Managing the risk of ‘visual hacking’ in the financial sector

Managing the risk of ‘visual hacking’ in the financial sector

Peter Barker

EMEA Market Manager, IT Market at 3M

Views 504

Managing the risk of ‘visual hacking’ in the financial sector

02.12.2019 01:00 pm

The financial sector is one that is particularly aware of the need to protect sensitive information and increasingly, this also includes reducing the risk of what has become known as ‘visual hacking’, also sometimes referred to as ‘shoulder-surfing’.  Put simply, this is the ability to view, even photograph, information that is on a person’s screen.

Many of us will have seen something on someone else’s monitor, laptop, tablet or smartphone that is clearly not meant to be shared.  Some of us will have also caught someone peering at our screens, and it matters for a couple of very important reasons.

First, that information could be used for malicious purposes, such as fraud, stolen credentials, or even selling it to a third party.  Visual hacking - which is implicit within the GDPR - could be the cause of security risks as much as software or network security breaches.  The predecessor to Financial Conduct Authority (FCA), the Financial Services Authority (FSA), specifically covered visual security (including phone cameras and mobile workers) and its guidelines are still relevant to this market.  The UK Financial Services and Markets Act 2000 states that a company must show it ‘took all reasonable precautions and exercised all due diligence’ and that includes physical security measures.

Second, visual hacks are easy and fast to achieve, requiring no specialist skills.  This is backed by several studies, including the Global Visual Hacking Experiment, carried out by global security specialist the Ponemon Institute and sponsored by 3M in 2016.  Covering eight countries and involving a ‘white hat hacker’ posing as a temporary office worker, visual hacks were successful in more than 90 per cent of attempts, with 49 per cent taking 15 minute or less.  The hacker was only challenged in approximately a third of attempts.  Nor is the risk confined to offices: with more people working in public spaces on mobile devices, the potential risk landscape increases further. 

Stop visual hacks in their tracks

Fortunately, improving visual privacy is achievable through a number of methods.  Here are some of the steps that banks, fintech vendors and other firms involved in the financial sector are already implementing.

1.     Awareness and management support - ensure that employees are not only aware of the visual hacking risk, but also their own responsibility to keep information secure from prying eyes.  Plus, as is often the case in so many initiatives, visual privacy measures are more likely to be followed if they are backed at executive level.

2.     Clear it away - paper can be a visual security risk too, so make sure that confidential papers are not left where they can be observed or photographed.  Likewise, make sure that mailroom, copier, printer trays and fax machines do not contain documents yet to be collected.  ‘Pull printing’ is a technique built into some modern machines that ensures documents can only be collected by an authorised person.  Shredding and reduction of paper usage should be routine by now.

3.     Speak up - employees should feel empowered to politely confront or report anyone they do not recognise, is not displaying clear ID, or is in an unauthorised location.

4.     Make it hard - angle screens away from easy viewing.  In public, sit with backs to a wall.  Screensavers and automatic log-ins are nothing new, but are highly effective at reducing the amount of time displays can be seen.

5.    Use privacy filters – these can be easily slipped on and off screens of all kinds and prevent on-screen data from being viewable except straight on and at close range.  So, someone taking a sideways glance or several feet behind the screen will see just a blank image.  They can be applied to monitors, laptops, tablets and even smartphones.

Security management is a multi-faceted challenge, but reducing the risk of visual hacking is one measure that is relatively simple, fast and cost-effective.  For any organisation, whether in the financial sector or not, building better visual privacy into security policies is a smart decision.

Latest blogs

Shuvo G. Roy Mphasis

Reboot 1.0: How financial services technology can enable the supply chain to support a post-lockdown boom

Ground control and Captain Tom When veteran Captain Tom Moore decided to walk one hundred laps of his garden before his 100th birthday to raise funds to support NHS heroes battling Covid-19 from the frontline, he never imagined that he would Read more »

Lisa Gutu Salt Edge

Building a PSD2 compliant channel: challenges and opportunities for financial institutions

PSD2 obliges ASPSPs including banks, e-wallets, prepaid cards and other companies that offer payment accounts to provide at least one channel for secure communication with third party providers (TPP). Even neobanks or e-money institutions, including Read more »

Thomas Pintelon Capilever

Credit origination - A lot of innovation on the horizon

While consumer credits are becoming more automated and user-friendly to request, all other credits are often still very manual and labor intensive to originate. In this (relatively long) blog I will try to give a description of the (potentially Read more »

Kelly Kearsley

Time Card Theft is a Big Problem. Here's How to Stop It.

Trust is at the core of every employer-employee relationship. You trust your people to do their jobs, and they trust you to compensate them for their work. Most of the time, it works. However, there's always the person looking to bend the rules or Read more »

Daria Afanasyeva UTP Merchant Services Ltd

Cybersecurity – Online payments are getting more secure

Ever since we've been able to buy anything we need with just a click of a button on our laptops or phones, online sales have been consistently increasing each year. Just last year, the total value of UK retail sales was £394 billion, with an average Read more »

Related Blogs

Aaron Hughes Equiniti Riskfactor

How can Invoice Lenders get match fit to minimise future risk?

Hardly a day passes without there being a new report on shrinking manufacturing output, increasing costs to business and fears of an emerging global recession. UK manufacturing activity is at its lowest level since July 2012; sales to the EU have Read more »

Alex Saric Ivalua

The role of procurement in mitigating risk and driving value in financial service

Operating in the financial services industry is tough. It’s one of the most competitive, cut-throat and profitable industries on the planet, and organisations are driven by the pressure to maximise profits and reduce costs. However, rising Read more »

Richard Pike Permanent TSB

Quality MI is Integral to Good Quality Non Financial Risk Management

“Without data you’re just another person with an opinion” W Edwards Deming, Data Scientist This is a very true statement, however it can equally said that too much data with too few opinions is equally ineffectual. Therefore the balance between too Read more »

Bill North Pelican

Don’t Be that Company

Violating sanctions can be deadly for a business. Compliance is the answer, but how can corporates – traditionally less regulated than their banking counterparts – ensure this? While there have been several major sanctions violations making the news Read more »

Sandra Wróbel-Konior SecurionPay

What is The Risk Management in Payments?

Every business owner who sells products or services needs to know what is a risk management in payments. And there’s even more: they need to understand the risk.   Providing an excellent customer experience and committing tо thе duties оf fraud Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel