Five ways payments will be different in 2024

November 24, 2015
/   Voices

Predicting the future of cash and card payment volumes is arguably a fool’s errand – but Payments UK, Britain’s new trade organisation for the industry, is in a good place to have a go...

Contactless cards: Opt-in or opt-out?

/   Voices

Australia is toying with the idea of creating an opt-in function for contactless cards, in a move that highlights the problems around coping with new payment technology and how fraud risks are handled.

Five EMV lessons for the US

/   Voices

The EMV liability shift has occurred in the US, so what can we expect to see happen in the coming months and years as a result of this change?

Cause and Effect: If you build it, will they come?

July 23, 2014
/   Spotlight

Many financial institutions assume that digital banking is lucrative because the most valuable customers happen to bank online. While there is certainly a correlation between online bankers and higher profitability, quantitative evidence suggests that...

Fast Facts: Student Loans

January 22, 2013
/   Insights

The Financial Services Roundtable recently released another iteration of its Fast Facts, reliable, bullet-point research about issues facing the financial services industry. Topics span TARP, Dodd-Frank, insurance, lending, retirement savings and more.  Below are some updated Fast...

Intuit 2020 Report: The Future of Financial Services

April 11, 2011
/   Insights

Today, Intuit released the latest edition of the Intuit 2020 report, Intuit 2020 Report: The Future of Financial Services, which identifies and examines four key trend areas that will  transform the financial services industry...

The Top 10 Trends in the Digital Banking Industry

December 18, 2013
/   Spotlight

2014 is rapidly approaching and as the year wraps, the Digital Insight team has pulled together the top 10 trends in the digital banking industry based on data and trends from studying financial institutions....

Making Banking Fun: Gamification in Financial Services

August 5, 2013
/   Insights

Recently, the team sat in on American Banker’s webinar, “Gamification in Financial Services: Five Proven Ways to Get an Edge,” which shared how leading brands in financial services have applied gamification to reach...

Technology M&As: The Beats Go On

May 29, 2014
/   Insights

The ongoing fascination with Apple’s $3 billion purchase of Beats Electronics is entirely understandable, because it’s a cool story. However, it also says a lot about what’s going on between finance and tech.

Small Business: Perception vs. Reality

November 21, 2012
/   Insights

In the most recent election cycle, like most others before it, the one sector of the economy that got the most attention was small business.  This is the future, we were told by every...

What We’re Reading

May 5, 2011
/   Spotlight

Below are interesting stories the staff has been reading over the past week. What have you been reading? Let us know in the comments section below. Virtual Banking Worlds Provide Tangible Lessons American...

What We’re Reading: Thanksgiving Edition

November 22, 2012
/   Spotlight

Below are interesting stories the staff has been reading over the past week. What have you been reading? Let us know in the comments section below or Tweet @bankingdotcom. Mobile Thursday? Plans for Thanksgiving...

Banking professionals are good at crunching numbers. It’s in their DNA—a big part of the entire industry is based on measuring and managing risk. They make macro predictions on the global economy, and decide on the smallest small business loans by running numbers through various algorithms.  It’s not a perfect science by any means, but it is science.

Many of the new technologies that come into the infrastructure are supposed to help with those equations, and they surely do. But when it comes time to make predictions about the security issues related to those technologies, it’s a whole other story.

To be blunt, banks don’t like to make predictions on cyber-crime. They don’t say when they expect the next hack, which department it will affect, and how far it will go. They don’t say because they don’t know.

The issue is taking on new relevance because of Bank of America just announced that it has developed a set of metrics for this area. It’s applying sophisticated data analytics to evaluate cyber-crime prevention, detection and mitigation. Again, this isn’t a perfect science, but there’s more science than before.

“Unlike most things in banking, where you model history to understand what is likely to happen in the future, that’s not true of cybersecurity,” Catherine Bessant, chief operations and technology officer at BofA just told the Wall Street Journal. Given how fluid the field is, with new threat matrices emerging on a regular basis, “You’re only as good as your last minute of safety.”

This is a huge issue by any measure. BofA spends some $3 billion a year on IT, and the company’s tech staff is in excess of 100,000. The other major financial services institutions have similar outlays, and their smaller counterparts are equally diligent. No corporation takes the issue lightly, and yet the hacks continue apace: in 2014, fellow behemoth JP Morgan Chase got hit with a data breach that compromised more than 80 million accounts, most of them personal.

In BofA’s case, one of the metrics is based on tracking how frequently system scans are performed, and another counts the problems identified during those scans. Correlations between those metrics are also factored in. Then there’s question of ‘dwell time, which measures the hours and minutes needed to locate, isolate and remove the source of the problem.

For the record, IT security metrics have always been a thorny topics—even high-ranking executives in the discipline are loath to quantify their fears of the next hack. They can involve arcane mathematics and standard deviations based on probability, with details make any reader’s eyes glaze over. However, applying economic principles to security investments isn’t just reasonable, it’s vital.

CSO recently ran a lengthy profile of different ways in which metrics can be applied to enterprise computing at virtually all levels, and the options range from baseline defense coverage (anti-virus, anti-spyware, firewall, etc.) and patch latency to password strength and legitimate e-mail traffic analysis. While it’s not simple, it doesn’t take a Nobel Prize-winning mathematician to do it.

Many institutions presumably have their own metrics and don’t publicize the fact, and that’s understandable. No one expects these companies to tell the world their weaknesses, or what kind of trouble they expect, and when.


However, transparency is a key concept in modern technology. Cyber-crime is a reality of modern life, and the fact that certain financial services providers are confident enough in their own analytics to make quantifiable predictions regarding vulnerabilities in the infrastructure and even future hacks is a sign of strength, not an invitation to disaster. BofA deserves credit for even a top-line discussion of its defense strategies, and more conglomerates should follow suit.



Insights’s perspective on industry news and trends



Must-read news and insights from financial industry leaders



Compelling voices and contributed content from around the web

James W. Gabberty

Gabberty is a professor of information systems at Pace University in New York City. An alumnus of the Massachusetts Institute of Technology and New York University Polytechnic Institute, he has served as an expert witness in telecommunication and information security at the federal and state levels and holds numerous certifications from SANS & ISACA.

Brad Strothkamp

Marisa Mann

Marisa Mann brings over 15 years of experience in consulting and financial services industries to the Solstice team, working on large scale enterprise initiatives across many technologies, including specializing in the digital space – Internet and mobile. Mann is passionate about mobile and the endless possibilities for the enterprise, delivering business value through strong brand recognition and driving to excellence in the consumer experience. Prior to Solstice, Mann worked at JP Morgan Chase, Diamond Management and Technology Consultants, Washington Mutual, Inc, and Accenture.

Zachary Ehrlich

25-year-old writer, and as a native San Franciscan, I am unreasonably loyal to Bank of America, if only for their superhero-like origin story, involving the 1906 earthquake and Italian fruit vendors.