Key Trends in Treasury
Management
Matt Ribbens, CTP
McKinsey & Company, Global Concepts Office
September 23, 2010
CONFIDENTIAL AND PROPRIETARY
Any use of this material without specific permission of McKinsey & Company is strictly prohibited
GCI-AAA123-20100303-MHR2010
The US payments landscape
▪
Key trends in treasury management
Working Draft - Last Modified 9/22/2010 9:48:09 PM
▪
Printed 7/21/2010 9:41:25 AM
McKinsey & Company
| 1
GCI-AAA123-20100303-MHR2010
Commercial DDA revenue accounts for 12% of total industry revenues
US payments industry revenues: 2008 1
100% = $277 billion
Consumer
DDA
▪
Working Draft - Last Modified 9/22/2010 9:48:09 PM
▪ 12% of industry revenues
▪ 16% of industry profits
▪ $18 billion in cash management
Consumer credit
card issuing
Commercial
DDA
Quick facts
fee-equivalent income
$10 billion in NII
12% $33
Money
services
Merchant
acquiring
Other
Top 5 cash management banks 2
Printed 7/21/2010 9:41:25 AM
Commercial credit
card issuing
- Bank of America
- Bank of New York Mellon
- Citigroup
- JPMorgan Chase
- Wells Fargo/Wachovia
1 Cash management services are counted on a fee-equivalent basis; ECR expense has therefore been backed out of NII
2 2008; in alphabetical order; based upon an analysis of ACH and wire origination and lockbox volumes
SOURCE: McKinsey US Payments Map, 2008-2013, release Q4-09
McKinsey & Company
| 2
GCI-AAA123-20100303-MHR2010
The distribution of transactions and dollar flows are very different;
most transactions are cash, but most spending is by check and ACH
2008 dollar flows
$96,865 billion
84% C2B
139
33
Cash
$2,355
Debit Card
$1,277
Check 2
24
Credit Card
18
1
2
3
$40,533
$2,116
$36,089
ACH
8
Other3
B2B
Printed 7/21/2010 9:41:25 AM
26
72%
Working Draft - Last Modified 9/22/2010 9:48:09 PM
2008 transactions
248 billion
1
$14,496
Our model excludes the vast majority of wire transfer dollars in an effort to approximate customer payments activity rather than financial
institution settlement transactions (e.g., broker-dealer settlement). Flows through Fedwire alone ($518.5 trillion in 2005) are more than
seven times greater than all other instruments combined.
Reflects checks paid, not checks written. Checks converted to ACH are counted in ACH. This convention is used throughout
Includes wire transfer, book entry transfer, and electronic money transfer (EMT) via MoneyGram, Western Union, etc.
SOURCE: McKinsey US Payments Map, 2008-2013, release Q4-09
McKinsey & Company
| 3
GCI-AAA123-20100303-MHR2010
Contents
The US payments landscape
▪
Key trends in treasury management
Working Draft - Last Modified 9/22/2010 9:48:09 PM
▪
Printed 7/21/2010 9:41:25 AM
– Growth is slow (but returning)
– Banks are refocusing on client
experience
– Security/Fraud Prevention is
paramount
McKinsey & Company
| 4
GCI-AAA123-20100303-MHR2010
Mixed signals about the economy continues to create uncertainty for both
corporates and bankers
News from the same week…
Printed 7/21/2010 9:41:25 AM
SOURCE: DigitalTransactions Newsletter, CNN, Sept 20, 2010.
Working Draft - Last Modified 9/22/2010 9:48:09 PM
$1.84 Trillion in Cash: A Rational
Response to Challenging
Economic
Circumstances
CHICAGO--(BUSINESS WIRE)-The Federal Reserve today
reported corporate cash is
still hovering at record high levels
of $1.84 trillion – almost identical to
last quarter.
However, cash remains 29%
higher than it was just 18
months ago.
