Feroz Noorani

Chief Risk Officer, Kuwait International Bank (KIB); Founder, The GRACE Strategy, Canada

Feroz Noorani has a Banking and Financial Services career spanning over 35 years in the GCC / Middle East and India, in senior roles within Commercial & Investment Banking including Shariah-compliant Banking; culminating in core competency as a subject-matter-expert in Enterprise-wide Risk Management, Governance, Compliance & Strategy.

Mr. Noorani is currently the Chief Risk Officer of Kuwait International Bank (KIB); prior to joining KIB, he held the position as the first Chief Risk Officer at Warba Bank, Kuwait for six years. Previously, he also served as Group Chief Risk Officer at Al Hilal Bank, Abu Dhabi UAE. Earlier he was the Head of Group Risk & Capital Strategy and Assistant General Manager for Corporate & Investment Banking at Samba Financial Group (previously Citibank), Saudi Arabia. In addition to these roles, Mr. Noorani held many senior management positions throughout his career.

Mr. Noorani is member of a number of prestigious professional associations and organizations, actively participating as a speaker and panelist at various international banking & financial services, risk and fintech conferences and has been published widely. He holds Masters' degrees in Business & Finance and Bachelor's degree in Commerce with a specialization in Financial Accounting and Auditing, and a Bachelor's degree in Law.

In addition to several professional accreditation, he has been awarded certification on "Risk Management in Banks" from INSEAD, France. In 2016, Mr. Noorani was recognized and awarded as a "Leading Professional in Risk Management" by The Asian Banker.

Mr. Noorani is the Founder and Principal Strategist of The GRACE Strategy, a think-tank and incubator he set-up in Canada to provide startups with strategy & technology advisory and research mainly in the field of Banking, Financial Services, Fintech, Regtech, FinSec and Digitalization of financial space.


Dr Hoda Al Khzaimi

Director, Center of Cyber Security, New York University Abu Dhabi, UAE

Hoda A.Alkhzaimi is currently a research assistant professor in New York University and the Director of Center of Cyber Security in NewYork University AD. She served in different posts for research and development in Cyber Security and Cryptology for the past years. She headed the Department of Research and Development for Cyber Security and Cryptology in different national initiatives in the United Arab Emirates along with her associations to different security initiatives nationally and internationally.

Alkhzaimi has a specific expertise in cryptology; cryptanalysis, constructing and validating security hardware and software components, constructing trusted security architectures for different environments in different products for the respective industries. Hoda.Alkhzaimi obtained her PhD in Cryptanalysis from Denmark Technical University. Her current research interests include Space, Aerospace, and UAV security, constructing and analyzing cryptographic primitives, validating and investigating links between different cryptanalytic approaches and utilizing cryptographic primitives in different cybersecurity architectures as in Internet of Things and big data analysis among others.


Dr Jerry Luftman

Managing Director & Professor, Global Institute for IT Management, USA

Jerry Luftman's experience combines the strengths of CIO/practitioner, consultant, and academic. His proficiency in business-IT alignment and IT trends, eighteen books, published research, consulting, mentoring, and teaching/speaking engagements exemplify Dr. Luftman's expertise and leadership.

After a distinguished twenty-two year career with IBM, he had an exemplary career for about twenty years as Professor, Founder and Associate Dean of the Stevens Institute of Technology Information Systems Programs (one of the largest in the world). Driven by the strong demand for a global executive education program focusing on managing information technology, Dr. Luftman has leveraged his experience as a CIO, IT management consultant, and leading academic, with his strong network of prominent IT practitioners and academics, to provide a valuable and innovative initiative via the Global Institute for IT Management.

Dr Luftman's project experience ranges from senior management issues through tactical implementation. Dr. Luftman most recently pioneered the vehicle for assessing the maturity of IT-business alignment, where he has a benchmark repository of over one-third of the Global 1,000 companies. He also serves on the Executive Board of several companies, associations, and publications.

Dr. Luftman's last responsibility at IBM, after being a CIO, was a prominent speaker at IBMs Customer Executive Conference Center in Palisades, N.Y. While responsible for management research, he played a significant role in defining and introducing the IT Strategy and Planning, and Business Process Re-engineering practice methods for the IBM Management Consulting Group. His framework for applying the strategic alignment model is fundamental in helping clients understand, define, and scope the appropriate strategic planning approach to pursue. Dr. Luftman's annual global IT trends research, sponsored by several CIO associations and universities, is recognized internationally as an industry barometer.


