New Podcast
Managing Traffic During Peak Demand; Plus, Microsoft, Akamai Outages

Industry

Navigating Internet Outages in the Financial Services Industry

By Mike Hicks
| | 14 min read

Summary

Learn how Internet outages and disruptions can impact financial service institutions and discover strategies for minimizing these impacts to deliver exceptional customer experiences.


Today’s Digital Landscape for Financial Services

In today's world, people expect their interactions with banks and other financial institutions to be seamless. They are drawn to comprehensive digital experiences and expect financial institutions to provide a wide range of digital services that extend beyond just mobile and online banking. Simply put, they want to be able to do everything digitally.

The importance of a digital-first, omnichannel approach in financial services cannot be overstated: Research conducted over the last few years found that 61% of banking customers used digital channels weekly, and companies with the strongest omnichannel customer engagement strategies saw an 89% customer retention rate on average.

As a result, financial institutions have accelerated (and evolved) their embrace of SaaS and the cloud. This shift has required a complete transformation in the way financial service institutions deliver digital services to their customers. They can’t just lift and shift what they did previously into the cloud; this transition calls for a complete redesign—a new financial omnichannel experience that’s both user-friendly and secure. One where all facets of the business (sales, customer service, product, accounting, legal, etc.) must work together seamlessly to create a unified digital experience for customers. And they must do this in the midst of an increasingly complex cybersecurity landscape.

Institutions in the financial services industry rely on a complex digital service delivery chain to deliver these digital experiences, leveraging both internal and external services. Assuring this intricate service delivery chain works properly is vital for ensuring smooth customer digital experiences, maintaining revenue and brand reputation, and complying with regulations.

As a result of so many interconnections and dependencies, Internet outages can pose a big problem for organizations across the financial services industry, whether it be large banks, major trading firms, or local credit unions. Whether the result of an incidental power failure or an adversarial DDoS attack, outages and degraded service can happen at any point in an organization’s complex digital delivery chain and can negatively affect the performance of business-critical apps or services.

In this blog post, we’ll discuss some common ways outages can impact financial services institutions and what your company can do to minimize these setbacks.

It’s Not You; It’s Them: Navigating Outages at Third-party Providers

In the not-too-distant past, financial institutions handled many of their services on-prem. However, today, that’s no longer the case. In its 2023 Cloud Business Survey, PwC found that 95% of banking and capital markets respondents were fully on the cloud or plan to be in two years.

More and more services are going fully digital: Some financial institutions are “born” and exist solely in the digital world, while some other banks that previously had a traditional brick-and-mortar presence are also moving more online, doing away with many of their physical branch offices. In a lot of ways, third-party providers have enabled this transformation and play an essential role in providing today’s customers with the seamless digital experiences they expect.

Due to the criticality of these third parties, financial institutions must be able to monitor connectivity to and performance of these providers to proactively catch potential issues and mitigate the impacts of any outages that might occur.

For example, some financial institutions rely on third parties for authentication services. If this authentication service were to experience an outage that disrupts functionality, customers may be unable to log into their bank accounts. Whether it’s an authentication service or another key provider that encounters issues, the financial institutions that count on them might also experience downstream disruptions. This is what happened in March 2024, when an outage at a provider of core services for Internet and app-based banking appeared to impact a number of Australian banks.

So, what can financial institutions do to mitigate the impact of outages at their third-party providers? In some cases, it might make sense to implement redundant architecture; although, it’s not always practical to have a full backup solution for every single service. For example, it probably doesn’t make sense to pay for a second DDoS mitigation service to have on standby in case your primary one fails. And yet, as some financial institutions using Akamai’s DDoS mitigation service, Prolexic Routed, found in June 2021, sometimes even these services can experience disruptions.

In these cases, financial institutions need to have end-to-end visibility into their overall service delivery chain—including all the SaaS providers they rely on, like their DDoS mitigation service—so they can proactively spot potential issues and respond quickly, mitigating any impacts to performance and availability. Visibility can also help you triage issues more efficiently, leading to faster resolution times and reduced employee and customer disruptions.

Third parties aside, visibility can also help teams spot in-house outages or degradations in performance that emerge when performing regular maintenance, such as site updates, code changes, etc., to make sure that these actions don’t affect user experience.


Get more insights on assuring a digital advantage in financial services. Read this eBook.

An Outage or a Cyberattack?

