Fraudsters Push Payments Digital Security Agenda Toward Collaboration
For every small merchant that found a way to rewrite itself digitally over the last year or so, it seems there is a cybercriminal waiting in the wings. To date, global cybercrime is doing some $5.2 trillion a year in financial damage, more if one contains the costs and damages associated with laundering $5.2 trillion in ill-gotten gains.
And when one thinks of the rapid proliferation of payments worldwide and the international expansion in digital commerce seen over the last year, Mastercard Senior Vice president, Cyber and Intelligence Paul Trueman told PYMNTS in a recent conversation, the scale and scope of threats in the financial services industry and beyond are likely only going up from here.
“There’s so many stats but they all substantiate the same fact: we are engaged in an ongoing and escalating struggle against more persistent, agile and well-funded cyber adversaries than we ever have in the past,” Trueman said.
These adversaries might be professional crime rings looking to leverage cutting-edge artificial intelligence (AI) technology against the unaware or state-sponsored actors using all the best tricks and tools. Cybercrime is no longer just the realm of lone-wolf criminals sitting in the basement with small aims in mind but now includes well-funded professionals that ecosystem watchers are concerned could be the “next pandemic” in terms of ability to cause damage on a worldwide scale.
Trueman said the technologies that have rolled out over the last year had brought convenience, connection, and utility to consumers’ lives just when they needed it. That created an opportunity to “change everyone’s lives for the better.”
Security And Convenience
“These technologies must be secure because otherwise we lose the trust of the people that is required for these systems to be adopted,” he said. “I remember for years, the question I was always asked was ‘Well is it security or convenience?’ The bottom line is if you want scaled adoption, you need to turn up with the technology that makes things more secure and more convenient,” Trueman said. He pointed to advances in biometrics and contactless payments enabled as part of a multilayer approach to security that works in tandem to make it easier to detect and reduce threats while simultaneously upgrading the consumer shopping experience.
Security and convenience need not be contradictory goals, he said, or work against each other. Industry can align its services so that both are being pushed simultaneously. In fact, the industry has to start thinking about how it will do that going forward because the needs in the segment as the world of commerce become increasingly digitized and omnichannel are only going to grow. Fraudsters are rolling out new tricks — and going back to golden oldies — taking an opportunity to use their best material on the new cohort of consumers and small- and medium-sized businesses (SMBs) who were “real world only” consumers pre-pandemic and are now flooding into the digital world, presenting perfect targets for the unscrupulous.
Those SMBs, he said, are of particular concern to Mastercard because they’ve been hit so hard by the pandemic thus far and have been forced to adapt so quickly digitally. Trueman said these firms are the backbone of society, and they have been pushed to the brink or in many cases, right over it during this pandemic. Rethinking and remapping the entire security landscape, he said, is critically important because it’s simply unreasonable to believe these people can become cybersecurity experts overnight in the middle of responding to a historical worldwide crisis.
“If you’re a baker, your joy is in making bread or cakes, and it isn’t in cybersecurity. Yet if an attacker gets in with a simple ransomware, it’s very easy to see how they lose the trust of all their customers, he said. “Good technology with good governance actually creates safer outcomes. So often, people don’t do things right. They don’t patch things. They don’t put the right controls in place. They don’t understand cybersecurity. We’ve got to make sure that they understand they’ve got to do a few simple things and we can help them by educating them and by enabling them with new technologies.”
Strength In Numbers
Moreover, he said, Mastercard knows that the work of securing something as massive and complex as the payment and commerce ecosystem isn’t and can’t be the work of a single player — even one as large as Mastercard. That’s why the firm is hosting its second annual Cyber & Risk Summit on May 11 and 12 to once again bring in stakeholders to collaborate on finding, and hopefully improving, the weak points throughout the system.
The hope, he said, is to bring professionals together to really try to get ahead of cybercrime instead of merely reacting to it as it strikes and trying to clean up afterward. Because he said the landscape has changed and it’s no longer going to be enough to respond to fraudsters ad hoc — it’s important to find ways to get ahead of them before they can hit at all.
“When we walk down a road, we don’t look at our feet, we’re looking in front of us,” he said. “The problem with security can often be when you’re looking at what’s attacking you at this moment in time, you are looking at your feet. But actually, if you’re going to get ahead, businesses need to be looking a little bit further out. You walk down the street looking three, four paces ahead. That’s how to ensure you are proactively facing into the threats in front of you as society and digital evolves.”