dimanche 31 mai 2020

Future of Cybersecurity for Payment Companies


Future of Cybersecurity for Payment Companies

Exploring the future of cybersecurity is essential to payment companies as this industry highly relies on information technology (IT) and Internet services. Significant growth in the number of Internet users and devices, along with an exponential increase in online transactions, potentially produce new cyber threats and risks. This work discusses future cyber threats for online payment companies, and optimal solutions are sought.

Cybersecurity

The applications of Internet and networks have considerably increased over the past decade, and the reports reveal that the number of Internet users and network devices will be significantly raised in the near future where the security is still the most crucial concern in such an ecosystem (Ben-Daya, Hassini, & Bahroun, 2019). Cybersecurity is a practice of protecting network components through establishing regulations, providing adequate infrastructures and tools (Habibzadeh, Nussbaum, Anjomshoa, Kantarci, & Soyata, 2019). People, processes, and technology are considered as the pillars of cybersecurity that aim to improve staff knowledge, enhance systems risk management, and employ the latest technology to ensure systems to be safe and secured against possible threats (Chan et al., 2019). Many businesses, including the financial sector and online payment companies collecting sensitive customers’ data, encounter cyber threats every day, and the number of attacks (Figure 1) resulting in data breaches grows up across the globe per anum (Kerr, 2018). Therefore, identification of vulnerabilities and assessing cyber threats and risks enables practitioners in the field to plan how to lessen the impact of risks and neutralize cyber threats that can occur to organizations (Habibzadeh et al., 2019; Kerr, 2018).

Figure 1The number of data breaches has steadily increased from 2005 to 2019 reported by Identity Theft Resource Center (ITRC) 2019 End-of-Year Data Breach Report, page 25



Online Payment Industry

Advances in Internet-based technologies have enabled financial institutions – which are traditionally few steps behind the current state-of-the-art technology – to expand payment methods into online models where customers can use their personal computers or portable devices to complete any transactions (Cardoso & Martinez, 2019). However, such capabilities might increase systems vulnerabilities as both companies and customers communicate through networks experiencing cyber threats and risks (Wang, Ding, Zhao, Yu, & Jiang, 2018). For example, an online payment company having around 20000 employees in the United States and other countries with over US$70 billion total assets often face cyber threats launched from various sources. The number of transactions in such a company can exceed 150 million per day, where the highest risk is payment fraud and fraudulent activities (Rajeshwari & Babu, 2016). Such a large-scale online payment company should consider current cyber threats and envision potential future threats and risks occurring to the organization to prevent incidents and to strengthen their infrastructure and defense or recovery mechanisms.

Cyber Threats and Risks

The online payment industry, including the company, mentioned earlier, encounter internal and external cyber threats that might become risks to the organization consisting of botnets, distributed denial-of-service (DDoS) attacks, phishing, hacking, ransomware, spoofing, spying and social engineering (Taylor, 2020). Identification and analysis of cyber threats enable organizations to categorize the threats into low, moderate, and high impact level where such information is used in cyber risk management for planning purposes (Cardoso & Martinez, 2019). The online payment company faces several risks caused by the threats, which consist of a sensitive data breach, identity theft, loss of data, business interruption, and cyber extortion. Cisco reports illustrate that despite employing cybersecurity technology, data breaches happening every year cause considerable financial damages (Figure 2).

Figure 2Data breaches cause financial damages every year, and the American companies have faced over $1.8 billion deficits from 2005 to 2019 according to Cisco Annual Cybersecurity Report 2018, page 46



However, the biggest challenge for such an online (credit card) company refers to fraudulent transactions. A fraud transaction might be performed in various ways, including identity theft, hidden fee charge, merchant fraud, triangulation, and affiliated fraud (Witke, 2019). Other challenges that the company faces are high fraud velocity and veracity, which refer to the dynamic nature of fraud methods (Dhillon, 2017). Hackers frequently alter fraud procedures to steal sensitive data and perform fraudulent transactions; therefore, such a payment company should always seek advanced techniques to protect the online payment system (Dhillon, 2017). Analyzing current cyber threats and risks along with exploring potential future risks threatening such an organization allows the company’s business and cybersecurity experts to prepare risk mitigation and recovery plan (Refsdal, Solhaug, & Stølen, 2015).  

