In 2015, Asia-Pacific (APAC) stole the top spot from the U.S. as the region with the highest number of high-net-worth individuals (HNWI) with a combined wealth of $17.4 trillion. As such, competition for clients’ business is fiercer than ever amongst private banks in APAC. In order to win business and market share, private banks are fully aware of the need to differentiate themselves not just by offering innovative products, but also on the level of service provided via their digital offerings. Clients now demand an excellent digital user experience, and when they don’t get it, their business will flow elsewhere.
At the same time, private banks and wealth management firms are prime targets for cyber criminals and struggle to ensure they have sufficient security around client interactions and communications, while at the same time providing a rewarding and minimally acceptable user experience.
The landscape of payment fraud has also changed: while attacks in this area are back up to 2009 levels (after a dip between 2009 and 2013), wire transfer and corporate/commercial card fraud has increased and is now a second major type of payment fraud according to a 2016 AFP and J.P. Morgan survey.
Private banking clients now expect to be able to communicate with their relationship manager and conduct business over multiple channels, while managing fraudulent payment requests is also becoming increasingly challenging. To counter this issue, regulation for financial institutions is strict and requires verification before proceeding with money transfers. For example, a guideline from the Hong Kong Monetary Authority specifies the following for private banks and wealth management institutions: “For high risk transactions, such as transfers to unregistered third parties, authorised institutions should have procedures to confirm these transactions with the customers, such as phone call-back by an independent person of the back office or by SMS messages to the customers […] Where irregular, unusual, high-risk, or suspicious transactions are identified, back-end checkers should call back customers to seek confirmation. More checks on transactions should be carried out on customers who are old-aged, reside outside Hong Kong, or have opted for hold mail service.”
Manual intervention by relationship managers is costly, inefficient and dramatically affects the overall banking experience. However, even with advanced security measures, cyber attacks can still happen. A typical example might be when a client’s email account is compromised by a cyber criminal. Cyber criminals target HNWIs and obtain their email credentials and passwords using social engineering methods and are able to gain undetected access and assume the client’s identity. Because the bank verifies that the message came from the client’s correct email account, these fraudulent requests are often processed undetected. A verification step can also happen with a token or by a device such as a mobile phone. But when the device is not registered, it’s impossible to know whether or not it belongs to a person with malicious intent. These phishing schemes and identity thefts have become more and more common and increasingly hard to detect.
The need for constant identity checks and verification creates a lot of pain for private bankers: authentication and verification of a client’s identity is mandatory and makes sense, but given the number of daily transactions and requests, the operational costs increase rapidly for banks. Moreover, cyber criminals diversify their attacks through multiple channels, making detection even more difficult. And in cases where personal information is intercepted and stolen, banks also must face expensive fines due to a lack of security. Just as importantly, banks must also think of the reputational damage and the poor user experience (UX) clients endure during cumbersome verification processes. Therein lies a paradox: the more security layers you add with more authentication steps, the more UX will suffer.
When costs and reputation are at stake for private banks, the security element and the user experience are the cornerstones of the solution. To facilitate secure communication between clients and relationship managers in private banks, APrivacy allows private banks to securely and seamlessly communicate with their clients using regular email. APrivacy encrypts the data itself, and through our patented key and identity management architecture, ensures that only the intended authorised recipient is able to view the messages. For example, if a customer receives banking e-statements in a Gmail inbox and the Gmail account is subsequently hacked, the hacker will not be able to read or access those statements (i.e., the hacker will be able to see other emails in the Gmail inbox but will not be able to open any of the bank statements).
Digital Security Perfected – APrivacy Ltd. is an award-winning company which combines military-grade data security with a seamless user experience on any platform, any device, anywhere. APrivacy Ltd.’s enabling technology now allows the financial services industry to confidently communicate with clients using their favourite channels leading to increased revenues and reduced costs while meeting the strictest regulatory requirements.