Last updateFri, 24 Mar 2017 12pm



Why the UK's poor telecoms infrastructure will cause problems for FDs in 2017

44684190 m

By Dave Millett

What will 2017 mean for our telecoms in the UK? As a financial director, what do you need to know, or at least be aware of in order to make the best decisions for your company?

What became apparent in 2016, and will become even more significant in 2017 as Brexit negotiations start, is how far the UK is lagging behind the world in its telecoms infrastructure. Report after report highlighted the deficiencies and their increasing impact. This is having a detrimental impact on many businesses.

The UK is ranked 54th in the world for 4G coverage, bottom in Europe for availability of fibre broadband to the premise, and half of businesses have no access to cheap fibre broadband. The country with the fifth largest economy in the world has one of the worst technology infrastructures among developed countries.

Brexit negotiations which will start in earnest in 2017 and it's claimed that the aim is to ensure that the UK will again become a global trading nation attracting businesses from over the world to invest and locate here. However, our backward infrastructure could become a major barrier.

A number of technology trends are increasing the significance of our poor infrastructure and will place even greater demands on it. In the UK, mobile data traffic soared by 64% in 2016 while residential and small business fixed broadband traffic grew by 40%.

So, what is the government doing about it? Will 2017 see the UK start to address the gaps or will we get left even further behind?

Firstly, at a consumer level even though iPhone sales were down by 12% on value in the third quarter of 2016,
almost 75% of the UK population now owns a smartphone. Average data usage is expected to grow five-fold by 2020. This in part is due to new uses for devices such as augmented reality (AR), which will move into the business arena in a major way in 2017. For example, this could be floorplans appearing as you stand outside houses for sale or insurance quotes which are accessed by viewing your car through your phone. Is your business planning an AR application? If so, are your customers in areas where they can actually access it?

Secondly, in 2017 we will increasingly hear about the Internet of Things (IoT) which will do far more than controlling our heating from our phone. Research firm Gartner predicts that the number of connected devices in 2020 will be twice the number of mobile devices, at 25 billion connections. All of these devices will use bandwidth and barely 65% of the land mass of the country has access to 4G and many parts of the country, especially in rural areas, struggle to get 2G.

Thirdly, from a business perspective cloud computing will continue to grow. Research from the Cloud Industry Forum (CIF) shows the overall cloud adoption rate in the UK now stands at 84%, with almost four in five (78%) of cloud users having adopted two or more cloud services. This in part reflects the fact that many more software applications are available in a cloud format, from basic Microsoft applications and simple storage such as Dropbox through CRM solutions such as Salesforce to much larger Citrix and ERP solutions. All of which increase the demands on broadband capacity.

Unfortunately, a significant proportion of businesses in major cities and business parks have no access to fibre broadband. They are forced to pay for expensive dedicated circuits which can cost 10 to 20 times more. Although BT has said it will start some pilots in 2017 of Fibre to the Premise (FTTP) around business parks, as a whole, fewer than 2% of premises in the UK have access to the technology. This compares with almost 40% in the leading countries in Europe. So if you are planning to relocate, or open new premises, don't assume that just because it's in a city centre or purpose built business park that the telecoms will actually be up to the standard you need.

Finally, the move towards the cloud for phone systems continues to grow apace. The latest figures from Cavell Group show that the hosted telephony market grew by 11%. Also with the end of ISDNs announced for 2025 the SIP market has also shown strong growth at almost 10%.

The premise-based phone market continues to decline with Toshiba pulling out of the UK in 2016 and one of the market leaders Avaya was beset with rumours of Chapter 11 bankruptcy. All of this will create even more demand on broadband connectivity.

In the Chancellor of the Exchequer's Autumn Statement, the government committed to invest more than £1bn over the next four years on the roll-out of new fibre networks and 5G. This will be delivered through:

• A new £400m Digital Infrastructure Investment Fund – which is expected to be matched by private investment – to invest in new fibre networks;
• A new 100% business rates relief for new full-fibre infrastructure for a five-year period;
• Funding to local areas to support investment in national fibre networks to meet business and public sector demands. A consultation with industry on delivery methods is expected shortly; and
• Funding for a coordinated programme of integrated fibre and 5G trials. The recent Adonis report on 5G in the UK said we should aim to have it in place by 2025.

