Why do many banks and payment systems worry little about the safety of their customers?

I have been outsourcing for a long time. Once, in one financial project, my team was faced with the issue of strengthening the protection of user accounts by implementing two-factor authentication. A variant of such a system was chosen by our customer. As I understood it over time, the choice was not very successful: the support service was really poorly oriented in all the variety of its products, the instructions for deploying the system exceeded a thousand pages, their software worked only for a specific operating system, I even had to attend their courses. Of course, we implemented this system, but a lot of money and time was spent.



After a while, I came across a two-factor authentication service, which is completely different from the one I met before: a convenient interface, getting an account in the system in a minute, prices are clear without additional requests, support for all kinds of OATH tokens, you can use both the platform and the service, and much more. The support deserves special thanks. Another important point for customers is the solution is certified and the cost is really affordable. After introducing it into one of our outsourcing projects, I decided to become their partner. Now it has become profitable for me to promote this solution among custom projects and our local customers. By the way, that's why I am writing this article.

Now we get to the bottom of the article. First of all, I turned my attention to financial systems and the banking sector, since they have two components that are inherent in my potential customers: the availability of data, unauthorized access to which is unacceptable and a large number of customers. After numerous communications with representatives of banking and fin. sector I was a little disappointed. I will describe, point by point, what obstacles I have encountered in moving any IT solutions into the banking sector:
  1. Many believe that this is not the time to introduce additional protection, as many of the banks are subject to stagnation or under the threat of complete liquidation. They believe that it is better to buy physical protection equipment, such as armored doors, protective fog, equipment for collectors and other equipment. I partly agree with such judgments, but no one canceled the cyber crimes.
  2. If we are talking about a foreign bank, then their local representatives decide little, because All solutions come from headquarters.
  3. IT managers are not always interested in the added burden of introducing new products into their infrastructure.
  4. Bank managers do not have sufficient competence and time to devote due attention to this issue.
  5. Most banks use ready-made solutions (client-banks and more) from banking software providers. And they (providers) just will not move and third-party solutions will support only if they see their direct interest. The implementation of such support in the solution from providers is expensive and the bank pays for all this. Often, the next bank pays again for this “implementation”. Why it is expensive is not clear, because standard implementation of the solution described above is not difficult and can be done in a short time.

And most importantly, with regard to specifically protecting user accounts and not publicly covered, it is that bankers believe that the theft of funds from a client’s account is more a problem of the client than the bank itself: “you had to keep track of your employees, and accountants can’t climb the culinary sites where their computers were infected. ”

In this article, I wanted to raise the question of not only the problem of transferring responsibility onto the shoulders of bank customers, but a way to deal with this situation. So, if someone has ideas on how to overcome the stagnation in the minds of our bankers, I will be glad to hear your opinion.

Also popular now: