Securing the Innovations within Financial Services Part 1 - The Payments Industry

Consumers have been increasingly demanding more transparency and interaction with their products and services, which has driven businesses to adopt technological innovations to optimise customer engagement. But how confident are these businesses that they fully understand the level of security risk they are facing when exploring these disruptive initiatives?

In this series of blogs, we will be looking into the widespread innovations taking place within the financial services (FS) sector, the key security related risks that come with them for businesses to consider. This is the first part of this blog series, where we look specifically into the security risks associated with payment innovations.

Innovating in a vulnerable payments industry

The payments industry has undergone a dramatic transformation in the use of technology innovation to optimise the customer experience, reduce operational costs and make payments easier and more efficient. Examples include digital wallets, machine-to-machine payments and in-app purchasing but also include more infrastructural developments such as the use of blockchain technology in augmented money transfer models. These have, however, opened up doors to new vulnerabilities.

Recent cyber breaches on the FS sector demonstrate the security vulnerabilities within the supply-chain being exploited by cyber attackers. Consequently, this can damage customers’ trust and result in regulatory penalties if the appropriate security measures aren’t in place. Business leaders in charge of digital, user-experience and innovation need to bring security and risk leadership to the table to ensure cyber security risk management is embedded within these digital programmes from the outset.

Key areas of concern point to the supply chain

When examining these innovations, it becomes increasingly evident that understanding the supply chain liabilities and risks is key when understanding the cyber security impact to the payments market, particularly in the following areas:

• Compromise of third-party digital wallet providers - The rapid increase of digital payments attracts opportunities for cyber criminals to indirectly access an organisation’s critical assets. The widespread use of digital wallets has seen emerging threats facing stakeholders involved in the supply chain such as mobile payment applications, card issuers and payment network providers.
• Card-less service providers - The intricacies involved in card-less transactions such as vendor financing schemes elevate the risk of unauthorised access and fraud, due to multiple customer-triggered integrations between the bank and vendor finance company. However, consumers today are increasingly informed about the likelihood of a breach to their personal data through their service providers and will have no hesitation in moving their business to another service provider if they feel their personal data could be vulnerable to attackers.
• Obfuscation via Blockchain - Blockchain is being adopted by numerous service providers, however the market opportunity for adoption has left a steep hill to climb when monitoring illegitimate transactions. At the same time, the level of ambiguity over regulatory standards leaves these organisations with little security guidance they can trust.

It is important for security, risk and business leadership to fully understand these risks and take appropriate measures to protect and enable these technologies. If you would like to learn more about securing innovations within the payments industry, download our free whitepaper or contact one of our experts: