23 September 2017
Pat Carroll


Pat Carroll - ValidSoft

79Posts 342,674Views 40Comments
Innovation in Financial Services

Innovation in Financial Services

A discussion of trends in innovation management within financial institutions, and the key processes, technology and cultural shifts driving innovation.

Looking back at 2012 and ahead to 2013

17 December 2012  |  4321 views  |  0

On data breaches and forms of attack: resistance is futile

In 2012, we have seen an increasing number of sophisticated attacks made on a range of organisations in an attempt to capture consumer information.  In 2013 we should not only expect such attacks to escalate in terms of frequency and significance, but for traditional defence technologies to provide little resistance

Against this background, the solution lies in preventing the hackers from being able to use or take advantage of such stolen data. That way, increasingly deadly techniques that we have seen grow into successful global problems in the last year, can be prevented. At the moment I believe there is an over-reliance on PINs and the like, as well as the use of SMS as an Out-of-Band means of authorising a transaction; this makes it all too easy for sophisticated fraud techniques to take their toll. A good example of this is SIM Swap fraud, whereby fraudsters can maliciously redirect One-Time-Passcodes delivered via SMS in order to defeat authentication systems and verify transactions that they have carried out using stolen account information. We have also recently read about the European losses attributed to the Eurograbber virus, yet another mobile-based SMS redirection Trojan that has been around for some time.

In Australia, the Mobile Network Operators have released a statement warning banks not to use SMS for transmitting One-time-passcodes; a common technique in that country. It is these very attacks that are the reason for such warnings. I believe that in the UK we will see an increase in losses attributable to hijacked SMS messages if banks continue to use the medium as a supposedly secure transport mechanism without the appropriate defence mechanisms in place.

Using the customer’s mobile phone as an authentication and transaction verification device is entirely sound, but what’s needed is a layered approach based on voice rather than SMS,and combining visible and invisible security checks such as Call-forward and SIM Swap detection. I believe the message is getting out there but 2013 will still see increased losses due to SMS vulnerability.


On all things mobile

2012 has been the year of the mobile wallet and 2013 will see some actual merchant adoption of the many wallets that have already been announced, no doubt with many more to come before the inevitable consolidation will occur. Picking the winners and losers, though, is far harder in what is fast becoming a saturated market. Merchant adoption is of course key. 2013 will also be the year of mobile payments. I personally believe that 2013 will herald a faster transition to mobile payments than analysts are currently predicting. Traditional transaction methods remain woefully inadequate to meet the needs of both the world’s large under-banked population and those who are demanding even greater convenience from their banks. Mobile opens up a host of possibilities to address both needs.

However, throughout 2012 the mobile payments industry has been preoccupied with the race for market share and no single technical standard has emerged. As long as there remains opportunity to be had and competition remains high, I think we’ll see this trend continue. I wouldn’t be surprised if along the way some of the fundamentals fail to be addressed (we have already seen one high-profile case in the UK in 2012) and we see a significant fraud attack that puts users at risk, causing significant reputational damage for this new channel.

That’s why, as we move into 2013, we’re fully in support of the Electronic Transaction Association’s Mobile Payments Committee, as it looks to become a unifying body helping to shape the standards for the merchant acquiring industry in this area.


TagsMobile & onlinePayments

Comments: (0)

Comment on this story (membership required)

Latest posts from Pat

Security by Obscurity is the key!

27 January 2015  |  3907 views  |  0 comments | recomends Recommends 0 TagsSecurityTransaction bankingGroupInformation Security

Chip and Signature, a Paradise Lost

28 October 2014  |  5248 views  |  2 comments | recomends Recommends 1 TagsCardsPaymentsGroupDisruption in Retail Banking

Payment Card Data Theft At The POS - Time To Knuckle Down

13 October 2014  |  4989 views  |  1 comments | recomends Recommends 0 TagsSecurityPaymentsGroupInnovation in Financial Services

More Channels, More Payment Options, More Fraud

23 September 2014  |  2317 views  |  0 comments | recomends Recommends 0 TagsMobile & onlinePaymentsGroupInnovation in Financial Services

iHack Hastens Call for Multi-factor Authentication

05 September 2014  |  3739 views  |  1 comments | recomends Recommends 0 TagsSecurityPaymentsGroupInformation Security

Pat's profile

job title Founder/Executive Chairman
location London
member since 2011
Summary profile See full profile »
Throughout his career, Pat has been at the forefront of industry thinking, representing organisations on industry bodies and leading participation in industry initiatives. At ValidSoft, he leads the R...

Pat's expertise

Member since 2011
79 posts40 comments
What Pat reads

Who's commenting on Pat's posts