When it comes to securing payments, one can never be too safe.
As digital transactions increase and technology advances at breakneck speed, so do the tactics of cyber adversaries. Within the changing cyber threat landscape, few sectors are as dynamically challenged as the payments industry in locking down and protecting critical infrastructure and data.
“The barrier for entry has never been lower for threat actors,” Sunil Mallik, chief information security officer at Discover® Global Network, told PYMNTS, noting that the cost of computing power has decreased dramatically over the past decade, making it easier for criminals to access powerful tools and launch sophisticated attacks.
Compounding these issues is the fact that, unlike across historical banking models where physical presence was required to compromise financial systems, today’s adversaries can operate digitally across borders and exploit vulnerabilities at an almost industrialized and borderless scale, increasing the potential for attack by cybercriminals to financial services and payments organizations from anywhere in the world.
As Mallik highlighted, emerging technologies like generative artificial intelligence (AI) and around-the-corner computing advances like quantum cryptography are two innovation areas that both pose challenges for the payments industry while presenting transformative opportunities.
“Quantum cryptography could break encryption, and we will all have to evolve in the detection, prevention and protection space,” said Mallik, adding that quantum threat capabilities will likely remain at the “nation-state” level while AI-generated deepfakes and scams are already multiplying.
Still, he said, because financial services represent critical infrastructure, they are prime targets for cyber warfare.
But the impact digital innovation is having across the cybersecurity landscape isn’t all bad news — and the powerful tools aren’t at all concentrated in the hands of fraudsters.
AI and machine learning capabilities, when used responsibly, have the potential to radically transform cybersecurity across the payments landscape.
AI can help manage the sheer volume of security-related data processed by payment systems, allowing firms to identify anomalies in milliseconds and provide real-time protection to secure transactions, Mallik said.
“I truly believe that as much as AI can add to cybersecurity threats, it is also a great opportunity within payments security,” he said, noting that as cyber threats become more sophisticated, the ability to quickly identify and respond to these threats becomes critical.
Discover Global Network itself employs a multilayered cybersecurity strategy that encompasses people, processes and technology.
“It’s a combination of defenses at the human layer, controls at the network layer, application layer and business process layer,” Mallik said. “This is complemented by continuous monitoring of the external threat environment.”
He stressed the importance of education and awareness among employees, who are often the first line of defense against cyber threats.
“It starts with our people,” he said. “We ensure that our workforce is educated about the cyber risks associated with their daily activities. We implement strict access controls and use multifactor authentication to secure transactions. We also have a mature cyber threat intelligence program that monitors the external environment for potential threats.”
Collaboration and information sharing are also key to building a robust cybersecurity framework.
“I’m a firm believer that information sharing is key,” said Mallik, advocating for partnerships between financial institutions, merchants, regulatory bodies and industry groups to combat cyber threats effectively.
Such collaborations, which never share competitive or sensitive information, enable the industry to stay ahead of evolving threats and implement best practices for cybersecurity, he said.
“We can all help each other in fighting this crime together … the space is always changing, and we see new things every day — if we share that information, we can all help reduce the attack surface of the shared threat environment,” he said.
Looking ahead, Mallik said securing the financial services supply chain “will continue to be a challenge … we need to find ways to manage that risk effectively.”
He said AI and machine learning can help with identifying vendor risks and staying up to date with automated compliance programs.
“We need to embrace technology for the greater good and reduce fraud across the environment for anyone in the payment ecosystem … the speed of trust is measured in milliseconds,” Mallik said.
Without secure payments that are available when customers want them, he said, there can be no trust or relationship.