Cyber Crime Vincible Through ‘Smarter’ Technologies – Visa

Bob Styran, IT audit expert
April 28, 2011 /

Instead of working hard to fend off attacks launched by cyber criminals, getting smarter in card data protection would be more effective in combating threats of cyber crime according to a VISA executive speaking before the Fourth Visa Global Security Summit.

Ellen Richey, chief enterprise risk officer at Visa, showed confidence at the efforts exerted by the payment card industry in preventing fraud, but went on to warn the more than 500 business, government, academic and law enforcement officials worldwide that to keep up with modern threats posed by cyber criminals, the industry needs to get smarter rather than double up the hard work for such an endeavor.

The warning could also apply to all industries especially that hackers have now escalated their efforts to target data stored in the networks of businesses, a threat still ignored by most enterprises according to Noa Bar-Yosef, senior security strategist at Imperva, database and application security vendor.

Her findings from observing several hacker forums revealed that hackers are now shifting their focus on the credentials of customers, “which they are commoditizing.”

The VISA executive recalled how different the card security threats were five years ago when the first Visa Global Security Summit took place for the first time. That was when the payment card industry and all of its stakeholders were struck by a major cyber crime involving data breach into their cards.

Before, enterprises were storing large quantity of personally identifiable and highly confidential cardholder information in their systems, which led to multi-level challenges over stepping up protective measures to avoid losing this mass information.

“Issuers were challenged with the idea of how to prevent fraud in a new era of mass data compromise,” said Richey.

Although cyber crime has taken more sophisticated forms a few years after, Richey still commended the payment card industry for its efforts in improving security more than the other industries have done.

According to Richey, 99% of businesses around the globe at present no longer store confidential information on their systems and 75% continuously complied with PCI requirements.

“Visa’s global fraud rate recently hit a historic low – at just over 5 cents for every $100 transacted, down more than two-thirds from the levels of 20 years ago,” she added.

She urged the card industry to step up a bit more its security measures as most consumers believe cyber criminals are ahead of what’s already in place. According to Richey, 61% of consumers are of the opinion that the security measures of the card industry are one step behind cyber criminals.

Rather than keeping pace with cyber crime which would only exhaust resources, Richey proposed getting smarter as a better solution in combating fraud and protecting card data.

“We need to use all the intelligence we have at our disposal. I think that the opportunities to get smarter and fight fraud are all around us,” she said.

For example, encrypting confidential information will “shrink the card data environment,” thus a minimal to zero possibility of public exposure of these data.

To prevent fraud, she proposed three ways for the card industry. Widespread distribution of ‘smarter’ payment devices is one, where EVM (chip-and-pin) cards will be used. Next is a smarter network to stem the cyber crime before or when it happens. Finally, Richey suggested having cardholder authentication method, a two-factor authentication for example.

Richey, on the other hand, recognized the fact that these suggestions will be costly and will require tremendous resources.

The Visa Global Security Summit took is held at the Renaissance Hotel in Washington DC with Richey as the keynote speaker.

 

Share your opinion