Digital connections account for 86% of Societe Generale's incoming contacts today, with 700 million connections a year in France, mainly from mobile devices since the end of 2012. Societe Generale has accelerated its digital transformation and considers the development of these new technologies a key opportunity to better serve its clients. Nevertheless, its digital transformation and the changing needs of customers have led to an increase in risks related to fraud or malicious acts.
With the development of technologies such as cloud computing, big data/machine learning, and of mobility and social networks, traditional perimeter-based security models have been upended.
With cybercrime increasing in volume and sophistication, the protection of our customers, their data and our information systems has become a major challenge for Societe Generale. Big companies cannot respond to these technological developments in isolation. In addition to countermeasures to address the growth in related risks, our cybersecurity strategy also incorporates open innovation
Xavier Lofficial,Societe Generale Group Head of Transformation, Processes and Information Systems
Cybercrime: from anecdote to strategic challenge
The threat and the number of incidents stemming from cybercrime are increasing steadily, and successful major attacks are more industrialized and more frequent.
Today's information systems are more open, which means that exposed areas have grown larger. It is essential that Societe Generale's customers can access their online banking services anytime, anywhere, on any device.
The leaking of information is another area of cybercrime. The theft of data is a key challenge for the Group in its relationship with its customers, both individuals and businesses.
External fraud targets customer-facing infrastructures (online banking sites, apps, etc.) while internal fraud targets the bank's internal systems.
Societe Generale also deals with risks linked to compliance and the Group's reputation.
An aligned five-pronged ISS strategy
To meet these challenges, Societe Generale ensures data security and compliance with banking secrecy and is constantly investing to better protect the assets and transactions of its customers.
The five-pronged information system security strategy is aligned with the Group strategy:
- Security of the Group's sensitive applications,
- Security of all customer data, both private and banking,
- Group’s capacity for detection and response,
- Strengthening of the security proposed to customers (via robust but also user-friendly tools)
- Raising the awareness of and providing support to customers and employees.
All of the cybercrime prevention systems draw on prevention and protection, detection and reaction, and on raising client and employee awareness.
Our customer solutions
One of our leading solutions is the dynamic security code found on the back of our bank cards. This is a built-in digital screen that displays a new code every hour, making it impossible to reuse the data. In six months, nearly 150,000 of our customers have already adopted this solution..
We also offer software to make the customer's own area on our website more secure: Trusteer, through which the user can check that the site being consulted is not a false site that has hacked Societe Generale's identity. Another example is Secure Access, a solution dedicated to businesses that secures the authentication and validation of payment and deposit orders.
New technologies help to ensure security and build digital trust. In order to detect fraud, big data tools can be used to collect and consolidate large volumes of data. Mathematical models are used to detect suspicious usage and events. Using a defined standard model and standard deviation, when a transaction varies past that standard deviation, an alert is sent. The machine learning systems that can for example detect fraudulent bank card transactions, are increasingly powerful and are showing us anomalies that were not easily detected before.
A global organisation that is open to external initiatives
New solutions that address security issues through new perspectives necessarily mean openness and co-creation.
- We identify startups that appear interesting, and initied more than 15 Pocs on this issue in 2016. For example, thanks to an alige method and feature teams, Societe Generale and the stratup Bufferzone succeeded to improve and deliver a secure internet browser.
- Societe Generale and Wavestone launched the Banking CyberSecurity Innovation Awards, a first for the European banking sector.
- Societe Generale is also a partner of the Critical Infrastructure Cyber Security Chair supported by Télécom Bretagne, in collaboration with Télécom ParisTech and Télécom SudParis.
- Our Societe Generale CERT (Computer Emergency Response Team) works with the French National Information System Security Agency (ANSSI).
A dedicated Hub to cybersecurity
During TechWeek (July 3-6 at Les Dunes, Societe Generale’s science and technology park in Val de Fontenay), the Group presents six technological innovation platform, among which one is focusing on cybersecurity.
Open to all employees, the Cybersecurity Hub is a centre of expertise focusing on cybersecurity solutions in order to support the Group’s businesses digital transformation. This hub has four main functions: Research, experiment, show and deploy. Operating in startup mode, the hub is also offering various demonstrations in its showroom in order to update the Group’s businesses on the latest projects and technologies.
Astrid Fould Bacquart - +33 (0)1 56 37 67 95 - Astrid.Fould-Bacquart@socgen.com - @SG_presse