Insights & Opinions

The Fastest Heist in History and more from Money20/20 Europe

Mon, 15 Jul 2024

assets/site/Andrew-Vorster-sq.jpg
Andrew Vorster Head of Growth The Banking Scene

Fastest heist in history Money2020 featured

We all have our own reasons for attending industry events. Some go in search of insights and inspiration from the keynotes and panels. Others are there to showcase their thought leadership from the stage as ambassadors of their organisations, attracting new talent and positioning themselves for potential partnerships as market leaders amongst their peers. Some are specifically on the hunt for new innovations and solutions to problems. Many seek sales and prospective customers, and almost everyone wants to make new connections.

In my case, it’s “all of the above.” In addition to The Banking Scene events, I consider Money20/20 Europe one of the few “must attend if I can” events each year, and that’s not only because of the added fun factor of the last two years in the form of “The Banking Scene Boat”!

Here are a few post-event reflections:

AI will be everywhere

AI and specifically Generative AI (GenAI) was the hottest topic by far this year, with hardly a session going by without a mention of it. One speaker succinctly summed up their preferred approach to AI by saying, “I want AI to do the things I don’t want to do”.

This was reflected in most of the GenAI use cases spoken about during the event, which focussed mainly on efficiency and productivity. While many that I heard were similar to those that came to light during our own research conducted for our white paper on Generative AI in Benelux Banking, there were a few new ones that caught my attention:

  • Conversational analytics – using natural language and GenAI to analyse data. Employees no longer need SQL skills or training in sophisticated tools as they can ask questions in plain language. This reduces the pressure on the data science team for “everyday analytics” and allows them to focus on more sophisticated reporting and analysis that is currently beyond the capability of GenAI.
  • Communications consistency – a speaker stated that their organisation was testing a GenAI co-pilot as a writing aid that included their brand’s “tone of voice” according to brand guidelines. They aim to improve the consistency of all external communications via email and social media, ensuring their brand is presented in the best way possible, independent of any single person’s linguistic ability.
  • Internal updates – another speaker spoke of a personal GenAI assistant that monitored key alerts and communications and pushed them to people depending on their role and interest. They noted that in the past we went in search of information, whereas the new paradigm is that it will be pushed to us.

While none of these is particularly profound in isolation, they do provide a glimpse of how GenAI might soon become deeply interwoven into our everyday lives.

CBDCs need a product manager

Central Bank Digital Currencies continue to divide the audience and while there is (sort of) acceptance that a wholesale CBDC might improve efficiency, the case for retail CBDCs is still confused.

“Cash is a product of Central Banks and so is a CBDC” said a speaker who went on to suggest that central banks should take a product management approach to CBDCs, starting with:

  • Who are they for?
  • What is the value proposition for the target audience?
  • What functionality do they need to achieve this?

Central banks seem to have fallen for the common misconception that “everyone is my target customer”, which, as any product manager knows, is simply not true!

Another panellist went on to suggest that for a retail CBDC launch to be successful, the product should be positioned as “aspirational,” citing the buzz around Monzo’s initial UK launch as an example of what he meant.

It’s an interesting opinion, but I can’t see central banks rushing out to engage an ad agency or dedicated product manager to plan a launch strategy anytime soon – can you?

The quantum future

Quantum computing still feels a lot like science fiction to most people in financial services right now. It’s one of those things that you’ve probably heard about but don’t really understand, and when someone tries to explain it your head hurts. (Or is that just me?).

I attended a session on quantum computing and what I was most interested in was the “so what?”.

I don’t have to be able to understand how it works, so long as I can figure out the impact and implications to me, to our industry, to society and the world at large.

And this is where it got scary and felt less like a sci-fi movie and more like a horror movie …….

The presenter pointed out that while functional quantum computing platforms already exist today, they are limited in their capability and application. He stated that the current use cases are mainly around simulations, which are applicable to investments and identifying fraud.

However, given the current rate of progress, he expects the technology to be accessible to a wider range of organisations and use cases within the next 6 years, as per the Cloud Security Alliance Countdown Clock.

The biggest “so what” to the financial services industry is the potential for bad actors to crack the cryptographic keys our industry depends so heavily on, leading to the race to develop new “quantum-resistant cryptography”.

He also noted that any encrypted data intercepted by bad actors today could potentially be retroactively decrypted in the future, making this today’s problem and not tomorrow’s!

Given the average length of time it takes for a new technology to get deployed in a bank, I think it’s time I started hoarding gold bullion …………

The fastest heist in history

The final session I sat in was also the most fascinating!

It was the story of the fastest heist in history, as told by investigative journalist Geoff White in his book “The Lazarus Heist”.

$625 million worth of cryptocurrency was stolen in under 2 minutes!

I’m afraid you’ll have to read Geoff’s book or listen to his podcast to hear the whole story as I couldn’t possibly do it justice here.

The summary is that a criminal group allegedly working on behalf of North Korea exploited a vulnerability in an online game called Axie Inifinity to drain players’ crypto wallets.

While the sum is staggering, the criminals' method of gaining access to the code should give anyone working on a computer pause for thought:

  • Members of the Lazarus group created fake profiles on LinkedIn, posing as recruiters for well-known companies;
  • They sent targeted LinkedIn messages to IT staff working at Sky Mavis, the game developer, enticing them with lucrative job offers;
  • They conducted video “screening interviews”, during which they asked the developers to download and run a “skills test” program in advance of progressing to the next stage;
  • The skills test carried a trojan that provided access to the user’s systems ……..
  • One of the developers who downloaded the trojan had access to a key element of the application, which enabled the hack.

The brilliance behind this approach is that even if the developer realised what he had done, he probably would have been too afraid to admit to his superiors that he had potentially compromised their security for fear of losing his job!

And the rest is history as reported by Geoff.

Humans are the weakest point in any security system, so please don’t roll your eyes the next time you have to undertake your security training that says: “never click on any link from an unknown source” or you could find yourself in a sticky situation!

Share this via

Comments

© Copyright 2024 The Banking Scene - All rights Reserved.