The Fraud Blog with Tracy Kitten

Top Security Issues for 2015

New Payments Methods; 'Back to Basics' on Breach Prevention

I walked away with two overarching messages from the two cybersecurity summits Information Security Media Group hosted in the New York area last week. First, it's time to prepare for dramatic changes in U.S. payments. And second, the majority of the cyber-attacks waged against our financial infrastructure are not that sophisticated - and thus can be thwarted with the right strategies.

See Also: Webinar | Beyond Managed Security Services: SOC-as-a-Service for Financial Institutions

On the payments front, the U.S. migration to EMV chip cards will ramp up next year, in anticipation of the liability shift for counterfeit card fraud imposed by the card brands taking effect in October 2015.

You should constantly provide training throughout your organization to ensure the entire company is security conscious. 

But mobile payments, spurred on by the adoption of Apple Pay, could have an even greater impact than chip cards on how payments are made, as speakers pointed out during our Oct. 21 Fraud Summit.

On the breach front, presenters at our Global APT Defense Summit on Oct. 22 pointed out that many breaches use low-tech techniques, such as SQL injections, which provide attackers remote access by bypassing normal authentication mechanisms; the exploitation of weak passwords; and the targeting of insiders with phishing schemes. And the best way to thwart these threats may be a stronger focus on spelling out clear security policies and procedures and then educating staff about how to put them into practice.

Lessons for 2015

At the Fraud Summit, Visa's Eduardo Perez pointed out that for EMV to succeed in helping reduce fraud, banking institutions and retailers need to do a good job of educating consumers about how chip and magnetic-stripe card transactions differ.

Perez says too many consumers remain clueless about how EMV chip cards will change the way they make payments. "Soon consumers will receive and use new chip cards and more than half of all payment terminals will activate chip technology in the next year," Perez notes. Obviously, awareness and education are a big part of this change," he adds. "That's why Visa is pushing a national education effort."

The advent of Apple Pay, which provides EMV-compliant mobile payments, will also rapidly change the payments landscape, Perez says. Banking institutions are already jumping onboard. Earlier this month, Apple announced that some 500 additional banks had signed on to support the service for their customers (see How Will Apple Pay Impact U.S. EMV?).

But the key to widespread use of Apple Pay, and other secure mobile payments options, again, is consumer education.

Going Beyond Compliance

While banking institutions and merchants spend millions of dollars every year to comply with security standards such as PCI, costly fraud stemming from breaches continues.

That's because, in spite of all of the technology investments being made to enhance security, most organizations continually fail to address the basics: Educating staff and third parties about how to carry out security policies and procedures in their day-to-day routines.

I think FireEye's David Merkel, a featured speaker at our APT Summit, said it best: "We need to invest in the expertise of humans to detect and prevent these attacks."

Merkel points out: "You should constantly provide training throughout your organization to ensure the entire company is security conscious."

Clearly, technology can play an important role in breach prevention. Investing in network monitoring and behavioral analytics, for instance, is critical. But if your organization is forgetting to educate its employees about phishing attacks aimed at socially engineering them to cough up confidential information and network credentials, the best security technology out there is not going to prevent your network from being compromised.



About the Author

Tracy Kitten

Tracy Kitten

Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years' experience, she covered the financial sector for 10+ years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.