Polish banks are innovative and offer a very high level of service – we know that. They are also very safe. We know that too, although we often forget who we owe it to. The award in the Golden Shield of Security category is for them. This year it goes to the BNP Paribas Bank Polska team.
This year's edition of the Golden Banker research has seen several new statuettes in new categories. All of them are valuable and have their qualitative weight. We are particularly proud of the Golden Banker in the Cybersecurity category. For several reasons. From the very beginning, our research has been about the quality of service, user experience, efficiency of customer contact channels, innovation, product availability and price. Year by year, we have observed an increase in the professionalism of the industry, which is reflected in the increasingly higher ratings given by auditors. This is the result of the efforts of the entire organization, not only front-end advisors who are talked to by mystery shoppers. As part of the Golden Banker, we try to appreciate and reward employees who are less visible but work for the bank's success. Hence, in this year's study, we have new categories of awards for the quality of service in each of the service channels and statuettes for products and services with a mission.
Cybersecurity likes silence
The silent heroes of each bank individually and the entire industry are specialists in cybersecurity, security, and anti-fraud activities. It is largely thanks to them that, in the extremely distrustful Polish society, the level of trust in banks is so high.
The problem with cybersecurity is that, like money, it likes silence. Even more so. Cybersecurity is an extremely delicate matter. It needs to be talked about to sensitize customers, educate, warn against threats, but also build trust in financial institutions. On the other hand, great caution must be exercised so as not to give cause for concern that something is wrong with security.
The problem of squaring the circle is known to banking communication specialists. The organizers of the Złoty Bankier study are familiar with it. How to award a bank in the cybersecurity category in such a way as to avoid valuation and division into more and less secure banks? It is obvious that the level of cybersecurity of Polish banks is very high, which they prove every day. In an interview with Puls Biznesu, conducted as part of the Scamming out! campaign, Krzysztof Gawkowski, Minister of Digital Affairs, said that the Polish banking sector is characterized by the highest level of security against cyberattacks in Europe. He added that in cyber warfare, Poland is a frontline country. Hacker attacks are an element of hostile hybrid activities sponsored by Russia.
How we researched banks
When preparing this year's edition of the Golden Banker, we considered it obvious that among the awards there had to be a statuette for cybersecurity. From the beginning, we assumed that we were not creating a ranking, we were not comparing banks, but introducing a category that would allow us to appreciate the sector's involvement in cybersecurity and education in the field of cybersecurity.
Another condition was to develop a methodology that would select the winner based on objective criteria based on research results. We managed to do this. We invited Mastercard to cooperate, which provided research tools:
- RiskRecon – scanning of banks’ internet domains for vulnerabilities to hacker attacks.
- CyberQuant Lite – analysis of an organization's internal procedures and processes.
We have enriched the survey with a questionnaire regarding educational activities in the field of cybersecurity. Additionally, we have prepared a set of questions based on the recommendations of the President of the Office of Competition and Consumer Protection for payment service providers in the field of security.
The CyberQuant study was conducted by Minds&Roses, a certified Mastercard partner. The survey results were anonymized. In addition, the flow of information was secure, without access by third parties.
The survey began in February. RiskRecon scanning was conducted in March. Twelve banks volunteered to participate in both parts of the survey. Two banks requested exclusion from the analysis for organizational reasons.
The winner in the cybersecurity category was decided by the sum of points from the CyberQuant and RiskRecon surveys. The most points were won by BNP Paribas Bank Polska, which receives the Golden Banker – Golden Shield of Cybersecurity statuette.
Buy an iPhone
For several years, auditors visiting branches have been asking advisors about the security of money in the bank, applications, and online services. Year by year, bankers' preparation is better. It rarely happens that a mystery shopper feels uninformed. More and more often, they receive a small training in the field of financial fraud and cyber threats at the branch. Non-standard advice also happens.
The advisor provided detailed information, said that instead of a pin, you can confirm with a fingerprint, warned against links, scanning QR codes. He knew what he was talking about and sounded credible on security issues.
The employee informed me that if I am on a call and I am not sure whether it is a bank employee or someone else calling me, I can go into the application and verify the call. The advisor also informed me that the bank does not send any text messages or emails with requests to customers. The customer should also be vigilant to increase their security.
The employee suggested that the best way to protect yourself is to have an iPhone.
The advisor said a lot and was fluent in the subject. He pointed out how you can check in the mobile app whether the bank is actually calling me (that was the only thing it showed in the app), when it is worth being vigilant.
The confidence and calmness with which you presented the subject of safety dispelled my doubts, and I have been a client for many years and feel safe.
The advisor responded to my objection, told me how to protect myself, what not to do, how the bank works, what it blocks and what it doesn't, suggested paying online with Blik instead of a card, gave his example of how the bank blocked his account, which was good because there was an attempted theft.
The advisor talked a lot about safety. He referred to my story, told me how to protect myself, informed me about prevention, what to do to avoid such situations, how to behave, gave various examples of fraud.
The advisor explained that I should be careful about what I do online, because the bank is not responsible for what happens. I lacked the development of the topic, the advisor mentioned providing login data, and here it was about what happens if someone hacks my phone. I think the advisor could have asked about the details of this problem.
The employee assured that the bank takes security issues seriously and monitors unusual transactions.
The advisor told me not to click on unknown links and tried to explain the subject, but he kept emphasizing not to click on links. There was no information on where I could look for ways to secure my account.
The employee instructed me on how the bank takes care of the safety of its customers and mentioned that it is very important for parents to sensitize their children to various situations. The advisor mentioned that the customer also has an obligation to pay attention to their own safety and should not, for example, click on links whose origin they do not know.
The advisor told me not to give out any login passwords over the phone, there is a bot that detects unusual movements in the account, he suggested separating the money – on a deposit they are not visible if someone steals.
The Advisor invited the Director to tell me more about securing my savings.
The advisor explained that you should look at where the SMS came from, do not click on links, there is always authorization, there is biometric login, you can set trusted devices, PESEL reservation, limits for individual payment methods. The advisor spoke about security in two blocks.
The advisor's response was so “one-dimensional”, without providing details of such protection against fraudsters. I did not feel well informed on the above topic.
The bank's account is very secure: double login, push token, SMS code, phone unlock, individual customer codes, but if the customer shares their data, the bank has no influence on it.
