WINNING THE DATA GAME

WINNING THE DATA GAME:BANKS SHOULD SEE FINTECH AND DATA SECURITY AS STEPPING STONES, NOT OBSTACLES

WINNING THE DATA GAME2

Gathering data, checking data, storing data, protecting data – there are plenty of hoops to jump through before any company actually sets about using the data in any meaningful way. Yet technology based on data is so firmly enmeshed in financial services – both in traditional banking and the emergence of new delivery models – that FinTech is now a standard term.

WINNING THE DATA GAME 3

USING FINTECH AND DATA SECURITY AS STEPPING STONES TO SUCCESS

FinTech has moved from revolutionising back office functions through transforming customer-facing processes to become the driving force behind processes and services. Challenger banks have been quick to see the potential in FinTech. Where traditional banks are juggling short-term income and long-term expenditure with mortgages, complicated products and a variety of credit qualities, challenger banks can slice through that to offer simpler products with higher interest rates, sexy branding and technical functionality. Just like an à la carte menu, challenger banks dictate the terms, benefit from streamlined processes and pass the benefits on to customers, resulting in a cheaper meal – or a higher interest rate.

FinTech has bled into all parts of the industry, from retail banking, to capital markets, asset and wealth management, insurance and trading. The emergence of FinTech in the lending and payments sector, both business-

to-business and peer-to-peer personal loans as well as innovative models, is bringing high levels of disruption to more traditional banks. This disruption and innovation is headline-grabbing, meaning worries for shareholders and pressure to adapt.

Traditional banks should take this advance on their territory as an opportunity to raise their game, not bow under the threat of incursion. These banks have consumer confidence, a proven place and track record in the marketplace, as well as enviable amounts of big data, meaning patterns and trends can be identified to the benefit of bank and customer. Rather than limiting FinTech to replacing dull back-office functions, banks have the scope and resources to really let FinTech work for them, utilising big data for projections and predicting trends, attracting new business with smarter functions and retaining customers with clever technology.

WINNING THE DATA GAME4

Technology penetration means that banks must put FinTech at the heart of any future plans; from smartphones to smartwatches, apps to bots, customers and businesses are demanding real-time transactions and up-to-the-minute forecasting. FinTech allows banks to provide services, but it means a large quantity of data to acquire, process and protect.

FinTech will allow banks to prevent customers jumping ship as Open Banking and Payment Services Directive 2 (PSD2) make it easier to pay from any app on their phone. If Facebook can pay for your coffee, why carry a debit card? FinTech is the answer; businesses and customers will be able to manipulate their money and have access to banking tools that social media will find hard to match.

Recognising that data is a tool, not an obstacle, means that established banks can steal the march on challenger banks, adopting a modern financial services

mindset. Coupling big data with FinTech will allow banks to make advancements in mobile and real-time payments, adopt an “Internet of Payments”, progress in cross-border banking, eWallets, Blockchain and virtual currency.

When embracing FinTech to improve customer experience, banks must ensure that data security is embedded in order to future-proof systems, on-premise and in the cloud; safeguarding against potential pitfalls can be reflected back as a benefit to the customer, whether it is an individual, or a business.

A data-first mindset is a real USP for a bank; when a customer is worried about the potential for fraud, it is actually a chance for the bank to reassure them that the bank takes data privacy as seriously as they do protecting their investments and that fraud detection and protection are at the top of the agenda.

Customers and businesses will feel safe with a bank that has a data-first mindset – not only will this maintain a high level of customer loyalty, but it will attract new business and mark the bank out as a brand with integrity and an ethical approach to its customers and their money.

WINNING THE DATA GAME 5

While banks are busy harvesting and harnessing all this data, they must remain mindful that it still belongs to their customers. Data privacy is paramount and embracing a data-first mindset will ensure banks have a strategic advantage – any bank that can guard data, can guard financial assets. Having appropriate security systems in place should be embedded early in any process, with continual improvement and a data-centric focus. The right security system will produce a positive-sum game, improving both the product and experience for the customer, and the fortune of the business – data will be available for analysis and manipulation, as well as safe from any attack. A data-first approach will ensure the bank stands up to security scrutiny and is compliant with global regulations.

A data-first mindset means an ethical and profitable win-win for banks and their customers, so we are delighted to share the best practices for protecting private information that we have honed working with over 200 global and data-driven organisations.

Given the highly sensitive nature of the services we provide to our customers, their identities have been anonymised here to protect their security posture, but further details are available upon request.

FinTech:EMBED IT AND

PROTECT IT.