McKinsey & Company
| 5
GCI-AAA123-20100303-MHR2010
As with corporates and banks, the biggest challenge continues to be
topline revenue growth
Working Draft - Last Modified 9/22/2010 9:48:09 PM
Printed 7/21/2010 9:41:25 AM
SOURCE: McKinsey Quarterly Economic Conditions Snapshot, September 2010, BEA, 2010.
McKinsey & Company
| 6
GCI-AAA123-20100303-MHR2010
Commercial customers are focused on safety of principal and the need for
liquidity to fund operations
Most important cash investment policy objective
Percentage of organizations prioritizing each
Profile of organizations’ short-term investments
Percentage of total invested in each product
37.2
Safety of
principal
+37%
27.1
61%
75
84
9.2
+384%
1.9
Return
15
23
2007
2
16
0
2008
2009
“It was all about saftey and liquidity this past year.
Those investment vehicles that were perceived as
safe and liquid were not as safe and liquid as we
thought”- Assistant Treasurer of a manufacturing and
distribution corporation
2007 2009
2007 2009
Money
Bank
market
deposits
mutual funds
Printed 7/21/2010 9:41:25 AM
Liquidity
24
2007 2009
Treasury
bills
“..if you want to go for ultimate security you go for
treasuries….(t)hey have virtually no return but you
are not trying to get that last basis point of
interest.”- VP Global Treasurer of a major retailer
SOURCE: AFP Liquidity Surveys, 2007, 2008 and 2009; AFP Exchange, November 2009
McKinsey & Company
Working Draft - Last Modified 9/22/2010 9:48:09 PM
+3%
30.9 31.8
| 7
GCI-AAA123-20100303-MHR2010
Cash management has weathered the banking crisis well and is poised for
ESTIMATES
several years of steady growth
Commercial card (fees)
Cash management fees
Commercial card (NII)
Commercial DDA (NII)
CAGR (’10 -’14)
Percent
US cash management revenue1
$ Billions
Working Draft - Last Modified 9/22/2010 9:48:09 PM
+7% p.a.
75
70
65
59
56
58
60
22
8.3
3
-7
`
26
3.1
12.4
21
19
16
23
16
17
4
4
3
3
24
22
23
18
16
15
2008
2009
2010F
3
25
Printed 7/21/2010 9:41:25 AM
2
15
23
21
24
16
19
2011F
2012F
2013F
2014F
1 Cash management includes all commercial payment and DDA revenues for large corporate, mid-market, SME and public sector entities. Does not
include private label cards and excludes merchant services
SOURCE: McKinsey US Payments Map, 2009-2014, Q2-10 Release
McKinsey & Company
| 8
GCI-AAA123-20100303-MHR2010
Commercial use of ACH has increased steadily over the past five years,
and US firms plan to continue increasing their use of ACH
ACH’s share of Bus/Gov payments
Percent
US firms’ plans to adopt ACH credit use
CAGR, 2008-10
Working Draft - Last Modified 9/22/2010 9:48:09 PM
45%
$ flows
40
Payroll
6%
35
2%
Printed 7/21/2010 9:41:25 AM
Tax Payments
30
transactions
25
B2B Payments
0
2005
06
07
08
12%
09
SOURCE: McKinsey US Payments Map, 2008-13 Scenario 2, release Q4-09; McKinsey 2008 Corporate Treasury Needs
Study
McKinsey & Company
| 9
GCI-AAA123-20100303-MHR2010
Commercial card use declined significantly during the recession,
but growth will return in 2010 and beyond
Commercial card spend
Billions USD
▪ Commercial spending slows: Share growth
$1,000
in commercial card spending has been
insufficient to offset broad slowdown in B2B
spending; commercial card spending dropped
10% 2008-09.
800
600
▪ T&E expenses evaporate: Easy targets for
400
0
2003 04 05 06 07 08 09 10 11 12 2013
Future
outlook
cost reductions travel budgets were slashed
during the recession, dramatically reducing
commercial card spend.
