, evolving world of security, encryption and cryptography play important roles by protecting users from the bad guys. While attacks on poorly designed applications are more common, a more sophisticated attack is designed to exploit the weakest link in the chain or algorithm that protects it. To constantly protect from the threats of data breaches, newer and stronger algorithms are needed that also strengthen the chain as a whole. To that end, security methodology fundamentals rely on four key pillars:
Multiple advancements have taken place within each pillar. Yet the methodologies or designs only saw them as unique, separate entities—and continued advancement in each point as standalone. Organizations focused on one without treating the four as part of a complete solution yet in reality, these key pillars are interrelated and should be treated as such.
Four pillars of payments security, one solution:
Welcome to the age of AKB
Authentication (integrity)
Authorization (privilege)
Confidentiality (encryption)
The retail payments market relies on security, yet encryption hasn’t treated four distinct security fundamentals as a whole—until now.
The non-cash retail payment market relies on security. The algorithm’s journey from data encryption (DES) to Triple Data Encryption (TDEA or 3DES) in the early 2000s paralleled the National Institute of Standards and Technology’s approval of and recommendation for organizations to adopt the stronger algorithm. The ease of CPU processing and quantum computing now brings 3DES encryption into question; NIST’s currently recommends migration to Advanced Encryption Standard (AES)—an even stronger algorithm.
Along with the encryption algorithms, further strengthening of security measures resulted from the introduction of the Initialization Vector (IV), which ensures no repetition in the encrypted data (cipher text). IV greatly reduces the ability to detect a pattern and thus disables the possibility of deciphering the cipher text. Thus, the race began to solve the current algorithm problem, while introducing newer weaknesses and a new problem to solve. Yet the race neglected how to address the four key pillars as a whole rather than part by part. Thus, the requirement arose for additional foolproof digital fencing: logical and physical controls.
The middleman cuts in, but AKB holds the key
As the industry looked to address the four key pillars, man-in-the-middle attacks (MiTM) remained a potential problem in cryptography and encryption. MiTM attacks exploit the weakest point in the chain. Not having a strong relationship between the encryption key and its designed attribute (encryption, decryption, exportability, etc.) meant that an interceptor (MiTM) could change the behavior of the outcome.
The Payment Card Industry (PCI) Security Standards Council released a bulletin in March 2017 for PCI PIN
Identification (who)
BAI Banking Strategies
Executive Report
BankingStrategies.com
Four pillars of payments security, one solution: Welcome to the age of AKB
Priyank Kumar is product manager, Hewlett Packard Enterprise Atalla HSM.
18 19
Popular BAI Banking Strategies Articles
Generation B: Millennials and the resurgence of branch bankingAs though on cue, millennials shake off all attempts at pigeonholing by making the most of mobile tech and in-person branch experiences.
Higher interest in higher rates: Opening eyes as Fed rates rise‘Substantial penalty for early withdrawal’ has scared off consumers. Now’s the time to calm fears, create change and spread the good news.
Podcast: Banking and the Internet of Things On this episode, we’re joined by Chris Skinner to discuss the latest revolutions around the Internet of Things.
Can community-based banks pass the millennial graduate test?Even with student loan debt and stagnant wages, they’ll soon be a trillion-dollar force—and smart community banks can meet their needs.
Small business, big attraction: Can small business banking be personal?Banks still puzzle over how to glean revenue from this significant segment. But robust relationships can generate real returns.
1
2
3
4
5
Podcast: The pillars of financial services innovationOn this episode, we discuss the key attributes of successful FinTech innovation.
Start your analytic engines: Unsupervised analysis catches true credit risks, tightens cybersecurityToo much caution hamstrings an organization, leading to poor credit decisions and added risk of AML and cybersecurity-related attacks.
The rules of deregulation: How banks can make the most of a Dodd-Frank repealThe regulatory act was meant to shield consumers, but it is deregulated banks that, if they so choose, can help customers much more.
Three tactics to best utilize data and behavioral analyticsBeyond the conventional wealth banks possess, mined data represents a truly rich resource.
Podcast: The rise of the mobile-only bankOn this episode, we discuss Starling Bank, the first mobile-only banking platform in the U.K., and the nimbleness of FinTech companies leading to new opportunities for challenger banks.
6
7
8
9
10
Security Requirement 18-3. It provides a revised plan to implement managed structures (called key blocks) to address the individuality of the four pillars. This requires organizations to consider the pillars as a whole—and not individual items. A specification, published in ANSI X9 TR-31, defines the AES key-wrap process, also commonly known as ANSI Key Block (AKB).
AKB was the first market-specified published key block that resolved this by hard binding the key with the intended attributes along with the integrity to ensure that the cipher text hasn’t been modified.
The AKB brings two important features. The key is protected by using the approved key bundling standard requirements, thus greatly reducing MiTM attacks. Additionally, key usage attributes are securely bound to the key itself. This prevents misuse of the key type or its intended use. For example, the key is identified as an encryption key—so it can’t be used to decrypt data or for key exportability.
With payments disruption and an emerging landscape questioning the status quo—along with increasing non-bank competition such as the Internet of Things, mobile wallets, gift cards and fleet cards brought by commercialization—a greater need exists to ensure the payment market is well protected, while fostering growth and innovation. AKB’s adoption by the regulatory bodies such as PCI will unite the four key pillars into a cogent whole.
The AKB brings two important features. The key is protected by using the approved key bundling standard requirements, thus greatly reducing MiTM attacks. Additionally, key usage attributes are securely bound to the key itself.
©2017 BAI. All Rights Reserved. 06/17
Past IssuesFind all BAI Banking Strategies Executive Reports and ongoing retail banking editorial coverage at BankingStrategies.com.
Upcoming Issues
May 2017 Marketing that rises above the noise
October 2016 Evolution of the branch
December 2016 A look ahead to U.S. retail banking in 2017
January 2017 The changing face of fraud in a digital age
February 2017 Payments on the march
April 2017 Navigating the compliance curve
July 2017 FinTech: From Disrupter to Partner
August 2017 The Case for Community Banking
