Welcome!

Cloud Security Authors: Shelly Palmer, Mark Ross-Smith, Pat Romanski, Derek Weeks, Liz McMillan

Related Topics: Agile Computing, Cognitive Computing , Machine Learning , Cloud Security

Agile Computing: Article

Retail Banks - Dinosaurs in an Online World

We have a recurring issue with our bank - they regularly flag transactions as fraudulent even though the transactions are fine

I had some interesting (sic) experiences with two separate banks with regards to two business accounts that we keep with each recently. The problem highlighted two issues that were both in some ways intertwined:

  1. False positive flagging of online transactions
  2. Identity Management between bank departments

First let me set the scenario. I am CEO of Storage Made Easy, a business that can be categorized (in bank speak) as an online internet business. We are a business that spends a fair amount on online advertising through various different channels and who also uses best of breed online services to make our life easier. Therefore we spend money with other online based internet companies including companies like Google, Amazon etc and we pay certain providers through merchant gateways such as Paypal. I suspect we are not that different to other similar companies in this regards.

We have  a recurring issue with our bank in which they regularly flag transactions as fraudulent even though the transactions are fine. These are what are referred to in the industry as 'false positives'. A false positive is a result that indicates a given condition has been fulfilled, in this case a transaction being flagged as fraudulent, when the condition was not or should have been fulfilled, and in this case the result is that the transaction should not have been flagged. The end result is that the credit card used to pay for such services is suspended until the end user (us) has negotiated with the fraud department of the bank to lift the ban and transactions that are flagged have to be re-submitted, a time consuming and costly process as it means all adverts stop running, payments are not made and someone within the business has to take time out of their day to sort the whole mess out.

You would think it would be fairly straightforward problem to fix. After all the transactions in question have a regular history of being paid each month, in most cases going back over 2 years. Unfortunately this is not the case, the bank merely says "our fraud detection system highlights these transactions as possibly being fraudulent and there is nothing that can be done". My ongoing question is why ? Why are you flagging transactions as being fraudulent that have a historic basis for payment in which the amount in most cases are identical to what was previously being paid over the past two years. This is largely a rhetorical question as no-one in the bank can answer it or even seems to care that it is a perfectly valid question that should be investigated.

The second issue involves getting in touch with the banks fraud department to arrange to have the block lifted. Normally when we speak with the bank we go through a telephone banking authentication process. The bank set this up with us and we have a pin and other personal and password details we have to give. The PIN relates to a challenge / response two factor authentication process. As a company we have a good knowledge of Identity Management, from Active Directory / SAML / Kerberos / LDAP through to OAuth OpenID etc and we also understand the challenges of integrating between the various identity management systems.

When we contact the fraud department they do not use our pre-defined identity management process at all. In fact they ask obscure questions about the account, such as "What was the debit amount for a transaction on 2nd January "etc. These are almost impossible to answer as a by-product of the fraud block is that online banking is also blocked and as we have paperless statements, there is no way to check or validate any of the questions being asked (which in any case are not in anyway related to the identity management process we have in place with the bank). When challenged as to why the fraud department is not using the existing identity management that we have in place the response is "We do not have access to that system". My guess is that as the fraud department seems to be outsourced to Mumbai, this is why, but this is not something we should care about or be impacted by.

My conclusion is that retail banking is akin to web 1.0 companies in a web 2.0 world. They have not changed their processes to work within the dynamics of the internet world, which is driven by online transactions, and their outsourcing exposes the lack of cohesion within their internal systems in which the customer suffers the consequences. There is also a certain type of arrogance within the culture of the bank that leaves me a little cold. There is a real "don't care' "can't do" type attitude.

It seems the option we have is to change banks but I really have little confidence this will solve the underlying issues as we already similar behaviour from the two banks we already use.

Banks now fail in the most fundamental thing you want them to be good at ie. lending money, storing your money and providing transparent secure access to it. They retain their position purely through lack of choice but it has often crossed my mind that a much better solution would be a consortium of similar minded tech companies who function as their own club that administer and provide their own financial services to each other.

More Stories By Jim Liddle

Jim is CEO of Storage Made Easy. Jim is a regular blogger at SYS-CON.com since 2004, covering mobile, Grid, and Cloud Computing Topics.

