Think perimeter security is enough? Think again…

Most of the data breaches you hear about these days are assessed from the server side. Take a recent incident in the financial services industry—a serious malware attack on the Polish banking sector that was tied to a campaign targeting organizations in more than 30 countries. In this case, a web application was infected with malicious code that spread from workstation to workstation. The malware was injected on the server side and then spread to clients using JavaScript embedded in the website. The truth is, this type of attack is the easiest to prevent.

The European Banking Authority warns against Man-in-the-Middle attacks

As discussed in a previous blog, the European Banking Authority (EBA) has released the final draft of its technical guidance for PSD2. Articles 4 and 25 of said guidance include mandates for the security of the customer authentication process.

One of the key elements of the authentication mandate is the requirement to use advanced security technology to safeguard all client-to-server communications against interception. In other words, to protect against MitM (Man-in-the-Middle) attacks.

2017 – A year of disruption in Payments & Banking

It’s 2017 and, ready or not, the payments & banking industry is facing disruption. But what does that mean for your company’s cyber security? We hope to unravel that for you in the Irdeto payments & banking security blog we’re launching today.

For years, Irdeto has helped companies in the media industry solve a lot of the same kinds of security problems you’ll be facing as you navigate a disrupted payments & banking landscape. This experience has provided us with a unique perspective

How banks and PSPs can break free from fraud threats

Stealing millions of dollars in an elaborate bank heist makes for a great Hollywood movie – just throw in the hottest Hollywood stars, exotic locations, flashy cars, a computer whiz and obscure cyber jargon that’d impress any moviegoer. But in reality, bank fraud and cybercrimes are not entertaining matters, and are often poorly understood or addressed.

Fraud, outpacing the industry’s security efforts
As news of cyber attacks and large-scale fraud breaks in the media consumers can be lost in nuances of the threat/technology described, believing they would never be similarly impacted.

APIs – friend or foe?

APIs are everywhere in modern day life. We rely on them to access services on mobiles, tablets and laptops. Without them our day-to-day life wouldn’t be the same. Yet they are also increasing the attack surface. Are they really a friend to e-commerce or to cybercrime?

e-Commerce’s friend
APIs are not new. They’ve been around a long time. APIs are key to building scalable web-based applications as they allow and manage the interaction between 2 online connected services.

Opening the door for a new era of payments

The EU Payment Service Directive (PSD2) aims to enhance consumer security, increase competition and create a single EU-wide market for payments. No doubt this market disruptive initiative opens the door for innovation. But will PSD2 inadvertently introduce more vulnerability for the cybercriminals to exploit?

Radical change
Achieving its aims all hinges on the banks sharing their customer data with anyone that holds the required license. This third party access to accounts (XS2A) ensures that banks cannot block the move to a new payment services market.

Are you sure you’re communicating with your bank?

We naturally assume banks are safe. But why? From legendary bank robbers: Jesse James or Bonnie & Clyde, banks have always been a target. Today’s bank robbers are cybercriminals. And they are targeting not only the banks but also consumers.

Every couple of months cyber-attacks on banks make the headlines. Be it the Carbanak cybergang’s biggest ever online bank heist, a distributed denial of service attacks on RBS/Natwest or a Polish bank being held to ransom