First, a quick reality check: many people (and businesses) think that having top-notch cybersecurity solutions is enough to protect them from fraud… but that's not quite the case. The financial world is evolving rapidly with cyber-physical systems (CPS), making everything more interconnected and unfortunately, more vulnerable. In fact, banking has been identified as the industry that has the second highest rates of vulnerability to cybercrime based on data breaches from 2021, 2022, and 2023.

Think about e-commerce transactions where you use a physical card to pay online; there are many opportunities for criminals to obtain your card information and use it for fraud. Systems that merge the digital and the physical increase the “attack surface” of the banking industry, meaning that they create more ways for bad actors to strike. Data hacks are on the rise, and personal financial data is being compromised at an alarming rate. For example, a University of Maryland study found that computer systems with internet access were attacked every 39 seconds and 2,244 times a day on average. Further, the global costs of cybercrime are projected to reach $10.5 trillion USD annually by 2025. It’s clear that current prevention measures are not enough, and that we need to capitalize on every type of security to stay safe in today’s world.

Physical Security vs Cybersecurity

Physical security is all about protecting tangible assets— like people, property, and the things you can touch—from theft, damage, or unauthorized access. Common physical security tools include security guards, alarms, cameras, and even simple items like wallets or pocketbooks that lock. For financial institutions, this means protecting things like cash, checks, and credit cards, as well as the people who handle them. It's about keeping your physical financial items safe in the real world.

Cybersecurity, on the other hand, is focused on protecting digital assets such as data, networks, applications, and your money in digital accounts. Common cybersecurity measures include firewalls, antivirus software, and fraud alerts from banks or private fraud-detection companies. In the financial world, cybersecurity is about safeguarding online transactions, preventing data breaches, and ensuring that sensitive information remains confidential. It's about keeping your digital life safe from hackers and online threats.

These two forms of security are increasingly overlapping. Poor cybersecurity can lead to physical security breaches and vice versa. For example, a cyber-attack on a bank's alarm system could give burglars access to a room to steal physical bank cards. Conversely, if a criminal steals your physical bank card, they could gain access to your digital bank account and commit card-not-present (CNP) fraud, which is fraud that occurs when stolen credit card information is used to make a transaction from a distance. Therefore, both types of security need to work together to keep us truly safe. This means that a comprehensive security strategy must address both physical and digital threats.

We need phybersecurity. A word that both describes the synergy and is fun to say.

Physical Security in the Financial Industry

Historically, physical security in the financial industry was managed by professionals with backgrounds in law enforcement, using analog solutions like locks, safes, fencing, and manpower. However, as the world has transitioned to digital systems, old physical security systems sometime struggle to deal with new cyber threats.

Key Physical Security Measures

• Access Control: This includes door locks, safes, and methods to limit access to wallets, pocketbooks, cards, and cash. For example, banks use vaults and secure rooms to store cash and sensitive documents. This makes sure that only authorized people can get to sensitive areas.

• Surveillance: Cameras, motion detectors, and alarm systems monitor and record suspicious activities. These tools help in both deterring and investigating incidents. For instance, ATMs and bank entrances are equipped with cameras to monitor suspicious activity.

• Environmental Design: This means designing physical spaces to reduce security risks with well-lit rooms, barriers like fences, and limited points of entry. For example, strategic barrier placement and security lighting around ATMs can deter crooks.

• Security Personnel: Guards and other specialists add a measure of human judgement and response that technology alone can't match. Security personnel are often stationed at bank entrances and sensitive areas to monitor and respond to potential threats.

Cybersecurity in the Financial Industry

With the birth of the internet in the '90s came the rise of credit card and banking cybercrime and fraud. In response, cybersecurity has evolved to shield both networks and data from unauthorized access, misuse, or theft. This involves protecting both hardware and software systems alike.

Key Cybersecurity Measures

• Firewalls: Firewalls control network traffic to prevent breaches and protect card information and other vital data. Firewalls act as a barrier between trusted and untrusted networks, filtering out malicious traffic.

• Antivirus and Antimalware Software: These tools identify and fight malicious software that may deliver private information, such as card details, to fraudsters.

