By Vikas Munshi, Lead Platform Architect – Data Analytics and Machine Learning, ING.
Vikas, can you please tell the Risk Insights readers a little bit about yourself, your experiences and what your current professional focus is?
I am a creative technologist and FinTech enthusiast with two decades of experience in solving IT security and management challenges in varied organizational contexts. I hold a bachelor’s degree in engineering and a master’s degree in information management; and over numerous engagements related to diverse domains of IT security I have developed expertise in developing strategic models for effectively and efficiently addressing current cyber-threats, especially those targeting financial services. Currently I am working for ING as a platform architect focused on leveraging advances in data analytics and machine learning technologies for improved resilience to fraud and cyber-security threats as well as improved insights into the digital behavior of clients, employees, and systems.
At the Payments Forum, you will be giving your insight on the impact of increased exposure to cyber threats. Why do you believe this is currently a key talking point within the industry?
Whereas trust and security have always been central to the provisioning of financial services, two recent trends are shifting the nature of this discussion. Today financial services are under threat from increasingly audacious and highly networked cyber-criminals who do not hesitate in attacking from within. At the same time, payments industry is going through regulatory changes forcing opening up to competition and adoption of open industry standards. Together the two are rendering traditional approaches to IT security management inefficient and ineffective, if not outright obsolete.
Can you explain how the rise in digital transformation plays a role in increasing the cyber threat?
The current digital transformation trends are changing the qualitative nature of cyber-threats facing financial services and are rendering current key security measures inefficient and ineffective. Traditional security management relies on performing periodic risk/controls assessments followed by design and implementation of revised controls. In a slow changing industry this approach has worked well so far. However, in a fast changing industry landscape this approach provides fertile hunting ground for persistent cyber-criminals who are actively looking for the weakest player to attack.
How can these cyber-crimes be better managed by financial institutions?
To stay resilient against the threats from cyber-criminals, financial institutions need to develop a better actionable understanding of the external cyber-crime environment; redesign processes to use mobile authentication/authorization; leverage machine learning for identifying anomalous activities; and be prepared to respond aggressively to any attempted breaches.
How do you see the payments industry evolving over the next 6-12 months?
In the coming year(s), the main driver for change within the financial services industry will be PSD2. This will drive more new entrants due to lowered entry barriers; regulatory oversight extended to non-banking players; development and adoption of open industry standards for account and payment APIs; and emergence of new interaction models.
What came first, the chicken or the egg?
The egg, of course! The chicken is just the egg’s way of making another egg.