I was interested to read the article
‘Brits relaxed about banks mining data to fight fraud’. It provides an interesting perspective on the growing debate regarding the need for strong data privacy as well as strong transaction security, particularly within the finance sector, and especially
as the means by which we conduct our banking and transactions diversify.
Concerns over data privacy continue to grow, particularly as the pace of technological development appears to accelerate faster than the security measures commonly used.It is clear from the article that consumers value their privacy highly, but that they
also expect their banks to protect their personal and financial data.
However, these two aspects (privacy and security) do not need to be mutually exclusive.The correct approach is to adopt “privacy by design”. In other words, make privacy and security intrinsic parts of the process of developing technological systems and
processes - and not just an afterthought. In my view that is the only means by which vendors and financial institutions can build and improve consumer trust.
As a
recent European Commission article suggested ‘a sufficient level of trust remains one of the most important preconditions to guarantee a wide-spread, thriving and sustainable digital economy.’
EuroPriSe Privacy Seals also form an important part of this trust-enhancing process as they are awarded only to technologies that meet the highest standards of privacy. While achieving them can be an arduous process, they show that ease of use and security
don’t have to be sacrificed for privacy (and vice-versa), and the trust and assurance they provide can help drive competitive advantage. Building trust among consumers by providing strong data privacy is critical to build confidence in new banking and transaction
technologies. The innovation we see today in payment technology will be wasted unless we utilise appropriate security solutions that can provide the requisite security based on the perceived risk of the transaction. It is not a “one-size-fits-all” approach
and the security solution must be appropriate to the channel used, invisible if possible (no friction) and should not compromise the privacy of the individual. So, how does one address the need for high levels of security, ease of use and guarantee privacy
protection?
No matter what preventative methods, guidelines or processes are put in place, people will unwittingly continue to hand over personal information (including passwords and other credentials). This is as much a consequence of the sophisticated social engineering
skills of the fraudsters as it is a consequence of our trusting nature, however naive that may be. The fact is that e-crime has become so sophisticated that virtually anyone can be duped to hand over identity information, and as an insider from the mobile
industry told me at a recent roundtable, it’s already causing many companies a major headache.
I believe that the only successful way to combat this situation is to not rely on the integrity of identity credentials and to use technology to remove the dependency on consumer behaviour to secure data privacy. The technology already exists to do this.
It is mobile-based, works in real-time and takes a multi-layered approach while not impacting customer experience.
I believe that as individuals we have a right to expect that our trusted financial institutions will do everything possible in terms of the application of cutting edge technologies to protect the integrity of our personal data, to reduce or eliminate fraud,
to improve the customer experience and to do so in a way that respects consumers’ fundamental privacy rights. It doesn’t have to be a zero-sum game.