Mathan Babu Kasilingam

Chief Information Security Officer, National Payments Corporation Of India (NPCI), India

Mathan is the Chief Information Security Officer of NPCI who has over 17 years of experience in the field of Information and Cyber Security.

Mathan was with HDFC Bank where he was the Head of Cyber Security Solutions and Operations for about 3 years. He was instrumental in building a robust Cyber Security defense and response mechanism for the bank. The role focuses on the Security Technologies & Solution Management as an IT practice in the IT Group. Mathan has held various positions in the field of Information and Cyber Security across multiple leading firms including the below. Mathan achieved his CISSP in the year 2006.


Micky Lo

Managing Director, Chief Technology Risk Officer APAC, The Bank of New York Mellon

Micky Lo joined BNY Mellon in July 2013 as Chief Technology Risk Officer APAC. He is leading the regional team with the mission to enable business solutions while proactively protecting BNY Mellon from information risks in a balanced control environment. He oversees and govern the implementation of the bank wide information risk roadmap in the region with particular focus on IT regulatory compliance.

He has over 30 years of IT experience in Financial Service Industry that spans across a diversified IT management disciplines including regional and location management, IT and security architecture, distributed computing engineering, technology infrastructure operation, outsourcing/in-sourcing management, IT risk management and technology audit.

Before joining BNY Mellon, Micky was the Head of IT Security APAC and Head of Technology Greater China for Deutsche Bank. Micky has held various management positions in IT management, IT Security/Risk management and Audit with JPMorgan and Citibank.

Micky serves as an industry advisor of the Bachelor of Management Science and Information Management Programme of Hang Seng Management College. Micky received a Bachelor of Mathematic degree from the University of Waterloo (Canada) and an Executive Master of Business Administration degree from University of Western Ontario (Canada).


Rasha M. Abu AlSaud

Senior Vice President, Chief Information Security Officer, Saudi Arabian Banking Industry, KSA

Rasha Abu AlSaud is the Chief Information Security Officer of a Leading bank in Saudi Arabia, her expertise spans various aspects of Information Security, Information Technology, Business Continuity and technology Risks.

In her role, Rasha led the successful implementation of a number of security related initiatives to improve the security management capabilities within a short period of time. The projects implemented covered: Cyber Intelligence Center, Identity governance, network protection, Information Classification, Security Incident and Event Management, eGRC, Endpoint monitoring, Data Leakage Prevention, Secure build, Threats Detection, Vulnerability Infrastructure, Information Security Assurance activities in addition to a comprehensive Security controls framework.

Prior to her assignment as the bank's CISO, Rasha managed the IT Risk department at the bank where she developed a comprehensive IT Risk framework and delivered a Risk remediation program to expedite the remediation of the identified risks.

Rasha holds an Executive MBA from the American University in Cairo (AUC) and a BSc degree in Computer Science from King Abdullah University in addition to several industry certifications. She is a frequent speaker in local and international conferences sharing her expertise in IT, Technology Risk Management, Governance, Security, GRC and Threats Monitoring.


Richard Uhunmwagho

Associate Vice President, Group Business Information Security Officer (Group BISO), Leading Bank in UAE

Empowering organizations in addressing their risks, protecting their assets and ultimately making more informed decisions to support corporate objectives.

Experienced Information Security/Cybersecurity, Governance, Risk, and Compliance (GRC) & Audit Specialist. I have more than a decade of technology and business experience spanning diverse markets and cultures across various regions in the Financial Services, Telecoms, Oil & Gas, FMCG, Govt. & Regulatory industries. I have also made extensive industry contributions through thought-leadership, and active contribution to Cybersecurity/risk forums.

Has been recognized as one of the leading Information Security executives across the Middle East at the ISC2/MESA CISO 2016 awards.


Santosh Kamane

Vice President Information Security at DBS Bank

Santosh Kamane is Information security leader with over 18 yrs of progressive experience in Information security Program and risk management, cloud security operations, compliance and regulations ( ISO 27002, SSAE16 / 18, NIST , PCI, COBIT , GDPR ), incident management, business continuity program management, IT infrastructure operations and designing security architecture for leading enterprises. He has been integral part of high performing teams at DBS Bank, Backintheblack LLC, KPIT, WIPRO, BMC Software and CMC LTD and has over 10 yrs experience working in USA with leading banking clients and financial institutions.