Future Threats and Risks

The online payment industry highly relies on the Internet and networks where recent reports indicate the number of devices connected to the Internet, referring to the Internet of Things (IoT) consumers is exceeding 31 billion in 2020 (Maayan, 2020). Such a massive number of devices having different levels of security and vulnerabilities, potentially produce new threats and risks to online payment companies. Therefore, the significant future risks threatening such organizations are derived by IoT cyber threats including a) cyber reconnaissance referring to an attack to access targeted devices’ sensitive data, b) password hacking resulting in various types of fraudulent activities, c) tracking devices’ location in a real-time or offline mode and d) controlled attacks referring to the use of hacked IoT devices as a third-party source to attack other targeted organizations (Jacob, 2020). 
Besides IoT-related threats, cybersecurity experts forecast that online payment companies such as the large-scale organization discussed to encounter four significant threats in the future, including a) over-trusting encryption b) vulnerabilities in clouds’ security c) sophisticated fraud algorithms and d) cryptocurrency fraud. Online payment companies employ sophisticated methodologies to encrypt transactions and sensitive data (Scriven,2018). However, such encryption methods are predefined and can be hacked; therefore, over-trusting encryption causes the risk of data breaches (Ahmed & Garg, 2019). Most payment companies utilize cloud environments to decentralize their infrastructures to benefit from the advantages of clouds’ ecosystem (Witke, 2019). Cloud service providers offer various cybersecurity products to protect their customers’ data; however, online payment companies require extra architectures further to improve their systems’ security against potential attacks or illegitimate access to data (Chabrow, 2011). Also, online fraudsters always explore novel techniques and tools to access customers’ sensitive data, including credit card and bank accounts, so that payment companies are to address such threats by employing innovative mechanisms (Rajeshwari & Babu, 2016). As mentioned earlier, cryptocurrency fraud is another potential challenge for the payment industry as using such currency is expanding across the globe, and highly relies on the Internet where it faces Internet ecosystem cyber threats and risks along with encryption concern, as discussed above (Scriven,2018).

Solutions and Technologies

To address potential cyber threats and risks that affect the online payment industry, companies require to employ fashionable risk management processes along with novel security tools and techniques. Besides IoT infrastructures that are to be highly secured and frequently updated, using artificial intelligence (AI) and machine learning (ML) allow payment companies to predict threats and overcome potential risks occurring to the organizations. Payment companies require to expand the applications of AI/ML techniques and tools into their numerous areas, including fraud detection, cyber-attack prediction, defense mechanisms, encryption (i.e., quantum computing), cryptocurrency and predictive modeling in risk management. In the future, payment companies will continue collecting a significant amount of data compared to today so that they are to completely utilize big data tools and analytics to expedite AI-based data processing. Such tools and techniques enable cybersecurity experts to design and implement highly secured and automated multi-layer architectures for the online payment industry.

Conclusion

The future of cybersecurity threats and risks for online payment companies are highly related to Internet and IoT challenges and vulnerabilities. Such threats vary from password and authentication threats to the security of cloud services. Moreover, this industry might encounter advanced threats, including over-trusting encryption and sophisticated fraud scenarios. Optimal solutions for such threats are to employ enabled AI/ML multi-layer architectures where cybersecurity systems automatically monitor and trigger defense mechanisms and ad hoc recovery plans.

