The financial sector – just like many others – is in the midst of a digital transformation. On the one hand, this brings a great deal of opportunities as it allows for the creation of innovative services such as mobile phone banking. Yet, the move to digital also brings a number of challenges that might jeopardize the sector’s trusted relationship with its customers. Cyberattacks, which are becoming increasingly complex and powerful, are one concrete example.
Since there is a lot at stake, TRU-BLISS investigated how banks can better cope with security threats in the digital era – both operationally, technically and legally.
“As banks bring their digital innovations to market, they are forced to make a continuous trade-off between introducing user-friendly products and applying strict security measures,” says Patrick Wynant (Febelfin). “We wanted to investigate which security measures are being used by financial institutions already, evaluate their effectiveness, and support banks to work together to face upcoming cybersecurity threats.”
Fraud incidents are becoming increasingly complex, and are no longer isolated to a single bank’s activities. What is needed, is an interbank collaboration model that enables the timely and secure exchange of information – with guaranteed confidentiality.
“We basically looked at two approaches,” says Nathan Van de Velde (iMinds - KU Leuven). “On the one hand, we laid the legal foundation for a platform that includes the exchange of personal data to share info on fraud incidents; for this approach, we’re currently ascertaining whether there is political backing for the proposed platform. The other path we explored makes use of an existing platform that does not leverage personal data; here, we restricted ourselves to conducting a platform audit.”
As a second legal research track, a requirements document has been developed that helps financial institutions assess the impact of – and prepare for – upcoming legislative changes in the digital domain. Examples of such legislative changes include the General Data Protection Regulation (GDPR) framework (which intends to strengthen and unify data protection for individuals within the European Union), the updated Directive on Payment Services (which provides the legal foundation for the creation of an EU-wide single market for payments) and the updated Anti-Money Laundering (AML) directive.
Since the Internet is one of the main vehicles to get access to financial institutions’ digital services, TRU-BLISS analyzed and developed a number of security metrics for safer web-based communications, including: