Future of Cybersecurity for Payment Companies

Future of Cybersecurity for Payment Companies

Exploring the future of cybersecurity is essential to payment companies as this industry highly relies on information technology (IT) and Internet services. Significant growth in the number of Internet users and devices, along with an exponential increase in online transactions, potentially produce new cyber threats and risks. This work discusses future cyber threats for online payment companies, and optimal solutions are sought.

Cybersecurity

The applications of Internet and networks have considerably increased over the past decade, and the reports reveal that the number of Internet users and network devices will be significantly raised in the near future where the security is still the most crucial concern in such an ecosystem (Ben-Daya, Hassini, & Bahroun, 2019). Cybersecurity is a practice of protecting network components through establishing regulations, providing adequate infrastructures and tools (Habibzadeh, Nussbaum, Anjomshoa, Kantarci, & Soyata, 2019). People, processes, and technology are considered as the pillars of cybersecurity that aim to improve staff knowledge, enhance systems risk management, and employ the latest technology to ensure systems to be safe and secured against possible threats (Chan et al., 2019). Many businesses, including the financial sector and online payment companies collecting sensitive customers’ data, encounter cyber threats every day, and the number of attacks (Figure 1) resulting in data breaches grows up across the globe per anum (Kerr, 2018). Therefore, identification of vulnerabilities and assessing cyber threats and risks enables practitioners in the field to plan how to lessen the impact of risks and neutralize cyber threats that can occur to organizations (Habibzadeh et al., 2019; Kerr, 2018).

Figure 1. The number of data breaches has steadily increased from 2005 to 2019 reported by Identity Theft Resource Center (ITRC) 2019 End-of-Year Data Breach Report, page 25

Online Payment Industry

Advances in Internet-based technologies have enabled financial institutions – which are traditionally few steps behind the current state-of-the-art technology – to expand payment methods into online models where customers can use their personal computers or portable devices to complete any transactions (Cardoso & Martinez, 2019). However, such capabilities might increase systems vulnerabilities as both companies and customers communicate through networks experiencing cyber threats and risks (Wang, Ding, Zhao, Yu, & Jiang, 2018). For example, an online payment company having around 20000 employees in the United States and other countries with over US$70 billion total assets often face cyber threats launched from various sources. The number of transactions in such a company can exceed 150 million per day, where the highest risk is payment fraud and fraudulent activities (Rajeshwari & Babu, 2016). Such a large-scale online payment company should consider current cyber threats and envision potential future threats and risks occurring to the organization to prevent incidents and to strengthen their infrastructure and defense or recovery mechanisms.

Cyber Threats and Risks

The online payment industry, including the company, mentioned earlier, encounter internal and external cyber threats that might become risks to the organization consisting of botnets, distributed denial-of-service (DDoS) attacks, phishing, hacking, ransomware, spoofing, spying and social engineering (Taylor, 2020). Identification and analysis of cyber threats enable organizations to categorize the threats into low, moderate, and high impact level where such information is used in cyber risk management for planning purposes (Cardoso & Martinez, 2019). The online payment company faces several risks caused by the threats, which consist of a sensitive data breach, identity theft, loss of data, business interruption, and cyber extortion. Cisco reports illustrate that despite employing cybersecurity technology, data breaches happening every year cause considerable financial damages (Figure 2).

Figure 2. Data breaches cause financial damages every year, and the American companies have faced over $1.8 billion deficits from 2005 to 2019 according to Cisco Annual Cybersecurity Report 2018, page 46

However, the biggest challenge for such an online (credit card) company refers to fraudulent transactions. A fraud transaction might be performed in various ways, including identity theft, hidden fee charge, merchant fraud, triangulation, and affiliated fraud (Witke, 2019). Other challenges that the company faces are high fraud velocity and veracity, which refer to the dynamic nature of fraud methods (Dhillon, 2017). Hackers frequently alter fraud procedures to steal sensitive data and perform fraudulent transactions; therefore, such a payment company should always seek advanced techniques to protect the online payment system (Dhillon, 2017). Analyzing current cyber threats and risks along with exploring potential future risks threatening such an organization allows the company’s business and cybersecurity experts to prepare risk mitigation and recovery plan (Refsdal, Solhaug, & Stølen, 2015).  

Future Threats and Risks

The online payment industry highly relies on the Internet and networks where recent reports indicate the number of devices connected to the Internet, referring to the Internet of Things (IoT) consumers is exceeding 31 billion in 2020 (Maayan, 2020). Such a massive number of devices having different levels of security and vulnerabilities, potentially produce new threats and risks to online payment companies. Therefore, the significant future risks threatening such organizations are derived by IoT cyber threats including a) cyber reconnaissance referring to an attack to access targeted devices’ sensitive data, b) password hacking resulting in various types of fraudulent activities, c) tracking devices’ location in a real-time or offline mode and d) controlled attacks referring to the use of hacked IoT devices as a third-party source to attack other targeted organizations (Jacob, 2020). 