References

Ahmed, Q. W., & Garg, S. (2019). A cloud computing-based advanced encryption standard. Paper presented at the 2019 Third International conference on I-SMAC (IoT in Social, Mobile, Analytics, and Cloud) (I-SMAC).
Ben-Daya, M., Hassini, E., & Bahroun, Z. (2019). Internet of things and supply chain management: a literature review. International Journal of Production Research, 57(15-16), 4719-4742.
Cardoso, S., & Martinez, L. F. (2019). Online payments strategy: how third-party internet seals of approval and payment provider reputation influence the Millennials’ online transactions. Electronic Commerce Research, 19(1), 189-209.
Chan, L., Morgan, I., Simon, H., Alshabanat, F., Ober, D., Gentry, J., . . . Cao, R. (2019). Survey of ai in cybersecurity for information technology management. Paper presented at the 2019 IEEE Technology & Engineering Management Conference (TEMSCON).
Daniel Jacob (2020). What is the most prolific cyber threat from IoT devices? DATA FLOQ. https://datafloq.com/read/what-prolific-cyber-threat-iot-devices/7892
Eric Chabrow (2011). 10 realms of cloud security services. Bank Info Security. https://www.bankinfosecurity.com/10-realms-cloud-security-services-a-4097
Gene Scriven (2018). The 12 most significant security threats to payments. ACI Universal Payments. https://www.aciworldwide.com/insights/expert-view/2018/april/12-biggest-security-threats-to-payments
Gilad David Maayan (2020). The IoT rundown for 2020: stats, risks, and solutions. Security Today. https://securitytoday.com/articles/2020/01/13/the-iot-rundown-for-2020.aspx
Gurdeep Dhillon (2017). The 3 V’s beyond big data: volume, variety, and velocity for marketers. The Future of Customer Engagement and Experience. https://www.the-future-of-commerce.com/2017/08/24/big-data-volume-variety-velocity-for-marketers/
Habibzadeh, H., Nussbaum, B. H., Anjomshoa, F., Kantarci, B., & Soyata, T. (2019). A survey on cybersecurity, data privacy, and policy issues in the cyber-physical system deployments in smart cities. Sustainable Cities and Society.
Hugh Taylor (2020). What are cyber threats and what to do about them? Prey Project. https://preyproject.com/blog/en/what-are-cyber-threats-how-they-affect-you-what-to-do-about-them/
Karsten Witke (2019). The seven types of e-commerce fraud explained. Information Age. https://www.information-age.com/seven-types-e-commerce-fraud-explained-123461276/
Kerr, G. (2018). Cybersecurity in banking and payments in the United Kingdom. The VISIO JOURNAL, 39.
Rajeshwari, U., & Babu, B. S. (2016). Real-time credit card fraud detection using Streaming Analytics. Paper presented at the 2016 2nd International Conference on Applied and Theoretical Computing and Communication Technology (iCATccT).
Refsdal, A., Solhaug, B., & Stølen, K. (2015). Cyber-risk management. In Cyber-Risk Management (pp. 33-47): Springer.
Wang, M., Ding, Z., Zhao, P., Yu, W., & Jiang, C. (2018). A dynamic data slice approach to the vulnerability analysis of e-commerce systems. IEEE Transactions on Systems, Man, and Cybernetics: Systems.

mercredi 25 novembre 2015

Ferdoux Abiverdois - Simuler la vie dans un village français

Le bon vieux  temps de grande simulation globale... Cliquez ici!

dimanche 16 août 2015

Bonjour de France !

Bonjour de France est un « cyber-magazine » éducatif gratuit contenant des exercices, des tests et des jeux pour apprendre le français ainsi que des fiches pédagogiques à l’attention des enseignants de français langue étrangère (FLE).
Cliquez ici!

dimanche 14 décembre 2014

Futur simple (un petit appel)

Pour la plupart des verbes, le radical du futur est l'infinitif et les terminaisons sont:

Je -ai
Tu -as
Il/Elle -a
Nous -ons
Vous -ez
Ils/Elles -ont

1 - Les verbes du premier et deuxième group : inf. + terminaisons
2 - Pour les verbes du troisième group, il faut apprendre la première personne du singulier.

