Information security is a great priority at Bankinter. In this sense, in 2020, projects were carried out under the Information Security Director Plan, which has been extended to 2022. The aim is to guarantee high levels of confidentiality, integrity and availability for customers, employees, shareholders and suppliers.
The growing importance of information security highlights the rapid expansion of cybercrime, the activities of which have evolved and become much more dangerous. Initially it involved the actions of individual hackers, who were not only motivated by money. Nowadays, cybercrime has created large and sophisticated business structures that are capable of attacking entire economic sectors.
The theft of confidential big data from companies, the denial-of-service attacks and phishing (using the identity of companies or public bodies in order to obtain confidential information from the victim), access to Swift or ransomware, are the main strategies used by cybercriminals.
Financial institutions are particularly exposed to this kind of manipulation and fraud as a result of their permanent contact with the public and the nature of their business, part of which involves payment systems.
The model for the fight against cybercriminals is based around three lines of defence: the first line is technology, business, operations, etc.; the second line is made up of risk control and Regulatory Compliance bodies; and the third line is the Internal Audit department.
From an organisational viewpoint, a new model was implemented in the first line in 2018 within the Data Security Department consisting of three management areas: technological risk, cybersecurity and security monitoring, and prevention of electronic fraud.
Based on this reinforced risk structure, in 2019, Bankinter embarked on a series of more complex projects, using advanced technology, with a focus on protection for mail, browsing, final data for users and above all suppliers.
In 2020, Bankinter decided that the Information Security area was to report to the management committee, thus stressing and giving importance to matters that are causing so much damage in today's digital society
The activity of the area is completed by the development of awareness plans for users, who are the weakest link in the security chain. The Bank provides online training programmes for employees and carries out simulations to obtain confidential information (passwords, personal details, etc.) through emails, text messages or telephone calls. The aim is to discover their reaction in situations that can be exploited by cybercriminals. The awareness-raising exercise includes external staff.
One of the key objectives for 2021 is the implementation of an adaptive security system, which will offer five advantages: improved experience (customers will not have to sign for many transactions), improved security following the implementation of the know your customer process, an image of innovation in the field of cybersecurity (leaders in a complete system), regulatory compliance (PSD2 directive) and cost savings (reduction of SMS and other processes).
We use first and third-party cookies for analytical and statistical purposes and to show you personalised advertisements based on a profile compiled from your browsing habits (e.g. pages visited). For more information, click on our Cookie Policy. You can accept all cookies by pressing 'Accept' or personalise your choice by clicking on MANAGE OR REJECT COOKIES.