Overview 1
Catalyst 1
Summary 1
Methodology 1
Executive Summary 2
Introduction 2
Facing up to the security challenge in retail banking (Market Focus) 2
Security initiatives in retail banking (Strategy Focus) 2
The role of technology in retail banking security (Technology Focus) 2
Security in Retail Banking (Databook) 3
Table of figures 5
Table of tables 6
Facing up to the security challenge in retail banking (Market Focus) 6
Summary 6
Bank security and fraud are becoming an increasingly high profile issue 7
Anything other than perfect security is a failure... 7
...But banks are facing a barrage of security threats from all sides 8
Negative publicity is a major concern for retail banks... 8
...However, there is no smoke without fire 9
The perception of security differs by channel, but customer reactions are complex 10
The increased level of automation is opening banks up to attacks from across the globe 10
Automation and the internet enables access to bank systems from across the world... 11
... However, automation also enables more effective fraud detection analytics 11
Banks want customers to use direct banking channels 11
However, non-IT based threats remain just as critical 11
Security breaches can happen without any help from fraudsters 12
Gathering sufficient data to commit third party fraud/identity theft does not require IT literacy 12
Customers can unwittingly compromise themselves, being tricked into disclosing security details 12
Internal employees can prove a security hazard, whether intentionally or not 13
Regulations are driving towards formal security standards 13
Regulations are having a direct impact on security initiatives 14
Wider banking regulations will also impact security 15
Security initiatives in retail banking (Strategy Focus) 16
Summary 16
Banks must address the security challenges that culture and infrastructure create 16
Banks face unique authentication challenges in each country due to both cultural and infrastructure factors 16
Banks must be able to operate securely in accordance with the regulatory environment 17
Security issues facing banks are often dependent on the size of the institution 17
Banks must tackle the authentication challenge at the customer/channel interface 17
The password burden builds up quickly particularly for direct banking customers 18
Online payments can also add to the volume of passwords customers must contend with 19
The password burden is beginning to have an impact on the customer experience 19
A multi-channel authentication solution is becoming increasingly desirable 20
Additional security layers can be used as a differentiation strategy 21
Customer segmentation 21
Institutions must tighten control over identity management and internal security 22
Internal fraud risk 22
Staffing practices and access must be managed 22
Data and systems access must be tightly controlled and monitored 23
Banks need to move beyond authentication to proactive detection across all security types 24
It is not enough for banks to rely on strong authentication 24
Multiple security standards across bank operations must be leveled 24
The implications of data leaks are growing as customers take data confidentiality increasingly seriously 24
Unplanned channel downtime undermines the bank's offering 25
The role of technology in retail banking security (Technology Focus) 26
Summary 26
IT security across the enterprise must provide the base of the bank's security operations 26
Banks need to ensure that they have the basics of network and data security covered 26
Security must be a key element of business continuity planning 28
Security needs to be built into data storage and information lifecycle management 28
Identity management must be extended as a single solution across all channels 28
Device management ensures that offline data is adequately protected 29
Banks must control the four main elements of identity and access management 29
Single sign-on will facilitate a strong, more cost efficient identity management system 30
Investments in multi-factor authentication will help banks reduce fraudulent attacks 30
Using multiple factors of authentication helps banks ensure they control access 30
Something I know 31
Something I have 32
Something I am 33
Authentication analytics are a critical part of the authorization process 34
Reverse authentication adds certainty for the end user 34
End user education is an important piece of the picture 35
Different factors of authentication will be suitable in different circumstances 35
Multifactor authentication has its limitations 35
Initial customer identification is critical to both identity management and authentication 36
Standardization, automation and analytics will be the key to strong bank-wide security 36
Security analytics need to be carried out across the entire enterprise 36
In order to pave the way for joined up security across the enterprise, banks must standardize 37
Banks need to consolidate their security operations to tackle both fraud and regulatory requirements 37
Security in European Retail Banking (Databook) 38
Introduction 38
European security IT spend by country, 2006 - 2010 38
European security IT spend by source, 2006 - 2010 39
European security IT spend by technology product, 2006 - 2010 40
European identity and access management IT spend by country, 2006 - 2010 41
Security in North American Retail Banking (Databook) 43
Introduction 43
North American security IT spend by country, 2006 - 2010 43
North American security IT spend by source, 2006 - 2010 44
North American security IT spend by technology product, 2006 - 2010 45
North American identity and access management IT spend by country, 2006 - 2010 46
APPENDIX 48
Definitions 48
Secure content management 48
Identity and access management 48
Security & Vulnerability management 49
Firewall & VPN 49
Intrusion detection and prevention 49
Further reading 50
Ask the analyst 50
Datamonitor consulting 50
Disclaimer 50
[Inhaltsverzeichnis ausblenden]