Besides IoT-related threats, cybersecurity experts forecast that online payment companies such as the large-scale organization discussed to encounter four significant threats in the future, including a) over-trusting encryption b) vulnerabilities in clouds’ security c) sophisticated fraud algorithms and d) cryptocurrency fraud. Online payment companies employ sophisticated methodologies to encrypt transactions and sensitive data (Scriven,2018). However, such encryption methods are predefined and can be hacked; therefore, over-trusting encryption causes the risk of data breaches (Ahmed & Garg, 2019). Most payment companies utilize cloud environments to decentralize their infrastructures to benefit from the advantages of clouds’ ecosystem (Witke, 2019). Cloud service providers offer various cybersecurity products to protect their customers’ data; however, online payment companies require extra architectures further to improve their systems’ security against potential attacks or illegitimate access to data (Chabrow, 2011). Also, online fraudsters always explore novel techniques and tools to access customers’ sensitive data, including credit card and bank accounts, so that payment companies are to address such threats by employing innovative mechanisms (Rajeshwari & Babu, 2016). As mentioned earlier, cryptocurrency fraud is another potential challenge for the payment industry as using such currency is expanding across the globe, and highly relies on the Internet where it faces Internet ecosystem cyber threats and risks along with encryption concern, as discussed above (Scriven,2018).

Solutions and Technologies

To address potential cyber threats and risks that affect the online payment industry, companies require to employ fashionable risk management processes along with novel security tools and techniques. Besides IoT infrastructures that are to be highly secured and frequently updated, using artificial intelligence (AI) and machine learning (ML) allow payment companies to predict threats and overcome potential risks occurring to the organizations. Payment companies require to expand the applications of AI/ML techniques and tools into their numerous areas, including fraud detection, cyber-attack prediction, defense mechanisms, encryption (i.e., quantum computing), cryptocurrency and predictive modeling in risk management. In the future, payment companies will continue collecting a significant amount of data compared to today so that they are to completely utilize big data tools and analytics to expedite AI-based data processing. Such tools and techniques enable cybersecurity experts to design and implement highly secured and automated multi-layer architectures for the online payment industry.

Conclusion

The future of cybersecurity threats and risks for online payment companies are highly related to Internet and IoT challenges and vulnerabilities. Such threats vary from password and authentication threats to the security of cloud services. Moreover, this industry might encounter advanced threats, including over-trusting encryption and sophisticated fraud scenarios. Optimal solutions for such threats are to employ enabled AI/ML multi-layer architectures where cybersecurity systems automatically monitor and trigger defense mechanisms and ad hoc recovery plans.

References

Ahmed, Q. W., & Garg, S. (2019). A cloud computing-based advanced encryption standard. Paper presented at the 2019 Third International conference on I-SMAC (IoT in Social, Mobile, Analytics, and Cloud) (I-SMAC).

Ben-Daya, M., Hassini, E., & Bahroun, Z. (2019). Internet of things and supply chain management: a literature review. International Journal of Production Research, 57(15-16), 4719-4742.

Cardoso, S., & Martinez, L. F. (2019). Online payments strategy: how third-party internet seals of approval and payment provider reputation influence the Millennials’ online transactions. Electronic Commerce Research, 19(1), 189-209.

Chan, L., Morgan, I., Simon, H., Alshabanat, F., Ober, D., Gentry, J., . . . Cao, R. (2019). Survey of ai in cybersecurity for information technology management. Paper presented at the 2019 IEEE Technology & Engineering Management Conference (TEMSCON).

Daniel Jacob (2020). What is the most prolific cyber threat from IoT devices? DATA FLOQ. https://datafloq.com/read/what-prolific-cyber-threat-iot-devices/7892

Eric Chabrow (2011). 10 realms of cloud security services. Bank Info Security. https://www.bankinfosecurity.com/10-realms-cloud-security-services-a-4097

Gene Scriven (2018). The 12 most significant security threats to payments. ACI Universal Payments. https://www.aciworldwide.com/insights/expert-view/2018/april/12-biggest-security-threats-to-payments

Gilad David Maayan (2020). The IoT rundown for 2020: stats, risks, and solutions. Security Today. https://securitytoday.com/articles/2020/01/13/the-iot-rundown-for-2020.aspx

Gurdeep Dhillon (2017). The 3 V’s beyond big data: volume, variety, and velocity for marketers. The Future of Customer Engagement and Experience. https://www.the-future-of-commerce.com/2017/08/24/big-data-volume-variety-velocity-for-marketers/

Habibzadeh, H., Nussbaum, B. H., Anjomshoa, F., Kantarci, B., & Soyata, T. (2019). A survey on cybersecurity, data privacy, and policy issues in the cyber-physical system deployments in smart cities. Sustainable Cities and Society.

Hugh Taylor (2020). What are cyber threats and what to do about them? Prey Project. https://preyproject.com/blog/en/what-are-cyber-threats-how-they-affect-you-what-to-do-about-them/

Karsten Witke (2019). The seven types of e-commerce fraud explained. Information Age. https://www.information-age.com/seven-types-e-commerce-fraud-explained-123461276/

Kerr, G. (2018). Cybersecurity in banking and payments in the United Kingdom. The VISIO JOURNAL, 39.

Rajeshwari, U., & Babu, B. S. (2016). Real-time credit card fraud detection using Streaming Analytics. Paper presented at the 2016 2nd International Conference on Applied and Theoretical Computing and Communication Technology (iCATccT).

Refsdal, A., Solhaug, B., & Stølen, K. (2015). Cyber-risk management. In Cyber-Risk Management (pp. 33-47): Springer.

Wang, M., Ding, Z., Zhao, P., Yu, W., & Jiang, C. (2018). A dynamic data slice approach to the vulnerability analysis of e-commerce systems. IEEE Transactions on Systems, Man, and Cybernetics: Systems.