TryTRY
BuyBUY
  • newsletter
  • contact
  • corporate
  • careers
Utimaco
TRYour free HSM simulator
BUYget a quote
  • home
  • solutions
  • products
  • services
  • blog
  • downloads
  • partners
  • company

Utimaco Portal

Here you will find everything you need as a partner and customerLogin required

  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research

Home / Blogs / Intelligent banking needs a cybersecurity edge

Intelligent banking needs a cybersecurity edge

November 09, 2020

Advances in financial technology are transforming banking as we know it and this spark innovation is changing the approach of this historically traditional sector. How can the industry ensure their cybersecurity strategy matches the rest of their next-gen business?

Long gone is the age of weekly visits to your friendly neighborhood banker, as the industry has evolved significantly over the last decade. At the heart of the shifting finance sector are innovative companies, many from outside the banking ecosystem boasting ultimate convenience, next-level agility and the ability to adapt to an increasingly mobile, on-the-go lifestyle for a friction-less society, who are already overhauling even the most traditional aspects – payments, lending, insurance and more. Regulations like PSD/PSD2, SEPA and IFR have only added fuel to that fire. Thus, a race began between the traditional payment providers and the non-bank competition disrupting the status quo.

It’s imperative that cutting edge cybersecurity is not buried by efforts to create innovative and revolutionary financial technology. Apathy towards security can have detrimental results, as highlighted by the recent Bitcoin hack on South Korean cryptocurrency exchange, Coinrail, which caused a 5.6 percent drop to the value. Beyond offering a buzz-worthy new payments app or automating exhausting mortgage applications, for example, traditional payment providers and FinTechs need to ensure that their business is resilient against increasingly sophisticated cybercrime and ready for a hyperconnected world.

Agility Now and into the Future

For traditional payment providers and FinTechs to be able to tout complete agility and advancement today, they must be able to accommodate the very serious security threats of tomorrow. To help streamline their imminent arrival into the market, many FinTechs partner with established, trusted firms to help bring their ideas to life. These are often mutually beneficial relationships and are effectively levelling the playing field for banks and payments companies, creating an environment where embracing technology and innovation can help them emerge in a crowded market, secure new customers and stay compliant with changing regulations.

In our hyperconnected world of the near future, consumers may never have to take out their wallets to hand over cash or swipe a card. When you leave a store, the cost of the items in your basket will be automatically charged to your bank account. Amazon has already successfully tested this out. The same goes for: buying gas, paying for parking, paying bridge tolls etc. as your connected vehicle communicates with your bank account, as well as the city infrastructure surrounding it. However, with each new endpoint is a new opportunity to compromise security – and there will be millions. How can you ensure your FinTech is implementing cybersecurity that can support our future of digital payments?

Here are a few constants to keep in mind:

  • Identity security: From the moment of issue, identities which are used as authentication must have security that reflects their intrinsic value and the risk that is associated with their use.
  • Regulations: Transactions must be protected in accordance both with the requirements laid out by the governing bodies and with the value of each and aggregated transactions.
  • Personal data: All personal data must be protected in accordance with both industry governance and local law.
  • Data in the cloud: And last but not least: any data at rest and in motion in or into the cloud needs to be secured.

At the core of these security “constants” is a reliable robust technology: cryptography. Even in the face of a rapidly evolving market, FinTechs can look to more traditional, established banks who’ve historically – and successfully — relied on this security to accomplish critical tasks like holding highly sensitive key material, processing transactions and generating, issuing and validating identities and payment cards, which will be even more crucial as our cities, cars and infrastructures become increasingly smart.

Considerations for a Post-Quantum World

New call-to-actionSo – your FinTech is fully compliant with industry regulations like GDPR and PCI DSS, and your entire data and communications are secured with the latest NIST standards using the highest AES 256 algorithms, FIPS 140-2 Level 3 compliant protection and more. Are you safe?

Not necessarily. With the advent of the quantum computer, current encryption algorithms stand to be broken, and all of our data vulnerable as a result. Some security experts predict this can happen in the next decade, maybe even sooner than we think.

It’s imperative that the products and platforms being developed today must be ready to handle the post-quantum computer (PQC) era of tomorrow.

Traditional payment providers and FinTechs who are making moves to bring new, innovative solutions to the industry must adopt a crypto agility stance — in line with the rest of their culture of innovation — to better prepare for a post-quantum future.