All of that sounds good but look at the success, or lack of it, of previous plans. It seems to be typically unambitious as the UK's target is that 95% of UK premises would be able to buy superfast broadband - defined as 24Mbps. Other countries are defining it four or 10 times that. Japan is aiming to have 5G operational in time for the 2020 Olympics. And South Korea, which has a GDP that is half of the UK, is planning to invest more than twice the amount we are in its 5G infrastructure.

In summary, the UK is in the slow lane when it comes to technology and the short term prospects are not encouraging. As tech and digital industries become increasingly important to the economy and all organisations rely more and more on the cloud, our infrastructure could hinder our growth potential and the ability to attract new inward investment. The government has made a small start but needs to do more and quicker to incentivise the industry to make the necessary investments. And if the carrot approach does not work then it should not be frightened to wield the stick.

Dave Millett runs brokerage and consultancy firm Equinox



Why London may still lead fintech innovation post Brexit

43753539 m

By Ben Barlow

Historically, the UK was renowned as an exporter of world class products and popular commodities. This was something that changed gradually throughout the ages, however, as nations such as China and India established themselves as low-cost manufacturing hubs and the age of outsourcing began in earnest. Now, manufacturing and industry accounts for just 21.4% of the UK's total GDP, with financial services delivering an incredible 77.8/%

While London may now be established as the world's financial and fintech capital, however, this dominance has been sorely threatened by the much-maligned Brexit vote. Even before the referendum was held on June 23 of last year, the capital's most prominent fintech leaders were thought to be considering various exit plans in the event of a leave vote, while other nations were already preparing to assume London's mantle as the world's leading, fiscal hub.

In the immediate aftermath of the Brexit vote, these precautions seemed well-judged. Currency experts FX Pro reported that the value of the pound plummeted to a 31-year low within hours of the vote, for example, while many British firms and service providers started to consider relocating outside of the UK.

Almost simultaneously, Berlin's digital entrepreneurs and financial experts declared their interest in disposing London as the world's fintech centre, pledging new innovations while also encouraging UK firms to relocate to the German capital. Given this and the desire of prime minister Theresa May to pursue a so-called 'hard' Brexit (which will remove the UK from the single market entirely), London's time as a global fintech innovator appeared to be at an end.

With the government supposedly just weeks from formally triggering Article 50 and beginning official exit negotiations, however, the outlook appears to have softened. Sure, London may have been severely wounded by the Brexit vote, while it still faces a huge fight if it is to retain its status as the dominant, fintech player. The sector has been boosted by technology and the regulators at the Financial Conduct Authority (FCA) during the last seven months, creating genuine hope that the UK's capital can continue to lead innovation in the fiscal marketplace.

If we look at bitcoin and blockchain technology, for example, we have seen these innovations thrive in 2016 on the back of stringent and more clearly defined guidelines that have been laid down by financial regulators. This has empowered firms who aim to harness blockchain technology and leverage its full potential, while also leading to the emergence of the world's first, digital ledger.

Similarly, the UK's so-called 'Sandbox' project has also helped British fintech firms to raise capital and bring their ideas to market quicker, by providing a progressive think-tank in which some regulations are waived and concepts can be bounced off officials. This type of experimental space has helped London's fintech leaders to cope with the fall-out of the Brexit vote, while ensuring that they are still able to raise funds and retain their competitive edge in the financial marketplace.

London will always be one of the world's most iconic capital cities, but whether or not it continues to serve as the fintech capital has yet to be seen. It has responded well to the challenges created by Brexit so far, however, while technological and regulatory innovations have enabled London-based firms to retain their competitive edge. With this in mind, the only remaining question is whether not such an edge can be sustained once the UK has finally left the EU and must make its own way in the world.

