Gemalto: The positive side of security - Hakan Nordfjell
While e-banking offers a range of new business opportunities, the variety of platforms involved can bring serious security concerns. Hakan Nordfjell, senior vice-president, eBanking & eCommerce at Gemalto, discusses how banks can create a sense of trust using the right software and devices, and the significance of future-proofing.
Can you please briefly introduce yourself as a company?
Hakan Nordfjell: Headquartered in Amsterdam, Gemalto is a world leader in protecting, verifying and managing digital identities and interactions. Formed in June 2006 when Axalto and Gemplus International merged, it has over 12,000 employees in 85 offices spread across 44 countries, and 25 research and software development centres. Annual revenue in 2013 was €2.4 billion.
What are the key challenges currently facing the e-banking sector?
When online-banking services were first launched, they were purely for the PC. Nowadays, users have many more access channels; smart phones and tablets, for example, and they expect to interact with banks when they want, wherever they are. The challenge for banks is to ensure that the security level will be the same across all devices, regardless of the different technical implementations. For PCs, you might have a card reader. But, for mobiles, there will be some form of software.
Consistency of services is also significant. When a user opens a mobile banking app, it should feel the same as on a PC. There could be some limitations, but the different platforms should be able to offer about 100% of the same services.
Finally, the biggest risk for a bank launching online or mobile banking is to suffer some sort of malfunction. The subsequent negative press is a far greater problem than any money lost.
If the variety of devices makes security difficult, why do banks encourage it?
The average online-banking user limited to the PC only logs in about ten times a month. However, if you add in tablet and mobile banking, that figure increases to 31 - so, once a day on average. This increased interaction is great for banks; it increases a user's likelihood to use their services, invest in them and it also drives loyalty.
What sort of role does a sense of trust play in e-banking security strategies?
End users need to feel they can trust the device in their hand as much as if they were to go into a branch and speak to a teller.
The PINsentry project we worked on for Barclays is an excellent example of this. It uses something the user already trusts - their debit card - and simply adds a device from the bank - a card reader. It's a happy marriage. People trust it, and it is easy to use and understand. It has been a tremendous success for Barclays.
How do you help firms reposition security strategies onto new platforms?
We can integrate our services with a client's existing systems, enabling them to start using our software solutions and devices. We can also support them with our authentication server and add in new technologies.
Crucially, our clients do not need to redesign their core banking system. We do the authentication, and then we're integrated with existing infrastructure through the back office.
Our e-banking portfolio is called the Ezio Suite. It allows clients to anticipate attacks, adapt security levels depending on transaction-specific risks, and offers an easy way to meet existing and upcoming regulations.
We have launched over 100 million e-banking devices over the years.
What does the rapid speed of change in e-banking mean for security?
The last few years have shown us all how quickly this market is evolving. Consequently, when we approach banks, it's not only about securing what they have today; the solution needs to work tomorrow as well. Whether it's a mobile solution or a physical device, it needs to last for five to eight years. Systems must be able to accommodate new technologies as they appear.
It is therefore vital for banks to think about what they will need in five years time, and to engage with suppliers who can deliver future-proof solutions.
Do you see any key trends in e-banking unfolding over the years to come?
Already, people are starting to rely purely on mobiles and tablets to do their banking, particularly within the younger generations. I think we'll see a continuation of that.
For Gemalto, we will strive to provide full banking services, and security on tablets and mobile phones over the years to come.