The impact of global cybercrime is shocking: 38.5% of firms have experienced a cyberattack in the past 12 months and 21% of cyberattacks result in costs exceeding €5M. Financial services is arguably the industry most targeted by hackers. As such, these numbers will likely skyrocket as the industry undergoes disruption.
It’s 2017 and, ready or not, the payments & banking industry is facing disruption. But what does that mean for your company’s cyber security? We hope to unravel that for you in the Irdeto payments & banking security blog we’re launching today.
For years, Irdeto has helped companies in the media industry solve a lot of the same kinds of security problems you’ll be facing as you navigate a disrupted payments & banking landscape. This experience has provided us with a unique perspective
Stealing millions of dollars in an elaborate bank heist makes for a great Hollywood movie – just throw in the hottest Hollywood stars, exotic locations, flashy cars, a computer whiz and obscure cyber jargon that’d impress any moviegoer. But in reality, bank fraud and cybercrimes are not entertaining matters, and are often poorly understood or addressed.
Fraud, outpacing the industry’s security efforts
As news of cyber attacks and large-scale fraud breaks in the media consumers can be lost in nuances of the threat/technology described, believing they would never be similarly impacted.
A lot has been written about PSD2 and its impact. The hope is it will allow 3rd parties (Account Information Service and Payment Initiation Service Providers) to access consumers’ transactional data. Combining it with the existing contextual data new interesting services can be built. But success requires a good consumer experience.
There are some really interesting (possibly unintended) consequences being introduced…
APIs are everywhere in modern day life. We rely on them to access services on mobiles, tablets and laptops. Without them our day-to-day life wouldn’t be the same. Yet they are also increasing the attack surface. Are they really a friend to e-commerce or to cybercrime?
APIs are not new. They’ve been around a long time. APIs are key to building scalable web-based applications as they allow and manage the interaction between 2 online connected services.
The EU Payment Service Directive (PSD2) aims to enhance consumer security, increase competition and create a single EU-wide market for payments. No doubt this market disruptive initiative opens the door for innovation. But will PSD2 inadvertently introduce more vulnerability for the cybercriminals to exploit?
Achieving its aims all hinges on the banks sharing their customer data with anyone that holds the required license. This third party access to accounts (XS2A) ensures that banks cannot block the move to a new payment services market.
We naturally assume banks are safe. But why? From legendary bank robbers: Jesse James or Bonnie & Clyde, banks have always been a target. Today’s bank robbers are cybercriminals. And they are targeting not only the banks but also consumers.
Every couple of months cyber-attacks on banks make the headlines. Be it the Carbanak cybergang’s biggest ever online bank heist, a distributed denial of service attacks on RBS/Natwest or a Polish bank being held to ransom
‘Never trust the browser’ is a mantra that all developers and security experts live by. Of course! In essence it’s an engine designed for remote code execution. What’s there to trust? But, imagine the possibilities if it could be transformed into a secure platform.
Living in a hostile world
Cyber attackers are constantly looking for, and finding, security weaknesses; program errors and other flaws in web browsers. Looking back at 2014, they proved to be very successful.
According to Ovum, to support revenue growth banks need to focus on customer experience and production innovation. How can mobile payments help financial institutions re-engage with their consumers? And what role does security play in this?
Paying for something is the last thing anyone wants to do. What if it could be made into an experience – where you have, at least, the feeling of being in control of your finances or even getting rewarded for spending your hard earned cash? Mobile changes the banking experience.
Finally mobile payment is starting to take off. Yet, for it to become a true success story, establishing trust is paramount. The question is, is software security the hero or villain of this story?
How safe is it?
Security and fraud prevention concerns are key drivers in the slow uptake of mobile payments. Can someone else use my smart phone to make purchases?
Identity verification and device based authentication are the cornerstones for any mobile payment transaction.