WINNING THE DATA GAME6

Established well over a century ago, one of the five largest banks in the US chose Protegrity as the foundation for a global data protection service to support merging data generated by their various applications around the world, enriching its analytic algorithms for business growth while remaining compliant with global data privacy regulations.

This major US financial institution needed to provide enhanced cross-border and self-service data exchange capabilities with centralised data protection policy control while allowing local security management the ability to comply with local data privacy regulations based on a fault tolerant, ‘as-a-service’ model for its global business lines.

Protegrity responded to the bank’s need to ensure that Personally Identifiable Information (PII) cannot be accessed in the clear in any location other than where it was collected to maintain compliance with data privacy laws and regulations in the countries in which the bank operates, while also allowing it to be analysed anywhere.

The bank chose Protegrity’s Data Security Gateway (DSG) to enable the protection of sensitive data in-country prior to export to corporate data lakes where it

1 MULTINATIONAL WORLDWIDE BANKING GROUP

can be leveraged for analytics purposes at an enterprise level while remaining in compliance with cross-border and other privacy restrictions imposed by government regulations or individual business silo requirements. Implementation of Protegrity ‘as-a-service’ inverts the labour model of building a data protection infrastructure within each region or organisation and creates a lower total cost of ownership.

The bank relies on Protegrity to securely gain competitive advantage by leveraging data throughout their organisation to create products, services, and strategies that deepen customer relationships and increase market share. The greater the amount of data they collect and the greater its diversity, the more they can tighten up their targeting toward specific market segments and consumer groups to embrace FinTech and compete with challenger banks.

WINNING THE DATA GAME 7

DRIVERTo achieve client-led revenue growth through the implementation of enterprise-wide analytics and FinTech as soon as possible to deepen and expand client relationships

CHALLENGEWinning an ‘arms race’ to populate and leverage enterprise level data lakes within a nine-month timeframe while maintaining compliance with global privacy laws and regulations to stay ahead of growing competition by agile challenger banks

STEPS TO SUCCESSEngaging with Protegrity to perform extensive evaluation, testing and co-development of solutions to successfully enterprise data.

Fully leveraging data allows us to fulfil our core business strategy of client-led revenue growth, lowering internal technology costs and optimising our capital base by focusing on return of capital above operating costs.

SOLUTIONProtegrity’s Data Security Gateway (DSG) licensed in 8 countries with room to expand to 152 more, enables the bank to securely move data to the external cloud and compliantly leverage data analytics

BENEFITSAs well as reducing the risk of penalties for noncompliance with GDPR and PCI DSS, the bank can honour customers’ privacy rights without compromising analytic ambitions

RESULTInternal Data Protection as a Service

VOLUME200 million users

SCOPE160 countries in 4 Regions (NA, EMEA, LA, Asia)

WINNING THE DATA GAME8

This international financial institution with a long history of analytical leadership to drive value and enhance relationships, uses Protegrity to protect customer data from unnecessary or unauthorised access in a way that respects privacy, enables FinTech adoption and provides a solid basis for GDPR compliance.

For over two decades this multinational retail bank has been performing an extensive range of customer analytics within an ecosystem that incorporates a broad range of applications and technologies. Seeking efficiency, the bank chose to consolidate all analytical sources in a Hadoop® big data platform.

From the outset the bank recognised that they wanted to go beyond native user authentication; they understood it was optimal to tokenise all sensitive data elements, to keep Personally Identifiable Information (PII) protected and take Payment Card Industry (PCI) data out of audit scope.

INTERNATIONAL RETAIL BANK

After rejecting in-house and alternative vendors’ offerings the bank found Protegrity’s enterprise solution utterly compelling in its alignment with their goal to protect PII and PCI data throughout its analytical journey, without impacting performance or its business value.

With Protegrity’s multi-platform tokenisation technology the bank can pseudonymise private data as early in its lifecycle as possible and consistently enforce a security policy that allows access to data in the clear only by authorised users and only when necessary.

Protegrity’s data-centric approach has enabled scalable protection of personal information by design and by default and provided a solid basis for the bank’s GDPR compliance programme.

2

WINNING THE DATA GAME 9

DRIVER Reduce PCI audit scope and improve a long-established analytic history by making effective use of Hadoop and FinTech

CHALLENGESecurely re-engineering a complex analytical environment to improve processes, make effective use of Hadoop® for operational change and achieve GDPR compliance

STEPS TO SUCCESSPrioritising the sensitivity of data and recognising the value of protecting it as early as within the dataflow to reduce audit scope and risk

SOLUTIONUsing Protegrity’s Enterprise Security Administrator and File Protector Gateway to protect data as it is captured and limit access to unprotected data to authorised users and applications only

BENEFITSA data-first approach to protecting sensitive information has reduced costs and provides a blueprint for GDPR compliance while analytic value is preserved

Our GDPR strategy is built on the ‘by design’ nature of Protegrity’s data security solutions.