Surachai Chatchalermpun

CISO, Krungthai Bank, Thailand

Surachai Chatchalermpun is the Chief Information Security Officer (CISO) of Krungthai Bank (KTB), a largest state-owned enterprise bank in Thailand. He has been listed of the top 10 CIOs and IT executives 2018 in the financial services industry across the ASEAN region by CIO ASIA Magazine.

He leads an IT security team responsible for app penetration testing, IT security compliance, security solution architecture, security awareness. Prior to joining KTB, Surachai was the Regional Head of IT Security at Maybank Kim Eng Securities (Thailand) responsible for the entire spectrum of the company's IT Security.

He got many international security certificates such as CISSP, CISA, CISM, CSSLP, CEH, ECSA, ISO27001. He got ISLA (Information Security Leadership Award) from ISC2 and best employee from PTT (The largest oil & gas company in Thailand). Furthermore, He got first class honor computer engineering bachelor degree from KMUTT, Thailand.


Dr Ziyad Alshaikh

Director of the Vision Realization Office, King Abdulaziz City for Science and Technology, KSA

Dr. Ziyad Alshaikh serves as director of the vision realization office at King Abdulaziz City for Science and Technology. He is also a columnist at Alriyadh newspaper where he writes on strategy and governance issues. He has more than 15 years of experience in industry and academia and is a qualified software engineer and architect. His conducts research related to 'systems of systems' and software design and has developed a new approach to software and systems analysis.


Karim Fawaz

Legal Director, Clyde & Co, KSA

Karim has re-joined Clyde & Co's corporate team in Dubai as Legal Director. He has solid experience in corporate finance, technology, technology finance, insurance, M&As, O&G and related commercial issues. Karim is responsible for building and driving the CorpTech practice which focuses on various technology transactions for public and private sectors, including but not limited to digital transformation, Government-as-a-Service platforms and others.

Prior to rejoining Clyde & Co, Karim has worked as Corporate Counsel at Cisco Systems and Cisco Capital, where he led the Enterprise and Public Sector legal team in MEA and advised on several major projects in technology and technology finance. Karim had formerly worked as an associate at Levant Law Practice in Riyadh where he provided various legal services for several leading insurance companies and financial services authorised persons in Saudi Arabia.

Karim is known for his commercial savvy and readiness to understand the practicalities of any business he advises on; a key factor for getting the deal done. Moreover, Karim has worked on constructing and delivering detailed compliance and ethics trainings for companies in various industries, including but not limited to, in Technology and Financial sectors.

During his in-house role at Cisco Systems, Karim was awarded the Asia Mena In-house Counsel of the Year 2017, in addition to other awards achieved with the MEA Legal Team.


Nick O'Connell

Partner & Head of TMT– Al Tamimi & Company, Riyadh

With approximately 400 lawyers across 17 offices in nine countries, Al Tamimi & Company is the largest law firm in the Middle East. Riyadh-based Nick O'Connell is the Partner responsible for Al Tamimi & Company's Technology, Media & Telecommunications practice.

Nick advises local and international clients in both the public and private sector on a variety of matters. These include legal aspects of cyber security, such as information security compliance and data breach response. Nick's practice area also includes technology transactions, technology and intellectual property aspects of corporate and commercial transactions, privacy and data protection, e-commerce, media and advertising, and telecommunications.

Nick's clients include companies operating in a range of industries, including financial services, digital content, e-commerce, engineering, exhibitions and events, food and beverage, pharmaceuticals, retail technology, software, and real estate.

Nick started his career as an intellectual property specialist with a top tier firm in New Zealand before joining Al Tamimi & Company in 2006. He is admitted in New Zealand, New South Wales (Australia) and England & Wales.



Secretary General - Media & Banking Awareness Committee, Saudi Bank, KSA

Holds master degree in Professional Accounting from USA & worked with King Saud University as Teacher Assistant in the accounting department during the period 1977-1983 .

In 1984 he joined the National Commercial Bank(NCB), one of the leading commercial banks in KSA & in the Middle East. After working with NCB for over 22 years engaging in managing a number businesses within the bank (Corporate branch manager, Head of Private Banking - Central Region & Head of Commercial Businesses Banking Group - Central Region) he left NCB to work as CEO for United Assets Co, an Investment & Real Estate Development Company & then joined Baa- Azeem Trading Co in the capacity of Deputy General Manager .