Post-recession, commercial spending and access to credit will improve.
Cards will continue to displace spend from other instruments. We forecast
double-digit growth in commercial card spend 2010-13.
SOURCE: McKinsey US Payments Map, 2008-13 Scenario 2, release Q4-09; Nilson; Team analysis
McKinsey & Company
| 10
Printed 7/21/2010 9:41:25 AM
200
Working Draft - Last Modified 9/22/2010 9:48:09 PM
2008-10: Commercial card trends
GCI-AAA123-20100303-MHR2010
Commercial card solutions are moving up the AP spectrum to become
more easily leveraged by companies for B2B payments
Straight Through
Working Draft - Last Modified 9/22/2010 9:48:09 PM
Card Payments
Traditional
SPEND PER SUPPLIER
Ghost Card
Programs
Printed 7/21/2010 9:41:25 AM
TRANSACTION SIZE
& AP Automation
PCard
Programs
TRANSACTION FREQUENCY
SOURCE: Global Concepts Cash Management Forum, 2010.
McKinsey & Company
| 11
GCI-AAA123-20100303-MHR2010
In March, Global Concepts found that a majority of bankers thought that
Reg Q repeal was unlikely to happen in 2010
The reforming of a rule that does not allow banks to pay interest on commercial checking accounts does not
seem to have much chance of being repealed in 2010; however, more banks see the liklihood “creeping up”
in 2011.
How likely do think it will be that Reg Q will
be repealed in 2011?
Responses
Working Draft - Last Modified 9/22/2010 9:48:09 PM
How likely do think it will be that Reg Q will
be repealed in 2010?
Responses
10
7
Printed 7/21/2010 9:41:25 AM
5
4
3
2
2
1
0
1
Won’t
Happen
2
3
4
5
0
0
0
6
7
1
Will
Happen
Won’t
Happen
SOURCE: Cash Management Forum Research, March 2010.
0
2
3
4
5
0
6
7
Will
Happen
McKinsey & Company
| 12
GCI-AAA123-20100303-MHR2010
In July, the passage of the financial reform included the repeal of Reg Q
which will impact corporate investment policies and commercial DDAs
The Dodd-Frank Wall Street Reform and Consumer Protection Act
Key Provisions affecting cash management:
▪
▪
TITLE III—TRANSFER OF POWERS TO THE
COMPTROLLER OF THE CURRENCY, THE CORPORATION,
AND THE BOARD OF GOVERNORS
SEC. 335. PERMANENT INCREASE IN DEPOSIT AND
SHARE INSURANCE.
– Permanently increases coverage on demand deposit
accounts to $250K
Printed 7/21/2010 9:41:25 AM
▪
Working Draft - Last Modified 9/22/2010 9:48:09 PM
▪
TITLE VI—IMPROVEMENTS TO REGULATION OF BANK
AND SAVINGS ASSOCIATION HOLDING COMPANIES AND
DEPOSITORY INSTITUTIONS
SEC. 627. INTEREST-BEARING TRANSACTION ACCOUNTS
AUTHORIZED.
– Interest can now be paid on commercial DDA accounts (fully
repealing Reg Q)
SOURCE: McKinsey/Global Concepts, 2010.
