The new paradigm of mobile banking carries with it inherent risks, but there’s no reason for consumers to be less confident about the security of their data if the right safeguards are in place, says the chief technology officer (CTO) of Westpac bank.
Sarv Girn is CTO for the combined Westpac and St George banking group, which this year has aggressively pursued a mobile banking strategy. St George recently released mobile banking applications for the Android and Blackberry mobile platforms in addition to its existing iPhone app — a move largely driven by customers’ changing lifestyles. Security comes down to education and how people use a mobile device, according to Girn.
“We inform customers of any anomaly and make sure customers understand what they can do to safeguard their devices, including antivirus measures,” he says.
Mobile banking has an inherent risk in that the device can be easily lost, making it different from other forms of banking, but Girn says controls on newer devices are making them as secure as other enterprise devices, including notebooks. “Things like remote kill can make a mobile device more secure than a traditional device and it’s an area we place a lot of importance on.”
Girn’s pre-merger role was chief information security officer at St George Bank and he now oversees the technology direction across the group.
As a former CISO, Girn has promoted a culture of ‘secure by design’ for internal systems in the organisation and the bank now has its own methodology and design for secure applications, including internal certifications. “Certainly, financial services demand more rigour than other industries,” Girn says, adding mobile banking is on the rise because the usability of the devices has helped overcome issues of ergonomics with older mobile devices.
Public cloud still too icy
Cloud computing might the focus of many enterprises, but Westpac is yet to be convinced of a viable offering outside its own private infrastructure.
Girn says cloud computing can add significant value to businesses in terms of leveraging shared infrastructure, driving down costs and increasing time to market, but its definition remains “somewhat unclear”.
“It’s difficult to justify the expense yourself [and] from an industry perspective it’s about getting clarity on what you mean,” he says.
For the past 18 months the bank has developed its own private cloud to allow projects to “rent time” on shared infrastructure for an “end-to-end test environment”.
Public clouds, however, are still off limits.
“We are yet to see any offering in the market that is compelling enough to go down the full cloud path,” Girn says. “Service reliability and where data is stored becomes an issue unless you have clear commercial boundaries.”
Westpac may be public cloud averse from an infrastructure standpoint, but there are some software-as-a-service applications within the group, which the organisation determines through its IT governance process.
“That [software-as-a-service use] is limited and not something around customer information. We make a risk assessment with the business.”
Integration and a Web 2.0 world
The merger between Westpac and St George has been in progress for two years and ongoing projects are tackling integration – both internally and with third-party Web services.
When the merger was first announced, the banks put together an IT strategy that looked at needs of all the brands in order to simplify and consolidate where it was deemed appropriate.
For its online banking application the group chose a “packaged approach” with Fiserv from Corrillian, which Girn says is renowned for innovation with Web 2.0 technologies and allows “more customer choice”.
Following integration of the “bare essentials” like connecting the ATM networks, the intranet sites and e-mail systems, some “heavy lifting” was done integrating the general ledger and HR systems.
“Using the old traditional approach of the bigger business clobbering the smaller business was not our strategy,” Girn says. “We picked the best [and] the treasury part of the business will be migrating off St George to Westpac which his more robust.”
The phase Westpac is at now is investing in strategic direction to simplify what it uses. The group recently converged onto one credit card system and as a result St George customers will start receiving a higher level of security with chips on cards from early next year.
Girn says customers are also increasingly using Web 2.0 channels for exchanging information the group has a team of people responding to people via Twitter and Facebook.
“It’s certainly appearing as a channel and we don’t mind responses,” he says.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.