The views expressed in this article are solely those of the author and should not be attributed to the European Payments Council.
In the new era of digital payments, where technologies are constantly changing and evolving, there are numerous cybersecurity challenges to take into account. Christoph Fischer, CEO and owner of BFK edv-consulting GmbH, provides a brief overview of current cybersecurity trends, threats and solutions.
Q. What are the main threats to digital payments?
Currently, malware with man-in-the-middle functions is a major threat. These activities were lower in 2017 because some actors switched over to ransomware instead.
Since the countermeasures of antivirus and operating system manufacturers now involve detecting and halting this malicious software, fraudsters’ focus might be directed back to the payments world.
Q. What is the next big threat in payment cybersecurity?
Distributed Denial of Service will become a major problem as the internet of things evolves. The new internet-connected gizmos have catastrophic security but the number of devices available is exploding. Together with our ever-increasing bandwidth, the impact could be of unprecedented force.
Q. What key steps should payment service providers take to protect their organisations and customers against these cyber threats?
When it comes to Distributed Denial of Service (DDoS) mitigation, the future is not bright because the defending party simply sits on the wrong side of the lever. I would not advise against installing countermeasures, but one has to be aware of the fact that this is certainly not a 100 percent solution.
When we look at identity theft and other malware that attack payment techniques, the industry can implement far more advanced risk-mitigation mechanisms in the future. Multi-layered approaches will evolve in the next few years.
Q. With the launch of the Instant Credit Transfer scheme, European payments will fully enter the real-time world. In your view, does this create new cybersecurity risks? How could we ( and customers alike) fend off these threats?
Instantaneous services are always a challenge for fraud countermeasures as the time span for analytical mechanisms dramatically decreases.
Halting payments for verification of the sender’s intent is an element that should not be eliminated by new regulations, as it is ultimately the only way to protect against the attackers.
If you would like to comment on this article, please identify yourself with your first and last name. Your name will appear next to your comment. Email addresses will not be published. Please note that by accessing or contributing to the discussion you agree to abide by the EPC website conditions of use.