McKinsey & Company
| 13
GCI-AAA123-20100303-MHR2010
Due to a long-standing and now repealed prohibition on DDA interest, the
US commercial DDA market has evolved differently than others
History & impact of Regulation Q
Unlike most other countries, the US does not allow
interest payments on commercial demand deposits
▪
The payment of interest is forbidden by the Federal
Reserve’s Regulation Q, enacted in 1933
▪
However the Dodd act will enable banks to pay
interest for commercial deposits
▪
Commercial DDA revenue by source
% of total; 2008
Fees
NII
100%
33%
57%
Due to not paying interest on demand deposits:
67%
deposits is relatively high and corporate
liquidity has been more likely to leave the US
banking sector for secondary markets
43%
USA
– US banks developed a complex suite of cash
44%
42%
56%
58%
Canada EU
Printed 7/21/2010 9:41:25 AM
– The opportunity cost of keeping excess cash in
management products and account types
designed reduce the funds held in DDAs (e.g.,
sweeps, ZBAs, Repo’s)
Working Draft - Last Modified 9/22/2010 9:48:09 PM
▪
Asia/
Pacific
Due in part to Reg. Q, US banks have tended to
derive more revenue from fee income as corporate
customers sweep balances into money markets
and higher yielding time deposits
SOURCE: McKinsey US Payments Map, McKinsey Global Payments Map, Global Concepts
McKinsey & Company
| 14
GCI-AAA123-20100303-MHR2010
The repeal of Reg Q will lead to three potential different scenarios
based on the strength of the economic recovery
Most likely scenarios in next 24 months
More likely scenarios in 2012 and later
Moderate
Low
SME shift – attacker funding
demand remains moderate;
incumbents willing to bleed off
deposits vs. raising rates
Status quo – commercial banks
w/ deposits stockpiles; low
demand for credit and risk averse
lenders
Low
Moderate
High
With moderate recovery, the large
un-deployed funding base among
deposit rich institutions should
meet credit demand; deposit rich
banks are likely to bleed off excess
deposits rather than raise interest
rates in response to attackers.
▪
Strong economic recovery and
growth in credit demand will
increase demand for funding; if
wholesale funding markets fail to
rebound, strong demand for
funding could push deposit interest
rates up.
▪
SME shift is less contingent the
state of capital markets and could
happen with only a moderate
recovery.
▪
DDA innovation and Deposit
boom scenarios are both
contingent upon the external
environment and speed of recovery
in capital markets.
Printed 7/21/2010 9:41:25 AM
Demand for funds
Deposit boom – strong
economic recovery; wholesale
funding markets fail to rebound
driving strong competition for
deposit funding
DDA innovation – expanding credit
demand drives broader competition
for DDA pool beyond small
business; funding keeps pace with
demand, moderating interest rates
▪
Working Draft - Last Modified 9/22/2010 9:48:09 PM
High
Industry’s relative supply / demand for funding
Supply of funds
SOURCE: McKinsey Global Concepts
McKinsey & Company
| 15
GCI-AAA123-20100303-MHR2010
In July, the majority of bankers polled anticipate paying DDA interest due
to the repeal of Reg Q but are uncertain of the post regulatory product mix
Do you anticipate paying interest on demand deposit
accounts for business customers?
What will be your default commercial DDA offering?
% of responses
% of responses
4
Undecided
Interest-only DDA
Hybrid (ECR & Interest)
Undecided
11 0
4
0
25
41
Working Draft - Last Modified 9/22/2010 9:48:09 PM
No
Traditional DDA w/ ECR
33
56
56
71
Yes
Existing customers
New customers
Do you plan to offer all three account types?
% of responses
% of responses
No
8
Traditional Methods
TBD 50
Printed 7/21/2010 9:41:25 AM
How do you plan to value deposit balances on
interest bearing demand deposit accounts?
46
50
TBD
46
Yes
SOURCE: Cash Management Forum Research, July 2010.
