02 September 2014

PCarroll

Pat Carroll - ValidSoft

74 | posts 261,482 | views 37 | comments

Innovation in Financial Services

A discussion of trends in innovation management within financial institutions, and the key processes, technology and cultural shifts driving innovation.

Looking back at 2012 and ahead to 2013

17 December 2012  |  3700 views  |  0

On data breaches and forms of attack: resistance is futile

In 2012, we have seen an increasing number of sophisticated attacks made on a range of organisations in an attempt to capture consumer information.  In 2013 we should not only expect such attacks to escalate in terms of frequency and significance, but for traditional defence technologies to provide little resistance

Against this background, the solution lies in preventing the hackers from being able to use or take advantage of such stolen data. That way, increasingly deadly techniques that we have seen grow into successful global problems in the last year, can be prevented. At the moment I believe there is an over-reliance on PINs and the like, as well as the use of SMS as an Out-of-Band means of authorising a transaction; this makes it all too easy for sophisticated fraud techniques to take their toll. A good example of this is SIM Swap fraud, whereby fraudsters can maliciously redirect One-Time-Passcodes delivered via SMS in order to defeat authentication systems and verify transactions that they have carried out using stolen account information. We have also recently read about the European losses attributed to the Eurograbber virus, yet another mobile-based SMS redirection Trojan that has been around for some time.

In Australia, the Mobile Network Operators have released a statement warning banks not to use SMS for transmitting One-time-passcodes; a common technique in that country. It is these very attacks that are the reason for such warnings. I believe that in the UK we will see an increase in losses attributable to hijacked SMS messages if banks continue to use the medium as a supposedly secure transport mechanism without the appropriate defence mechanisms in place.

Using the customer’s mobile phone as an authentication and transaction verification device is entirely sound, but what’s needed is a layered approach based on voice rather than SMS,and combining visible and invisible security checks such as Call-forward and SIM Swap detection. I believe the message is getting out there but 2013 will still see increased losses due to SMS vulnerability.

 

On all things mobile

2012 has been the year of the mobile wallet and 2013 will see some actual merchant adoption of the many wallets that have already been announced, no doubt with many more to come before the inevitable consolidation will occur. Picking the winners and losers, though, is far harder in what is fast becoming a saturated market. Merchant adoption is of course key. 2013 will also be the year of mobile payments. I personally believe that 2013 will herald a faster transition to mobile payments than analysts are currently predicting. Traditional transaction methods remain woefully inadequate to meet the needs of both the world’s large under-banked population and those who are demanding even greater convenience from their banks. Mobile opens up a host of possibilities to address both needs.

However, throughout 2012 the mobile payments industry has been preoccupied with the race for market share and no single technical standard has emerged. As long as there remains opportunity to be had and competition remains high, I think we’ll see this trend continue. I wouldn’t be surprised if along the way some of the fundamentals fail to be addressed (we have already seen one high-profile case in the UK in 2012) and we see a significant fraud attack that puts users at risk, causing significant reputational damage for this new channel.

That’s why, as we move into 2013, we’re fully in support of the Electronic Transaction Association’s Mobile Payments Committee, as it looks to become a unifying body helping to shape the standards for the merchant acquiring industry in this area.

 

TagsMobile & onlinePayments

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Pat

The Next Target-Style Attack This Holiday Season?

11 August 2014  |  1662 views  |  1  |  Recommends 0 TagsMobile & onlinePaymentsGroupInnovation in Financial Services

Securing Transactions Means More Than Just Authentication

10 July 2014  |  2391 views  |  0  |  Recommends 0 TagsSecurityPaymentsGroupInnovation in Financial Services

'Trust but Verify' : Trust in Data Protection and Mobile

13 June 2014  |  2300 views  |  0  |  Recommends 0 TagsSecurityMobile & onlineGroupInnovation in Financial Services

Chip and Skim Cards: Renewed Need for Layered Authentication

03 June 2014  |  2159 views  |  0  |  Recommends 0 TagsCardsSecurityGroupInnovation in Financial Services
name

Pat Carroll

job title

Founder/Executive Chairman

company name

ValidSoft

member since

2011

location

London

Summary profile See full profile »
Throughout his career, Pat has been at the forefront of industry thinking, representing organisat...

Pat's expertise

What Pat reads
Pat writes about

Who is commenting on Pat's posts

Kenneth Carnesi
Andrew Smith