Why do many banks and payment systems worry little about the safety of their customers?
I have a long period in outsourcing. Once, in one financial project, my team faced the issue of strengthening the protection of user accounts through the introduction of two-factor authentication. A variant of such a system was chosen by our customer. As I understood through time, the choice was not very successful: the support service was really poorly oriented in all the variety of its products, instructions for deploying the system exceeded a thousand pages, their software worked only for a specific operating system, I even had to attend their courses. Of course, we implemented this system, but a lot of time and money was spent.
After some time, I ran into a two-factor authentication service, which is completely different from the one I met earlier: a convenient interface, getting an account in the system in a minute, prices are clear without additional requests, support for various OATH tokens, you can use both the platform and service, and more. Caliper deserves special thanks. Another important point for customers is that the solution is certified and the cost is really affordable. After implementing it in one of our outsourcing projects, I decided to become their partner. Now it has become profitable for me to promote this solution among custom projects and our local customers. By the way, that's why I'm writing this article.
Now we get to the essence of the article. First of all, I turned my attention to financial systems and the banking sector, since they have two components that are inherent to my potential customers: the availability of data, unauthorized access to which is unacceptable, and a large number of customers. After numerous communications with representatives of banking and financial services. Sector I am a little disappointed. I will describe in points what obstacles I encountered on the way of promoting any IT solutions to the banking sector:
And most importantly, with regard to the specific protection of user accounts and what is not publicly disclosed, this is what bankers believe that the theft of funds from a client’s account is rather a client’s problem than the bank itself: “it was necessary to monitor your employees and accountants do not climb on the culinary sites on which their computers were infected. "
')
In this article I wanted to raise the issue of not only the problem of transferring responsibility on the shoulders of bank customers, but the way to deal with this situation. So, if someone has ideas on how to overcome stagnation in the minds of our bankers, I will be glad to hear your opinion.
After some time, I ran into a two-factor authentication service, which is completely different from the one I met earlier: a convenient interface, getting an account in the system in a minute, prices are clear without additional requests, support for various OATH tokens, you can use both the platform and service, and more. Caliper deserves special thanks. Another important point for customers is that the solution is certified and the cost is really affordable. After implementing it in one of our outsourcing projects, I decided to become their partner. Now it has become profitable for me to promote this solution among custom projects and our local customers. By the way, that's why I'm writing this article.
Now we get to the essence of the article. First of all, I turned my attention to financial systems and the banking sector, since they have two components that are inherent to my potential customers: the availability of data, unauthorized access to which is unacceptable, and a large number of customers. After numerous communications with representatives of banking and financial services. Sector I am a little disappointed. I will describe in points what obstacles I encountered on the way of promoting any IT solutions to the banking sector:
- Many believe that now is not the time for the introduction of additional protection, as many of the banks are subject to stagnation or under the threat of complete liquidation. They believe that it is better to buy physical protection equipment, such as armor doors, protective fog, equipment for collectors and other equipment. I kind of agree with such judgments, but no one has canceled cyber crimes.
- If we are talking about a foreign bank, their local representatives have little to do, because all solutions come from head offices.
- IT managers are not always interested in the additional burden of introducing new products into their infrastructure.
- Bank managers do not have enough competence and time to pay due attention to this issue.
- Most banks use ready-made solutions (client-banks, etc.) from banking software providers. And they (providers) just do not move and will support third-party decisions only if they see their direct interest. The implementation of such support in the solution from the providers is expensive and the bank pays for all this. Often the next bank pays again for this “implementation”. Why it is expensive is not clear, because the standard implementation of the solution described above is not difficult and can be done in a short time.
And most importantly, with regard to the specific protection of user accounts and what is not publicly disclosed, this is what bankers believe that the theft of funds from a client’s account is rather a client’s problem than the bank itself: “it was necessary to monitor your employees and accountants do not climb on the culinary sites on which their computers were infected. "
')
In this article I wanted to raise the issue of not only the problem of transferring responsibility on the shoulders of bank customers, but the way to deal with this situation. So, if someone has ideas on how to overcome stagnation in the minds of our bankers, I will be glad to hear your opinion.
Source: https://habr.com/ru/post/203974/
All Articles