Helping protect financial services clients against cybercrime
Cybercrime was a key topic of discussion at the recent Financial Technology & Research Centre (FT&RC) Empowering Advice Through Technology 2020 event in London.
The subject arose in several sessions, in particular in respect of the passing of personal, financial and sensitive information between providers, advice firms and their clients.
Ian McKenna, Managing Director of FT&RC opened the debate by saying: “The FBI say that cyber criminals are deliberately targeting financial services firms. They reckon that has increased by over 100% in the last year. Given that these criminals are operating all over the world, if you think they are only going to target the US, then you need to think again.”
Given the potential size of people’s pension pots and investment portfolios they are going to be prime targets for criminals, in particular now that we have pensions freedoms which can make it possible for fraudsters to syphon entire pension pots and make off with the lot.
Pension providers, savings and investment companies, platforms, and financial advice firms – amongst others – are going to have to be especially vigilant and, importantly, think about how they protect their client data at all times.
Recent figures issued by PIMFA showed that fraud and cybercrime accounted for over 50% of all reported crime committed in the UK – note, that is ‘reported’ crime.
It is no wonder, Ian McKenna pointed out, that over 60% of the FCA’s business plan for 2020 was focussed on cybercrime. Likewise, the Information Commissioners Office (ICO) is focussing on firms where “significant risk” exists, “which is going to be within financial services firms.”
Risk to financial services
As part of the conference, myself and Paul Holland, CEO and founder of cyber security specialist Beyond Encryption, were on stage to talk about the dangers of cybercrime for the financial services sector, particularly with regard to financial advice, where cybercrime has been raised as one of the top concerns in 2020.
Keeping client data safe within a financial services firm is not the problem. There are systems in place, protocols and firewalls, etc, to do that. Rather, it is in the passing of information, often personal and confidential in nature, between client, adviser, platforms and providers, i.e. where the information moves outside of a company’s security systems, which invariably is the weak point that cyber criminals can exploit.
Emails are a weak area that cannot be overlooked. And yet, so much sensitive, financial and personal information is still passed between companies and clients either within the body of an email or as an attachment. Yet sending an email is like sending a postcard through the post – it can be easily read and altered. We hear too many stories about emails being intercepted and data stolen and then used to commit cybercrime. Personal data accessed in this way can be used to scam payments and commit identity fraud, sending of false invoices, requests for passwords and carrying out malware attacks being just a few examples.
Paul Holland flagged the example where conveyancing solicitors’ emails asking clients for final payment on property sales have been intercepted and the bank account details changed. The client sends the money but it is never received by the solicitor because it has been syphoned off.
The risks to businesses can be huge. Not only could they be subject to public censure, fines and costs but it can be highly damaging brand reputation and to consumer trust in the business.
Financial services companies have greater regulatory and compliance obligations, particularly under GDPR, MIFID II and the recently introduced Senior Managers and Certification Regime (SM&CR) legislation, which make the individual accountable for decisions in the firm. In this regulatory environment, deploying email security into any organisation is vital to reduce business and senior management risk as well as to build and maintain trust with clients.
The same applies for B2B companies. Which would give you more confidence that a company is handling your data and that of your clients’ in a secure and responsible manner, the one where its emails are secured or one with non-secured emails?
With firms able to be fined heavily for data breaches, and as cybercriminals become ever more sophisticated in their methods, we believe protecting client data will be an even greater focus for financial services companies in 2020, with businesses of all sizes looking to greater protect their email communications.
Origo has worked with Beyond Encryption to launch a new secure email messaging system, Unipass Mailock, for financial advisers, investment and savings platforms, providers and consumers. It enables users to securely communicate sensitive personal, financial, medical or policy information to their clients efficiently and securely – using military-grade encryption and unique identity authentication capabilities – safe in the knowledge that only the intended recipient can read and reply to the message.
We are making the solution available to over 45,000 financial advisers already using the Unipass Identity service, as well as millions of consumers. By de-risking the industry’s communications our aim is to help protect consumer data as well as business reputations.
I’m also delighted to say that Unipass Mailock picked up the ‘Best in Class’ award at the FT&RC technology conference.
Find out more about Unipass Mailock >