The huge security risks present in the UK

Every market has its own level of financial risk. It comes as part of the deal. However, as the UK is a global banking hub, some argue the banking hub; the risks can be much greater. Patrick Brusnahan sits with Javier Sanchez Ureta, data office director at Banco Sabadell, to discuss

Nobody wants their money to be insecure. Traditionally, a bank is thought to be the safest place but that is quickly changing.


Post-2008 and the global financial crisis, consumers have been constantly wary of their bank. Media coverage of cyberattacks and rises in fraud seem almost constant. 


At the same time, alternative options were becoming available, from PayPal to mobile payments such as Apple Pay. 


An institution doesn’t even need to be a bank to offer a ‘current account’ anymore. 
Spain-based Banco Sabadell made strides into the UK in 2015 with its acquisition of TSB. This gave it access to one of the most monitored and most attacked markets in the world.

There are possible downsides to the IoT, but a lot of the sector is optimistic


For example, your smart fridge can tell you that you need to buy more milk, or you manage your Netflix account which has your card on file from your smart TV. The phrase that fits best in IoT is ‘connected commerce’; this is how the world is evolving. Ten years from now, every device and every utility that you use will be connected to you.


PB

Patrick Brusnahan

JSU

Javier Sanchez Ureta

PB

How big do you think the risk threat is at the moment?

JSU

I think risk is increasing but so is risk awareness. If there is a risk, everyone is now aware of it. Everybody hears about cyberattacks. The noise about risk is high and now we have all known about it for years in advance and the impact it will have.

PB

Do third parties have a part to play in this as they are less scrutinised than banks? 

JSU

A complaint from the banking industry is that we are so regulated and the newer players are not. It’s true but it's there and you have to deal with it and push the regulators to make an environment where everyone is on the same level. PSD2 helps that in terms of sharing information with third parties. There is some kind of requirement there that all should comply with, not just banks, but fintechs as well. The risk is there but there are steps at the moment to put all of us on the same plate.

PB

Do you feel there is an issue with liability?

JSU

There are two sides of the coin. You have the relationship with the client that focuses on the good things, but you also need to be there for the bad things. Is this fair? This model is good and showing the reality of it all. I think it's the way the world runs.

PB

DIs it good that you still own the relationship, even if it is through complaints or issues? Would you prefer customers came to you rather than a man-in-the-middle?

JSU

If you can control the answer, it's better if you control the conversation. If you are doing well in your diligence, you do not have to be afraid to talk to your customers. 

PB

How is risk in Spain different to other regions? 

JSU

In terms of fraud, the UK is huge compared to Spain. I'm sure if I consider the UK to be the financial centre of the world, but in a huge market, it's normal the bad guys go to the UK more often. The situation is that fraud is higher in the UK than in Spain, but doesn't mean we do not have fraud in Spain. In terms of volume, it’s very different.


For other forms of risk, it's different and the levels of risk are the same. Global vendors with global risk and there's no difference there.

PB

How is Sabadell combating these risks? 

JSU

Cyber intelligence and sharing information is important. When a client comes in, we will have information and share it with other impacted companies. The good guys should share. This is the fix and part of advanced cyber-defence. With that, you are culturally in place. You try to cover your risks, but you need to be able to answer when something happens. These responses have to be quick and are not always tested, so that's another problem.

PB

Does data analysis come into it at all?

JSU

Yes, of course. At TSB, we have iris recognition; we have biometric controls for users and two-factor authentication. These controls are in place, in terms of technology, for a long time. These are the preventive controls we have. Also, with voice recognition, these types of things are not business-as-usual.

Share this article