Balancing User

Experience with

Security & Regulatory

ConsiderationsSANTIAGO CAVANNA – CYBER SECURITY EXPERT (SANS/ISC2/ISSA/ISACA/CSA)

SANTIAGO.CAVANNA@GMAIL.COM / @SCAVANNA (MICROSOFT, SYMANTEC, IBM, CA TECHNOLOGIES)

Possible Futures…

Understanding Market & Consumers

Challenge to Meet Expectations

Source: Accenture, 2014 North America Consumer Digital Banking Survey, “The Digital Disruption in Banking”

27%

Would consider a

branchless digital

bank

71%

Consider their

banking relationship

to be transactional rather than

relationship driven

51%

Want their bank to

proactively

recommend products and

services for their

financial needs

48%

Are interested in real-

time and forward-

looking spending analysis

Common Market Drivers

Customers are used to dealing with Digital Leaders on a day to day basis

Why Should Banking Be Different?

Market & Industry Innovation

Bio-Metrics

Responsive Design Across

Digital ChannelsFacial Recognition

Digital End PointsNextGen ATM

Customer Behavior

Profiling

Voice Recognition

Driven Mobile

Applications

Low digital maturity High digital maturity

RETAIL BANKING ONLINE BANKING LOCATION & SERVICE APIs

ACCOUNT APIs

ALERT/MONITORING APIs

MOBILE PAYMENT APIs

DIRECT DEPOSIT APIs

INVESTMENT APIs

P2P MOBILE PAYMENT APIs

LOYALTY PARTNER APIs

P2P LENDING APIs

WEALTH MANAGEMENT

APIs

Digital Transformation in Financial Services

Offline / In-Person Web Mobile Omnichannel Ecosystem

5 Key Principles of Trusted Digital Relationships

Value MeMake it Easy for MeProtect meEnhance my experiencePartner with me

DIGITAL

TRUSTED RELATIONS

Digital Transformation requires

Identity-Centric Security

On Premise Apps

Cloud Services

Connected Devices

CustomersCitizens

Partners

Employees

Trusted Digital RelationshipFor Legos

Risk

-ba

sed

Au

the

ntic

atio

n

On-

boarding

Self

Service

Certify

Refine

Identity Management

& Governance

USERS RESOURCES

Access

Federation

Behavioral Analytics

Privileged Access

Management

API Management

Partners

Things

Employees &

Administrator

s

CustomersMobile

Web

API

Cloud Services

On Premise Apps

Systems

Data

Security posture must do more than…

just Secure

ENABLE THE BUSINESS

Cloud Services

On Premise Apps

Engage with your

customers faster & better

Make your

employees more productive

CustomersCitizens

Employees / Partners

Connected Apps / Devices

PROTECT THE BUSINESS

Strongly

validate each user’s

identity

Govern &

control user access

Protect

privileged identities

To discuss: (later)

Are banks protecting their customers, or just complying with regulations?

Are the regulation put in place locally (Arg) thinking in the financial customer/citizen in 1st place?

Which market failure, the financial market regulations do you think was created for

The regulations are enough?

To do what?

The Security mathematical-statistical Authority Dilemma – ROI, Threat Agents, Momentum and others Security concerns

Are the regulations a real limits (technologically spoken) or the logical basement?

Do you read the regulations?

Do you understand the regulations? (the spirit of the regulation, I meant)

Do you (as bank) propose new interpretation of the regulations or exceptions? Banco Original (Brasil) / MercadoPago / NacionServicios (Arg)?

Are the regulation adapting at the information technology velocity?

Are the security to expensive and who should pay for it?

Security for Digital Transformation requires

AND (not OR) Model thinking

The BCRA could not have all the pieces of information to create new regulations Market

Opportunity to help and to growth.

The customer choice because they believe that they can do that.

By analogy and because every day appear new options and very low move barrier/cost to change the

current service provider.

The customer want more security (not less) but want easy ones (not weak ones)

They want to be recognized as customer and person. (they are not stupid)

In the new Argentina Civil Code, the big challenge will be:

“acciones de clase” y la determinación del colectivo representado en juicio

Questions?

SANTIAGO CAVANNA – CYBER SECURITY EXPERT (SANS/ISC2/ISSA/ISACA/CSA)

SANTIAGO.CAVANNA@GMAIL.COM / @SCAVANNA (MICROSOFT, SYMANTEC, IBM, CA TECHNOLOGIES)