Solutions

By Use Case

Customer Onboarding Onboarding Journey with eKYC Integration
Sales Livebank for Sales
Mortgage LiveBank for Mortgage
Customer support LiveBank for CS

By Industry

Personal banking In-branch experience online
Wealth Management Personalised expert services
SME & Corporations Customer service for small and medium-sized enterprises
Leasing Empower Your Leasing Experience with Omnichannel Leasing Solution

By Business Initiative

Optichannel Communicate through the optimal channel for customer
Digital Contact Center Seamless Customer Service with Easy Intergration
Virtual Branch Drive more sales online
Moving to cloud Banking transformation with top security standards
Human-AI synergy Strategy integrating human and AI capabilities

Product

Digital Channels Chat, Audio, Video, Social & Phone
Meetings & Collaboration Multiconference, Screen Sharing, CoBrowsing, Scheduling
Monitoring & Recording Effective Communication Tools
AI Tools AI Assistant, Video Bot
Identification and eSignature Identity Verification and eSignature Platform
eKYC Easy onboarding
Analytics & Reporting Power of data about your clients
Workflow & Case Management Workflow management tool for efficiency and convenience
Outbound management Proactive communication manager
Case studies Blog

Company

About LiveBank
Contact We’d love to hear from you
What’s New? In LiveBank
EN
EN

Solutions

By Use Case

Customer Onboarding Sales Mortgage Customer support

By Industry

Personal banking Wealth Management SME & Corporations Leasing

By Business Initiative

Optichannel Digital Contact Center Virtual Branch Moving to cloud Human-AI synergy

Product

Digital Channels Meetings & Collaboration Monitoring & Recording AI Tools Identification and eSignature eKYC Analytics & Reporting Workflow & Case Management Outbound management
Case studies Blog

Company

About Contact What’s New?

Cybersecurity in Banking: How We Address Rising Challenges

Building trust, avoiding fines, and keeping clients within your organization are all aspects of banking that are affected by cybersecurity. Yet, protecting client data is not easy, as threats evolve daily, changing and getting more dangerous. How do we handle them and associated risks at LiveBank? Find it out in this article!

Michał Pomykała

Technical Product Owner

Why Do We Explain Our Banking Cybersecurity Only in General?

Before we start explaining how we handle cybersecurity risks in our products, let us underline one thing: we will discuss most of them in general without mentioning specific tools and technologies. Why?

If we delve into specifics, cybercriminals could use this information to their advantage. We prioritize our clients and our data security; thus, we shall not talk about any particular technologies. The details of our cybersecurity measures are Ailleron’s intellectual property and are shared only upon request from banks’ security departments.

How Do We Address Banking Cybersecurity?

To begin with, we need to define the possible vector of cyberattacks in communication tools like LiveBank. This is closely connected with the three actors involved in such communication:

  • Bank clients – individuals using online and mobile banking services.
  • Banks – institutions providing financial services.
  • Communication tool provider – in this case, Ailleron, the provider of LiveBank solution.

With that in mind, we can look at each of these groups separately and discuss how we (or the banks, since some measures, such as educating banking clients, are the role of banks, not the communication tool provider) maintain cybersecurity in different banking situations based on potential attack vectors.

Client Perspective: Security Guidelines for Safe Banking

When it comes to clients and digital channels in banking, education is the key to cybersecurity. Unfortunately, this also means that it is an area where the most depends on banking clients and banks. However, as communication tool providers, we may also introduce some additional measures (e.g., two-factor authentication) that will bolster cybersecurity, yet still the most depends on the clients themselves.

What needs to be done to secure your bank from the client’s perspective? What do you need to teach the client?

  • Using a safe environment – inform the client about the risk of using unsecured internet connections and exposing sensitive information in places where others can see them. The same goes for verbal communication, e.g., phone calls with your CS agents.
  • Multifactor authentication – while our platform enables multifactor authentication, you must convince (or force) the client to use it for added security.
  • Links and attachments – explaining the risks of clicking links or opening attachments from unknown sources is crucial.
  • Official websites – finally, you need to raise awareness about using official websites when accessing banking services, as cyber attackers often try to impersonate banking web pages.