@ThingsExpo Stories
Internet of @ThingsExpo, taking place June 6-8, 2017 at the Javits Center in New York City, New York, is co-located with the 20th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. @ThingsExpo New York Call for Papers is now open.
Smart Cities are here to stay, but for their promise to be delivered, the data they produce must not be put in new siloes. In his session at @ThingsExpo, Mathias Herberts, Co-founder and CTO of Cityzen Data, discussed the best practices that will ensure a successful smart city journey.
Every successful software product evolves from an idea to an enterprise system. Notably, the same way is passed by the product owner's company. In his session at 20th Cloud Expo, Oleg Lola, CEO of MobiDev, will provide a generalized overview of the evolution of a software product, the product owner, the needs that arise at various stages of this process, and the value brought by a software development partner to the product owner as a response to these needs.
In 2014, Amazon announced a new form of compute called Lambda. We didn't know it at the time, but this represented a fundamental shift in what we expect from cloud computing. Now, all of the major cloud computing vendors want to take part in this disruptive technology. In his session at 20th Cloud Expo, John Jelinek IV, a web developer at Linux Academy, will discuss why major players like AWS, Microsoft Azure, IBM Bluemix, and Google Cloud Platform are all trying to sidestep VMs and containers...
@ThingsExpo has been named the ‘Top WebRTC Influencer' by iTrend. iTrend processes millions of conversations, tweets, interactions, news articles, press releases, blog posts - and extract meaning form them and analyzes mobile and desktop software platforms used to communicate, various metadata (such as geo location), and automation tools. In overall placement, @ThingsExpo ranked as the number one ‘WebRTC Influencer' followed by @DevOpsSummit at 55th.
SYS-CON Events announced today that MobiDev, a client-oriented software development company, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software company that develops and delivers turn-key mobile apps, websites, web services, and complex softw...
The cloud market growth today is largely in public clouds. While there is a lot of spend in IT departments in virtualization, these aren’t yet translating into a true “cloud” experience within the enterprise. What is stopping the growth of the “private cloud” market? In his general session at 18th Cloud Expo, Nara Rajagopalan, CEO of Accelerite, explored the challenges in deploying, managing, and getting adoption for a private cloud within an enterprise. What are the key differences between wh...
"Tintri was started in 2008 with the express purpose of building a storage appliance that is ideal for virtualized environments. We support a lot of different hypervisor platforms from VMware to OpenStack to Hyper-V," explained Dan Florea, Director of Product Management at Tintri, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
The security needs of IoT environments require a strong, proven approach to maintain security, trust and privacy in their ecosystem. Assurance and protection of device identity, secure data encryption and authentication are the key security challenges organizations are trying to address when integrating IoT devices. This holds true for IoT applications in a wide range of industries, for example, healthcare, consumer devices, and manufacturing. In his session at @ThingsExpo, Lancen LaChance, vic...
WebRTC has had a real tough three or four years, and so have those working with it. Only a few short years ago, the development world were excited about WebRTC and proclaiming how awesome it was. You might have played with the technology a couple of years ago, only to find the extra infrastructure requirements were painful to implement and poorly documented. This probably left a bitter taste in your mouth, especially when things went wrong.
Big Data, cloud, analytics, contextual information, wearable tech, sensors, mobility, and WebRTC: together, these advances have created a perfect storm of technologies that are disrupting and transforming classic communications models and ecosystems. In his session at @ThingsExpo, Erik Perotti, Senior Manager of New Ventures on Plantronics’ Innovation team, provided an overview of this technological shift, including associated business and consumer communications impacts, and opportunities it m...
You have great SaaS business app ideas. You want to turn your idea quickly into a functional and engaging proof of concept. You need to be able to modify it to meet customers' needs, and you need to deliver a complete and secure SaaS application. How could you achieve all the above and yet avoid unforeseen IT requirements that add unnecessary cost and complexity? You also want your app to be responsive in any device at any time. In his session at 19th Cloud Expo, Mark Allen, General Manager of...
WebRTC is bringing significant change to the communications landscape that will bridge the worlds of web and telephony, making the Internet the new standard for communications. Cloud9 took the road less traveled and used WebRTC to create a downloadable enterprise-grade communications platform that is changing the communication dynamic in the financial sector. In his session at @ThingsExpo, Leo Papadopoulos, CTO of Cloud9, discussed the importance of WebRTC and how it enables companies to focus o...
Big Data engines are powering a lot of service businesses right now. Data is collected from users from wearable technologies, web behaviors, purchase behavior as well as several arbitrary data points we’d never think of. The demand for faster and bigger engines to crunch and serve up the data to services is growing exponentially. You see a LOT of correlation between “Cloud” and “Big Data” but on Big Data and “Hybrid,” where hybrid hosting is the sanest approach to the Big Data Infrastructure pro...
In his General Session at 16th Cloud Expo, David Shacochis, host of The Hybrid IT Files podcast and Vice President at CenturyLink, investigated three key trends of the “gigabit economy" though the story of a Fortune 500 communications company in transformation. Narrating how multi-modal hybrid IT, service automation, and agile delivery all intersect, he will cover the role of storytelling and empathy in achieving strategic alignment between the enterprise and its information technology.
Buzzword alert: Microservices and IoT at a DevOps conference? What could possibly go wrong? In this Power Panel at DevOps Summit, moderated by Jason Bloomberg, the leading expert on architecting agility for the enterprise and president of Intellyx, panelists peeled away the buzz and discuss the important architectural principles behind implementing IoT solutions for the enterprise. As remote IoT devices and sensors become increasingly intelligent, they become part of our distributed cloud enviro...
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...
"LinearHub provides smart video conferencing, which is the Roundee service, and we archive all the video conferences and we also provide the transcript," stated Sunghyuk Kim, CEO of LinearHub, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Things are changing so quickly in IoT that it would take a wizard to predict which ecosystem will gain the most traction. In order for IoT to reach its potential, smart devices must be able to work together. Today, there are a slew of interoperability standards being promoted by big names to make this happen: HomeKit, Brillo and Alljoyn. In his session at @ThingsExpo, Adam Justice, vice president and general manager of Grid Connect, will review what happens when smart devices don’t work togethe...
"There's a growing demand from users for things to be faster. When you think about all the transactions or interactions users will have with your product and everything that is between those transactions and interactions - what drives us at Catchpoint Systems is the idea to measure that and to analyze it," explained Leo Vasiliou, Director of Web Performance Engineering at Catchpoint Systems, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York Ci...