McKinsey & Company
| 16
GCI-AAA123-20100303-MHR2010
Other regulations will also impact banks (as well as corporates)
FDIC Insurance
2a-7 Money Fund Change
▪
Proposal to increase
capital requirements for
counterparty credit risk
▪
▪
▪
Internal models to
calculate counterparty
credit risk (CCR)
exposures do not take
into account sufficiently
the potential volatility and
illiquidity of markets
Unlimited insurance
(TAG) on non-interest
bearing transaction
accounts
▪
Permanent coverage of
$250K for all accounts
MMF must disclose the
shadow net asset value
(NAV) --basically markto-market value--of the
fund
▪
Potential headline risk for
a fund even after 60 days
when the shadow NAV is
released
▪
Affects
▪
Regulated banks,
brokers/dealers,
and insurance
companies with
assets of at least
$25B
Value of
commercial
deposits much
higher in terms of
stability than other
sources of market
funding
SOURCE: McKinsey Global Concepts
Affects
Affects
▪
Operational costs
of banks for
gathering deposits
▪
MMF Funds and
corporate
investment policies
▪
Banks are able to
pass along a
portion of fees
assessed by the
FDIC for insurance
(typically through
account analysis)
▪
Releasing the
shadow NAV on a
60 day lag basis
willhave an impact
on organizations
investment
decisions
McKinsey & Company
Printed 7/21/2010 9:41:25 AM
▪
Assessments of FDIC
premiums will be
assessed more heavily
based on Assets.
Working Draft - Last Modified 9/22/2010 9:48:09 PM
Basel III
| 17
GCI-AAA123-20100303-MHR2010
Contents
The US payments landscape
▪
Key trends in treasury management
Working Draft - Last Modified 9/22/2010 9:48:09 PM
▪
Printed 7/21/2010 9:41:25 AM
– Growth is slow (but returning)
– Banks are refocusing on client
experience
– Security/Fraud Prevention is
paramount
McKinsey & Company
| 18
GCI-AAA123-20100303-MHR2010
The most highly demanded product improvements for all market segments
are related to online delivery systems
In which of the following areas would you value improvements the most?
% responding high or very high
Overall
Breakdown by revenue segments
86
84
Bottom 50% areas
$25–100m $100-500m
90
87
86
82
88
89
Intuitive, easy to use products
and services
84
84
86
84
System availability and reliability
84
83
86
82
Data integration and ability to
interact with your systems
76
74
80
75
Receivables
64
57
65
71
Liquidity and Concentration
60
49
67
67
Payables
58
53
62
60
International and F/X
41
30
42
51
Providers
need to be
aware of:
▪ The
difference
between
must-haves
vs. nice-tofeatures
▪ How this
varies by
targeted
segment
▪ How to
prioritize
investments
McKinsey & Company
| 19
Printed 7/21/2010 9:41:25 AM
Reporting capabilities
SOURCE: McKinsey Cash Management Survey
Second 25% areas
Working Draft - Last Modified 9/22/2010 9:48:09 PM
$5–25m
Online access
Top 25% areas
GCI-AAA123-20100303-MHR2010
Improving the onboarding/account maintenance process with self-service
and more recently eBAM
Today
Paper
Account management is slow and inefficient
Fax
Corporates are demanding a better service
• Corporates are demanding service level agreements (SLAs) for
account management activities. Already 57% of corporates
have negotiated such SLAs
Working Draft - Last Modified 9/22/2010 9:48:09 PM
• Can take several weeks, sometimes months, depending on the
number of banks, legal entities, branches & countries in the
process
•
Slow
•
Low integration
•
Expensive
•
Low satisfaction
• Expecting on-demand & in real-time information
Tomorrow
Printed 7/21/2010 9:41:25 AM
eBAM automation and standardization is challenging
• Banks typically require the same types of information, however
notification forms, data requirements & formats all differ from
bank to bank .
• 60% of corporate respondents : “legal differences and lack of
standardization are the biggest challenges in streamlining the
processes around bank account management”
Corporates will benefit, but banks will also see a ROI
Internet
Bank Portal
ISO Std. XML messages & Supporting documents
• Security/Digital Signing • Efficient Workflows
• Automate/STP
SOURCE: Cash Management Forum (Identrust & Bank of America), 2010.
