Customer Behaviour Drives Banking Security And Cryptography Architecture

Changing customer behaviour and expectations are driving the transformation of the new banking security architecture. While customers want more digital banking and financial services, they still see a bank's physical presence as a symbol of the institution's credibility and reputation.

New Values and Priorities That Clients Care About

Banks expanding into the digital world need to pay attention to the new values and priorities that their customers have and now expect from the financial institutions they choose to engage with, including:

• Data and trust. Over 85 percent of 18- to 24-year-olds surveyed indicated they would entrust third parties with their financial information.
  
  Therefore,  banking platforms must provide the necessary measures to safeguard that data.
• Online engagement. Almost 75% of surveyed millennials prefer to do much of their shopping online where they can do everything themselves. However, if they do need assistance or have questions, the platform should be able to provide the help they need.
• Ownership. A new trend that is being seen among younger generations is the move toward participating in sharing services versus ownership, e.g. Uber/Lyft versus owning a vehicle or renting a home versus purchasing one.
• Brand relevance. When potential customers look at a brand, they want to know more about who they are, what their values are, and how that brand is relevant to their lifestyle and values. If they cannot relate to the brand, they will look for one they can relate to.
• Data for value. People are more willing to provide their personal data if they are going to receive something of value in return. This could be personalized services or features that benefit them.
• Voice. Customers want the ability to be able to search for the services they need by simply asking. This could be over the phone or with other electronic devices that they access their banking from.

Banking Clients are Doing Things Differently, and for Different Reasons

There is no one-size-fits-all solution for all banking customers. Customers who are more receptive to digital services or a combination of both digital and face-to-face services are doing things differently, and for different reasons, including:

• Generational differences. Baby boomers and millennial clients have different expectations and needs. Younger customers want to be able to interact with their bank the way they want and when they want.
• Financial empowerment. Banking clients want to feel secure and in control of their financial decisions. They want to be recognized and treated as individuals and not just another account number.
• Control of data. Customers are willing to let banks use their data, but they still want to own their digital identities and have control over how their information is used. Most do not mind their data being used if they are getting something for it in return.
• Working with trusted companies. Today, more people consider a company’s purpose and values. If their values do not align with the company or the do not feel the company will act in their best interest, they will look for one that will.
• Sharing economy. With more young people opting out of car and home ownership for shared options, their banking needs will change. Traditional banking products like car loans could fall by the wayside as other solutions are developed.
• Latest technology. One of the purposes of technology is to automate processes and make them more convenient to use. Banking has already been made easier with access from mobile devices, but that is just the beginning. New customer interfaces and platforms will use new features, including voice recognition.
• Open banking with more options. Today’s banking customers want to choose the options that best fit their needs. This may mean combining products from different providers and making them available from a single platform.
• Integrated solutions. Banking customers want their financial solutions to integrate into their daily lives and be there with the answers to meet their needs.
  
  

Paradigm Shift is on the Horizon for Traditional Banks

Traditional banks are facing a paradigm shift. The advantages that once made them great, like large customer bases, will no longer exist if they do not evolve to digital networks. The shift will include:

• Data that can be used creates new competition as new sources of data continue to emerge and be used throughout the banking industry.
• Scale to keep up with changing customer demands and behaviors, regulations, and technology that continues to increase at a rapid pace.
• Networks are no longer considered a significant barrier to entry and new approaches to banking will provide more convenience and choice to customers.
  
  

A new decentral paradigm of cryptography shaped by new client values

The set of requirements leads to the following new paradigm for banking architecture.

• Banking architecture will become more open. 
• In the front-end, it opens up for Payment Initiation Service Providers (PISP) and Account Information Service Providers (AISP) as defined in PSD2. More services are to emerge through planned Open-Banking Regulations.
• In the back-end, through cloud storage and third party services such as the MS Dynamics Ecosystem, Diebold Nixdorf ATM services or the SAP HANA service infrastructure.
• Banking services will be more aggregated (composite services), often with several legal entities providing partial solutions.
• Financial service products will have much shorter life cycles, and consequently, the services’ software deployments and meshes will become much more dynamic.
• The service width (choice of services) and depth (components in a service) will grow significantly making the implementation increasingly complex.
• Supplying into different areas of jurisdiction or even different industry segments may imply different regulations and compliance requirements, leading to different policies or even software / hardware implementations.
• Given the shift to mobile phones as preferred customer communication devices mandates a seamless secure end-to-end channel including mobile clients.
• In addition, the post-COVID normal requires that even internal banking personnel will work from outside the bank’s perimeter (home office), using in parts private infrastructure.

The cryptographic architecture for such a dynamic and decentralized approach needs to be able to respond to all the new requirements, while keeping security at the same level or higher than as it was in the days of closed and monolithic banking services. Data security and privacy must be uncompromisable at rest (wherever it is), in transit (inside and outside the bank’s premises), and in use (whether in the bank or at a third-party location).

Cryptographic keys play a central role in securely defining identities as a basis for user and machine authentication, in signing documents, messages, and code, as well as in encrypting data and communication to shield it from third parties. 

Managing the life cycles of cryptographic keys across all the required services and the involved locations is a fundamental requirement for banking-grade security and compliance.

Agility and responsiveness to changes in service architecture and offerings needs to be an underlying design paradigm of the involved cryptographic architecture.

And to make all that manageable without an exploding requirement of human resources, the key management system needs to be centrally managed in a comfortable and highly automated way.

Cryptomathic offers banking grade key management solutions for secure key management and key usage in local data centers and in the cloud. In addition, it provides an agile cryptographic gateway to easily handle or change new services and service meshes in an efficient and auditable way.

References and Further Reading

• Read more articles about secure banking-grade key management in the hybrid cloud  (2019 - today), by Stefan Hansen, Ulrich Scholten and more
• Global Retail Banking 2019 - The Race for Relevance and Scale (October 2019), by Thorsten Brackert, Chaojung Chen, Jorge Colado, Laurent Desmangles, Muriel Dupas, Pierre Roussel, Holger Sachse, Sam Stewart, and Monica Wegner at Boston Consulting Group
• Banking-as-a-Service - what you need to know (2016), by Dr. Ulrich Scholten at VentureSkies
• [1] How Value Creation Is Reshaping the Payments Industry (2017) by McKinsey Company
• McKinsey on Payments (January 2020), by McKinsey Company, Volume 12, Issue 30
• Platform-based Innovation Management: Directing External Innovational Efforts in Platform Ecosystems (2011), by Simone Scholten & Ulrich Scholten
• Composite Solutions for Consumer-Driven Supply Chains (2010), by Simone Scholten, Ulrich Scholten and Robin Fischer. In: Bogaschewsky R., Eßig M., Lasch R., Stölzle W. (eds) Supply Management Research. Gabler
• Banking-as-a-Service - what you need to know (2016), by Ulrich Scholten
• Winning in a world of ecosystems (2019), by McKinsey Company
• Global Banking Practice - The ecosystem playbook: Winning in a world of ecosystems (2019), by McKinsey Company
• The power of many: Corporate banking in an ecosystem world (2019), by McKinsey Company