Competitive landscape
Leading cybersecurity adopters and providers in banking & payments
Credit: Bert van Dijk/Getty images.
Powered by
Cybersecurity should be a key concern for all companies in the banking & payments sector, but who are the companies making their mark within the cybersecurity theme? Here we look at some of the companies currently leading the way in deploying cybersecurity solutions and the specialist vendors of such solutions to the sector.
Leading cybersecurity adopters in banking & payments
Goldman Sachs, US
Goldman Sachs has a team of experts that monitor and respond to cybersecurity threats. Its cybersecurity experts include engineers charged with implementing security solutions, threat analysts who analyze, detect, and respond to cybersecurity threats, and pen testers who identify vulnerabilities before attackers can exploit them. In 2019, Goldman Sachs led a $8 million investment into Immersive Labs’ cybersecurity skills platform. This uses real-time feeds of emerging attack techniques, hacker psychology, and technological vulnerabilities to build cyber wargames to train IT and security teams. Furthermore, in 2022, Goldman Sachs invested in Fortress Information Security, a supply chain cybersecurity provider that secures critical industries, including around 40% of the US power grid.
HSBC, UK
In 2012, HSBC failed to notice that Mexican drug cartels were laundering money through the bank. HSBC was forced to invest millions of dollars into compliance and better security solutions as part of a subsequent settlement with US regulatory authorities. The bank has since made significant investments to improve its ability to detect, deter, and prevent cybercrimes.
HSBC has streamlined its login process using biometric technology through Apple’s Touch ID and HSBC Voice ID across its 18 markets. In 2017, HSBC Ventures invested $40 million in Menlo Security, a cybersecurity company that helps businesses detect and respond to threats, to add Menlo’s capabilities and safeguard its own business from cyber threats. In 2021, HSBC selected Mailock, Beyond Encryption’s email security system, to build digital relationships with its customers. Furthermore, HSBC’s Fraud and Cyber Awareness app keeps users up to date with current scams and fraud trends.
In July 2023, HSBC joined BT and Toshiba's Quantum-Secure Network. The initiative aims to allow organizations to secure the transmission of valuable data and information between multiple physical locations using quantum key distribution (QKD), a cryptographic communication method that uses quantum physics to secure the transmission of symmetric encryption keys.
JP Morgan Chase, US
In 2014, JP Morgan suffered from a cyberattack that compromised the accounts of 76 million households and seven million small businesses. The bank has since implemented several security measures to protect client information. It offers educational programs to clients and has cybersecurity awareness and fraud prevention teams to provide support on cybersecurity-related incidents. Mary Erdoes, CEO of JPMorgan Asset Management, said the company experiences 45 billion hacking attempts per day on average and investments around $15 billion annually on technology, a proportion of which is for preventing cyberattacks.
JPMorgan encourages the responsible development of cybersecurity practices across multiple sectors. In 2018, it launched the Coalition to Reduce Cyber Risk (CR2), a member-led non-profit organization that pledges to advance the international adoption and implementation of risk-based cybersecurity approaches. AT&T, Bank of America, Cisco, Amazon, and Microsoft are among the members of the CR2. Furthermore, JPMorgan’s Responsible Disclosure Program allows researchers to report security vulnerabilities in its online and mobile apps.
In March 2024, JPMorgan committed $39 million (EUR36 million) in series B funding to Eye Security, a cybersecurity and insurtech firm that provides monitoring, attack response, and cyber insurance to mid-market businesses in sectors such as financial services, automotive, manufacturing, and healthcare.
Mastercard, US
Mastercard has become a leading provider of cybersecurity consulting services, in addition to bolstering its own resilience to cyber threats. In 2019, Mastercard acquired RiskRecon, a provider of AI and data analytics solutions for cyber systems and infrastructure. Its platform monitors the security of third-party vendors to ensure that they are safeguarding client data. In conjunction, Mastercard’s Cyber Quant platform measures an organization’s cybersecurity risks, flags security gaps, and estimates the impact of new cybersecurity controls within an organization’s threat landscape. This helps to create personalized results and suggestions for improving cybersecurity. Both platforms are used internally and offered to clients as consulting services.
In 2021, Mastercard launched its Trust Center, a web-based offering comprised of free cybersecurity resources. The product offers toolkits and training programs in partnership with organizations like the Global Cyber Alliance and Singapore's Cyber Security Agency, tailored towards SMEs. In 2022, Mastercard launched an attack simulation and assessment platform called Cyber Front, enabled by a minority investment in Picus Security. It uses a library of more than 3,500 real-world threat scenarios to reveal security gaps and provide mitigation insights.