• Visibility & Control
McKinsey & Company
| 20
GCI-AAA123-20100303-MHR2010
By the end of 2012, most banks intend to adopt new electronic products
and channels
Products Banks “Plan” to Adopt by 2012
Profiled Banks
60%
Mobile Phone Payment Initiation/Approval
60%
Web-based Cash Forecasting
53%
Payables Automation/Integrated Payables
50%
Invoice Origination from online banking
Positive Pay with Payee Line Detail
Remote Currency Management Solution
SOURCE: McKinsey/Global Concepts, 2010 Cash Management Forum TM Study.
38%
Printed 7/21/2010 9:41:25 AM
Healthcare Lockbox Services/EOB administration
47%
33%
32%
McKinsey & Company
Working Draft - Last Modified 9/22/2010 9:48:09 PM
Mobile Phone Banking
| 21
GCI-AAA123-20100303-MHR2010
Corporate treasurers are showing a great interest in same-day ACH (debit
origination), with over 2x the demand growth of any other product
Adoption timeline:
Top 5 growth products: All firms
% of firms adopting in next 24 months
13-24 Months
0-12 Months
82%
Purchase to pay automation
54
ACH - converted checks
53
47
24
Mobile - Approve payments
46 54
24
Remote deposit
47 53
24
46
18
66
28
ACH debit, payables and receivables
electronification products comprise the
top-5
▪ $500MM - 1.5B: “Next generation”
treasury products dominate, including
web cash forecasting and a variety of
mobile services
83
17
66
ACH - same-day debit
Purchase to pay automation
57
43
28
Web cash forecasting
ACH - converted checks
53
47
27
Mobile - View balances
Remote deposit
51
49
26
Mobile - Approve payments
ACH debit filters
55
45
25
Mobile alerts
SOURCE: Global Concepts Corporate Treasury Needs 2010
82
52
36
54
45
48
64
46
55
18
Printed 7/21/2010 9:41:25 AM
Top 5 growth products: $500MM - 1.5B
% of firms adopting in next 24 months
Top 5 growth products: $100 - 499MM
% of firms adopting in next 24 months;
ACH - same-day debit
▪ $100 - 499MM: In addition to same-day
Working Draft - Last Modified 9/22/2010 9:48:09 PM
ACH - same-day debit
Top-5 products differ by size segment:
62
35
34
33
29
McKinsey & Company
| 22
GCI-AAA123-20100303-MHR2010
Contents
The US payments landscape
▪
Key trends in treasury management
Working Draft - Last Modified 9/22/2010 9:48:09 PM
▪
Printed 7/21/2010 9:41:25 AM
– Growth is slow (but returning)
– Banks are refocusing on client
experience
– Security/Fraud Prevention is
paramount
McKinsey & Company
| 23
GCI-AAA123-20100303-MHR2010
A multiplicity of threats requires a comprehensive approach to risk
management
McKinsey & Company
Printed 7/21/2010 9:41:25 AM
SOURCE: Global Concepts analysis
Working Draft - Last Modified 9/22/2010 9:48:09 PM
▪ Online fraud
– Phishing, spear phishing and malware
– Account takeover
– Man in the middle attacks
▪ Check fraud
– Check alteration
– Hybrid attacks
– The positive pay imperative
▪ Multi-channel risk
– Remote deposit, ACH origination, wire and merchant limits
– AML/OFAC screening
| 24
GCI-AAA123-20100303-MHR2010
Spear Phising Attack: BBB
Working Draft - Last Modified 9/22/2010 9:48:09 PM
Printed 7/21/2010 9:41:25 AM
SOURCE: Global Concepts, Cash Management Forum 2010.
McKinsey & Company
| 25
GCI-AAA123-20100303-MHR2010
Spear Phishing and Money Mules
1. Fraudsters target and research
your bank, your banking platform
and your customers
(FDIC, IRS, Bank emails)
Customer 1
Banking Platform
6. Mules
instantly wire
money out
Infected
email
4. Account
Reconnaissance
Customer 3
Printed 7/21/2010 9:41:25 AM
• Look for peak balance
• Evaluate account
privileges
• Account processes
Customer Account
Customer 2
3. Account Access – Defeat
Strong Authentication
Have your credentials
Can use customer machine/sessions
5. ACH Batch
Multiple <$10K payments
to many mules across
multiple financial
institutions
Mule banks
SOURCE: Global Concepts, Cash Management Forum 2010.