When it comes to cyber attacks, banks need to up their game

37463111 m

By Robert Rutherford

The Financial Conduct Authority (FCA) has expressed concern over the recent cyber attack on Tesco Bank after £2.5 million was drained from customers' accounts. Within hours, customers' current and saving accounts, as well as credit card details, were being traded on the dark web, with many hackers on live chat rooms referring to the firm as a "money machine".

According to FCA data, only five cyber attacks were reported in 2014 – as opposed to the staggering 75 reported in the first 10 months of 2016 alone. Although the money stolen from Tesco Bank was refunded and no personal data was compromised, this incident should serve as a warning to all banks and the financial services industry as a whole that cyber criminals are implementing increasingly intelligent ways of outsmarting IT systems.

The truth is that firms in this sector have been facing cyber attacks for decades, as this industry is especially attractive for criminals who are looking to access financial data. After all, the data being held on these systems not only includes client's financial and personal details, but also information about the firms as well. It is undoubtedly difficult for banks to continually defend against the constant cyber attacks they face, but IT security must be considered a priority when it comes to budgets.

Why are banks such easy targets?

The biggest reason that criminals target banks is obvious: money. Financially-motivated cyber crimes account for three quarters of all reported security breaches. It has, however, been reported widely that Tesco Bank ignored various warnings regarding its IT systems and how secure they really were. This is an issue with many firms who do not understand the importance of cyber security – particularly in the current economic climate, with budgets being evaluated more critically than ever in an effort to reduce costs.

In addition, banks' computing systems are not only incredibly complex, but are also outdated legacy systems in many cases. This creates a good opportunity for cyber criminals to target various parts of the networking and transactional systems within these organisations. The individuals behind these attacks understand that bypassing standard controls can provide them with access to the bank's back-end systems, which can lead to a huge loss for the firm and a major gain for the fraudsters.

Without a doubt, cyber criminals have become more patient and more intelligent over the years, especially when they're financially motivated. Some hackers will watch an organisation for months, sometimes even years, to establish where the vulnerabilities are in its systems are..

What methods should banks use to improve cyber security?

Ensuring that IT systems are up to date with the latest software is crucial for any firm, but for banks and other organisations that hold enormous amounts of data, this is even more important. It is still common practice in many banks to allow access to their systems via a password alone, which is unacceptable from a security standpoint. The weakness in password-only protection is widely known, yet it is still being ignored. Whatever the reasoning behind this decision, it is dangerous and leaves organisations highly vulnerable to cyber attacks

ISO 27001 is a global standard that can help greatly in relation to IT security in general, as it enables financial institutions and any other businesses to identify what risks there are to their operations and then assign controls to prevent or minimise the likelihood of them from occurring. The assets, risks and controls are then reviewed continually; it's a living standard that ensures continuous improvement.

The senior leadership within a bank also plays a huge role when it comes to cybersecurity. The C level must take full responsibility both in the event of a security breach and when determining a cybersecurity strategy, rather than placing blame solely on the IT team. Senior management also needs to communicate with employees at all levels in order to understand what the risks are and how the firm can work together to prevent these attacks from happening.

How can staff help to keep IT systems safe?

All members of staff need to know the IT basics as a minimum, no matter what part of the business they may be working in. Most data breaches often occur internally because an employee failed to notice a potential threat to the firm, such as not knowing they were opening an email that contained a virus or a dangerous website link.

Social engineering has always been one of the most effective way to breach a system at its core. It's not uncommon for a fraudster to ring up a company pretending to be an IT technician in order to convince the employee to handover their login details.

In this scenario, the employee who provides these details will essentially be giving the attacker full access to the firm's network and confidential files. It is therefore vital to train staff in how to identify and handle these communications. This first line of defence is essential for banks to protect their data, as it is these individuals who will be able to spot, block and prevent a security breach in the future.