Maintaining a deep view into your service delivery chain is crucial not only for smooth customer experiences, but it can also serve as an important adjunct to security efforts. Anomalies in performance can be early clues to a potential security breach, as seen with the recent XZ Utils vulnerability. Thus, IT teams at financial institutions must be able to efficiently determine whether the root cause of an outage or disruption lies with them or a third-party provider—or a bad actor maliciously attempting to cause an outage through a DDoS attack or using manipulation/hijacking.

For example, users might experience a malicious BGP hijack merely as a slower page load time and think nothing of it. But in reality, it is caused by a problematic security issue. So to guard themselves, IT teams should monitor for unusual fluctuations in page load times and then dig deeper to assess the cause when anomalies occur.

A financial institution might notice an influx of traffic from an unexpected country, prompting them to take action to investigate. They can also temporarily block access from countries outside their user base to guard against potential security threats. Institutions should also validate that their upstream ISPs are using RPKI, a globally accepted best-practice for BGP security.

Somebody Tweeted: Handling Outages Caused by External Conditions

Sometimes, external factors outside of your financial institution’s control can also lead to outages. For example, a rush on the market caused by major global news—or a mere tweet from an influential politician or business leader—can lead to a major spike in traffic beyond what your systems have the capacity to handle, causing an outage.

For example, on May 19, 2021, around the time news broke that the Chinese government would be strictly regulating cryptocurrencies, Coinbase experienced an outage. Some users attempting to execute transactions on the well-known cryptocurrency exchange may not have been able to access the application. Around this time, ThousandEyes observed a drop in availability, as well as increased load times (some of which resulted in timeout errors).

While it’s wise for financial institutions to keep tabs on the news and social media to catch potential shifts in market conditions, it’s also important to have robust visibility that will alert you ASAP when an issue occurs. If you notice traffic starting to spike, this can give you the chance to increase capacity before your systems become completely overwhelmed.

Outages & Regulatory Considerations

Outages can not only impact customer experiences and brand reputation, but may also inhibit financial institutions’ ability to meet their regulatory obligations, and put them at risk for fines and other consequences.

Sometimes, showing that an outage was not your organization’s fault is key to proving that you didn’t transgress certain regulations. It’s valuable to have this information should you be subject to an investigation, audit, etc.

Saying “It wasn’t our fault” isn’t always enough, however. Regulations like the EU’s Digital Operational Resilience Act (DORA) establish that financial institutions are responsible for understanding their third-party providers as well, making visibility and taking proper actions to guard against any disruptions doubly important.

Outage Monitoring Checklist: What Financial Institutions Should Watch

Keeping track of the complex ecosystem of services that support the success of your financial services firm and enable excellent digital experiences for customers can be challenging.

To streamline your oversight and management, below is a suggested checklist of key areas that your IT team should focus on and recommended actions to take. For each item listed below, ensure that you are monitoring overall performance, including the health of relevant APIs, cloud services, and other tools necessary to maintain proper service functioning. Also, remember to stay informed about the latest regulations concerning uptime, etc. in the states and countries where you currently operate, or plan to operate.

  • Customer-Facing Apps & Websites: Keep customer satisfaction high by emulating app service interactions to catch potential issues early and guard against outages.

  • Remote Workers: Monitor remote working infrastructure—VPN gateways, Wi-Fi, and VDI environments—for any issues to help your team maintain productivity and deliver great customer service.

  • CDN & DDoS Mitigation: Watch the services you rely on for signs of DDoS attacks, BGP route leaks, and DNS hijacks to guard against any service disruptions.

  • Internet, Data Center, & DNS Providers: Also have monitoring in place for the foundational IT services and applications across your core infrastructure, cloud, and WAN from each branch, call center, and office.

  • WAN/Internet: Understand your end-to-end service delivery chain and have strategies in place to minimize the impact of outages across upstream/downstream ISPs.

  • SaaS: Maintain visibility into B2B connectivity and API performance from external services, including productivity and collaboration tools such as video conferencing, word processing, and email.

Proactive Optimization for Better Digital Experiences

As financial institutions have evolved, they have transformed the entire digital experience to meet customer expectations through omnichannel services. In this new digital landscape, Internet outages pose a major threat to financial institutions.

However, there are many practical steps that IT professionals in financial services can take to guard against disruptions. Institutions should have the necessary visibility in place to assure the digital experience for their customers, proactively catching potential issues and efficiently mitigating problems when they pop up.


Learn more about how ThousandEyes can help your financial institution assure digital experiences for your customers.

Subscribe to the ThousandEyes Blog

Stay connected with blog updates and outage reports delivered while they're still fresh.

Upgrade your browser to view our website properly.

Please download the latest version of Chrome, Firefox or Microsoft Edge.

More detail