Every company is a technology company, regardless of what product or service it provides.
In this age of digital transformation no company can make, deliver or market its products efficiently without technology. Financial services organizations are not exempt – in order to survive this transformation, banks have no option but to increase their digital presences to improve online interactions with customers.
However, every single connected customer touch-point presents a risk of cyber attack and this has resulted in billions of dollars in fraud losses. With IT security teams doing anything they can to mitigate the risk, this has typically meant owning and managing an expensive glut of ineffective security tools, often combined with ineffective service provider countermeasures. It also leads to a clunky end user experience, often alienating customers.
Banks have had no choice but to accept the fallout from malware’s ability to continually evade endpoint protection. The financial liability often rests with the financial services organizations themselves, who end up playing an unwitting middleman, refunding money stolen from customer accounts. This happens despite the fact that the offending theft may have taken place because of weaknesses in the endpoint security employed by the customer.
It is not just financial drain. It also impacts bank security teams who are often overwhelmed trying to manage a plethora of layered solutions and threat data to protect core banking systems, while they’re also trying to ensure compliance with stringent regulations. From a customer point of view, fighting off cyber attacks often impacts user experience. Modern banks are obsessed with an agile development process to increase and improve the number of connected touchpoints they have with customers. But a frictionless experience is paramount – it can all be ruined if security becomes a nuisance in the eye of the customer. Brands are damaged, retention costs increase and customers lose faith in their institutions, potentially even switching to competitors.
The problem is commonly acknowledged and banks are seeking to shift the onus away from the weak points, the consumer devices. This new school of thought accepts that fighting the battle on millions of disparate devices is a losing game.
Instead, as with many technical solutions today the focus is shifting to the cloud. While malware cannot be stopped from installing, its activities can be rendered useless. Being able to block malware techniques from intercepting a transaction means that, even though the malware is present on an endpoint, bank logon credentials and other vital account information will never leave the individual session. This is something some of the largest organizations in the space are starting to embrace.
Any organization that has a web application that deals with sensitive information or is used for sensitive transactions needs to include all aspects of the web threat environment into the security and anti-fraud strategy. This is full transaction stack protection (FTSP), and it uniquely includes these key elements in a unified solution:
1 Protecting the website from direct attacks on the infrastructure, frameworks, and application logic
2 Protecting the users from endpoint and browser-based malware such as keyloggers and banking Trojans
3 Protecting the communications from service disruption through distributed denial-of-service (DDoS) attacks
4 Incorporating anti-fraud intelligence into the defense to protect transactions
Expanding an organization’s security strategy to include all participants – internal and external – and all layers – from infrastructure to application – is the only way to truly address threats to the web application. Furthermore, augmenting the security strategy with anti-fraud monitoring provides full transaction stack protection, dramatically reducing technical risk as well as business fraud.
This is the space in which Trusted Knight’s Protector Air solution operates. It provides full transaction stack protection – meaning every digital asset that forms a point of interaction for an online banking user is secured from banking malware. This approach is a whole new way of thinking for financial services companies, reducing attacks on customers, decreasing inbound complaints for fraud teams and protecting brand reputation.
This unique approach works across all platforms to ensure every interaction a customer has with his/her bank is secure, with five key advantages:
- Agentless protection: Seamless for bank teams to implement, it can be deployed in a matter of minutes. Just as importantly, customers are not required to download or install any software, thereby preserving the user experience.
- Platform independence: Being based in the cloud means Protector Air is completely platform agnostic. Customers can be using any OS, on any device – mobile or desktop, and security teams any web infrastructure.
- Web application protection: Threats hosted on the web front end are neutralized, removing an attack vector for users.
- Transaction fraud protection: Security of the full transaction stack dramatically reduces fraud.