Where the money isn’t: reducing the incentives for cybercrime in banking
Financial institutions place a lot of emphasis on security, and rightly so—spending nearly $75 billion per year on cybersecurity measures, ranging from better fraud detection systems to innovative multifactor authentication schemes. And yet, banks still find themselves on the frontlines of a cyberwar, fighting off hundreds of thousands, if not millions, of intrusion attempts per day.
But in our rush to tout the biggest and best security systems, we might have lost sight of a more fundamental question: why are banks under attack?
As “Slick Willie” Sutton, the notorious bank robber, is purported to have once said, “Because that’s where the money is.”
But what if it wasn’t?
In a digital world, where value can be moved around in real-time, does the location of the funds matter? There are obviously regulatory hurdles, but what if the value of a customer’s account was also stored externally, remaining under the direct control of the individual or organization? In practice, only a small percentage of money on deposit is in the bank anyhow at a rate determined by reserve requirements. The bank’s true value lies in its ability to connect those who have capital with those who want it—just as Airbnb and Uber are connecting supply with demand in their industries.
The implications of these questions are provocative:
- The nature of deposits. Imagine a future in which the customer would be in possession of her raw financial data and account balance, secured in a personal cloud or digital wallet, and linked to her digital identity. Financial institutions leverage their trusted status and banking relationships to gain access to customer funds—but not as deposits, but as revolving short-term credit. It would be a personal version of commercial paper.
In this model, banks act as pass-through vehicles, as trusted connectors, or as clearinghouses—continuing to collect net interest spread as compensation for bearing the risk of guaranteeing a contract.
- Economic viability of crime. Without big targets or central stores of value, there are fewer financial incentives for cybercrime. The number of potential targets would be orders of magnitude greater, but the pay-off of gaining access to the average account would be minimal. Hacking single accounts would simply not be worth the effort.
As a result, digital theft becomes less economically attractive and money laundering becomes far less appealing. It would be increasingly difficult to hide ill-gotten gains in aggregated stores of value when value is widely disseminated. Creating complex and confusing transactions to camouflage illegal money sources (a process known as layering) becomes much less common as financial institutions employ an immutable financial record, shared among member banks, tracking customer funds.
At Microsoft, our approach applies technology in unique ways—with a trusted cloud platform, tools, and services that empower business agility and enable a a new vision of cybersecurity for the industry. As your trusted technology partner, we offer both industry know-how and enterprise-grade solutions. We can help no matter where you are on your digital transformation roadmap.
Follow us @msftfinserv
