15 January 2015
In the media: ‘the rise in online payments attacks in 2015’
New payment methods are usually very exciting because of all the new features and possibilities, but there is a flipside: they contain new risks when it comes to fraud. In 2014 we have seen the introduction of various new initiatives such as Apple Pay and digital wallets, but there were also a lot of alarming headlines about fraud, hacks and missing Bitcoins. These systems have become increasingly attractive to malware authors interested in financial gain. What will happen in 2015 with the rise of even more online payment methods?
According to Internet security firm Eset, 2015 will see a rise of attacks on online payment systems and a rise in Internet of Things cyber attacks. Completely new categories of digital devices are getting connected to the Internet, from domestic appliances to home security and climate control. “The trend will accelerate in 2015, but sadly we see no reason why these things will not become a target for cyber crime,” said Eset.
An example of a relationship between the usage of new technology and the rise of fraud is cybercrime in India. “Hundreds of millions of Indians are either discovering the Internet for the first time, becoming seasoned online shoppers, or doing a lot of their banking online. Still, with only a 68 percent smartphone penetration rate in the country, these are all activities that are basically in their infancy”, states ZDNet.
More and more people are using the Internet and smartphone technology, but this growth has a dark side as well. According to the ASSOCHAM-Mahindra SSG study ‘Cyber and Network Security Framework’, the number of cybercrimes in India will more than double from 149,254 today to 300,000 by 2015. “There is a considerable uptick in online fraud, considering that the years 2011, 2012, 2013, and 2014 registered 13,301, 22,060, 71,780, and 62,189 incidents, respectively, according to the reports.” India ranked third after Japan and the US in terms of countries most affected by online banking malware in 2014.
So, how to stop the increasing number of attacks? The (premature) answer is no’t very optimistic. “It i’s hard to imagine that enough organizations will be able to fortify their defense over the next year to see a significant decrease in successful attacks,” Colin McKinty, head of cyber security strategy at BAE Systems Applied Intelligence, told BankTech.com. The big question of 2015 is no’t whether there will be just as many attacks, he said; it is whether organizations will start responding better. That means investing in solutions that help detect and contain intrusions quickly. Last year, the mean time to detection for a data breach was eight months, Hewlett-Packard’s security head Art Gilliland said in an interview with Fortune.
The answer to fraud attacks isn’t just investing in detection solutions, but has also to do with new rules for Internet payment service providers. The European Banking Authority (EBA) set guidelines for minimum security requirements that payment services providers in the EU must meet by August 2015. This announcement came in December 2014. Concerned about the increase in frauds related to Internet payments, the EBA decided that the implementation of a more secure framework for Internet payments across the EU was needed.
Among various measures aimed at more efficient and secure internet payments across the EU, the EBA guidelines require in particular that Payment Service Providers (PSPs) carry out strong customer authentication in order to verify the customer identity before proceeding with an on-line payment, one of the key measures to prevent internet fraud, be it through banking services or internet card payments.