DATA4000 Introduction to Business Analytics Case Study 3 Sample

DATA4000 Introduction to Business Analytics

Assignment Details

Consider below information regarding the National Australia Bank data breach.

Read the case study carefully and using the resources listed, together with your own research, and make an individual assignment

Case Study

“Europe’s largest bank just got hacked – HSBC”

Background

“HSBC Bank, the seventh-largest banking and financial services organizations in the world and the largest in Europe, has been breached by hackers. The bank is now sending letters to an undisclosed number of customers notifying them that hackers have their data.

In a notification template submitted to the California Attorney General”s Office, HSBC said it became aware that online accounts were accessed by unauthorized parties sometime between October 4 and October 14, 2018.

“When HSBC discovered your online account was impacted, we suspended online access to prevent further unauthorized entry of your account,” the notice reads. “You may have received a call or email from us so we could help you change your online banking credentials and access your account. We apologize for this inconvenience. HSBC takes this very seriously and the security of your information is very important to us.”

HSBC adds (emphasis ours), “The information that may have been accessed includes your full name, mailing address, phone number, email address, date of birth, account numbers, account types, account balances, transaction history, payee account information, and statement history where available.”

The bank provides no details of the breach, such as how the attackers managed to infiltrate its systems and then exfiltrate customer data. It does say, however, that its first action after containing the breach was to enhance the authentication process for HSBC Personal Internet Banking. This suggests the breach may have involved credential stuffing (where large numbers of previously-breached credentials are “stuffed” into login forms until they are potentially matched to an existing account), or a vulnerability in the bank”s two-factor-authentication (2FA) process.

On a slightly more positive note, customers are told HSBC is offering a complementary year of credit card monitoring via Identity Guard, which monitors and protects credit data, but also alerts users to activities that could indicate identity theft. Customers must sign up for the freebie within 90 days, or they won”t be eligible after that window is closed.

According to Wikipedia, HSBC”s assets total US $2.374 trillion, as of December 2016, with annual revenue in the tens of billions. Last year alone, it raked in $51.445 billion, or 45.1 billion euros. Considering the sheer number of potential European clients and the amount of personally identifiable information compromised, HSBC stands to incur a stinging fine under the recently introduced General Data Protection Regulation. The GDPR”s penalties for such data breaches are calculated at up to 20 million euros, or 4% of the company”s annual turnover, whichever is greater. Needless to says, EU legislators won”t have too hard of a time making that calculation”.

Brief

As an analyst withinHSBC, you have been tasked with considering ways in which customer data can be used to further assist HSBCwith its marketing campaigns. As a further task, you have been asked to consider how HSBC could potentially assist other vendors interested in the credit card history of its customers.Part A: Industry Report (1800 words, 25 marks) – Individual Based on your own independent research, you are required to evaluate the implications of the European legislation such as GDPR on HSBC’s proposed analytics project and overall business model. Your report can be structured properly.

Solution

Introduction

The banking or financial sector plays a vital role in contributing to the economy of a country. Consumers are the most vital stakeholders of the banking industry of any nation. Banks are accountable for ensuring the privacy and security of their stakeholders including consumers. The given business report has been developed on the basis of a given case scenario. From the given case, it can be seen that HSBC has failed to secure the data of its stakeholders, and as a result, the company is suffering from data breaches. In the aspect of GDPR guidelines for business analytics, ethical issues, AI use, costs, and benefits of databases, the entire study has been conducted.

Data Usability

Cost and Benefits of Database

A banking database helps in keeping track of all the records of transactions including offsets, deposits, and transactions (HSBC, 2023). A banking database helps the bank to track the balance sheets, deposits, and accounts of all the clients. The database used in HSBC is HSBC MiVision. It offers chances for businesses to have control over the business spent. Furthermore, HSBC also uses the Oracle databases in order to prevent the occurrence of fraud in the future. The cost of implementing databases in the UK ranges from £5000 to £7000 per year (Approvedindex, 2019). The benefits of databases to the stakeholders in accordance with the given scenario are given in the following.

● Advanced databases in the current times come with web application firewalls and database firewalls. Database firewalls help in restricting traffic access by default. It also protects the data of consumers from unauthorised connections and helps to make sure that the data of the stakeholders can remain protected (Nife and Kotulski, 2020).

● A database also helps in updating the patches and the operating system. This can help HSBC discover more trendy vulnerabilities that need more protection from hacking.

● A database has the benefit to enhance the image of the bank with stakeholders by sending stakeholders relevant, accurate, and timely information.

● Modern databases come with a good password policy which helps HSBC to protect its stakeholder's data from hacking.

From the given case scenario, it can be seen that HSBC has faced data breaches due to the data of its clients who are the most vital stakeholder of the company getting hacked (TRUȚĂ, 2023). According to the GDPR’s penalty policies HSBC has been penalised due to the data breaches that occurred in the company for MBA assignment expert According to the penalty policies by GDPR regarding data breaches, HSBC has to pay 2% of the annual turnover of the company (Intersoft Consulting, 2018). Hence, it is evident that using proper databases can help the company in overcoming such problems and ensure the protection of stakeholders in the future.

