2023 has seen a number of high-profile banking data breaches. July saw banks including Deutsche Bank, Commerzbank and ING targeted in a major attack while here in the US, 1st Source bank saw nearly half a million client records breached. According to a recent report from IBM, the average cost of a data breach in the finance sector is $5.9 million, 28% higher than the average across other industries.
So, how can banks utilize data and drive the intelligent and integrated experiences customers expect, while also protecting this data, not to mention the bank's reputation for security and prudence? To strike the balance, data controllers should stick to three principles when it comes to creating data driven customer experience, while also keeping data secure.
The first thing to develop is a data strategy that asks how you use and store data and, crucially, how long you hold onto it. Is every data point you might have on a customer or merchant absolutely necessary?
When it comes to a customer bank account, clearly a lot of personal data is needed. But to design better experiences for customers and provide the insights that can help SMB customers grow, not all of this data will be necessary. An SMB customer running a cafe for example, might want to know what time of day to expect a rush of customers or an ebb in footfall, and they want these insights to be integrated in a way that makes business easy.
For a bank to deliver this data, is it necessary to know a customer’s full postcode, or would general geography work? The answer is not necessarily and actually incredible data can be generated in ways that don’t involve pinpointing individuals. Making use of tokenization can reduce the need for individual customer IDs.
Rather than horde data to try and compete with digital-first fintechs, banks should instead focus on brilliant basics. Rather than focus on huge customer data-sets, and all the insights you might be able to provide across a customer lifecycle ,the initial focus should be on integrated, pre-populated, informed acquisition, onboarding and early life engagement. Focus here will acquire and retain customer value and set banks apart from the competition.
This leads to our second principle, and one which is a crucial bulwark against potential data breaches.
In an age of AI enabled and highly determined hackers data hoarding can be toxic. Data has become one of the primary currencies of our tech enabled age. Because of this, data controllers can be reluctant to hit delete on unnecessary data. If the data that can drive intelligent and integrated experiences for the end user has been tokenized, the original data can be removed, thus reducing risk. Data is the new oil, but only when it’s safe. When data is compromised, it can be more like fool's gold.
This can mean rethinking data protocols and developing a clear data strategy. If somebody else is holding a data point for example and you receive a copy of it, do you need to keep it? Let's hold it only for as long as we need it, and then get rid of it. A lot of people don't want to do this, but as somebody leading on data security, my advice would be to change the mindset here.
Tokenization and data clearing will take a bank so far but ultimately, a lot of customer data will need to be retained and this will always be an appealing prospect to criminals and hackers. The battle between hackers and data controllers doesn’t sleep, with hackers constantly testing systems with new technologies and techniques, and security teams needing to respond in kind.
New technologies can make data security experts nervous. This is understandable, after all, new software means new database integrations and potentially therefore more points of entry into databases. Technology however is key to matching the technological capabilities of hackers, and so data controllers shouldn’t be afraid to embrace it.
AI for example, can detect unusual behaviors which might indicate that somebody is trying to steal data and encryption can ensure that data is secure and protected. Hackers will be using the latest technologies, so it’s important that banks do too.
For financial services, a data breach isn’t just financially costly, but also hugely costly in terms of reputation. Nobody likes to imagine their personal details might have been compromised, but this is especially true in the case of sensitive financial data. While no system is foolproof, there are simple data strategies that banks can follow today, to minimize rise, while also maximizing the power of their data.