The Risk of ‘Visual Hacking’ in the Financial Services Industry

Written by

Financial services organisations are, for obvious reasons, among the industries most aware of the need for rigorous security measures, not just to protect their own information assets, but the confidential data belonging to their customers too.  There is plenty of pressure on these organisations to achieve high levels of security protection, with the risk of fines should they fail to do so.

So it’s not surprising that banks and other financial institutions are always on the look-out for new ways in which to batten down the hatches.  As well as software-based systems, these organizations are increasingly looking at another area of security: ‘visual hacking’, which is the risk around people being able to obtain information simply by glancing at a screen.

Plus, with our increasingly mobile world, the risk is not restricted to desktop monitors: it is alarmingly easy to snatch a glance—or even take a photo—of what is displayed on someone’s laptop, tablet or smartphone.

Such is the concern around the visual hacking risk that it is covered by regulation governing the financial services industry. For example, under principle 7 of its Data Protection Guide, the ICO says that an organisation should make sure “that desk-top computer screens in its offices are positioned so that they cannot be viewed by casual passers-by.”

Although the FSA technically no longer exists, its guidelines continue to influence the FCA’s decisions around data breach penalties. Several years ago, the FSA expressed concern that financial companies were not addressing the risks around people “taking photographs of customer data on screen” using “high-end mobile phones.”

The FSA also observed that data security is an essential part of the six principles of TFC (Treating Customers Fairly) and under The  Financial Services and Markets Act 2000—which forms the legal basis for determining fines—states that a company must show it ‘took all reasonable precautions and exercised all due diligence’.

Of course, exposing customer or bank data carries multiple risks, including loss of reputation.  Plus, while the fines that the ICO levies are comparatively small for a large financial institution, a fine of a couple of million pounds can be significant for smaller organizations in the industry.  With the EU’s call for even stricter penalties, clearly it makes sense to carry out as many preventative security measures as possible.

Easy to perpetrate, easy to prevent

What’s ironic is that while visual hacking is alarmingly easy to achieve (a recent Ponemon Institute found a success rate of almost 90 percent when carried out by a white hat hacker), it is also relatively easy to prevent. Simply making sure that staff are more aware of how visible all their screens are—whether in the office or in public—is a good start. Likewise, using basic but sound processes such as screen-savers and log-ins can reduce the overall risk.

Better still, consider implementing privacy filters, which use innovative film that prevents on-screen information being visible unless close-up and straight-on. This will prevent anyone looking over a shoulder or at a side glance from being able to carry out ‘visual hacks’, with the added bonus of protecting screens from scratches and scuffs. The filters can be easily slipped on and removed too.

Visual privacy is obviously just one aspect of the security landscape facing the financial services sector, but as one that can be addressed fairly cost-effectively and quickly, it’s easy to see why it is being given increasing attention by the UK’s financial community.

For more information on how 3M Privacy Filters combat the threat of visual hacking while working in high traffic areas, or to request a sample, please visit our website.

Brought to you by

What’s hot on Infosecurity Magazine?