McKinsey & Company
Working Draft - Last Modified 9/22/2010 9:48:09 PM
2. Spear Phishing
Attacks to executives
| 26
GCI-AAA123-20100303-MHR2010
FBI, NACHA, FS-ISAC recommendations to prevent online fraud for
corporate users
 Initiate ACH and wire transfer payments under dual control
activities from a dedicated, stand-alone, and completely locked down
computer system from where email and web browsing are not possible.
 Limiting administrative rights on users’ workstations to prevent
inadvertent downloading of malware
Printed 7/21/2010 9:41:25 AM
 Reconcile all banking transactions on a daily basis.
 Financial institutions should also implement an awareness
communications program to advise customers of current threats and
fraud activities
SOURCE: Global Concepts, Cash Management Forum 2010.
McKinsey & Company
Working Draft - Last Modified 9/22/2010 9:48:09 PM
 Online commercial banking customers execute all online banking
| 27
GCI-AAA123-20100303-MHR2010
FBI, NACHA, FS-ISAC recommendations to prevent online fraud for
financial institutions
 FIs implement appropriate fraud detection and mitigation best practices
including particularly transaction risk profiling.
systems in concert with fraud detection systems.
 Such OOB solutions many include manual client callback or automated
Working Draft - Last Modified 9/22/2010 9:48:09 PM
 FIs consider using manual or automated Out-Of-Band authentication
solutions SMS text messaging, Interactive Voice Response system
callback to a known phone number with a PIN code and similar solutions.
Printed 7/21/2010 9:41:25 AM
SOURCE: Global Concepts, Cash Management Forum 2010.
McKinsey & Company
| 28
GCI-AAA123-20100303-MHR2010
Transaction Risk Monitoring
Predictive Behavioral Analysis for Each Account
• Learns unique behavior of each individual
• Raises alert when something unusual for that
individual occurs
Fast and Intelligent Forensics
• Detailed behavioral history
• Fraud matching across accounts
Printed 7/21/2010 9:41:25 AM
Low maintenance
• No rules
• No change to client experience
• Don’t need to know fraud patterns
SOURCE: Global Concepts, Cash Management Forum 2009.
McKinsey & Company
Working Draft - Last Modified 9/22/2010 9:48:09 PM
Maximum detection, minimal alerts
• Only get alerts when risk factors combine to create
high risk score
• Looking at all attributes and activities – catch
account reconnaissance
| 29
GCI-AAA123-20100303-MHR2010
Out of Band Authentication
An Out of Band, Multi-Factor form of authentication that allows you to use your office, home or cell
phone as the second factor of authentication.
Working Draft - Last Modified 9/22/2010 9:48:09 PM
 When accessing on-line banking business customers receive a phone call asking the user to enter a
security code or PIN into the phone that is displayed on the computer screen.
 Entering a code into the phone makes OOBA a completely out of band authentication
 Provides strong two-key authentication by requiring the use of two different networks to gain access;
Internet & phone
 Companies don’t have to spend time coordinating the issuing, mailing, and servicing a token or
Printed 7/21/2010 9:41:25 AM
device
 Instant attack detection
 If account is comprised access can be immediately blocked and notify banks security department
SOURCE: Global Concepts, Cash Management Forum 2010.
McKinsey & Company
| 30
GCI-AAA123-20100303-MHR2010
Questions
Working Draft - Last Modified 9/22/2010 9:48:09 PM
Matt Ribbens, CTP
Expert
+1 (678) 221-2339
Matthew_Ribbens@McKinsey.com
Printed 7/21/2010 9:41:25 AM
McKinsey & Company
| 31