01 October 2014

PCarroll

Pat Carroll - ValidSoft

76 | posts 267,253 | views 37 | comments

Innovation in Financial Services

A discussion of trends in innovation management within financial institutions, and the key processes, technology and cultural shifts driving innovation.

The Next Target-Style Attack This Holiday Season?

11 August 2014  |  1746 views  |  1

Remote Access Vulnerabilities and “Backoff” PoS Malware to Lead to Potential Next Wave of Target-Style Attacks this Holiday Season

Data breaches, identity theft and stolen payment card credentials are the gifts that keep on giving (or taking, depending on your perspective), just ask any of the 100+ million consumers caught up in the wave of security breaches and Point of Sale (POS) malware attacks perpetrated against retailers including Target, eBay, Neiman Marcus, Michael Stores, and more late last year. As we enter fall and look ahead to this coming holiday season, a new advisory issued by US-CERT, the United States Computer Emergency Readiness Team, provides reason to be concerned that we could again see another holiday season rife with cybercrime.

In the wake of the Target breach and subsequent investigations at numerous retailers, the new US-Cert report reveals potential risks posed by remote desktop applications and weak authentication schemes (poor password policies) – critical contributing factors in the Target breach. The report also examines the rise of new POS malware dubbed “Backoff” which has proven difficult to detect with current anti-virus security software. Together, these two developments mean that retailers and millions of consumers are at risk of having their data - names, mailing addresses, credit/debit card numbers, phone numbers, and e-mail addresses - exposed to “criminal elements.” So before we go through another holiday from cyber-hell, what can be done?

Drawing upon more than 25 years of personal experience in the payment industry, working with banks, financial institutions and government agencies on all matters pertaining to payment transaction security and fraud prevention, the answer remains clear – the industry must realize that a “one size fits all” security-only approach to preventing cybercrime is doomed to fail. What is needed is a logical approach to not only protecting data access, but ensuring that any stolen data is rendered useless to crooks, something that can only be accomplished through enhanced multi-layer, multifactor authentication. The challenge we face as an industry is the how we approach the balancing act between security and consumer convenience for as we have seen, even the adoption of new security approaches to protecting payment cards with schemes such as Chip and Pin (EMV) and even biometrics are not without potential problems.

Whilst we must all continue to assess the ever changing threat landscape and ensure we are all informed about the threat reports coming from US-CERT and other industry groups, we can’t forget that at all times, we need to work together to ensure that we and our customers are protected. The reality is that the industry needs to move forward and adopt a risk adjusted approach to authentication and transaction verification. It’s clear that the primary goal remains “zero friction” and adopting a multi-layer, multifactor approach to fraud detection and prevention can help achieve a “low friction” intuitive interaction with the customer when fraud is suspected or the risk profile of the transaction dictates. Such technology exists today and can help revolutionize a payments world littered with false-positives, abandoned shopping-carts, poor customer experience and high fraud rates. The growing awareness by consumers of such technology should unite them to urge their banks and credit card companies to implement that technology for their protection. It’s just push and pull, isn’t it?

The advent of EMV in the US will create a complex transitional landscape over several years where Card Present fraud will continue to flourish and where Card Not Present fraud (online) will grow. Trust will be severely questioned. Time now for new mindsets, time is now for action, otherwise it is only the cybercrooks that will get gifts this holiday season!

 

TagsMobile & onlinePayments

Comments: (1)

Kenneth Carnesi - Monkeetech,LLC - West Babylon | 14 August, 2014, 02:24

Multi-layered, multifactor authentication is what is needed in any viable solution to credit card fraud; however, there is a delicate balance to be struck in any fraud prevention system and that is secrity on the one hand and consumer adaptability on the other. Pat Carroll has always recognized this and has been both an innovator and a champion of multi-layered, mutifactor authentication for years.

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Pat

More Channels, More Payment Options, More Fraud

23 September 2014  |  706 views  |  0  |  Recommends 0 TagsMobile & onlinePaymentsGroupInnovation in Financial Services

iHack Hastens Call for Multi-factor Authentication

05 September 2014  |  2374 views  |  1  |  Recommends 0 TagsSecurityPaymentsGroupInformation Security

The Next Target-Style Attack This Holiday Season?

11 August 2014  |  1746 views  |  1  |  Recommends 0 TagsMobile & onlinePaymentsGroupInnovation in Financial Services

Securing Transactions Means More Than Just Authentication

10 July 2014  |  2486 views  |  0  |  Recommends 0 TagsSecurityPaymentsGroupInnovation in Financial Services
name

Pat Carroll

job title

Founder/Executive Chairman

company name

ValidSoft

member since

2011

location

London

Summary profile See full profile »
Throughout his career, Pat has been at the forefront of industry thinking, representing organisat...

Pat's expertise

What Pat reads
Pat writes about

Who is commenting on Pat's posts

Ketharaman Swaminathan
Kenneth Carnesi
Andrew Smith