With journalist and moderator for Bloomberg Live, Sasha Qadri, moderating the roundtable, the speakers include:
- Itumeleng Makgati, Group Information Security Executive, Standard Bank
- Walkiria Marchetti, CIO, Banco Bradesco
Digital fraud of course is on the rise internationally. Organizations are in a constant cycle of evolution and adaptation as criminal activity gets ever more creative. Far more than just a financial burden, digital fraud and other types of security breaches threaten the fragile trust customers have for the organizations they use or employ. A breach of trust is arguably more damaging in the long run than loss of revenue from downtime, or in the ransom some have had to pay to get services back online.
In Reframing Fraud for Digital Trust, two senior technology leaders discuss how the future of security can be maintained alongside digital trust, where it fits within their business priorities and what the industry should consider next.
Digital fraud and passwordless
Is ‘passwordless’ just a vendor agenda or a true goal for technology leaders, and what is feasible in the short term?
“Before we consider the agenda, it’s important we understand why we use passwords,” began Itumeleng. “The objective is to authenticate the person or machine connecting to the environment, evaluating that they are who they say they are, and that objective remains whether we use passwords, or whether we move beyond passwords.
“The key factor that will determine how fast we move beyond passwords—and it is a question of when and not if—is the customer and their experience,” she said.
Passwords have long been a cause of consternation for both the consumer and business sectors and their IT teams. Remembering passwords, updating passwords, ensuring each iteration is a little more complex than then next: the experience is poor and unfortunately reflects negatively on the business enforcing those passwords. The financial services industry, in which both Itumeleng and Walkira work, is most ahead—and most at risk—in this context.
“Passwordless is the way forward,” agreed Walkira. “Authentication can be used in different phases of a customer journey, from onboarding to day-to-day activities, so what we do end up using will have to be frictionless so that the customer isn’t impacted by the change.”
In short, innovation in security and digital fraud prevention can’t come at the cost of experience.
One of the biggest impacts to this delicate equilibrium has been the pandemic and its influence over our changing work models. Remote working changed dramatically the access points of users, the devices they used and the relationship they had with the business. IT teams worked overtime to cater for staff, but security chiefs have seen an opportunity to change the risk perspective, encouraging users to take more ownership of their own security and data.
“How can we ensure someone at home can do what they want to do, securely, and reduce pressure on our service desks? From a management perspective, answering that is a win-win,” said Itumeleng.
And both felt that passwordless as a concept would reduce the overall security issues of the industry.
“Passwordless will harden the security posture of businesses,” continued Itumeleng.
“The chance of losing your password, or giving it to someone else, is reduced, but communication of basic security efforts are still needed. The human link in the chain is still the weakest.”
What’s your view of digital fraud and trust and is it on your business’ agenda?
Sasha moved the debate onto the overall view of digital trust. At this both Speakers visibly smiled.
“Customer trust is one of our major assets, especially in the financial sector,” said Walkira.
“We deal with people’s money and data, so their trust is one of their most crucial decision markers. We invest annually to improve our security controls and experience, integrating with third party platforms as a necessity to retain customer loyalty.”
“Digital trust is our licence to operate,” stated Itumeleng. “If our customers cannot trust us to protect their data, they cannot work with us. Our strategy is to move more into digital banking from physical, and we need our customers’ trust to make that transition smoothly.
The debate then considered scams and where the responsibility lay when trying to limit brand damage, before closing on why security isn’t playing a more central role around reputation. What became clear across the discussion is how thought through these leaders’ strategies were in terms of the customer, and what they did and did not want. The communication and investment in these technologies are balanced with almost continual data on how customers could interact with these new products and services. No wonder this sector is so far ahead of the rest of the technology industry.
This roundtable on digital fraud was sponsored by Callsign.