Article in Computer Sweden on December 13. Swedish banks are falling behind and are threatened by new players who invest in mobility - says Daniel Freeman of Fjord in a debate article published by Computer Sweden on December 5th. The solution, however, is not to launch new exciting apps, as explained by Per Hägerö (CTO neXus) in the following article.
Banks and other financial players have to strengthen security and ensure that sensitive financial information doesn’t end up in the wrong hands. The risks are particularly high in this field, both for the banks and their clients.
Offering new innovative banking services, for example in the form of applications such as Tink and Qapital, is, of course, important for banks to keep their competitive edge. But these new services often have low security requirements for accessing information. The applications are often only protected with username and password and the risk is high that someone without rights can see an individual’s income, debts and shopping habits.
As stated in the article “Millions of passwords from social networks have gone astray” in Computer Sweden on the 4th of December, username and password are usually at a very low level of protection. Two million passwords from Google, Twitter and Facebook among others have been found on a hacker’s computer. Since it is normal to reuse passwords and usernames, the dark side suddenly has easy access to private financial information.
The Swedish Data Inspection Board has reevaluated their opinion regarding private financial information and believes that it should now be classified as private and sensitive. This has put pressure on collection agencies and banks to implement strong authentication for web applications and mobile apps.
The Data Inspection Board’s initiative is admirable and can hopefully lead to a new standard for the business segment, which will increase security for all bank apps and web services to strengthen the protection of individual privacy.
Development is fast and as long as there are no rules and standards in this area citizens are exposed to great risks. It is time for banks and other financial players to take responsibility and implement safer checks of identity. My opinion is that the Data Inspection Board should be more active and it is also a question that politicians should start addressing. It would be natural for the government to demand that banks and financial players implement better protection for their customers.
Today, there are several different techniques for strong authentication, like checking an identity using BankID, eID, or an OTP-token generator.
It should be a given for banks, financial institutions, collection agencies, and other entities that handle money for individuals to make sure that they offer secure identity and access control for all services, including mobile apps for depositing and communicating with clients.
The risks associated with not doing it are too great, for all parties – financial entities and individual customers.
This is also a societal issue regarding our right to privacy.
By Per Hägerö
Translated from Swedish by neXus. Original Swedish version