• Intrusion Detection and Prevention Systems (IDPSs): IDPSs analyze network patterns and traffic and alert administrators to potential threats.

• Secure Sockets Layer/Transport Layer Security (SSL/TLS): SSL/TLS encrypts data in transit, making it unreadable to unauthorized parties. This makes sure that sensitive information, such as payment details, can be transferred over the internet without eavesdropping and tampering—like when you make an online transaction.

• Two-Factor Authentication (2FA): 2FA adds an extra barrier to access sensitive info, like credit card details, by asking users to provide two separate means of identification. This might involve a password and a verification code sent to your phone.
  

Integrating Physical and Cybersecurity in Personal Finance

Businesses already know they need to physically secure their data by locking server rooms, installing cameras, and so on. The same mentality should apply to securing our individual financial data and identity. Cardholders benefit from both digital and physical solutions when it comes to their payment cards, because having both types of security elevates their protection from ever-increasing instances of fraud.

For example, your credit card’s security code uses a physical piece of information – the numbers typically printed on the back of the card – to enable a computerized authorization process that protects your payment information from cybercrime. The addition of this physical CVC/CVV has made credit and debit card use safer, even when transactions are digital.

Benefits of Security Systems That Use Both Physical and Digital Security Tools

The most successful security systems are those that integrate both physical and digital security tools into phybersecurity measures. These ‘phygital’ systems reap many benefits, such as:

• Improved Threat Detection and Response: By combining physical and digital forces, we can detect and respond to threats more quickly. Integrated systems can provide faster alerts and coordinated responses to security incidents.

• Better Protection: Phygital security offers a comprehensive shield that covers both physical and digital aspects. This reduces the risk of data breaches and financial losses.

• Real-Time Monitoring and Analytics: Continuous monitoring helps gather more valuable data to inform security strategies. Integrated systems can analyze patterns and detect anomalies more effectively.

• Cost Savings: Avoiding redundant investments and duplicate efforts saves money. By integrating security measures, businesses can streamline their security operations and reduce costs.

• Proactive Fraud Mitigation: Phygital security systems can identify potential threats and take preventive measures to mitigate fraud before it happens.

• Efficient Use of Resource: Phygital systems can optimize the use of security personnel, technology, infrastructure, and more to make the best use of every resource.

Examples of Phybersecurity in the Financial Industry

The financial industry has, slowly but surely, began to embrace a “mixed” physical and digital approach to security. Some of the most prevalent examples of this new brand of security tools are becoming commonplace in customers’ daily lives. For example:

2-factor authentication requires individuals to supply two or more different forms of identification to access sensitive files, data, accounts, and more. These forms of identification most often include physical forms of identification, such as access to a specific mobile device, as well as digital forms of identification like a username and password or a specially generated token.

Biometric identification also merges the physical and the digital. When an individual uses biometric data such as facial or vocal recognition or fingerprinting to access important financial information, they are combining their physical body with advanced digital authentication systems in order to better protect their sensitive data.

Geolocation authentication is another example; it uses an individual’s physical location, coupled with GPS and authentication technologies, to set up more secure access systems for the financial industry.

The latest protection in this category is EVC (Ellipse Verification Code) technology. This technology enhances and improves the previously mentioned card security code to addresses the more specific cybersecurity issue of CNP fraud that often occur across ecommerce. EVC helps eliminate CNP fraud with a physical, on-card solution: a dynamic, or changing, card security code. It's a prime example of how integrating physical security with cybersecurity can provide better protection. By regularly changing the security code displayed on the card, EVC makes it near-impossible for fraudsters to use stolen card information for CNP fraud.

As our lives go more digital, the financial world – and its customers – need both physical and cyber- security measures to protect against evolving threats. A comprehensive security approach involves collaboration between physical and cybersecurity’s best practices. Integrating these measures leads to better protection of sensitive information, improved threat detection and response, cost savings, and a more robust and adaptable security posture.

This approach to security not only protects against current threats but also prepares us for future challenges in an increasingly interconnected world. The next time you think about your security needs, remember that both physical and cyber protections are crucial for keeping your financial life safe.