Robert Rutherford is CEO of the business and technical consultancy QuoStar


If we can change people's behaviour we won't be so at risk from cyber attacks

48063974 m

By John Blythe and Carmen Lefevre, research associates, UCL

Two scientists were recently able to take over the lights of an office building using a drone and some clever computer hacking. They demonstrated how "smart" lightbulbs connected to the internet were vulnerable to a virus that could spread from one infected light to any bulb in range. The researchers flew a drone up to the building, transmitted a signal that hacked into one light and then took control of the whole floor. In theory, such an attack could be used to take out the lights of an entire city, if smartbulbs were to become commonplace.

These bulbs are just one example of devices that can be connected to the Internet of Things (IoT). The IoT refers to any everyday object with the ability to collect to and exchange data over the internet. The technology can allow you to remotely and automatically control the heating, lighting, sound-system and other devices in your home, based on your normal routine.

But these devices are also vulnerable to cyber attacks. The lightbulb example may have been a research experiment, but in a major attack recently, hundreds of thousands of IoT devices were captured by hackers and used to bring down many popular websites. So we need to make these objects more secure. One way to do this is to use psychology to understand users' capabilities and motivations and try to change people's behaviour.

Behaviour change when it comes to technology is an under-researched area. But recent work has started to take more of the theory into account, for example by focusing on "nudging" users towards better security and privacy. Nudge theory focuses on presenting choices to people in ways to steer them towards better decisions.

For example, one study explored Facebook privacy nudges by getting users to consider the content of what they are posting – and who will see the post. The researchers found that showing users pictures of their friends when posting a status prevented them from unintentionally disclosing things they would regret (such as a colleague seeing a nasty comment about their boss).

But we also need to think about longer-term behavioural change that focuses on people's capabilities and what motivates their behaviour when it comes to security. One route to doing this is by asking whether people don't know how to be secure or are just too lazy to do anything about it.

To answer this question, we need to understand behaviour in context using theory. For example, one model of behaviour, known as the "COM-B" model, says that to behave in a certain way, people need to have the capability and opportunity to do so – and be more motivated to do so than behave in any other way. They have to want to perform the behaviour and feel that they should.

By understanding what drives people's behaviour in this way, we can come up with ideas for how to change it. For example, the reason a person does not use a password on their device may be that they do not know the risk they are taking. In this case, we need to improve the user's capability through teaching them about security risks.

By contrast, the reason could be that the device is hard to interact with and it takes up a lot of time to set up a password. Then we need to increase users' motivation perhaps by providing inbuilt incentives to having a password, such as offering additional services and features to users.

But looking at IoT security in this way also brings us to how important it still for manufacturers to change their devices. Ultimately, most people don't have the ability to remember lots of complex passwords and may not even have the opportunity to create a password for their device. So we need to make sure security features are built into IoT devices and that they are simple and convenient enough for anyone to use, even if they have little or no technological skill. Only then can we start to make significant advancements towards making the IoT secure.

Busting Fraud: Simple strategies for quick results

44310903 m

By Steve Platt, Executive VP - Fraud & Identity, Analytics and Decision Software, Experian

Fraud is fast. It's a race without the risk that the fraudster has to ever strap on their running shoes, but they still treat it like an Olympic competition – and so should businesses. And like a top flight event, the risks of falling behind are severe, because it's a winner-takes-all situation. The fraud/anti-fraud race can actually enhance more than financial security. Fraud solutions should be working with other departments' shared data needs, with the net result that the business runs much smarter. How? Fraud mitigation is the friend with unexpected benefits...

Minimise customer disruption with right-sized fraud solutions
Customers do not always have all the information they might need to hand, or even in mind at all. It's a frequent occurrence to be in the middle of completing a transaction online when the process comes grinding to a halt because of a request for ID or data. The ratio of disrupted but legitimate customer traffic to actual fraud is 30:1. This happens because many businesses use a one-size-fits-all approach to fraud detection, creating more customer friction than they out to.

It's a simple task to choose right-sized fraud solutions that reflect the value and level of confidence needed for each transaction. That provides customers with a more seamless experience without sacrificing protection. And the business reduces the ratio of disrupted traffic. Right-sizing the fraud solution means aligning true fraud rates with the commercial strategy. It's about catching more fraud without disrupting regular customers.

