Future of Cybersecurity for Payment Companies
Exploring the future of cybersecurity is essential to
payment companies as this industry highly relies on information technology (IT)
and Internet services. Significant growth in the number of Internet users and
devices, along with an exponential increase in online transactions, potentially
produce new cyber threats and risks. This work discusses future cyber threats
for online payment companies, and optimal solutions are sought.
Cybersecurity
The applications of Internet and networks have considerably
increased over the past decade, and the reports reveal that the number of
Internet users and network devices will be significantly raised in the near
future where the security is still the most crucial concern in such an
ecosystem (Ben-Daya, Hassini, & Bahroun, 2019). Cybersecurity is a practice
of protecting network components through establishing regulations, providing
adequate infrastructures and tools (Habibzadeh, Nussbaum, Anjomshoa, Kantarci,
& Soyata, 2019). People, processes, and technology are considered as the
pillars of cybersecurity that aim to improve staff knowledge, enhance systems
risk management, and employ the latest technology to ensure systems to be safe
and secured against possible threats (Chan et al., 2019). Many businesses,
including the financial sector and online payment companies collecting
sensitive customers’ data, encounter cyber threats every day, and the number of
attacks (Figure 1) resulting in data breaches grows up across the globe per
anum (Kerr, 2018). Therefore, identification of vulnerabilities and assessing
cyber threats and risks enables practitioners in the field to plan how to
lessen the impact of risks and neutralize cyber threats that can occur to
organizations (Habibzadeh et al., 2019; Kerr, 2018).
 |
| Figure 1. The number of data breaches has steadily increased from 2005 to 2019 reported by Identity Theft Resource Center (ITRC) 2019 End-of-Year Data Breach Report, page 25 |
Online Payment Industry
Advances in Internet-based technologies have enabled
financial institutions – which are traditionally few steps behind the current state-of-the-art
technology – to expand payment methods into online models where customers can
use their personal computers or portable devices to complete any transactions
(Cardoso & Martinez, 2019). However, such capabilities might increase
systems vulnerabilities as both companies and customers communicate through
networks experiencing cyber threats and risks (Wang, Ding, Zhao, Yu, &
Jiang, 2018). For example, an online payment company having around 20000
employees in the United States and other countries with over US$70 billion
total assets often face cyber threats launched from various sources. The number
of transactions in such a company can exceed 150 million per day, where the
highest risk is payment fraud and fraudulent activities (Rajeshwari & Babu,
2016). Such a large-scale online payment company should consider current cyber
threats and envision potential future threats and risks occurring to the
organization to prevent incidents and to strengthen their infrastructure and
defense or recovery mechanisms.
Cyber Threats and Risks
The online payment industry, including the company, mentioned
earlier, encounter internal and external cyber threats that might become risks
to the organization consisting of botnets, distributed denial-of-service (DDoS)
attacks, phishing, hacking, ransomware, spoofing, spying and social engineering
(Taylor, 2020). Identification and analysis of cyber threats enable
organizations to categorize the threats into low, moderate, and high impact
level where such information is used in cyber risk management for planning
purposes (Cardoso & Martinez, 2019). The online payment company faces
several risks caused by the threats, which consist of a sensitive data breach,
identity theft, loss of data, business interruption, and cyber extortion. Cisco
reports illustrate that despite employing cybersecurity technology, data
breaches happening every year cause considerable financial damages (Figure 2).
 |
| Figure 2. Data breaches cause financial damages every year, and the American companies have faced over $1.8 billion deficits from 2005 to 2019 according to Cisco Annual Cybersecurity Report 2018, page 46 |
However, the biggest challenge for such an online (credit card) company refers to fraudulent transactions. A fraud transaction might be performed in various ways, including identity theft, hidden fee charge, merchant fraud, triangulation, and affiliated fraud (Witke, 2019). Other challenges that the company faces are high fraud velocity and veracity, which refer to the dynamic nature of fraud methods (Dhillon, 2017). Hackers frequently alter fraud procedures to steal sensitive data and perform fraudulent transactions; therefore, such a payment company should always seek advanced techniques to protect the online payment system (Dhillon, 2017). Analyzing current cyber threats and risks along with exploring potential future risks threatening such an organization allows the company’s business and cybersecurity experts to prepare risk mitigation and recovery plan (Refsdal, Solhaug, & Stølen, 2015).
Future Threats and Risks
The online payment industry highly relies on the Internet
and networks where recent reports indicate the number of devices connected to
the Internet, referring to the Internet of Things (IoT) consumers is exceeding
31 billion in 2020 (Maayan, 2020). Such a massive number of devices having
different levels of security and vulnerabilities, potentially produce new
threats and risks to online payment companies. Therefore, the significant
future risks threatening such organizations are derived by IoT cyber threats
including a) cyber reconnaissance referring to an attack to access targeted
devices’ sensitive data, b) password hacking resulting in various types of fraudulent
activities, c) tracking devices’ location in a real-time or offline mode and d)
controlled attacks referring to the use of hacked IoT devices as a third-party
source to attack other targeted organizations (Jacob, 2020).