INPUT>15 Source Systems

PERFORMANCESLA for <1-Hour End-to-End Processing

VOLUME>120m Records/Day

DEPLOYMENT<40 Working Days

WINNING THE DATA GAME10

Established in the 1700s, this British bank chose Protegrity’s pseudonymisation solutions specifically to comply with critical aspects of the GDPR, Open Banking, PSD2 and customers’ privacy expectations, without impact to data-driven business performance.

After identifying data breach vulnerabilities, this major British financial institution chose Protegrity to overcome GDPR challenges around customer privacy and appropriate access to Personally Identifiable Information (PII), without impact to business process or performance.

Protegrity helps the bank to mitigate the impact of the GDPR’s breach notification requirements by protecting PII in such a way that it no longer identifies the person to whom it pertains, and to honour customers’ ‘right to be forgotten’, by providing the ability to remove cryptographic keys so data retains its value for analytics but cannot be restored to its original format.

Protegrity enables the bank to centrally control codes of conduct data protection policies and enforce separation of duties by role in operational and analytical environments enterprise-wide, to ensure only users with a legitimate need can see customer PII according to the function they perform.

Protegrity has responded to the bank’s need to produce consistent, ‘human readable’ test data with a solution that turns protected information into familiar, but false data. The uniquely pseudonymised data will always become the same readable word but with no way to convert the test data back into the real data so privacy is by design and by default.

REGIONAL BANKING GROUP3

WINNING THE DATA GAME 11

GDPR compliance is simplified with a central point of control for enforcing Privacy by Design based codes of conduct – enterprise-wide.

DRIVERThe Bank needed protection on Cloudera, DB2, HP-UX, Oracle, Other Databases, Linux, SQL and Teradata DB, to reduce privacy risk and comply with critical aspects of the GDPR while preserving analytic value

CHALLENGEEnsuring business continuity and analytical excellence while protecting the PII of 22 million worldwide customers from multiple sources and in a complex IT estate

STEPS TO SUCCESSSide by side evaluation of 13 vendors ensured this bank selected Protegrity as their trusted security advisors

EVALUATION2 use cases, 4 platforms, 8 days

DISCOVERY & DESIGN12 days

DEPLOYMENT6–8 weeks

SOLUTIONProtegrity enables the bank to ensure only authorised users with a legitimate need to see PII may do so based on centrally managed, codes of conduct based data privacy policies

BENEFITSAs well as reducing the risk of penalties for noncompliance with GDPR, the bank can honour customers’ privacy rights without compromising PSD2 and Open Banking initiatives or FinTech and analytic ambition

WINNING THE DATA GAME12

PROTEGRITY CREDENTIALSOrganisations from every industry worldwide leverage our expertise and solutions to strengthen their security posture and simplify compliance with internal and regulatory data protection requirements.

Our customers include:

20% of the largest global Financial Services Organisations

25% of Europe’s largest Banking Institutions

Three out of four of the United Kingdom’s Financial heavyweights

Five of the most powerful transnational corporations

The most successful global eCommerce company

The world’s largest company and private employer

Protegrity is the only data-first security solutions provider, trusted by enterprise security and data leaders in data-centric industries around the world. For more than 15 years, Protegrity’s laser-like focus on data security has set the standard, and its innovative approach is unmatched in its depth and breadth, protecting sensitive data in motion, in use and at rest.

Protegrity partners with customers to secure the ever-changing data landscape through continuous innovation. Its proven approach to scalable, data-first security allows customers to optimise their use of data for greater business impact throughout the enterprise, while ensuring complete data privacy and regulatory compliance.

With Protegrity, enterprises can embrace a data-first security posture that enables a customer-first approach to innovation, service, and leadership.

WINNING THE DATA GAME 13

Copyright© 2019 Protegrity Corporation. All rights reserved. Protegrity® is a registered trademark of Protegrity Corporation. All other trademarks are the property of their respective owners.

CONTACT PROTEGRITYCorporate Headquarters: Protegrity USA, Inc.333 Ludlow Street, South Tower, 8th FloorStamford, CT 06902, USAPhone: +1.203.326.7200

Protegrity (Europe)Suite 2, First Floor, Braywick House West, Windsor RoadMaidenhead, Berkshire SL6 1DN, United KingdomPhone: +44 1494 857762

www.protegrity.com