Exemples:

Je passerai (1er group)
Tu choisiras (2e group)
Elle viendra (3e group)


samedi 9 mars 2013

Insultes en français +18


Veuillez consulter le lien ci-dessous et voilà une collection précieuse des insultes en français!
N.B.: Il est fortement déconseillé aux moins de 18 ans d'ouvrir le lien!!!


mercredi 25 juillet 2012

L’ordre des pronoms COD / COI



Un des grands problèmes des apprenants de français est de savoir où il faut mettre les pronoms compléments d’objet direct et indirect dans une phrase. Le tableau ci-dessous inspirée de la « Grammaire du français – cours de civilisation française de la Sorbonne » pourrait frapper une idée de l’ordre des pronoms.

Les expressions québécoises 5


Les expressions québécoises 4


vendredi 16 mars 2012

vendredi 3 février 2012

samedi 24 décembre 2011

Compétences en français et en anglais


Les requérants intéressés sont toujours capable de consulter les liens ci-dessous pour obtenir les informations concernant l’examen TCFQ et TEFAQ :
C’est juste pour vous rappeler que la soumission des certificats en français et anglais a été obligatoire pour avoir les points des langues dans les grilles d’évaluation (Immigration Québec) à partir du 6 décembre 2011.

lundi 12 décembre 2011

Déposer les résultats des tests de compétences linguistiques!


Depuis le 6 décembre 2011, tous les nouveaux candidats de la sous-catégorie Travailleurs qualifiés qui souhaitent obtenir des points à la grille de sélection pour leur connaissance du français (requérant principal et conjoint: maximum de 16 points) et de l’anglais (requérant principal seulement: maximum de 6 points) doivent joindre à leur demande d’immigration des attestations de résultats reconnues par le Ministère. Les enfants qui accompagnent leurs parents sont exemptés de cette nouvelle exigence.


http://www.immigration-quebec.gouv.qc.ca/fr/informations/note-competences-linguistiques.html

samedi 12 mars 2011

Les expressions québécoises 1


Bonjour à tout ce qui consulte ce blog,

Etant donné qu’il y a beaucoup d’immigrants du Québec ne sont pas familiers avec les expressions québécoises, j’ai décidé de les mettre sur mon blog. Cela aidera les immigrants à mieux comprendre le français québécois.


samedi 3 juillet 2010

L'art de bien mettre la table en France


Pendant le terme « CS4 » fait de mai à juin 2010 à l’institut Qotb-e-Ravandi, j’ai demandé aussi à une étudiante de travailler sur « l’art de bien mettre la table en France » et de préparer un tableau dans lequel il y a d’informations illustrées concernées. Cette gentille etudiante qui s’appelle « Maryam PARASHKHOO» a fait son mieux et voici le résultat obtenu sur l’image ci-dessus.
Je tien à remercier et féliciter à Maryam.
Saman SARRAF
Le 3 juillet 2010-07-03
Téhéran


Le zodiaque

Pendant le terme « CS4 » fait de mai à juin 2010 à l’institut Qotb-e-Ravandi, j’ai demandé à mes trois étudiants de travailler sur les vocabulaires de l’astrologie et de préparer un tableau dans lequel il y a d’informations illustrées concernées.
Ces trois étudiants décidés qui s’appellent: « Mansoureh ABDOLLAHI, Taher RAHBARI et Hassan SEIFI » ont fait le mieux et voici leur résultat affiché sur l’image ci-dessus.
Moi-même, comme leur professeur et leur ami, je tien à leur remercier et féliciter.
Saman SARRAF
Le 3 juillet 2010-07-03
Téhéran

jeudi 26 mars 2009

Bonne année


Mes meilleurs vœux pour l’année 1388.

Bonne et heureuse année!

On se verra à Montréal!





mardi 30 septembre 2008

L'interview de sélection du Québec


L'interview de sélection du Québec