Retail brokers, regulators and the authors of MiFID II: Why not embrace facial recognition for compliance? – Op Ed
He who invents and successfully implements it will gain historic acclaim as he who put a stop to cyber threats in the retail FX industry, as the regulators are very unlikely to do so despite the obvious need. Here is a full investigation and our suggestions
Today’s facial recognition technology is of such high resolution and has such a low failure rate that national governments are using it routinely at borders when admitting (or not!) millions of people every day worldwide.
In this age of biometric national passports and automated airport security systems, the ability for a computerized government database to be able to connect to a biometric recognition system to vet entries and exits across the world is very much proven, and is very likely to be more accurate than human resources.
As an equally effective paradox to watertight systems that only allow access to data or international mobility via completely unique attributes such as the iris within a human eye, criminal entities with intentions to defraud are also using high technology and ruses that appear plausible to the potential victim in order to empty bank accounts – and similarly electronic trading accounts – of retail customers worldwide.
Last week, suspicion grew in Great Britain when two of the nation’s largest banks Halifax and Lloyds, sent identical letters to their banking customers asking for the recipients to confirm that they are a UK resident for tax purposes, which, as it turns out, was genuine on both sides, but raised the alarm within many customers who were reluctant to respond for fear that it was a bogus request.
The general public across many modern nations – which let’s face it – represents absolutely the target audience for many large retail FX companies of good standing – have demonstrated their faith in biometric security systems, as there has been no reported resistance by any individuals or groups when being asked to provide photographs to government agencies in order to be able to use facial recognition systems to verify identity for all manner of very important and security-dependent tasks.
Yet, when a physical letter is sent, retail customers are beginning to doubt its legitimacy.
This is perhaps due to a widespread understanding that unique facial features are absolutely unable to be counterfeited, as today’s members of modern society are no longer afraid of ‘harvesting of information’ by governments as was the case in the 1990s with those who are now retirement age, but fully understand the modern systems which operate both for the preservation of legitimacy and compliance, and also methods used for nefarious purposes.
MiFID II will be implemented in January 2018, and for the most part, retail FX firms are now in the process of digesting the somewhat ambiguous infrastructural rulings from the European Securities and Markets Authority (ESMA) which have thus far required exponential explanation to compliance personnel by specialist regulatory technology firms and trade repository executives across the world.
Within MiFID II’s stipulations on the reformatting of brokerage infrastructure, absolutely no advancement in cybersecurity for retail clients has been included.
Earlier this year, Bloomberg deduced that given industry-wide implementation costs that are expected to exceed €2.5 billion as firms face reworking KYC (know your client) process, repapering clients and reconfiguring systems, they should consider focusing on implementing in the most efficient way possible.
Bloomberg also opines that while the regulation also gives firms an opportunity to enhance their services, gather more useful and accurate data and – most importantly – boost competitiveness, interpreting the KYC data and new client onboarding and reporting requirements in the right way will be critical to success.
Quite simply, this is absolute testimony to the outmoded nature of most mainstream financial services reporting and advisory firms (some of which are being paid subscriptions of over $30,000 per month for their consultancy services), and also highlights the ineptitude of those responsible for consulting with ESMA on behalf of national regulators.
This of course does not simply apply to European markets, as the prevention of fraudulent access to retail trading accounts is the responsibility of every broker and regulator globally, however given the complexity and requirement to restructure the environment which operates FX firms in Europe, this has been overlooked.
Today’s smartphone cameras can easily be used to verify account access via facial recognition, as can computer webcams.
UAE based Jouda Seghair, a research expert on financial markets cyber security spoke in detail to FinanceFeeds yesterday.
Whilst email or physical letters are still in existence, though dwindling, cyber attacks are on the increase.
Ms Jouda explained that while headlines and news coverage leave the impression that ransomware is the greatest threat to enterprises today, research has revealed that with annual attacks numbering 1.2 million, financial malware is 2.5 times as prevalent as ransomware.
The recently released Symantec Internet Security Threat Report (ISTR) Financial Threats Review 2017 stated that 38% of all financial threat detections were against corporations, rather than customers. While these attacks are more difficult to execute, they yield a higher profit, which is why there was 1.2 million such attacks in 2016.
Attacks against financial institutions are on the rise, with the emergence of a select group of cyber criminals targeting financial institutions in a sophisticated manner.
She deduced that incidents targeting banks have spread around the world, striking institutions in Ukraine, Poland, Bangladesh, Ecuador, U.K. and India, to name a few, with losses totaling hundreds of millions of dollars. These widespread events indicate that financial criminals see these networks as prime targets for attack.
FinanceFeeds concurs with this, and also is of the understanding that several attacks of this nature are aimed at gaining access to customer accounts and passwords, providing the attacker with the full user credentials required to make successful withdrawals from trading accounts to their own bank accounts without any contact with the actual account holder.
The FX industry is so multi-faceted that the need for cybersecurity exists in many specific areas such as the electric payment processing sector, the safeguarding of client funds in online trading accounts and the actual access to trading accounts themselves in order that trades can be opened and closed.
Last year, Tim Thompson, CEO of British payment payment service provider and risk management technology company NOIRE explained to FinanceFeeds that FX brokerage accounts are usually accessible online needing only a username and password in order to gain access to sensitive data and exposure to fraudulent withdrawals.
“It can start in a number of ways” explained Mr. Thompson. “These methods include fraudsters phishing customers details, through emails pretending to be from the broker and telephone calls, Trojan malware programs often downloaded for trading platforms which look legitimate but could be obtaining customers’ login details and passwords. Fraudsters do this on an industrial scale and gain access to many customer accounts across many businesses.”
Mr. Thompson explained that in many cases, fraudsters have been able to successfully make withdrawals from trading accounts, their requests being so authentic that they have been passed by even the most diligent of compliance departments. The ability to access accounts by phishing and sending in Trojan horse malware programs in order to ’emulate’ the real customer would be avoided with the right anti-fraud security systems.
Facial recognition technology would prevent this entirely. Basically, no face, no withdrawal.
Once again, it will likely be down to the avantgarde R&D departments within retail FX firms – often those are at the absolute leading edge of development within this industry – to develop such systems and pave the way forward, as the regulators are unlikely to take the lead.
He who invents and successfully implements it will gain historic acclaim as he who put a stop to cyber threats in the retail FX industry.