Security in Retail Banking (Review Report)
Introduction
Security is a fundamental requirement for all banks as customers expect their investments, personal information and credit details to be secure. Fraud continues to be an issue for retail banks across the world. The majority is currently related to cards and payments, however, identity theft and account breaches are on the rise. As a result, banks are fighting an ongoing battle on all fronts.
Scope
Covers the European and North American retail banking security IT markets Discusses implications and industry dynamics of security IT on retail banking institutions
Highlights
Against a backdrop of tightening regulatory controls, fraudsters' increasingly sophisticated methods, growing commercial losses and concerns about customer retention, banks are being driven to implementing stronger security environments. The number of individuals with access to a bank's internal operations is growing all the time, thus increasing the complexity of ensuring that access is tracked and that customers, staff and contractors alike all have access to what they need, while unfriendly parties are intercepted and access is blocked. While banks need strong security solutions in place to manage individual elements of their operations, it is critical that these are combined with a cohesive security infrastructure that enables them to have a clear view of the threats they are exposed to at any given point in time across the entire enterprise.
Reasons to Purchase
Gain visibility into the dynamics of the retail banking security IT market Gain market insight to assist in your strategic planning and go-to-market strategy
Overview 1
Catalyst 1
Summary 1
Methodology 1
Executive Summary 2
Introduction 2
Facing up to the security challenge in retail banking (Market Focus) 2
Security initiatives in retail banking (Strategy Focus) 2
The role of technology in retail banking security (Technology Focus) 2
Security in Retail Banking (Databook) 3
Table of Contents 4
Table of figures 5
Table of tables 6
Facing up to the security challenge in retail banking (Market Focus) 6
Summary 6
Bank security and fraud are becoming an increasingly high profile issue 7
Anything other than perfect security is a failure... 7
...But banks are facing a barrage of security threats from all sides 8
Negative publicity is a major concern for retail banks... 8
...However, there is no smoke without fire 9
The perception of security differs by channel, but customer reactions are complex 10
The increased level of automation is opening banks up to attacks from across the globe 10
Automation and the internet enables access to bank systems from across the world... 11
... However, automation also enables more effective fraud detection analytics 11
Banks want customers to use direct banking channels 11
However, non-IT based threats remain just as critical 11
Security breaches can happen without any help from fraudsters 12
Gathering sufficient data to commit third party fraud/identity theft does not require IT literacy 12
Customers can unwittingly compromise themselves, being tricked into disclosing security details 12
Internal employees can prove a security hazard, whether intentionally or not 13
Regulations are driving towards formal security standards 13
Regulations are having a direct impact on security initiatives 14
Wider banking regulations will also impact security 15
Security initiatives in retail banking (Strategy Focus) 16
Summary 16
Banks must address the security challenges that culture and infrastructure create 16
Banks face unique authentication challenges in each country due to both cultural and infrastructure factors 16
Banks must be able to operate securely in accordance with the regulatory environment 17
Security issues facing banks are often dependent on the size of the institution 17
Banks must tackle the authentication challenge at the customer/channel interface 17
The password burden builds up quickly particularly for direct banking customers 18
Online payments can also add to the volume of passwords customers must contend with 19
The password burden is beginning to have an impact on the customer experience 19
A multi-channel authentication solution is becoming increasingly desirable 20
Additional security layers can be used as a differentiation strategy 21
Customer segmentation 21
Institutions must tighten control over identity management and internal security 22
Internal fraud risk 22
Staffing practices and access must be managed 22
Data and systems access must be tightly controlled and monitored 23
Banks need to move beyond authentication to proactive detection across all security types 24
It is not enough for banks to rely on strong authentication 24
Multiple security standards across bank operations must be leveled 24
The implications of data leaks are growing as customers take data confidentiality increasingly seriously 24
Unplanned channel downtime undermines the bank's offering 25
The role of technology in retail banking security (Technology Focus) 26
Summary 26
IT security across the enterprise must provide the base of the bank's security operations 26
Banks need to ensure that they have the basics of network and data security covered 26
Security must be a key element of business continuity planning 28
Security needs to be built into data storage and information lifecycle management 28
Identity management must be extended as a single solution across all channels 28
Device management ensures that offline data is adequately protected 29
Banks must control the four main elements of identity and access management 29
Single sign-on will facilitate a strong, more cost efficient identity management system 30
Investments in multi-factor authentication will help banks reduce fraudulent attacks 30
Using multiple factors of authentication helps banks ensure they control access 30
Something I know 31
Something I have 32
Something I am 33
Authentication analytics are a critical part of the authorization process 34
Reverse authentication adds certainty for the end user 34
End user education is an important piece of the picture 35
Different factors of authentication will be suitable in different circumstances 35
Multifactor authentication has its limitations 35
Initial customer identification is critical to both identity management and authentication 36
Standardization, automation and analytics will be the key to strong bank-wide security 36
Security analytics need to be carried out across the entire enterprise 36
In order to pave the way for joined up security across the enterprise, banks must standardize 37
Banks need to consolidate their security operations to tackle both fraud and regulatory requirements 37
Security in European Retail Banking (Databook) 38
Introduction 38
European security IT spend by country, 2006 - 2010 38
European security IT spend by source, 2006 - 2010 39
European security IT spend by technology product, 2006 - 2010 40
European identity and access management IT spend by country, 2006 - 2010 41
Security in North American Retail Banking (Databook) 43
Introduction 43
North American security IT spend by country, 2006 - 2010 43
North American security IT spend by source, 2006 - 2010 44
North American security IT spend by technology product, 2006 - 2010 45
North American identity and access management IT spend by country, 2006 - 2010 46
APPENDIX 48
Definitions 48
Secure content management 48
Identity and access management 48
Security & Vulnerability management 49
Firewall & VPN 49
Intrusion detection and prevention 49
Further reading 50
Ask the analyst 50
Datamonitor consulting 50
Disclaimer 50
List of Tables
Table 1: European security IT spend by country, 2006 - 2010 39
Table 2: European security IT spend by source, 2006 - 2010 40
Table 3: European security IT spend by technology product, 2006 - 2010 41
Table 4: European identity and access management IT spend by country, 2006 - 2010 42
Table 5: North American security IT spend by country, 2006 - 2010 44
Table 6: North American security IT spend by source, 2006 - 2010 45
Table 7: North American security IT spend by technology product, 2006 - 2010 46
Table 8: North American identity and access management IT spend by country, 2006 - 2010 47
List of Figures
Figure 1: Phishing activity by sector 7
Figure 2: UK fraud losses 10
Figure 3: What compliance and regulatory issues are driving increased IT expenditure in 2007? 14
Figure 4: Example of potential password burden on one customer 19
Figure 5: Banks must ensure they are able to interact with legitimate customers while blocking threats 22
Figure 6: Retail bank security investment priorities 27
Figure 7: Multifactor authentication 31
Figure 8: European security IT spend by country, 2006 - 2010 38
Figure 9: European security IT spend by source, 2006 - 2010 39
Figure 10: European security IT spend by technology product, 2006 - 2010 40
Figure 11: European identity and access management IT spend by country, 2006 - 2010 42
Figure 12: North American security IT spend by country, 2006 - 2010 43
Figure 13: North American security IT spend by source, 2006 - 2010 44
Figure 14: North American security IT spend by technology product, 2006 - 2010 45
Figure 15: North American identity and access management IT spend by country, 2006 - 2010 47
