By Ajay Bhalla
The past decade has witnessed an unprecedented convergence of physical and digital worlds.
Ceaseless technological innovation is driving a perpetual seismic shift, fundamentally changing almost every aspect of our lives, from the way we communicate to how we manage our health.
There can be no more striking example of this constant evolution than in the way we make payments.
The growth of digital transactions is the most significant development in this arena since the introduction of plastic payment cards half a century ago and has accelerated the rate of change beyond all expectations.
But as technology permits novel, faster, simpler and more convenient ways to pay, so with each step we must adapt new defences to thwart fraud.
By constantly stress-testing these safeguards and improving them, payments have undeniably never been more secure. But, at the same time, criminals have never been smarter.
Cybercrime is the now the most serious threat to businesses and national economies that has ever been seen.
Adrian Leppard, the City of London Police Commissioner, was not exaggerating when he recently warned that it may be more lucrative than the drugs trade.
The biggest bank raid in history – uncovered earlier this year – was not staged by balaclava-clad crooks wielding sawn-off shotguns. It was a gang of computer hackers that plundered £650million from more than 100 financial institutions worldwide with the click of a mouse.
But despite these and multiple other alarm bells ringing, the world is at very real risk of sleepwalking into deeper disaster. The technology to counter these threats exists but is simply not being adopted widely or quickly enough, needlessly gifting the upper hand to cybercriminals.
It is for this reason that we are witnessing such a sharp surge in attacks – and these are just the ones we know about.
To turn the tide in this battle requires the universal commitment of financial institutions, retailers and payment networks, as well as greater vigilance among consumers.
It also demands agility – ensuring the latest and most effective weapons available are being deployed to counter every possible line of attack and stay one step ahead of criminals.
The slow uptake of what many of us already consider essential technologies is an indication of the scale of the challenge ahead. While research shows that 43% of global fraud is achieved through counterfeiting cards, EMV (chip and PIN) has still not taken root in some of the world’s largest economies. It’s effectiveness as a first line of defence is clear – in Africa, Europe and Canada it has slashed fraud by 80%.
A greater menace is the growing scourge of card not present attacks, which account for more than half of all fraud but can be countered through existing identity verification techniques. Entry level tools such as password cardholder verification are still not universally used, yet far more secure methods using biometrics are already waiting in the wings. These technologies hold huge potential for eliminating the human error of relying on passwords while also making payments both easier and safer in one fell swoop. Innovations supported by our network, such as Apple Pay, demonstrate the potential in this field but this is just the tip of the iceberg.
Furthermore, in 2014 there were more than 420 million cardholder identities exposed through merchant system breaches – a number that could be dramatically cut through greater use of encryption and tokenization, which shield sensitive data by making consumers’ card numbers anonymous.
And working silently above all of these measures are state-of-the-art real-time network monitoring and transaction screening systems to fight cyber hacks on banks, processors and, increasingly, the Internet of Things.
The crucial point here is that there is no silver bullet to preventing security breaches and defeating fraud – a multi-layered approach using the entire repertoire of defences must be pursued.
This means adopting measures that not only prevent breaches but are also capable of detecting and resolving threats once security has been compromised, thus minimising losses.
One of the key lessons from the £650million Carbanak attack – in which hackers used viruses to infect the networks of financial institutions – is that once inside, this malware is very difficult to identify until it is too late and the damage has been done.
The overall benefit of making safety and security a priority goes beyond preventing such high value losses – the reputational impact of such attacks and their effect on daily banking can have a devastating effect on an institution’s bottom line. This could not be more important in an era when public trust in the banking sector has been so significantly impacted in the wake of the global economic crisis.
But the onus cannot rest solely on financial institutions. I firmly believe that the payments industry as a whole has a responsibility to enhance the overall payment experience without making compromises on safety. That is why safety and security has always been MasterCard’s number one priority.
The world of electronic payments has changed beyond all expectations and the pace of development shows no sign of slowing down. We will see greater change in the next five years than we have seen in the last five decades, bringing ever more security challenges and opportunities.
To really stay one step ahead, we need to work in partnership and stimulate a change in mindset from one that sees security innovations as optional to one that recognisesthey are an absolute necessity. Through the right global standards, best products and services, and our desire to constantly innovate, we can ensure everyone is protected everywhere and every time they pay, which will ultimately define and defend the future of payments.