In January 2009 to date: he works as a Secretary General of the Media & Banking Awareness Committee, a subcommittee of the Banks' Chairmen Committee of Saudi Banks. The Media & Banking Awareness Committee of Saudi Banks' main objective is raise the public awareness about banking & financial related issues including banks' Customers.
Mr. Hafiz is also:

  • Licensed Economic & Management Consultant
  • Economic & Financial Columnist & Analyst
  • Media & TV Anchor. Preparing & presenting Economic & Financial programs on Saudi TV channel 1
  • Board member of Al-Rajahi Investment Holding Co.
  • Ex. member of the Investment & Securities Committee at Riyadh Chamber of Commerce
  • Ex. member of the Investment Funds Committee of Al-Bilad Capital
  • Board member of Saudi Broadcasting Corporation.
  • Head of Management Execution Committee of Saudi Broadcasting Corporation for the period 31/1/2017 to 31/3/2017.




Arab National Bank, KSA

High performing security management executive with expertise in building/optimizing security processes, measurement systems, and infrastructure to maximize business security by aligning with business goals and compliance drivers while balancing demanding workload with available resources. Skilled strategist who transforms plans into workable solutions and benchmarks performance against key targets/goals. Respected and devoted professional offering 17 years of information technology and security experience in banking sector with remarkable success track record.





Experienced Chief Information Security Officer with a demonstrated history of working in the financial services industry. Skilled in IT Strategy, Management, Business Intelligence, business Continuety, Disaster Recovery, Cyber Security , Customer Experience, and Risk Management. Strong information technology professional with a Master Degree focused in Computer Science from Imam Mohammed bin Saud University.




Director, Information Security - Capital Market Authority (CMA)

Sultan leads and oversees all activities aimed at developing Cybersecurity measures in CMA, providing business stakeholders with information assurance services, including defining business and security requirements, integrating cybersecurity solutions, crafting security plans and strategies, and implementing effective risk management. Sultan has an extensive IT and Information Security professional experience locally and internationally. Sultan has worked in the past for Saudi Airlines, Saudi Arabian Monetary Agency (SAMA), Saudi Telecom Company (STC), Florida Tech (USA), Boeing (USA), and Innovative Solutions (IS). Sultan has earned his B.Sc. and M.Sc. in Information Systems from King Saud University, and his second M.Sc. in Engineering Management, and Ph.D. in Computer Science from Florida Institute of Technology. He holds more than 25 specialized training certificates in Information Security and IT.



Dr Michael Kelly

Global Head Information Security Officer for T&I and Group Functions, Standard Chartered Bank

Dr. Michael Kelly serves as the Global Head Information Security Officer for Technology & Innovation and Group Functions at Standard Chartered Bank, based in Singapore. He is responsible for information security governance and risk assessments across the technology base, innovation and global support functions in the Bank. In support of the Bank's increased use of cloud, he has been instrumental in ensuring the implementation of security governance and capabilities for both IaaS and SaaS.

Dr Kelly has over 25 years' experience working in the finance, telecommunications, IT and consulting industries, primarily in the Asia Pacific. Prior to joining Standard Chartered he has held roles as Managing Director, Consulting Partner and Chief Technology Officer in companies such as CSC, A.T. Kearney, Hutchison Telecom, Booz Allen & Hamilton and Nortel, and was a co-founder of a startup regional telecommunication services company.

Formerly an advisor to the Engineering School at the Hong Kong University of Science and Technology, and a university lecturer, he holds a Ph.D. from SMU in Dallas, Texas, and BS and MS degrees from Rensselaer Polytechnic Institute in Troy, New York.



Stéphane Nappo

International Security Expert and Former Global CISO at Societe Generale International Banking

Stephane Nappo is CISO and International Cybersecurity Expert. He has been Global Head Information Security for Société Générale International Banking pole since 2011. Present in 67 countries, this pole employs over 71, 000 people and has 30 millions clients distributed within 40 autonomous banks. He was senior consultant specializing in IT security as of 1995. His extensive training in telecom, business administration and law, allows him to have a unique approach towards solving technological and business related issues. He worked for over 80 organizations in numerous sectors. He implements conventional risk management methods with a systemic approach to complex problems. Based in Paris, he operates regularly in Russia, Central Europe and Africa. His current mission targets digital services security, anti-fraud prevention, incident response and information security's digital transformation.



