Faster payments are smarter payments. Safer payments are smarter payments, too. However, though speed matters, so does safety.
In a world where faster payments are becoming more mainstream, including 12 countries with established Real-Time Payments systems and 45 others in various stages of development, it’s no wonder that security remains top of mind for stakeholders.
In the latest Smarter Payments Tracker, the opportunities and challenges tied to a truly connected financial system were key subjects. The collaborations that are taking shape between FIs of the traditional sort and FinTech firms are bringing speed to payments, to be sure, but it is increasingly important to make sure that payments get where they need to go and are not intercepted by fraudsters.
Account takeovers are finding favor among fraudsters. Dave Endler, co-founder and president of security and fraud prevention solutions provider SpyCloud, illuminated the trend for the Tracker team. These attacks are up 300 percent through the past year, with a financial impact of $5 billion. Account takeovers have the double-barreled effect of being easier to complete successfully — for the bad guys — and are harder to head off (by the good guys).
“It’s much more straightforward for a criminal to compromise someone’s payment account that could be linked to a credit card than for them to try to steal or gain access to use that credit card,” Endler said, and sophistication is no requirement as the tools of the trade are “accessible to people who don’t necessarily have a lot of technical acumen.”
Perhaps, to no surprise, data breaches keep executives up at night — and the rest of us, too. One survey by Kaspersky Labs, across 2,000 consumers, found that 81 percent of Americans and 72 percent of Canadians are “stressed” about breaches.
Against this backdrop, distributed denials of service (DDoS) are gaining ground. How much ground? Let’s just say it isn’t shaping up to be a sleepy summer. Akamai stated in a report Tuesday (June 26), titled “State of the Internet/Security Summer 2018,” that there was a 16 percent increase in the number of attacks measured since last year, as measured between November 2017 through April 2018.
The firm’s research showed that the hospitality industry offers a prime spot of real estate for such attacks.
In the survey, the company found that roughly 40 percent of the traffic across the industry’s sites (i.e., hotel and travel sites) are classified as “impersonators of known browsers,” which is a known fraud conduit, said Kaspersky. Furthermore, the company said that bots are being used to abuse stolen credentials. The data stems from 112 billion bit requests and 3.9 billion malicious login attempts that targeted hospitality firms.
Speaking geographically, origination points congregated around China, Russia and Indonesia, said Akamai.
Don’t think that the attacks are simply a matter of concern for leisure firms. As noted in Imperva Incapsula’s global DDoS report for the fourth quarter, the attacks are sophisticated and last longer than they did before — and they are certainly intense. The report noted that 67 percent of firms were hit with more than one attack, up almost 10 percent from the third quarter.
The attacks come amid a trend that, as estimated by PwC, has seen the value of the cyber insurance stand at as much as $7.5 billion by 2020.