|
Q. What are the main threats to digital payments?
Currently, malware with man-in-the-middle functions is a major threat. These activities were lower in 2017 because some actors switched over to ransomware instead.
Since the countermeasures of antivirus and operating system manufacturers now involve detecting and halting this malicious software, fraudsters’ focus might be directed back to the payments world.
Q. What is the next big threat in payment cybersecurity?
Distributed Denial of Service will become a major problem as the internet of things evolves. The new internet-connected gizmos have catastrophic security but the number of devices available is exploding. Together with our ever-increasing bandwidth, the impact could be of unprecedented force.
Q. What key steps should payment service providers take to protect their organisations and customers against these cyber threats?
When it comes to Distributed Denial of Service (DDoS) mitigation, the future is not bright because the defending party simply sits on the wrong side of the lever. I would not advise against installing countermeasures, but one has to be aware of the fact that this is certainly not a 100 percent solution.
When we look at identity theft and other malware that attack payment techniques, the industry can implement far more advanced risk-mitigation mechanisms in the future. Multi-layered approaches will evolve in the next few years.
Q. With the launch of the SEPA Instant Credit Transfer scheme, European payments will fully enter the real-time world. In your view, does this create new cybersecurity risks? How could we (PSPs and customers alike) fend off these threats?
Instantaneous services are always a challenge for fraud countermeasures as the time span for analytical mechanisms dramatically decreases.
Halting payments for verification of the sender’s intent is an element that should not be eliminated by new regulations, as it is ultimately the only way to protect against the attackers.