Surachai Chatchalermpun

CISO, Krungthai Bank, Thailand

Surachai Chatchalermpun is the Chief Information Security Officer (CISO) of Krungthai Bank (KTB), a largest state-owned enterprise bank in Thailand. He has been listed of the top 10 CIOs and IT executives 2018 in the financial services industry across the ASEAN region by CIO ASIA Magazine.

He leads an IT security team responsible for app penetration testing, IT security compliance, security solution architecture, security awareness. Prior to joining KTB, Surachai was the Regional Head of IT Security at Maybank Kim Eng Securities (Thailand) responsible for the entire spectrum of the company's IT Security.

He got many international security certificates such as CISSP, CISA, CISM, CSSLP, CEH, ECSA, ISO27001. He got ISLA (Information Security Leadership Award) from ISC2 and best employee from PTT (The largest oil & gas company in Thailand). Furthermore, He got first class honor computer engineering bachelor degree from KMUTT, Thailand.



Shino Thomas

Head of PMO, National Bank of Oman, Oman

Mr. Shino Thomas Philip serves as Head PMO of National Bank of Oman and manages large-scale Transformation initiatives and technology strategy of the Bank . He has extensive experience in managing Digital Transformation, Operational excellence, Core Banking replacement and Information Security implementations. He has previously worked with major financial institutions in middle east like BankDhofar, Doha Bank and have more than 18 years of experience in Technology and Operations.



Muayad Simbawa

Director of Enterprise Business, Trend Micro

Currently working with Trend Micro as Director of Enterprise Business. Growing business across NTP2020 and Vision2030 program. Supporting Saudi government transformation journey and Enterprise Business toward Secure IT infrastructure.

At SAP, Muayad was responsible for NNN customer in public sector establishing stronger business relationships and developing solid opportunities pipeline in alignment with Saudi NTP and Vision 2030. And At GE and Alstom companies, Muayad was responsible for driving the Sales strategy for GE Covering different business ( Nuclear, Renewable and Conventional Power) by creating and executing on growth Initiatives; identifying and developing new business opportunities in Oil & Gas (MENAT), Petrochemical, Chemical, and other industries (KSA and GCC).

He started his career with GE in 2006 as Electrical Engineer followed by few years at Siemens Managing Sales for Oil&Gas and back to GE & Alstom then SAP. He holds a BSc. degree in Applied Electrical Engineering from KFUPM.

Muayad is Married, father of two boys and one daughter.

Coffee addict and a certified barista. Likes to dive and swim and a passionate traveler.


Rasheed Al-Odah

Director of Strategic Business, Trend Micro

Rasheed is Supporting the Strategic growth of Trend Micro Focusing on the core industries within KSA Like: Oil & Gas, Petrochemicals, Manufacturing and Large Enterprises. He is managing a team spanning the whole Kingdom and focusing on Strategic Enterprises.

With over 13 years' experience in different business fields including SAP Senior Partner for Saudi Public Sector with a focus on Saudi Vision 2030, Rasheed spent over 10 years in Petrochemicals Industry in IT Operations, Infrastructure Project Management and SAP Portfolio Management. He led challenging projects varying between business transformation functionally and operationally- in Saudi Arabia and Globally.

Rasheed is knowledgeable in manufacturing practices and connected with leader in the region, he also holds special interest in bringing up specialty focus groups/sectors, looking to establish Oil & Gas Security Best Practices Chapter involving ARAMCO, SABIC and others. His work had been recognized by Aramco, SABIC, Dow Chemicals and Evonik.

Rasheed holds a B.Sc. in Software Engineering from King Fahd University of Petroleum and Minerals, Multi Professional Certifications spanning from ITIL, PMP, SAP and others.


Dr. Moataz H. BINALI

Vice President and Managing Director, Middle East and North Africa, Trend Micro

Moataz is responsible for driving innovation, forging meaningful alliances, and developing regional talent in his role. He is also tasked to drive investments and foster new opportunities for growth in Middle East and North America.

Moataz has over 15 years of experience as a business leader and a digital transformation expert. Before joining Trend Micro, Moataz held leadership roles in prominent technology companies, such as SAP, IBM, and Microsoft, as well as start-ups. He helped grow multiple technology businesses and product lines – often with double digit growth - across his career.

Moataz holds a Doctorate Degree in Technology Management from the Chinese Institute of Technology in Hong Kong; an MBA in Operations Management from the University of Buffalo in New York; a Master's Degree in System Design and Project Leadership from Cornell University in New York; and a Bachelor's Degree in Software Engineering from King Fahd University of Petroleum and Minerals in Dhahran, Saudi Arabia.