Besides IoT-related threats, cybersecurity experts forecast
that online payment companies such as the large-scale organization discussed to
encounter four significant threats in the future, including a) over-trusting
encryption b) vulnerabilities in clouds’ security c) sophisticated fraud
algorithms and d) cryptocurrency fraud. Online payment companies employ
sophisticated methodologies to encrypt transactions and sensitive data
(Scriven,2018). However, such encryption methods are predefined and can be
hacked; therefore, over-trusting encryption causes the risk of data breaches
(Ahmed & Garg, 2019). Most payment companies utilize cloud environments to
decentralize their infrastructures to benefit from the advantages of clouds’
ecosystem (Witke, 2019). Cloud service providers offer various cybersecurity
products to protect their customers’ data; however, online payment companies
require extra architectures further to improve their systems’ security against
potential attacks or illegitimate access to data (Chabrow, 2011). Also, online
fraudsters always explore novel techniques and tools to access customers’
sensitive data, including credit card and bank accounts, so that payment
companies are to address such threats by employing innovative mechanisms
(Rajeshwari & Babu, 2016). As mentioned earlier, cryptocurrency fraud is
another potential challenge for the payment industry as using such currency is
expanding across the globe, and highly relies on the Internet where it faces
Internet ecosystem cyber threats and risks along with encryption concern, as
discussed above (Scriven,2018).
Solutions and Technologies
To address potential cyber threats and risks that affect the
online payment industry, companies require to employ fashionable risk
management processes along with novel security tools and techniques. Besides
IoT infrastructures that are to be highly secured and frequently updated, using
artificial intelligence (AI) and machine learning (ML) allow payment companies
to predict threats and overcome potential risks occurring to the organizations.
Payment companies require to expand the applications of AI/ML techniques and
tools into their numerous areas, including fraud detection, cyber-attack
prediction, defense mechanisms, encryption (i.e., quantum computing),
cryptocurrency and predictive modeling in risk management. In the future,
payment companies will continue collecting a significant amount of data
compared to today so that they are to completely utilize big data tools and
analytics to expedite AI-based data processing. Such tools and techniques
enable cybersecurity experts to design and implement highly secured and
automated multi-layer architectures for the online payment industry.
Conclusion
The future of cybersecurity threats and risks for online
payment companies are highly related to Internet and IoT challenges and
vulnerabilities. Such threats vary from password and authentication threats to
the security of cloud services. Moreover, this industry might encounter
advanced threats, including over-trusting encryption and sophisticated fraud
scenarios. Optimal solutions for such threats are to employ enabled AI/ML
multi-layer architectures where cybersecurity systems automatically monitor and
trigger defense mechanisms and ad hoc recovery plans.
References
Ahmed, Q.
W., & Garg, S. (2019). A cloud computing-based advanced encryption standard.
Paper presented at the 2019 Third International conference on I-SMAC (IoT in
Social, Mobile, Analytics, and Cloud) (I-SMAC).
Ben-Daya,
M., Hassini, E., & Bahroun, Z. (2019). Internet of things and supply chain
management: a literature review. International Journal of Production
Research, 57(15-16), 4719-4742.
Cardoso,
S., & Martinez, L. F. (2019). Online payments strategy: how third-party
internet seals of approval and payment provider reputation influence the
Millennials’ online transactions. Electronic Commerce Research, 19(1),
189-209.
Chan, L.,
Morgan, I., Simon, H., Alshabanat, F., Ober, D., Gentry, J., . . . Cao, R.
(2019). Survey of ai in cybersecurity for information technology management. Paper
presented at the 2019 IEEE Technology & Engineering Management Conference (TEMSCON).
Daniel
Jacob (2020). What is the most prolific cyber threat from IoT devices? DATA
FLOQ. https://datafloq.com/read/what-prolific-cyber-threat-iot-devices/7892
Eric
Chabrow (2011). 10 realms of cloud security services. Bank Info Security. https://www.bankinfosecurity.com/10-realms-cloud-security-services-a-4097
Gene
Scriven (2018). The 12 most significant security threats to payments. ACI
Universal Payments.
https://www.aciworldwide.com/insights/expert-view/2018/april/12-biggest-security-threats-to-payments
Gilad
David Maayan (2020). The IoT rundown for 2020: stats, risks, and solutions. Security
Today.
https://securitytoday.com/articles/2020/01/13/the-iot-rundown-for-2020.aspx
Gurdeep
Dhillon (2017). The 3 V’s beyond big data: volume, variety, and velocity for
marketers. The Future of Customer Engagement and Experience.
https://www.the-future-of-commerce.com/2017/08/24/big-data-volume-variety-velocity-for-marketers/
Habibzadeh,
H., Nussbaum, B. H., Anjomshoa, F., Kantarci, B., & Soyata, T. (2019). A
survey on cybersecurity, data privacy, and policy issues in the cyber-physical
system deployments in smart cities. Sustainable Cities and Society.
Hugh
Taylor (2020). What are cyber threats and what to do about them? Prey
Project. https://preyproject.com/blog/en/what-are-cyber-threats-how-they-affect-you-what-to-do-about-them/
Karsten
Witke (2019). The seven types of e-commerce fraud explained. Information
Age. https://www.information-age.com/seven-types-e-commerce-fraud-explained-123461276/
Kerr, G.
(2018). Cybersecurity in banking and payments in the United Kingdom. The
VISIO JOURNAL, 39.
Rajeshwari,
U., & Babu, B. S. (2016). Real-time credit card fraud detection using
Streaming Analytics. Paper presented at the 2016 2nd International
Conference on Applied and Theoretical Computing and Communication Technology
(iCATccT).
Refsdal,
A., Solhaug, B., & Stølen, K. (2015). Cyber-risk management. In Cyber-Risk
Management (pp. 33-47): Springer.
Wang, M.,
Ding, Z., Zhao, P., Yu, W., & Jiang, C. (2018). A dynamic data slice
approach to the vulnerability analysis of e-commerce systems. IEEE
Transactions on Systems, Man, and Cybernetics: Systems.
.jpg)
