8 Big Stories Transforming The Payments Landscape
3. Vigilance And Cooperation Are Key In Payments Security
Cyber attacks targeting financial information are on the rise and are increasingly sophisticated. All participants in the payments value chain must cooperate to address these threats.
Losing a credit card -- for many years, the source of much financial fraud -- is the least of a consumer's problems today since attackers have been teaming up to target banks, payment processors and retailers to get direct access to account information. Similarly, the simple tactics of credit card skimming reap just pennies for fraudsters, compared with the millions of dollars they target when planning a cyber attack or a series of attacks.
In August, a cyber attack with losses reaching hundreds of millions of dollars garnered widespread media attention. The attacks involved a Russian gang, who stole 160 million credit card numbers from more than a dozen companies. The gang used SQL injections -- a code-injection technique that targets Web applications to allow hackers to retrieve data -- to send a code to specific servers, which would allow unauthorized users to manipulate the data in the victims' computer systems, according to media reports. After the credit card numbers were stolen, some were sold to resellers. They targeted mainly payment processors and retailers, such as Heartland Payment Systems and J.C. Penney.
Law enforcement officials had a difficult time catching these attackers because there is no cooperative system for companies that handle customer account information and local law enforcement to work together, says Shirley Inscoe, senior analyst at Aite Group. The attack was highly sophisticated because of its coordination, she adds.
According to Inscoe, banks, payment processors and retailers can better protect themselves by upgrading their security systems and working together.
In a separate incident, eight men were arrested on suspicion of stealing nearly $3 million in just a few hours from thousands of ATMs all over New York City this year. The thieves obtained debit card information and eliminated withdrawal limits to rapidly withdraw money from ATMs.
Especially for attacks like these, in addition to bank efforts, customers can be more active in securing their personal information by frequently checking their accounts and quickly reporting transactions they did not approve, adds Inscoe. — Zarna Patel