The California Bankers Association will hold its annual Bank Presidents Seminar in January. Among sessions about bottom lines, deposits and faster payments is a session on cybersecurity. It plans to discuss what chief executives of financial institutions should be thinking about in anticipation for the next data breach. The seminar is far from alarmist, given there has been more than 100 incidents of data breach in the financial sector during the first six months of 2017, according to data compiled by Breach Level Index. It’s estimated that the recent breach at Equifax Inc. can potentially affect 143 million people in the U.S. “Banks are investing millions of dollars into systems to spot unusual activity, verify identity and help educate consumers to protect themselves,” said James Chessen, vice president of Center for Payment and Cybersecurity at the American Bankers Association, which works with CBA on issues like cybersecurity. “The top priority of banks is to preserve the trust of the customers. And that includes making sure there is the highest protection of data that can be obtained.” For example, Wells Fargo, No.1 on the Business Journal’s list of Banks, started the Wells Fargo Startup Accelerator program three years ago to join startups in exploring emerging technologies like analytics and cybersecurity. This month, the company selected SimSpace Corp. in Boston as one of the companies for the accelerator. SimSpace provides next-generation cybersecurity testing, including programs that allow users to simulate and visualize cyber-attacks. “This program plays an increasingly integral part in helping us explore and implement breakthrough ideas to build a better bank,” Steve Ellis, head of Wells Fargo Innovation Group, said in a statement. Rapid advancement in technology has allowed financial institutions to test more innovative ways to protect its customers’ information. For example, many banks are using a “neuro-network,” which stands behind every transaction. This network allows systems to spot transactions that are out of pattern, whether its location, dollar amount or specific items, said Chessen. Another emerging security solution is using consumers’ fingerprints, iris scans and even facial recognition for authentication. “There are some banks that are experimenting with biometrics,” said Chessen. “This makes sure there are a couple of layers of authentication.” Bank of America, No. 2 on the Business Journal’s list, announced this month that it will partner with Intel Corp.’s ‘online connect’ technology. The security feature will roll out to mobile platforms next year. The company has not yet announced the specifics of the technology. “As online and mobile banking usage continues to grow, we’re focused on implementing the latest technologies that will give our customers the best possible user experience,” said Michelle Moore, head of digital banking at Bank of America, in a statement. “Biometrics can help us achieve that goal, and we’re excited to work with Intel to bring added convenience to our more than 34 million digital banking customers.” Intel has also partnered with Lenovo Group Ltd. to offer laptops equipped with fingerprint readers that are integrated directly to Window PCs for online authentication in services ranging from PayPal to Facebook. Educating the public Because banks are on a constant battle against cyber criminals who are becoming more sophisticated, keeping up with latest technology is crucial, said Chessen from ABA. This also means educating and maintaining a large pool of talent that will be able to fend off coming attacks. For example, U.S. Bank, No. 6 on the list, has been awarding students who study computer science and information security with cybersecurity scholarships. “Cybersecurity is at the heart of keeping our customers, employees and communities protected from attacks,” said Marcia Peters, senior vice president and information security officer at U.S. Bank, in a statement. “In order to maintain that safety, we need smart, well-trained cybersecurity experts.” Even for smaller financial institutions that may not have millions of dollars to invest in its systems, security is top concern, said Chessen. “All institutions take cybersecurity extremely seriously,” he said. “Small banks usually work through core providers, and those providers are large companies that can add layers of protection.” But beyond technology, awareness of threats in the online space is another important defense strategy. According to Chessen, it’s important for consumers to practice good cyber-hygiene. “It’s making sure customers are looking at their emails and checking their accounts regularly for unusual activity,” he said. “One good example is setting up email or text alerts for purchases exceeding certain dollar thresholds.” Chessen added that not many customers are aware that banks never send out unsolicited emails asking a client to click on a link. “They may send you a warning email,” said Chessen. “But it’s always best to call your bank if you receive such email.”
