How banks and PSPs can break free from fraud threats

banks_psps_break_free_fraud_threats_irdeto

Stealing millions of dollars in an elaborate bank heist makes for a great Hollywood movie – just throw in the hottest Hollywood stars, exotic locations, flashy cars, a computer whiz and obscure cyber jargon that’d impress any moviegoer. But in reality, bank fraud and cybercrimes are not entertaining matters, and are often poorly understood or addressed.

Fraud, outpacing the industry’s security efforts
As news of cyber attacks and large-scale fraud breaks in the media consumers can be lost in nuances of the threat/technology described, believing they would never be similarly impacted.

Thinking differently about software security: Inside-Out

Software_security_InsideOut_Thinking_Irdeto

We live in a very different world today than we did 10-20 years ago. We’ve never been more connected. So, it’s surprising that software security practices remain in the realm of “We’ve always done it this way before”. Can they really expect to solve today’s security problems with an old way of thinking?

Traditional thinking
Traditional thinking typically starts with the premise that honest parties control the computer devices and any cryptographic operations are performed free from interference from would-be attackers. Given this, it’s probably understandable

Cryptography is everywhere in day-to-day life

crypto_day2day_life_Irdeto

Cryptography is no longer limited to the military and spies. This ancient art underpins modern life. It’s about encoding intelligible data, e.g. numbers, text and transforming them into something unreadable to anyone other than who the information is meant for. The question is, does it need an upgrade for today’s always connected world?

How secure is your house?
Hundreds of times a day we use cryptography in our everyday life. From the lock on the website that you’re browsing, remotely unlocking your car with the key fob to using all kinds of devices.

Does the security auditor have a point?

Security_auditor_Irdeto

On a recent flight, I was sat next to a security auditor. He asked “can someone steal keys used to encrypt credit cards from the server memory?” It depends, was my reply. But his question left me wondering. Why hasn’t anyone built a server side white box implementation?

Why does it depend?
Like any implementation, some are more secure than others. If the server side code was using ‘standard cryptographic APIs’ and they were black box implementations then

Is the next-generation white box cryptography the new Jedi?

irdeto_nextgen_whitebox_cryptography

In Star Wars: The Force Awakens, the sinister First Order dominates the galaxy, with only a small band of trusted resistance fighters left. What’s the link to today’s software world you may ask? It all comes down to the power of cryptography to defeat the dark side.

In this software controlled world the need for software protection is unavoidable. This protection extends to all aspects of day-to-day life. It could be securing your credit card details when shopping on line or a business safeguarding a remote network connection to even protecting premium content such as a blockbuster movie.