Channin Gladden Channin Gladden  on Data Security July 2, 2020

How Today’s Data Security Solutions Are Failing Banks

When we think of where the bank stores our money, we think of a vault secured with high-tech locks and multiple doors. Unfortunately, data security has been handled much in the same way - with slap-on safeguards. Securing these digital vaults hasn’t changed much since 2010, with many more companies lagging behind in compliance and ill-equipped to handle cybersecurity threats. Hackers can access these vaults through brute force alone. Or they can simply work their way up the hierarchy, stealing credentials from employees until they hit the jackpot.

Over the years, banks and payment processors have used encryption to protect data. With this method, an algorithm replaces the sensitive data and only a key can unlock it. But this too acts as a bandaid. The hacker only needs the key to access critical data. Many banks have also upgraded their authentication process to include two-factor or multi-factor authentication. But even these methods can be defeated in a few different ways.

As it stands, financial institutions are particularly vulnerable. Financial institutions are 300 times more likely to be targeted than companies in other industries. And while breaches continue to increase, Verizon found that compliance is decreasing across organizations. And while PCI DSS compliance continues to be a requirement, current DIY options for data security can be costly and labor-intensive.

To better protect their customers’ data, financial organizations will need a shift in mindset and strategy when it comes to cybersecurity.

Hackers can access these vaults through brute force alone. Or they can simply work their way up the hierarchy, stealing credentials from employees until they hit the jackpot.

Over the years, banks and payment processors have used encryption to protect data. With this method, an algorithm replaces the sensitive data and only a key can unlock it. But this too acts as a bandaid. The hacker only needs the key to access critical data. Many banks have also upgraded their authentication process to include two-factor or multi-factor authentication. But even these methods can be defeated in a few different ways.

As it stands, financial institutions are particularly vulnerable. Financial institutions are 300 times more likely to be targeted than companies in other industries. And while breaches continue to increase, Verizon found that compliance is decreasing across organizations. And while PCI DSS compliance continues to be a requirement, current DIY options for data security can be costly and labor-intensive.

To better protect their customers’ data, financial organizations will need a shift in mindset and strategy when it comes to cybersecurity.

Changing the Mindset

If banks want to prevent cybercrime, it’s time for a shift in mindset. We expect old concepts to protect against innovative technologies.

According to the Co-Founder of VGS Mahmoud Abdelkader, 80% of data security is related to discipline and repetition. But much about successful data security lies in the approach. “You need backups on backups on backups. And you really have to consider how an attacker gets in and apply that to your product so you can combat every possible threat.”

Automation can help. But generally, financial organizations need to consider stronger safeguards for their data and educate their team on how to maintain that security.

Next-Generation Data Security

Tokenization is the latest way to protect data. Here, a token replaces the sensitive data entirely and it cannot be reverse-engineered or solved. There is no key. This form of data security essentially limits how many people can come in contact with the original, sensitive data.

With aliasing - a form of tokenization - VGS can take this concept further. Typically, tokenization still runs some risks for businesses and banks - the vault itself and the point of capture. If either of these points is compromised, then you can still lose the sensitive data.

VGS helps to solve this problem with tokenization while streamlining PCI compliance. With aliasing, we are able to collect, store, and transfer data for companies - without the companies having to touch the data themselves. We call this a Zero Data platform.

In order to keep this data safe, VGS employs several components in its own vault. This includes segregated accounts, key rotation, patch management, extensive audit logging, regular vulnerability testing, 24/7 monitoring, and AES 256 encryption. In addition, this vault has no direct access to the internet.

With this level of security, organizations can use sensitive data without actually having to touch it or be liable for it. Consider Brex, a fintech startup that issues corporate credit cards to businesses. Despite the fact that issuing credit cards is one of its main products, the company never sees a card number. Through working with VGS, Brex and its customers can use this sensitive data without taking on the risks.

This next-generation data security benefits both legacy systems and startups. For already established organizations, the Zero Data approach can streamline and maintain compliance efforts while reducing costs. Fintech startups, meanwhile, can bring their product to market more quickly.

Through Zero Data, VGS takes on the data security burden so companies can focus their time and resources on growing their business.

Subscribe to our Blog

Please enter a valid email address.