Moataz also completed an executive sales leadership program from IBM Global Sales School; a management acceleration program from Microsoft Academy for College Hires (MACH); and received an advanced certificate in Global Events and Leadership from Manchester Business School. One piece of cybersecurity advice Moataz will give: "Securing your connected world is the foundation to building a successful digital transformation strategy."


Hussam Abu-Rida

Technical Leader, Trend Micro

Mr. Hussam Abu-Rida is Technical lead for Saudi Arabi. In his role as a Tech. Lead he is managing and developing Trend Micro high performance technical team across the kingdom into delivering security solutions to enterprise sector.

He is well versed in IT security solutions specialist for endpoint, Gateway, Data Center, Cloud security solutions and Breach Detection solutions providing Subject Matter Expertise for major projects.

Hussam Abu-Rida has progressive Information Security career with track record of success, delivery and experience in major market base spanning across the Kingdom.


Moawia Alayan

Territory Leader Saudi Arabia & Pakistan Tenable

Moawia Alayan is Territory Manager of Western Region in Saudi Arabia for Tenable. In this role, he is responsible for Tenable Sales activities across all Western Region accounts alongside with Service Providers (SPs) , Healthcare & Utilities across of Saudi Arabia.

During the past 10 years, Moawia has worked across both mature and high-growth paced organizations, where he developed revenue, built successful business, high-performance, constant contribution records across Emerging Market (Middle East, Egypt & Turkey).

Before joining Tenable, Moawia was Regional Sales Manager in Middle East office for Palo Alto Networks, based in Riyadh, Saudi Arabia for 7 years. He was hired as first team member in Middle East office to grow Palo Alto Networks business from ground zero up to Multimillion-Dollar Business.

Prior to this, he spent 2 years in Major Accounts Manager for Saudi Arabia & Egypt with TrendMicro. His last role at TrendMicro was as Strategic Accounts Manager in Oil & Gas, Petro-Chemical Industries & Utilities across Saudi Arabia & Egypt.

Moawia has a BSc. of Computer Science degree and is based at Tenable, EMEA theatre, Middle east, Saudi Arabia.


Saddam Jarrah

Territory Sales Manager, Tenable Saudi Arabia, Tenable

Saddam is a territory leader at Tenable Saudi Arabia. He has extensive experience in sales and business development with solid emphasis on information security and cyber exposure. More than 12 years of experience with the top players in the security market.


How can analytics be used to improve security?

By February 22, 2019 3 Comments

The advantages of analytics to customer service have already been shown. Now the question becomes: How can analytics be used to improve security?

Organizations are collecting more and more data. And while rich data allows personalized service, detailed data about real people (rightly) often raises concerns. Just as this data is increasingly valuable to organizations, it can be valuable to criminals as well, leading to an ever-escalating series of data breaches. Data analytics exacerbates trade-offs between security and service; the analytical processes on data can, at a minimum, raise privacy concerns for individuals because much of marketing analytics tries to learn as much as possible about potential customers. These analytics processes are becoming increasingly powerful at de-anonymizing people from their trace data.

However, these de-anonymization techniques are an example of a way that analytics offers at least a partial solution to the problems it has exacerbated.

Consider, for example, placing a call to your bank for help after losing your debit card. The core problem is that, before providing customer service, the bank must authenticate that you are who you say you are. This authentication process must begin with the assumption that the caller is a malefactor impersonating the real customer — guilty until proven innocent. The bank will help the caller only after being convinced of the caller’s identity.

While this process is annoying when we’re customers seeking help, we actually want and need this level of security. It is in our best interests that the bank will verify that we are who we say we are before continuing to assist us. After all, we don’t want the bank to hand out our money (or our new debit card) willy-nilly to just anyone.

Historically, this telephone authentication process involves answering a set of questions. What is your account number? What is your personal identification number (PIN)? What is your Social Security number? Can you verify the last three transactions in the account? What is your prior address? The process continues, potentially escalating to security challenge questions based on shared secrets, until the bank is convinced of our identity.

This process is adversarial by design. Even the name “security challenge question” evokes a combative stance, a challenge. The initiator of the call is not trusted until passing through a gauntlet. For banks, it is unfortunate that so many initial interactions with a customer are adversarial in nature.


Leave a Reply