Descriptive, Prescriptive and Predictive Applications of The Data and Data Analytics Software

With the help of data analytics software, HSBC has the opportunity to conduct predictive, descriptive, and prescriptive applications of available data. According to Dai et al. (2020), descriptive analytics is the primary stage of data analytics that provides insights to the bank on what occurred in the past. It can help the company by providing a record of historical data and this data can be used for analysing the situation in a further and in-depth way. In this regard, with the help of Big data tools, HSBC has the opportunity to analyse the situation. According to Ajah and Nweke, (2019), Big data helps in analysing consumer databases and analysing data of external stakeholders. On the contrary, predictive analytics is used to analyse both current and historic data in order to analyse future events or situations. In this regard, HSBC has the opportunity to use the SAS tool which is one of the popular predictive analytics tools. SAS enables to development of predictive models for discovering hidden relationships and insights in the data. Prescriptive analytics always focuses on locating the best course of action through the evaluation of a given scenario (Lepenioti et al., 2020).

Data Security and Privacy

Impact of European Legislation such as GDPR on HSBC

GDPR is the abbreviation of General Data Protection Regulation and it focuses on maintaining the privacy and security of the stakeholders (Wolford, 2023). The main purpose of this legislation is to protect the data of stakeholders and to prevent any kind of data breach in any company including the banking sector. In other words, it is a legal framework that develops guidelines to protect and process information from individuals residing outside the EU. According to the guidelines of GDPR, HSBC tried to maintain the data of its consumers by developing some privacy and security policies through its business model. For example, HSBC in its business model uses 128-encryption technology and Secure Socket Layer(SSL) to protect the data of consumers (HSBC, 2023). Although the company has developed policies according to GDPR it has failed to maintain them (TRUȚĂ, 2023).

Data security issues related to the use of databases

As per the given scenario, it is evident that the databases of HSBC have failed to protect the data of consumers denoting security and privacy issues. From the given case study, it can also be seen that HSBC the personal internet banking of HSBC does not come with proper accuracy measures (TRUȚĂ, 2023). Databases are used basically to protect the information of consumers. However, as a result of not following the guidelines for GDPR, HSBC has a chance to face such data breaches and privacy and security challenges in the future also. Furthermore, privacy and security issues might also be generated if the company fails to develop and perverse the integrity and confidentiality of stakeholders’ data.

Ethical Considerations

Whether the customer has the option to opt out or opt-in

In the banking sector, ethics play a vital role in making an organisation conscious of its banking practices and their impacts on the environment and society (Stauropoulou et al., 2022). In this regard, following the sustainable development goals can be an option to show ethical considerations. Basically, ethical considerations play a vital role in generating profit for financial institutions. There are a number of ethical issues that HSBC can face in regard to planning its analytics marketing project. One of the most vital ethical issues can be a lack of confidentiality and integrity in the aspect of collecting consumers' data for marketing campaigns of HSBC. As seen in the case study, a data breach issue has already been experienced by the company and the company will experience it again if it again fails to use proper software to maintain and secure consumer data. Although HSBC is providing a free credit card to its users for one year, data breaches will give the option to the consumers to choose other banks over HSBC. Hence, HSBC must give the option to opt out and opt-in to consumers. This will allow consumers to cancel their personal information. Maintaining autonomy and the option of an opt-out from the marketing campaigns wherever consumers want must be offered by HSBC to its consumers (Quach et al., 2022).

Other ethical issues

In the opt-in option, consumers or stakeholders can experience ethical failure to register the information during the process of registration (Shamsuzzoha and Raappana, 2021). This ethical issue can generate difficulties for HSBC in the successful implementation of its marketing plan. On the contrary, in the case of opt-out, reusing the information provided by the stakeholders can become an ethical issue by avoiding the concerns of the users during the marketing campaign.

Artificial Intelligence

Developments in AI Intersect with Data Security

For a banking organization, the security of the private information of their customers is definitely the top priority for the most part. However, there are several aspects related to such data for the most part. These include not only the security of such data but also the ethical considerations. The online security breach suffered by HSBC definitely was a major blow to the trust of their customers (TRUȚĂ, 2023). The security breach could have potentially led to a major degree of problems for the customers. This in turn would have affected the company in a negative way. To a well-established banking organisation like HSBC, the solution to these problems can be found using modern technologies.

The breach of HSBC endangered a number of necessary private information of their users. These include their full name, e-mail ID, contact number, date of birth, account numbers and respective balances along with transaction history and statement history (TRUȚĂ, 2023). All of this information is to be kept strictly private under the guidelines of GDPR. HSBC also did not provide any information about the breach in order to prevent further data leaks. However, HSBC took action immediately by making use of its Artificial Intelligence programs. Firstly, they mailed the affected users about the situation and also offered help to change their banking credentials. These basic yet important ethical considerations were important for HSBC to regain the trust of its customers. The use of Artificial Intelligence to moderate the situation was definitely a good choice by the company (Ibrahim et al., 2020).

