How PIAM Protects Customer Data for Banks
A customer’s bank data is only as secure as your weakest link, and in many cases that’s the physical aspect of protecting bank premises, assets and sensitive locations. Robust Identity and Access Management (IAM) is critical to both logical and physical security. We’ve covered logical IAM before, and it’s worth digging into how Physical Identity and Access Management (PIAM) can keep your bank and customer financial data safe.
Key Physical Security Threats to Customer Data
There are two main types of threats that banks need to protect customer data against: insider threat and outsider threat.
Outsider Threat Vectors and Banking Security
Although the majority of attacks against banks come from attempts to remotely hack financial systems, security managers also need to take action against physical vulnerability exploitation. These types of threats typically come from criminals, hackers and other bad actors attempting to gain physical access. These outsiders often achieve physical access by:
- Social engineering — convincing bank employees that they are supposed to be in the premises and have legitimate access to workstations and other technology
- Exploiting weak security elsewhere — this might include “tailgating” other employees into buildings or taking advantage of weakly secured entry points
Once an outsider has unfettered access to banking premises, they can install malware on banking assets that gives them a backdoor to access and steal customer data.
How Physical Identity and Access Management Protects Against Outsider Customer Data Threats
Well-implemented PIAM provides an excellent barrier to outsider threats in several ways, such as:
- Allowing centralized management of all initial access points and secure locations within the premises
- Providing front desk staff and security teams with a strong, robust, established process for confirming a visitor’s identity
- Correlating visitor access requests with previous visits and behavior
- Using AI to identify potential threats from new or unknown visitors
- Implementing multi-factor and other types of authentication through badging systems
Preventing access to banking assets in the first place significantly reduces the risk of hackers stealing customer data.
Insider Threat Vectors and Banking Security
Insider threats are potentially a bigger issue for protecting customer data than outsider threats. Insider threats come from within your workforce or other formerly trusted individuals like contractors or partners. They may be a result of malicious intentions, but they often occur unintentionally through gaps in the security program. Examples of insider threats include:
- Terminated employees who do not have credentials revoked and can still access customer banking data
- Current employees who are incentivized against the bank’s best interests through circumstances like bribery, selling off customer data or siphoning money from customer bank accounts
- New employees who do not have a full understanding of banking policies and procedures
Because employees, contractors, and partners are already trusted by other parts of the workforce, their activities may not be actively scrutinized. PIAM can help to solve this problem.
How Physical Identity and Access Management Protects Against Insider Customer Data Threats
PIAM does not rely on other parts of the workforce noticing anything out of the ordinary. Instead, it provides continuous protection of sensitive areas and banking data by:
- Creating and managing badges and credentials for everyone on the banking premises
- Allowing for zero-trust security access, where employees do not have any access to physical assets and locations unless specifically authorized by the system
- Providing role-based access to sensitive locations on a granular level
- Linking to workstation security to automatically lock sensitive assets without the required badge and credentials
- Immediate revocation of credentials when employees leave, go on vacation, take a day off sick and other situations that mean they should not have access
Limiting access when individuals are inside the “trusted perimeter” allows for proper protection and silo-ing of customer data. Ready to learn more about unified physical identity and access management for financial institutions? Download our eBook, The Future of Unified Workplace Access.
How HID SAFE™ Physical Identity and Access Management Can Protect Customer Banking Data
HID SAFE helps banking and financial institutions to:
- Reduce security risk from insider threats and unauthorized access with centralized management
- Keep up with regulatory compliance and audits through reliable audit trails with predictive analytics and automated reporting
- Enhance operational efficiencies with system interoperability, the elimination of manual tasks and streamlined identity management processes
- Reduce overall operational cost with reduced paper-based request forms and automated reports that allow for increased efficiency in data analysis and lower processing times
Andrew Bull is the EMEA Sales Director of the Workforce Identity Management in IAM Solutions. He brings over 25 years of experience in physical access security. Prior to his current role at HID, he supported HID SAFE within global banking organizations and other solutions within PACS. Andrew previously worked for JCI (Cardkey) and Honeywell. As an active member of UK ASIS Chapter, he enjoys speaking on a variety of identity and access management topics.