Most banks are familiar with how quickly regulatory requirements can change. One 2019 report noted that there were 220 updates to such requirements worldwide each day, equating to roughly 80,000 in one year. Staying abreast of these various compliance shifts can be costly and challenging for banks, but doing so is necessary to ensure that financial institutions’ (FIs) operations can run smoothly and ward off cyberattacks.
These considerations are especially important during the ongoing coronavirus pandemic as the wave of legitimate customers now doing their banking online has prompted a corresponding spike in fraud. Twenty-two percent of American consumers state that they have been targeted by COVID-19-related fraud attempts since the pandemic’s onset, for example, leading financial authorities to work toward keeping consumers’ data more secure by changing how it is stored.
Companies are reexamining how they can use cloud technologies to comply with changing security standards as digital banking volumes expand. The following Deep Dive analyzes how the ongoing pandemic has affected emerging security standards and what these changes mean for the future use of cloud-native core banking infrastructure.
Compliance, Cybercrime And The Cloud
Financial authorities often recommend regulatory changes to ensure that banking data remains secure amid broader financial industry changes, but determining the best steps to take has become challenging as more FIs abandon legacy servers for digitally native cloud infrastructure. EU and U.K. regulators have debated how companies can team up with third-party cloud providers while adhering to regulations such as GDPR, and noncompliance can lead to high-priced consequences. Technology giant Google, which operates Google Cloud services, was fined approximately $57 million for breaching GDPR privacy standards in 2019, for example, and EU regulators are questioning other companies over how their cloud platforms store data.
GDPR has been a blueprint for many online data and privacy regulations rolled out around the world. These include the recently ratified California Consumer Privacy Act (CCPA), which outlines new compliance and security standards for the state’s businesses and FIs that operate on the cloud.
Many online data regulations were instituted to combat emerging security threats as digital banking usage climbed, with one study finding that 78 percent of banks viewed cybersecurity as their top priority in 2019. Many of these FIs appeared to have adopted cloud solutions to beef up their protection measures, too, with another 2019 survey revealing that 94 percent of banks and businesses were utilizing more than one cloud provider. Eighty-six percent of survey respondents also said they expected their organizations’ cloud strategies and environments to evolve to address novel threats.
The pandemic may not have created the challenges banks face in keeping their cloud strategies and innovations compliant. Still, it is prompting a reexamination of how FIs are using the technology to store data. It is also making it essential for banks to meet such standards and safeguard their customers’ information.
Answering The Data Question
FIs have long been favorite targets of fraudsters. One 2019 report found that 62 percent of the data stolen in online breaches that year came from FIs, even though many banks and businesses were tapping some form of cloud technology at the time. The pandemic appears to be giving cybercriminals even more opportunities to launch their schemes, with 89 percent of U.S. consumers now using mobile banking applications to access their bank accounts.
Many FIs were struggling to juggle data even before consumers flocked online during the pandemic. A 2019 report found that just 3 percent of banks intended to categorize or otherwise utilize unstructured data, which includes audio and video files as well as data attached to emails and other internal services. Unstructured data represents about 80 percent of the information FIs store and gleaning more insight from it requires the use of cloud technologies. Failing to secure such information could open up FIs to fraud. Cybercriminals could pull or scrape details from unstructured data and use them to perpetrate synthetic identity fraud or other schemes.
Securing customer information stored on the cloud and complying with regulations governing consumer privacy requires banks to think of categorizing and freshly processing information. FIs must avoid thinking of cloud infrastructures as simple digital versions of their previous legacy systems as doing so could result in noncompliance and ultimately jeopardize customers’ sensitive information.