The company has taken the initiative since then to strengthen the security of its internet databases. The use of AI can also be a major addition to their security issues. The past breach affected HSBC in quite a brutal way. The sheer amount of private information that was compromised has led to a major fine for the company from GDPR. Furthermore, the company also had to offer proper compensation to the affected customers in order to retain their customer base. GDPR has also issued a warning to the company regarding their security systems for their online services. Following such instructions, HSBC is working to implement AI into its online security.
The use of Artificial Intelligence to sort out passwords and other confidential information for employees can be a rather effective idea for the security system (Heister and Yuthas, 2021). It can allow the company to make changes to its cloud network as well and make them only accessible to the employees. Outside access will also be more difficult if HSBC can make use of any Two-step verification for logging into the cloud server. This can greatly reduce the risk of security breaches from unknown sources. Artificial Intelligence programs can also keep the passwords updated while randomizing them for the employees or by reminding them to change their passwords every once in a while (Raimundo and Rosário, 2021). These small improvements in the security systems are also favoured by GDPR and can help HSBC to avoid future security problems regarding their customer data.

Conclusion

The report has highlighted the usability, costs, and benefits of databases to the stakeholders. The application of descriptive, predictive, and prescriptive data variables with the help of proper software tools have been mentioned in the study. Furthermore, data security and privacy issues in regard to the given case scenario have also been evaluated in the study. Some ethical issues that HSBC can experience in the future in regard to protecting consumer data by providing them with the options to opt-out and opt in have also been derived. The study has shown how the introduction of AI in the proposed analytics brief. 

Reference List

Ajah, I. and Nweke, H. (2019). Big Data and Business Analytics: Trends, Platforms, Success Factors and Applications. Big Data and Cognitive Computing, [online] 3(2), p.32.

Approvedindex (2019). Database Prices | A Guide to Database Development Costs. [online] Approvedindex.co.uk. Available at: https://www.approvedindex.co.uk/database-developers/database-prices [Accessed 31 May 2023].

Dai, H.N., Wang, H., Xu, G., Wan, J. and Imran, M., 2020. Big data analytics for manufacturing internet of things: opportunities, challenges and enabling technologies. Enterprise Information Systems, 14(9-10), pp.1279-1303.

Heister, S. and Yuthas, K. (2021). How Blockchain and AI Enable Personal Data Privacy and Support Cybersecurity. Blockchain Potential in AI [Working Title].
HSBC (2023a). MiVision. [online] www.business.hsbc.uk. Available at: https://www.business.hsbc.uk/en-gb/solutions/mivision [Accessed 31 May 2023].

HSBC (2023b). Privacy & Security Information for HSBC Website - HSBC IN. [online] www.hsbc.co.in. Available at: https://www.hsbc.co.in/privacy-statement/.

Ibrahim, A., Thiruvady, D., Schneider, J. and Abdelrazek, M. (2020). The Challenges of Leveraging Threat Intelligence to Stop Data Breaches. [online] Semantic Scholar. doi:https://doi.org/10.3389/fcomp.2020.00036.

Intersoft Consulting (2018). General Data Protection Regulation (GDPR) – Final text neatly arranged. [online] General Data Protection Regulation (GDPR). Available at: https://gdpr-info.eu/issues/fines-penalties/.

Lepenioti, K., Bousdekis, A., Apostolou, D. and Mentzas, G. (2020). Prescriptive analytics: Literature review and research challenges. International Journal of Information Management, [online] 50(1), pp.57–70.

Nife, F.N. and Kotulski, Z. (2020). Application-Aware Firewall Mechanism for Software Defined Networks. Journal of Network and Systems Management, 28(3), pp.605–626.
Quach, S., Thaichon, P., Martin, K.D., Weaven, S. and Palmatier, R.W. (2022). Digital technologies: tensions in privacy and data. Journal of the Academy of Marketing Science, [online] 50(1).

Raimundo, R. and Rosário, A. (2021). The Impact of Artificial Intelligence on Data System Security: A Literature Review. Sensors, 21(21), p.7029. doi:https://doi.org/10.3390/s21217029.

Shamsuzzoha, A. and Raappana, H. (2021). Perspectives of business process ethics in data‐driven marketing management. Security and Privacy, 4(6).
Stauropoulou, A., Sardianou, E., Malindretos, G., Evangelinos, K. and Nikolaou, I. (2022). The role of customers’ awareness towards the sustainable development goals (SDGs) of banks on their behavior. Environmental Science and Pollution Research.

TRUȚĂ, F. (2023). Europe"s largest bank just got hacked. [online] Hot for Security. Available at: https://www.bitdefender.com.au/blog/hotforsecurity/europes-largest-bank-just-got-hacked/.

Wolford, B. (2023). What Is GDPR, the EU’s New Data Protection law? [online] GDPR.eu. Available at: https://gdpr.eu/what-is-gdpr/ [Accessed 31 May 2023].