In this video Matthew Moynahan, CEO at OneSpan, discusses current digitization trends in financial services and the reasons why security needs to be woven seamlessly through the customer journey.
Hear Matthew discuss the top requirements for conducting business in today’s hyperconnected digital world, including the ability to verify the identity of a customer, authenticate users, and ensure that hybrid and virtual engagement models are secure and compliant.
Video Interview Transcript from Money20/20 Europe event with FinextraTV
Hannah: Hello and welcome to Money 20/20. I'm Hannah Wallace for Finextra TV and with me now in the press lounge is Matt Moynahan, CEO of OneSpan. Matt, thank you very much for taking the time out of this busy event to speak with us in the press lounge.
Matt: Thank you, Hannah. It's great to be here.
Hannah: Really good to have you on. I know you'll be very busy during the event speaking to other delegates about those major trends we're seeing across the financial services industry. I want to hear a bit about that, but also with those trends come some challenges, so let's start there.
Matt: It's great to be here in person. This certainly shows that things are opening up. And I think “opening up” is probably the theme that's going on right now in the financial services industry, as well.
To put things in context, we're probably in Web 3.0 of the digital transformation curve. Web 1.0 was really just getting the internet up and running. Web 2.0 was more around reading and writing web and maybe some basic e-commerce. Web 3.0 really is around the entire digital product portfolio coming online. You also have the perfect storm of data privacy and data sovereignty – and data ownership in some cases. Web 4.0, we're not quite there yet, it's really the mainstream use of Blockchain and consensus technologies, more decentralization, and things of that nature.
With the Web 3.0 phenomenon that's coming on, it's all around a much more complex set of digital interactions and as we know in the financial services industry, the end user has always been the primary attack surface, right? Certainly, with the credential theft and identity theft at an all-time high... and it's going up every single year. That threat vector, mapped with increased complexity around digital interactions with some of these new digital products, really creates an attack surface that is much more easy to exploit than it was in the past.
Combined with that, you've got the global regulatory environment. I think it's something close to 250 billion [that is being] spent on global compliance. On things like data sovereignty, data privacy, bank ID digital wallets, national ID systems. It really creates this perfect storm of complexity for banks to navigate in this new world. And complexity as we know is the friend of hackers, nation states, and others who look to take advantage of it.
So with that, we're seeing some fundamentally different thinking around how security needs to be woven into the business processes. Historically, banks had to do it on-premise and now they're doing it in the cloud – cobbling together various solutions to create a fabric to transact online. That creates seams. What we're seeing now is that the approach to security can't be just providing building blocks, but it's got to be seamlessly woven through the customer journey as banks interact to make sure that those processes are protected pre- and post-authentication given some of the identity threats that we're seeing out there.
Hannah: All right, thank you very much for setting the scene there and bringing us up to date. I like the analogy there as well. So, what are the requirements then for conducting businesses in this increasingly hyper-connected and digital world?
Matt: I've been encouraging our clients really to think end-to-end and it starts with obviously knowing your customer (KYC), knowing who they are, making sure you get that right as much as possible. And, given the threat environments, given the threat against identity, it's hard to make sure it's 100%. The next step is to really authenticate and make sure that that authenticated user comes online, but you don't stop authenticating them once you let them onto the network. You have to continuously authenticate them.
The next step is interaction. There's a new demand, as we've talked about, around a hybrid engagement with an end-user post-Covid. For some transaction types that are high-value and high-touch, there is a requirement to interact with them in a slightly different way than in the past. You're having a secure interaction model with them in a virtual environment, trying to replicate that human [interaction]. This is so much bigger than Zoom or Teams. This is really trying to make sure that that interaction model is secure and globally compliant.
Then you would move into a signing phase and then even a storage phase after that. I do think moving end-to-end across the entire continuum is important.
Hannah: That's right and then the last two years there has been this focus on technology and the processes to enable customers to digitally transact. But we're seeing a bit of a shift and a bit more of a demand to integrate a human element into those digital channels, so how do we go about doing that?
Matt: You have to. This is going to be the big challenge. How do you let customers interact with a bank where they want to interact? It may be one day going into a branch office, maybe another day doing things completely virtually. Security really is paramount to that. I mean, you have you have things like qualified electronic signatures, you have things like notary over in the U.S., so humans have always been part of the transaction process, whether it be a bank teller or notary.
Non-repudiation of a transaction has always been part of the banking world. Doing it in a virtual world is much more difficult. So you're going to have a focus on a more systematic approach to how you secure that interaction, starting with the identity of the end user, the authentication, but the interaction model virtually has to be secure. This is so much bigger than you know an electronic signature on a document. It's so much bigger than Zoom or Teams. This is around how do you create a truly secure environment for virtual interactions with business workflow, and it's fundamentally different than I think anything we've seen before in the banking industry.