Thoughtful outcomes through experience

Retail banking: Safety first drives loyalty and retention

While there is a clear necessity for banks to secure and protect their environment from a reputational and operational risk perspective, there is also an opportunity to enhance customer retention and even attract new customers concerned about the privacy and safety of their finances.

The revelation that “IT leaders at the largest retail banks rate keeping funds and data safe as a top priority” from our Retail Banking Report ‘Turn to Face the Change’ was, perhaps, one of the least surprising. But, when combined with the fact that more than 75% of consumers agreed that security is a high priority when choosing a banking or financial services provider, it takes on a more dynamic perspective.

Under threat

Hacktivists, criminal organisations, and governments are the most likely culprits for a wide range of data extraction, scams or siphoning money.  But, a substantial proportion of breaches begin from within the organisation.

While perimeter controls are essential, shoring-up internal vulnerabilities should not be ignored. Imminent GDPR rules will mean potentially record penalties for data privacy breaches, so efficient internal processes, data processing and automation, and privacy awareness will be key.

A wider landscape

Increased use of third party suppliers, cloud services and workforce working habits add to the pressure of new regulatory demands such as Open Banking (under PSD2). The result is a challenging task for retail banking IT teams to implement controls to protect an organisation.

However, for security prevention to be truly effective, security needs to break traditional boundaries and be embedded throughout an organisation and beyond to partners and suppliers.

Appropriate response

Peru Consulting breaks this process into the following areas:

  • Technology - Knowing the current IT estate; identifying key data and applications; understanding the main vulnerabilities, assessing their impact and developing an appropriate response. Surprisingly, more than 30% of senior technology leader respondents in Peru’s research believed that data recovery processes where not tested on a regular basis.
  • Architecture - Appropriate security governance processes covering security principles, requirements, and risk models should be embedded within the organisation.
  • People and skills - Investing in small teams of security experts covering core areas such as security strategy and cyber response whilst outsourcing the more commoditised areas such as the Security Operations Centre (SOC), vulnerability management, environment scanning, etc.
  • Sourcing - Reviewing existing third party contracts for responsibilities and accountabilities (especially in light of new regulations) will protect unnecessary organisational risk.

It's everybody's responsibility

Whatever approach is taken, a new way of thinking about retail banking security is needed: a cultural shift across all aspects of the organisation. The retail banking sector not only has a duty of care for money itself, but also for customer data. This has to be balanced with delivering engaging customer experiences but, implemented effectively, security will help attract and retain customers through loyalty to, and dependability on, the brand.


As one of Peru’s Principal Consultants, Elliot Daly is a strategic technology professional with 20 years’ experience covering IT strategy, architecture, digital transformation, software engineering and enterprise application sourcing mainly in professional services environments.

He was formerly Chief Architect at Control Risks, a world class political, security and terrorism analyst organisation which provides research into business operational risks globally to security directors and others.


You can download the Peru Retail IT Banking Report here.

CALL +44 (0) 207 786 3588