For the first Fintech Spotlight of the year, we investigate the future of cyber fraud. Cybersecurity was a hot topic in 2015, with scores of financial firms affected by either DDoS attacks, phishing schemes or database theft. Hacking has become such a prevalent problem that surveys, such as Gartner Group’s annual IT Bank expense survey, no longer segregate answers from cybersecurity and take for granted that it is on everyone’s list.
To learn more about cybersecurity, Finance Magnates connected with Jim Anderson, President of the Americas at BAE Systems Applied Intelligence, where his firm provides both solutions and consulting to companies to handle their cyber risk. With the arrival of 2016, BAE’s Applied Intelligence created three main cyber predictions for 2016 that are on the top of their conversations with clients.
The long-awaited arrival of chip and PIN/EMV in the U.S. will see card fraudsters move to alternative techniques
During 2015, one of the major changes affecting the US payments industry was the Payment Networks Liability Shift that went into effect in October. With it, merchants accepting bank cards using magnetic stripe swipe technology, and not upgrading to the more secure chip and PIN, would be responsible for covering fraudulent transactions. This decision shifted responsibility from card networks who would in the past reimburse merchants for fraudulent transactions. As such, card swiping only terminals are being phased out in favor of more secure technology.
As this trend in new hardware updates takes place, BAE Systems, along with many other companies involved with cybersecurity, believe that card fraud will evolve instead of simply go away. The result is that online fraud is expected to increase while physical card fraud declines.
Fraud doesn’t go away
On this trend, Jim Anderson stated that “fraud doesn’t go away”. He cited statistics from the UK following the migration to chip and PIN technology showing that between 2004 and 2014, card counterfeiting as a percentage of total card fraud declined to 10% from 26%. Simultaneously, card not present (CNP), which includes online and phone based transactions, rose from 30% to 69% of total card fraud.
To combat this problem, the payment industry is moving towards implementing more data driven solutions. Anderson explained that these products analyze data “to find anomalies to find fraud”. Anomalies include transactions initiated in atypical locations as well as strange purchases. For merchants and card networks, Anderson described that it is important for fraud prevention solutions to be integrated “at the point of the transaction”, in order to analyze the payment before it becomes authorized.
A cyber attack on an Internet of Things (IoT) network is likely to result in mass ‘pattern data’ theft or the creation of an IoT botnet
Deloitte’s Banking Report Forecasts the Future of Social DistancingGo to article >>
Another area of concern is Internet of Things (IoT) technology. As more products such as thermostats, kitchen appliances and alarms become connected to the internet, they are creating new sources of personal information being sent through this network. The result is new connection points that need to be secured to prevent identity theft.
As an emerging field though, IoT is attracting entrants with experience in securing data, as well as companies that may be more product based, with less background on the vulnerabilities of connected appliances. In this regard, Anderson stated that his company’s view is that security problems with IoT are “a moving target”. As such, part of the solution of preventing fraud is raising awareness that problems exist, as well as providing guidance on how to secure networks.
In terms of potential hacking, BAE believes that cyber fraud is currently less of a problem for IoT networks, and a larger concern is cybercrime. This includes botnets that can infect IoT networks and cause them to malfunction. However, Anderson explained that typically there is a “convergence of cybercrime and fraud.” This means that after first committing cybercrime and better understanding network vulnerabilities and available data, fraud arrives later.
IoT regulation coming?
With potential botnets and fraud in the future, does this mean we can expect IoT regulation to arrive? Answering this question, Anderson cited that he believed guidelines from regulators about handling and protecting IoT data will be arriving. But, he added that currently, “people are trying to figure out liability”.
In this regard, guidelines need to be in place that protect customers, that don’t destroy innovation, and that free IoT companies of many legal liabilities when they follow regulatory recommendations. Overall, Anderson explained that the “productivity benefits are too good to ignore for IoT”, which will lead to proper solutions to protect data being put in place.
Cyber risk and attempts to mitigate it affordably will continue to evolve from an IT problem into a key risk issue for company leaders
As preparing for cybersecurity risks is being taken for granted as a given among companies, BAE believes that from being an IT issue, it is moving toward a boardroom issue with future decisions and plans made by top executives. Anderson explained that more than just companies analyzing their risks, top executives are becoming part of the decision making process to address what the response plan is if cyber breaches take place.
Industry based collaboration
Among the offshoots of this trend, cybersecurity is becoming an issue that is inspiring more industry based collaboration to find solutions. As such, rivals are now more likely to share data such as behavior analytics or collaborate on industry standards, if it means reducing the effects of cyber fraud.
Anderson also explained that as corporate demand for cybersecurity solutions rises, it will lead to continued growth for ‘security as a service’ companies that provide affordable products to secure corporations. In addition, cybersecurity demand is also leading to partnerships between security vendors to allow them to provide wider ranging coverage for their customers. According to Anderson, this may also lead to M&A taking place in the cybersecurity field as larger firms purchase smaller players with important technologies.
Fintech Spotlight is a new column on Finance Magnates devoted to reviewing innovative financial technology companies and sector trends.