Insight Report: Security in Consumer Payments and Retail Banks
- Pages: 32
- Published: May 2015
- Report Code: VR1152MR
Threats to the payment ecosystem have evolved due to the increased digitization of banking. Fraud mechanisms have moved from forging checks to stealing consumers’ digital identities or penetrating retail banks’ networks. Cyber criminals are organized and innovative, and carry out targeted attacks to exploit the vulnerabilities of digital networks. While banks’ inter-connectivity improves service delivery, it can also leave them exposed to cyber criminals. Instead of attacking banks directly, however, cyber criminals tend to exploit banks’ relationships with merchants, third-party vendors and customers, whose platforms tend to have lower levels of security than banks. During 2010–2015, the number of indirect and systematic attacks has accelerated, raising questions as to whether banks can keep security systems one step ahead of perpetrators.
Banks and cyber criminals operate differently. Cyber criminals use creativity to cheaply and effectively penetrate and breach banking networks. Banks, however, tend to use reactive approaches, limited by their size and operating costs. In addition to external threats, security breaches can result from insider events. Employees are considered trusted entities with access to privileged information, and while some banks spend millions on securing their networks from external threats, very few include insider events in their threat assessments. The tendency to keep failings in-house makes banks vulnerable. In order to counter cyber criminals, retail banks need to shun the perimeter-defense approach and devise strategies for the smarter implementation of risk-management tools.
Analyzes of the methods cyber criminals employ in major attacks on retail bank payment systems
The key challenges faced by retail banks globally in defending consumer payments
Analysis of the initiatives taken by retail banks to secure their payment infrastructures
An exploration of whether context-aware security can help banks balance the demands of consumer convenience and security
Detail of major instances of cyber-attacks on payment systems between 2012 and February 2015
An analysis of the various security measures and tools adopted by retail banks to lower instances of fraud, along with a consideration of their impact and any weaknesses exposed
The key security concerns relating to outsourcing processes
A snapshot of vendor management best practice
An examination of the increasing role of biometrics and tokenisation in securing payments in the global retail banking industry
Analysis of the future options in payment security
What combined factors enable cyber criminals to mount their attacks more rapidly than retail banks can anticipate them? Why do banks tend to lag behind in their response?
Where do banks focus most of their efforts to stop cyber threats? What does the report consider a more effective method of protection?
What should retail banks implement to attempt to defeat systematic attacks? What are the three key factors currently hindering the successful adoption of this approach? Which current tactic is unlikely to be sufficient in this ongoing confrontation and why is this so?
What else is identified as a major threat to data security? Why is this threat consistently underestimated in the retail banking industry? Which traditional characteristic of industry dealings reinforces this situation? Why is the response to this threat significantly under-resourced?
What is the internal operational balance that confounds retail bank responses to cyber threats? How can this be changed in the context of competition in customer experience and ultimately alter market perceptions of bank processes?
Reasons to buy
Assess your organization’s ability to combat cyber crime through an understanding of current cyber-threats in the global payments market
Investigate how banks across the world are trying to limit instances of cyber-attacks and fraud
Identify how successfully these tactics have been adopted to evaluate whether your system of defense is as equally robust as those of your competitors
Analyze insights into the impact of current security tools on various cyber threats whilst assessing their innate strengths and weaknesses
Identify the key factors contributing to the current perception of retail banks lagging behind cyber criminals. Utilize this information to initiate a comprehensive review of your systems and processes
Gain insights into the difficulties of controlling targeted cyber attacks and position your levels of risk in a global industry context
Analyze new approaches intended to limit instances of cyber-threats and fraud
Evaluate how context-aware security can help you improve security without compromising your customer relationships through any associated negative impact on consumer convenience
Bank of America
KB Kookmin Card
NH Nonghyup Card
Royal Bank of Scotland
Caixa Econômica Federal
Table of Contents
1 Executive Summary
2 Are Banks too Slow to Overcome Threats?
2.1 Increasing Threat for Payment Systems
2.2 Why are Banks Lagging Behind?
2.3 Banks’ Approaches to Tackling Threats
3 Outsourcing and Security Concerns
4 The Role of Biometrics and Tokenizaton in Payment Security
4.1 Biometrics in Banking and Payments
4.2 Securing Card Payments with Tokens
5 Balancing Security and Usability
5.1 Is Context-Aware or Progressive Security the Way Forward for Banks?
6 Defeating Cybercriminals: A Collaborative Approach
7.3 Contact GlobalData
7.4 About GlobalData
7.5 GlobalData’s Services
List of Tables
Table 1: Instances of Large-Scale Attacks on Payment Systems, 2012–2015
Table 2: Regional Deployment of EMV, Q4 2013
Table 3: Notable Cybersecurity Expenditure by the ‘Big Four’ US Banks
Table 4: How are Banks Protecting Clients?
Table 5: Potential Applications of Biometrics in Banking and Payments
Table 6: Tokenization and Card Payment Ecosystems
Table 7: Security and Usability Rankings of Key Technologies
Table 8: Perimeter vs Progressive Security
Table 9: A Collaborative Approach to Limit Payment Fraud and Cyber-Attacks on Banks
Table 10: Key Definitions
Table 11: EMVCo Worldwide EMV Deployment: Regional Definitions
List of Figures
Figure 1: Large-Scale Security Incidents in Banking, 2014
Figure 2: Key Challenges for Banks Related to Cybersecurity and Fraud
Figure 3: Card Fraud – the US vs Europe, 2010–2014
Figure 4: Trust Culture in Financial Services and E-Commerce Firms
Figure 5: Levels of Risk in Various Outsourcing Models
Figure 6: Vendor Management Best Practice to Limit Security Concerns
Figure 7: Importance of Biometric Identification – the Consumer Perspective, 2014