Visa, US
Visa is reported to be spending billions battling cybersecurity threats and offering risk solutions for issuers, intermediaries (officially called acquirers), and merchants. Visa's issuer security protects cardholders against unauthorized transactions. For example, Visa's Travel Notification Services prevent mistaken purchases by allowing users to decline transactions during travel.
For intermediaries and merchants, Visa offers enterprise tools aimed at improving a business’ payment security. These include the use of machine learning to identify potential security threats, the creation of country-specific security maps, and the implementation of technologies to protect sensitive payment information. For example, Visa's tokenization service replaces card details with unique digital identifiers to prevent the exposure of account information during transactions.
In 2023, Visa partnered with Expel, a managed detection and response provider, to strengthen its cybersecurity. This helped Visa’s clients with a proactive security approach by improving threat detection and visibility across attack surfaces.
Specialist cybersecurity vendors in banking & payments
Armis, US
Armis is an agentless security platform that addresses the threats associated with unmanaged IoT devices, including laptops and smartphones. Armis identifies and analyzes all devices and endpoints across a bank’s environment, which is especially important for banks with bring-your-own-device policies. Once the Armis has identified gaps and vulnerabilities, it will automate the enforcement of security policies, putting banks in a position to meet regulatory compliance needs.
Checkmarx, Israel
Checkmarx’s Software Security Platform allows financial services companies to perform secure static application security testing (SAST) as part of their software development practices. SAST is a testing methodology that analyzes source code to find security vulnerabilities that make an organization's applications susceptible to attacks. This is important for online banking websites and apps. Banks use Checkmarx to automatically scan and check the security of their code, helping to ensure that their applications are free of security, legal, and compliance issues.
CyberArk, US
CyberArk is a privileged access management (PAM) firm, offering tailored solutions to financial services companies. CyberArk ensures that privileged access is managed to avoid this access being maliciously usurped to steal sensitive information and compromise systems. CyberArk’s PAM also ensures that banks can meet their regulatory requirements, especially in areas such as the Monetary Authority of Singapore’s Technology Risk Management guidelines and GDPR.
FiVerity, US
FiVerity develops AI and ML solutions that detect sophisticated forms of cyber fraud, providing threat intelligence to financial services companies and working to combat both financial crime and cyber threats. The company’s SynthID Detect product helps banks fight synthetic identity fraud, a form of fraud in which a customer’s social security number is stolen and then a made-up name, date of birth, mailing address, email account, and phone number are applied to create a new identity. FiVerity does this by recovering 35% of previously undetected fraud.
IDEMIA, France
IDEMIA is a French multinational technology company that focuses on what it calls augmented identity. As part of the process, IDEMIA first identifies and authenticates a customer. It then provides the customer with a digital banking card, allowing frictionless and secure access to payments. Over 200 banking clients currently use IDEMIA’s services. Banks use IDEMIA to reduce fraud, fulfill risk management obligations, and meet their regulatory compliance targets.
iSignthis, Australia
iSignthis provides identification and payment authentication services. It offers customer onboarding solutions, remote identity verification, payment processing, card acquiring, and settlement and deposit-taking services. The company’s Paydentity platform pairs payment and identity to help firms satisfy strict AML and Countering the Financing of Terrorism regulatory requirements.
One Identity, US
One Identity provides identity and access management tools to financial services companies using two-factor authentication to enhance security. The company enhances user identity management and privilege access management while providing firms with the tools to securely store, manage, record, and analyze privileged access to get a better overview of its use and security.
Thales, France
Thales is renowned for its aerospace, space, defense, security, and transportation offerings, but it also has operations in cybersecurity. Thales has a focus on digital banking security, offering a multi-layered security approach that secures mobile channels through biometric authentication and one-time passcodes (OTPs). It also helps banks meet regulatory compliance targets and understand and implement open banking and PSD2.
Trustwave, Singapore
Trustwave is a cybersecurity and managed security services provider focused on threat detection and response. It aims to help clients expand their visibility, strengthen their defenses, and take a security-first approach to compliance. Trustwave offers an extensive fleet of products, including managed security testing, database security, proactive threat hunting, and threat detection and response.
Wipro, India
Wipro provides managed security services to the financial services sector. Wipro ensures the security of banking infrastructure by providing end-to-end network security and privileged event monitoring to banks. This includes 24/7 monitoring of entire network infrastructures to flag any signs of a breach across devices in a network. Privileged activity reports are generated, analyzed, and maintained daily.
GlobalData, the leading provider of industry intelligence, provided the underlying data, research, and analysis used to produce this article.
GlobalData’s Thematic Intelligence uses proprietary data, research, and analysis to provide a forward-looking perspective on the key themes that will shape the future of the world’s largest industries and the organisations within them.