LiveBank facilitates communication with potential and existing bank clients, prioritizing data security. After signing a service agreement, the bank owns the data while we process it at their request. To meet high cybersecurity standards, we employ the following solutions:

  • Internet connection limits – our system configuration allows you to limit access to communication channels to specific regions where your bank operates. This way, you can block traffic from potentially unsafe regions.
  • EU-based data processing – LiveBank processes data in the EU, meaning that we need to adhere to the high data security standards. Most of our data centers are located in Poland.
  • Content blurring – users can blur sensitive content in video banking to prevent unauthorized viewing.
  • Bank identity integration – we integrate with the bank’s system to pass context to LiveBank, ensuring data security during interactions.
  • Data retention mechanism – LiveBank uses automatic data retention mechanisms tailored to the meeting’s topic, limiting the amount of stored information to enhance cybersecurity in banking.
  • eKYC – we offer secure, remote eKYC solutions and integration with the mObywatel app.
  • File scanning – files sent during file exchanges between banking advisors and bank clients are scanned with antivirus software to prevent infections.
  • Remote document signing – we support remote document signing by integrating with e-signature systems, keeping the process within a single application.
  • Access control – access to client data in LiveBank is restricted following the “need to know” principle and role-based access control (RBAC). The bank’s system administrators manage this.
  • 24/7 availability – our communication channels are available around the clock, ensuring clients can access support whenever needed.

Bank Perspective: Implementing Cybersecurity with Ailleron

When banks decide to implement customer engagement platforms like LiveBank, they start by setting specific cybersecurity requirements. These are usually based on internal and legal regulations and mechanisms (e.g., from the Polish Financial Supervision Authority or ISO standards). Ailleron has been addressing such requirements since 2013, when we first implemented LiveBank in mBank. This experience allowed us to adapt to new attack methods and design effective defense mechanisms.

Our first line of cybersecurity is regular penetration testing conducted by Ailleron… and our clients. Each bank conducts a security audit on Ailleron and LiveBank post-sale, pen-testing being a part of it, which lets us constantly improve our cybersecurity measures.

The key areas analyzed and our implemented solutions include:

Work Environment Security

  • We follow strict policies and procedures for handling customer data, including incident response. These guidelines align with standards like ISO27001.
  • We ensure our staff undergo relevant training, verifying their competencies through certifications.
  • Business continuity planning (BCP) ensures organizational resilience during critical situations.
  • We limit access to shared resources within the organization to specific teams and monitor employee activities.
  • Data Loss Prevention (DLP) strategies prevent unauthorized data leaks.
  • Workstations receive regular security updates.

Product Infrastructure Security

  • Access to computing resources is governed by clear procedures. Changes require approval and are logged.
  • Strong passwords and MFA are mandatory for all employees.
  • Production environments (used for customer interactions) are separated from development and testing environments.
  • We offer single tenancy for different clients, enhancing data separation and security.
  • Infrastructure as Code (IaC) minimizes the risk of unwanted infrastructure changes.
  • Internal network separation limits access to publicly accessible resources necessary for bank client use.
  • Employee access to backend applications is restricted to the bank’s network, minimizing exposure to public internet threats.

Application Security

  • Client data is treated as sensitive, with rigorous access controls.
  • Bank employees have roles that restrict their access to client information.
  • Access logs are regularly reviewed and updated to limit the risk of data leaks.
  • Bank employees can only access the backend through the bank’s internal network to prevent Man-in-the-Middle (MITM) attacks.
  • Our applications undergo regular penetration testing as the banking sector requires, leading to continuous security improvements.
  • Application logs are anonymized and encrypted to prevent personal data breaches.

Provider Perspective: Ailleron’s Commitment to Security

As a provider of digital products for the financial sector, we take data security very seriously, meeting both the bank’s requirements and regulatory standards. What practices do we employ?

  • Qualified personnel – our staff possess the necessary qualifications and experience in delivering financial solutions, facilitating effective communication with banks.
  • Defined management policies – we separate development and client environments, adhering to security-by-design principles.
  • Secure Software Development Life Cycle (SDLC)—our CI/CD processes include performance, integration testing, artifact scanning, and static code analysis.
  • Post-implementation support – after implementation, we ensure prompt post-sales support, including incident management, in line with pre-defined procedures.
  • High Service Level Agreements (SLA) – we offer high availability through monitoring tools and cloud services.
  • Flexible integration – we integrate with various bank systems (e.g., CRM) to enhance the safety of customer interactions.
  • Disaster Recovery (DR) and High Availability (HA) – we provide additional availability and backups across multiple regions depending on service criticality.

The Takeaway

This article covers only a fraction of our banking platform’s cybersecurity measures. This way, we ensure the safety of the bank’s customers’ data and the security of the banks and Ailleron itself. As a multifaceted discipline, cybersecurity demands a thorough understanding and addressing of the financial sector’s needs on multiple levels, and this is exactly what we do every day to ensure our solutions are secure.

You might also read: Digital Security and Trust: Building Confidence in Online Banking Services

Author

Michał Pomykała

Technical Product Owner