Safes and vaults used to be how banks protected your money. Now, the money is completely accessible through your digital identity.
But how safe is your digital identity?
Needless to say, banking has changed. While managing financial assets, providing services, and processing transactions remain retail financial institutions’ primary functions, they’re also charged with protecting the most prized and valuable assets of all: their customers’ digital identities. That would include yours, as well as mine. They’re
spending vast sums on it as well. Unfortunately, achieving total security is more challenging than paying interest on a CD or interest-bearing checking account.
Invasive Banking Laws
One of the biggest changes in banking over the past decade or so is how much individual privacy has been eliminated. With various anti-money laundering laws and protocols put in place since the 9/11 attacks, banks have been given new powers aimed to identify sources of funds and recipients of financial transfers. Furthermore, strict limits on how money is transferred or received—how much, how often, from whom, to whom, and from where—have resulted in banks knowing more about their clients’ lives than ever before.
But that invasiveness has left clients’ identity incredibly vulnerable. In the past, some banks were slower to adopt client data security tools and protocols necessary to protect personal and corporate client identity details, due to conflicting interests. And even those that did so couldn’t be certain that their efforts were successful. Even with the most sophisticated systems in place, that ambiguity remains today.
‘Data Security’ a Contradiction?
As you might surmise, data theft—in this instance, digital identity theft—is sometimes difficult to discern. That’s one reason why financial institutions
can’t be certain that their protection is working and failsafe. Systems often overlap, sending false positives, creating too much “noise” in the form of alerts, or
leaving unseen security gaps beneath or between them.
These are vulnerabilities that hackers can exploit. In other instances, it’s simply not practical from a banking perspective to add more layers of complex data security.
There are various reasons for this. Added security layers can require additional time for processing transactions, which can have a negative impact on service and costs. In other cases, adding data security measures for one institution may make it difficult for it to engage with corresponding institutions that don’t have similar protocols and tools in place. This is common between banks that have regular business correspondence with foreign banking institutions overseas.
Differing
cybersecurity protocols, practices, and privacy standards are nothing new. Still, they can hinder or even prevent banking relationships from going forward. Without complementary legal and technological protocols in place, data security systems can disrupt a bank’s business relationships. The European Union’s General Data Privacy Regulation (GDPR) is a prime example of differing legal requirements that
strain foreign banking relationships.What’s The Risk?
How big of a risk is data theft in your financial institution? It depends. If that sounds like a hedge, that’s because it is. As an industry, banking and financial services are
a top target of hackers. But as noted above, individual institutions have different levels of data security and protocols in place. Those differences can make all the difference.
What’s more, as noted above, success rates of cyber-defense systems vary due to a host of different factors, and they’re not limited to the systems themselves. It’s not just a matter of deploying a data security system that covers data, email, etc. Of course, some systems are better than others, but external factors also play a big role.
Those external factors would include attack techniques, from spear-phishing email attacks, to ransomware that holds data hostage in exchange for a large ransom payment, to many others. Often, it’s human error by financial institutions’ employees that enable identity data theft to occur.
Also, as is well-known in the cybersecurity world, data theft and
cyberattacks rapidly evolve, forcing defense systems to do the same. That’s easier said than done. It’s usually much easier for data criminals to add permutations to their attacks than it is for systems to adapt to them. That leaves cyber-defense systems, well, always on the defensive.
Digital Identity IS Your Money
As banking continues to become more of a digital process, and people bank from their smartphones and other mobile devices,
data security challenges grow and proliferate. What does all of this mean for you in practical terms? The bottom line is that your digital identity is now your money.
If that sounds like a simplification, unfortunately, it isn’t. Security in banking is no longer about protecting money in a vault. Rather, it’s about protecting valuable client data in the digital ether. The fundamental challenge is to keep up with the many vectors and vulnerabilities across networks, devices, and institutions. Today, you’re more likely to have your digital identity stolen
than ever before.Who Owns Your Identity?
The new realities of digital identities and data theft pose a new question, doesn’t it? Simply put, do you own your digital identity or does the bank?
After all, if your digital identity is—for all intents and purposes—your money, then why shouldn’t you own it? But believe it or not, you don’t have absolute control or say about how your digital identity is protected, who can see it and how your financial institution uses it. This is not an argument against banks, just an acknowledgment of the facts.
Responsibility for Stolen ID?
Given these facts, who should be held responsible if your digital identity is stolen from your bank? If the bank loses your money, it’s responsible for replacing it. If someone forges a check, you’re not liable. If money is drained from your account due to a stolen credit card, your money is replaced.But in the case of a stolen digital identity that’s used to open other accounts, get a loan, credit card, or another form of theft? In the expanding digital world before us, as digital identity theft proliferates, ultimate responsibility for the losses may evolve as well.
James Gorrie is a writer based in Texas. He is the author of “The China Crisis.”