Modern fraud mitigation and marketing rely on a universal view of the consumer
The 30:1 ratio shows that achieving protection versus affecting the customer experience is a balancing act. The gold standard for identifying legitimate customers is a multi-layered approach to authentication. Of course, this comes with different challenges. Relying on a traditional 360 degree view of a consumer was once a sufficient way to positively identify a customer, but it's no longer enough.

What the fraud-affected business needs is a universal profile of consumer behaviour. To get it requires access to a combination of identity data, device intelligence, online behaviour, biometrics, and historical transactions. This should also include consumer interactions with other businesses and industries as well. Companies that use this knowledge to identify consumers can distinguish a fraudster from a real customer more easily, and build trust with the right parties.

There should be only one... A blended ecosystem expands the view
Relying on your own first-party data sources maintains the status quo. Real progress can only happen when the business works beyond the corporate borders – and even the industry. Fraudsters have access to more data than ever before, including the data used to verify identities, and they use it to create an entire digital profile.

What this means to a business is that fast access to the digital interaction data needed is not helped by traditional data management method, that is, corporate departmental silos. Achieving a view of the universal consumer requires multiple data sources working together. This is only possible when participating in a blended ecosystem. When a business has a single customer view the customer experience is enhanced. This supports business growth without sacrificing protection.

Traditionally, internal teams in a business worked independently, often using different fraud solutions and risk mitigation philosophies dependant on their particular needs. But by putting the customer at the heart of the business, creating a holistic versus a siloed approach, means fraud is detected earlier (at account opening), reducing vulnerabilities and financial loss later (at the point of transaction). It is worth anyone facing challenges from fraud to push for greater collaboration across the corporate teams and processes that are susceptible to fraud, such as account opening, access and transaction.

On the pulse: Using service-based models to achieve agility and scale
Subscription-based systems are becoming more popular as companies seek more responsive ways to keep up with the speed of fraud. It is gradually encroaching on custom in-house/ on-premise solutions. Because fraud adapts quickly it can hurt both the businesses and the customer to be behind the curve. As with other online services, the subscription model offers continuous upgrades and access to new risk logic. In the same way that cloud computing services offer greater agility and faster responses by sales teams, so to can the fraud-busters orient to emerging threats, no matter how fast the volume grows, or what products, channels or geographies are pursued.

Fraud solution choices future-proofed: Machine learning techniques
Businesses use a variety of technologies and information sources to fill in knowledge gaps where fraudsters hide. The ability to modify strategies quickly and catch fraud fast while improving customer experience is a critical aspect of fraud prevention. Whilst it is still an emerging trend, machine learning is a powerful predictor of fraud as part of a universal customer view.

Machine learning helps by highlighting attributes or relationships that are indicators of fraud, thus moving a business' posture from reactive to predictive. Whilst the technology can analyse more data than a human, it still has limitations. It can take a long time to react and prevent fraud, and it can fail to generate effective patterns or consistent profiles. In training, it can produce a lot of false positives too.

It can be improved when paired with unsupervised machine learning techniques that look for uncharacteristic items: AKA anomaly detection. These models can be a strong complement to supervised learning approaches because they go at the same problem from entirely different angles and exploit orthogonal information. The resultant analytics engine can recognise previous patterns of confirmed fraud and raise an alert if a pattern changes.

Fraudsters are relentless
They are constantly evolving and circumventing fraud detection systems with state of the art technologies. Every business owes it to themselves to stay current not only to mitigate fraud losses, but because they can also enrich customer relationships and drive growth at the same time. With the right business frame of mind the results can be quick both in terms of increased customer satisfaction AND busting fraud. And, Ray Parker Jr. would say, together, those feel good!

Subscribe to the magazine

We aim to advise you of the most up-to-date issues faced by major corporations and leading finance directors, in the form of interesting articles and individual stories.

If you are interested in subscribing to the Director of Finance magazine, register your details here.

Latest News

Most Read

Follow Us On Twitter