Understanding Economy of Cybercrime in the Digitally Disrupted Banking Landscape by Tolga Tavlas

Written by: Tolga Tavlas Digital Banking Expat at Unicredit Group Austria


One of the main challenges Digital Banking professionals face is to find the equilibrium point between security and functionality. At the end of the day we all want to provide the best digital banking experience in the most secure way. So is this possible? I think it is. I like the “functional security” expression, which means security enabling the business, rather than disabling.

If the balance between security and functionality is not set well, security can become a huge obstacle in front of Digital Banking channels. Client engagement, and keeping them active is the main target of digital bankers. If your security structure does not make things easier on your side, at that point you should reconsider what kind of improvements are required.
On the other hand, if your digital banking perimeter is not secure enough: you may end up with a loss of reputation, money and business. Security is a journey, not a destination. In other words, you will always need to do something about it – like updating yourself, your tools and technologies against constantly changing threats and the cybercrime landscape. And whatever you have in your perimeter – they should work together, like a football team (preferably a German national football team, they always play the finals at the world cup – regardless of the generation!)

Criminals always go where people go - this was the first thing we learned on the first day Criminology class. Criminal mindset is quite simple and follows where the money goes. When it was asked "why do you rob the banks?" to one of the most charming and intelligent bank robbers, Willie Sutton (who had forty years of interesting criminal career), he answered "because that's where the money is." Yes, it is that simple...

As of today, we know that the future of banking will be mobile - so we can safely estimate that mobile will be the target for hackers. If you have a look at the security trends, you can easily see that the variations and types of attacks have a very strong direction to mobile platforms. The most heart-breaking fact is the ability of mobile apps developed by fraudsters (let’s call them malware) are much better than the legitimate banking apps (shame on us!) In other words, they know more about our clients than us. The unfortunate result is, if you heavily rely on client profiling in your security perimeter - criminal activity will be very hard to detect.

In my presentation, I would talk about changing customer behaviour and its influence on banking security landscape. Mobile has been the most predominant banking platform now, do we know and understand the threats for mobile and do we know how to manage them. My intention is to share some insight over the topic and empower the audience with some fresh tips.

Hear from Tolga Tavlas at the 10th Annual Internal Audit & Governance, Risk and Compliance Forum, November 08-09, 2016 in Berlin, Germany.

Europe Finance

10th Annual Internal Audit & Governance, Risk and Compliance Forum

Visit event website