Mobile benefits outweigh the risks: Westpac CTO

With the right safeguards, mobile banking offers more for consumers, says Westpac's Sarv Girn

Westpac chief technology officer, Sarv Girn

Westpac chief technology officer, Sarv Girn

The new paradigm of mobile banking carries with it inherent risks, but there’s no reason for consumers to be less confident about the security of their data if the right safeguards are in place, says the chief technology officer (CTO) of Westpac bank.

Sarv Girn is CTO for the combined Westpac and St George banking group, which this year has aggressively pursued a mobile banking strategy. St George recently released mobile banking applications for the Android and Blackberry mobile platforms in addition to its existing iPhone app — a move largely driven by customers’ changing lifestyles. Security comes down to education and how people use a mobile device, according to Girn.

“We inform customers of any anomaly and make sure customers understand what they can do to safeguard their devices, including antivirus measures,” he says.

Mobile banking has an inherent risk in that the device can be easily lost, making it different from other forms of banking, but Girn says controls on newer devices are making them as secure as other enterprise devices, including notebooks. “Things like remote kill can make a mobile device more secure than a traditional device and it’s an area we place a lot of importance on.”

Girn’s pre-merger role was chief information security officer at St George Bank and he now oversees the technology direction across the group.

As a former CISO, Girn has promoted a culture of ‘secure by design’ for internal systems in the organisation and the bank now has its own methodology and design for secure applications, including internal certifications. “Certainly, financial services demand more rigour than other industries,” Girn says, adding mobile banking is on the rise because the usability of the devices has helped overcome issues of ergonomics with older mobile devices.

Public cloud still too icy

Cloud computing might the focus of many enterprises, but Westpac is yet to be convinced of a viable offering outside its own private infrastructure.

Girn says cloud computing can add significant value to businesses in terms of leveraging shared infrastructure, driving down costs and increasing time to market, but its definition remains “somewhat unclear”.

“It’s difficult to justify the expense yourself [and] from an industry perspective it’s about getting clarity on what you mean,” he says.

For the past 18 months the bank has developed its own private cloud to allow projects to “rent time” on shared infrastructure for an “end-to-end test environment”.

Public clouds, however, are still off limits.

“We are yet to see any offering in the market that is compelling enough to go down the full cloud path,” Girn says. “Service reliability and where data is stored becomes an issue unless you have clear commercial boundaries.”

Westpac may be public cloud averse from an infrastructure standpoint, but there are some software-as-a-service applications within the group, which the organisation determines through its IT governance process.

“That [software-as-a-service use] is limited and not something around customer information. We make a risk assessment with the business.”

Integration and a Web 2.0 world

The merger between Westpac and St George has been in progress for two years and ongoing projects are tackling integration – both internally and with third-party Web services.

When the merger was first announced, the banks put together an IT strategy that looked at needs of all the brands in order to simplify and consolidate where it was deemed appropriate.

For its online banking application the group chose a “packaged approach” with Fiserv from Corrillian, which Girn says is renowned for innovation with Web 2.0 technologies and allows “more customer choice”.

Following integration of the “bare essentials” like connecting the ATM networks, the intranet sites and e-mail systems, some “heavy lifting” was done integrating the general ledger and HR systems.

“Using the old traditional approach of the bigger business clobbering the smaller business was not our strategy,” Girn says. “We picked the best [and] the treasury part of the business will be migrating off St George to Westpac which his more robust.”

The phase Westpac is at now is investing in strategic direction to simplify what it uses. The group recently converged onto one credit card system and as a result St George customers will start receiving a higher level of security with chips on cards from early next year.

Girn says customers are also increasingly using Web 2.0 channels for exchanging information the group has a team of people responding to people via Twitter and Facebook.

“It’s certainly appearing as a channel and we don’t mind responses,” he says.

Join the CSO newsletter!

Error: Please check your email address.

Tags Sarv GirnWestpacCloudctoWeb 2.0cheif technology officer

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Rodney Gedda

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place