New call-to-action

Here are a few strategies for getting started:

  • The first step to becoming more crypto-agile is simply realizing that current cryptography can be broken. RSA-2048 is the encryption algorithm usually used today for authentication use cases but even the strongest of RSA encryption standards become vulnerable to the quantum computer.
  • Adjust current workflows to accommodate your protocol and IT infrastructure. This means first evaluating your system’s position to adopt each or any crypto algorithm and preparing response plans. Existing security processes often become embedded into daily operations. How can you shift these to be more agile in changing environments?
  • Make smart purchases of encryption solutions with post-quantum in mind. Can they be easily augmented to adapt to new algorithms if need be, and will they easily and seamlessly integrate?
  • Start early. It may only take you 2-4 years to implement the new algorithms in your products and infrastructure once you have chosen the right one, but it may take you a decade or more to eliminate or migrate them in products that are already in the market.
  • Privacy by design (PbD) is already considered a best-practice among many traditional payment providers and FinTechs. The apps and platforms within a given system that control much of the data must have robust security and access controls layered in the initial implementations, instead of simply added on afterward.

Innovation-centric banks and FinTechs are in a unique position to embrace crypto agility and prepare for smart cities, as they are likely already in the process of transforming their apps, platforms and infrastructures in other ways. And the benefits of preparing for tomorrow are clear even today – overall stronger cybersecurity posture, easier compliance with industry regulations and strategic implementations that maximize ROI. As these organizations shift and adapt to the rapidly evolving payments space, it’s crucial that cutting edge and future-forward cybersecurity is not buried by efforts to create innovative and revolutionary financial technology.

New call-to-action

First published on:

  • PaymentsSource – PayThink Traditional payment security isn’t enough for quantum computing
  • PaymentsSource – PayThink Payment innovation is ‘disrupted’ by crime innovators
  • on this blog in an earlier version on July 24, 2018
Back to overview

Stay on top of our news
Don’t miss out on any Utimaco updates

Subscribe to Utimaco Newsletter

We will keep you posted with news from Utimaco and the industries we protect, as well as information on upcoming events and webinars.

Subscribe now

Partners

Nexus - Utimaco Hardware Security Modules Partner Cyber Armor Pte Ltd Baas Control s.r.o. Macroseguridad Clearkey Consulting - Utimaco Hardware Security Modules Partner PKI Solutions Inc. PrimeKey Labs GmbH Versasec Secure Source Distribution (M) Sdn Bhd - Utimaco Hardware Security Modules Partner MIcrosec Nexus - Utimaco Hardware Security Modules Partner Cryptomathic Inc. JJNet International Co., Limited - Utimaco Hardware Security Modules Partner Utimaco HSM - QuintessenceLabs CewTec S.A. Perceptus-sp.-z-o.-o. PETA (Thailand) Co., Ltd. Synergy Computers (Pvt.) Ltd. - Utimaco Hardware Security Modules Partner Altacom UAB Utimaco HSM - PTESA_profesionales en transacciones electronicas Fornetix - Utimaco Hardware Security Modules Partner Astel (UK) Ltd. - Utimaco Hardware Security Modules Partner CertiSur S.A. Cryptomathic A/S Thomas-Krenn.AG cv cryptovision GmbH E-Sign S.A. intarsys AG CREAplus Italia S.r.l Cryptomathic GmbH IQuantics Corp Skytech Computing Solutions Limited. - Utimaco Hardware Security Modules Partner CEGA Security AKEA S.A. - Utimaco Hardware Security Modules Partner Ascertia - Utimaco Hardware Security Modules Partner SecureMetric Technology Sdn. Bhd. MTG - Utimaco Hardware Security Modules Partner Throughwave (Thailand) Co.,Ltd - Utimaco Hardware Security Modules Partner Fortiedge Pte Ltd. Abrantix AG EUROPEAN DYNAMICS SA. Compumatica secure networks GmbH VAR Group SpA - Utimaco Hardware Security Modules Partner Envoy Data Corporation - Utimaco Hardware Security Modules Partner Telegrupp AS Encryption Consulting LLC Utimaco HSM - InfoGuard Swiss Cyber Security Softline Solutions GmbH ESYSCO Sp. z o.o. Komar Consulting Inc. - Utimaco Hardware Security Modules Partner Real security d.o.o. MALKOM D.Malińska i Wspólnicy s.j. Compumatica secure networks B.V. Safesoft Kft. Primekey Solutions AB Cogito Group Pty Ltd CREA plus d.o.o. Microexpert Limited Rohde & Schwarz Cybersecurity GmbH Nexus Technology GmbH
Find a partner

Share this page

EMEA

Utimaco IS GmbH
Germanusstraße 4
52080 Aachen
Germany
Phone: + 49 241 1696 200

Americas

Utimaco Inc.
900 E Hamilton Ave., Suite 400
Campbell, CA 95008
USA
Phone: +1 844 UTIMACO

APAC

Utimaco IS Pte Limited
80 Raffles Place,
#32-01, UOB Plaza
Singapore 048624
Phone: +65 6622 5347

Utimaco

  • support
  • corporate
  • careers
  • legal
  • terms & conditions
  • privacy
  • cookie-policy
© 2021
to top
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research