The cybercrime underground understands our payments ecosystem. They understand the hardware, software and security in place and how to manipulate its vulnerabilities and business logic. They will search for the weakest link to achieve the biggest ROI. Cybercrime is a business, after all.
The good news for legitimate businesses: there is hope. Protecting the safety and integrity of the U.S. payment system is a top priority and the responsibility of all payment industry stakeholders, but those efforts take a village. That is why RSA participated in the Federal Reserve System’s Secure Payments Task Force, a coalition of over 200 payment industry stakeholders that worked together collaboratively to address a myriad of payment security challenges.
The Task Force met with the goal to conduct a fine grain analysis of our payments ecosystem and best practices for securing our payment infrastructure against cybercrime. We discussed security issues and identified challenges and opportunities to improve payment security, including identity management, data protection and information sharing to mitigate fraud.
The Task Force collaborated to create several valuable resources for the payments industry including a catalogue of payment-related Information Sharing Data Sources that can help enable the identification and reduction of payment system fraud in an effort to spur greater adoption and use by the industry. The list of data sources highlights broad-reaching intelligence reports, payments fraud trends, best practices and benchmarks, and additional resources that can help your organization address payments fraud risk.
Also, the Task Force recently published the Payment Lifecycles and Security Profiles as an educational resource and to provide perspectives related to:
- Lifecycles of the most common payment types covering enrollment, transaction flow and reconciliation
- Security methods, identity management controls and sensitive data occurring at each step in payment lifecycles
- Relevant laws and regulations, and other references
- Challenges and improvement opportunities related to each payment type
How can you use the profiles?
- Identify opportunities to strengthen your security practices. The tools can help you further educate your organization about payment security and can support payment security needs throughout your organization. Whether you’re in training and development, audit and compliance, product development, sales or IT, there’s valuable information in the profiles to help your organization provide even stronger payment solutions.
- View and compare the payment flow for eight common payment types from enrollment to reconciliation. Or learn about the path funds travel and the approaches employed for safely and securely completing a transaction and where opportunities may exist to develop stronger payment security solutions.
Although the primary mission has been completed for now, secure payments is a never ending journey. The payments industry must remain vigilant and continue to share (and learn) cybersecurity best practices. Here are two ways you can stay involved:
- Join 4,000+ of your peers by signing up for the FedPayments Improvement Community. As a member of the FedPayments Improvement Community you will have the opportunity to collaborate and address targeted payment security issues.
- Provide feedback by June 22nd to the U.S. Faster Payments Council which recently published a governance framework proposal. Their goal is to evolve Faster Payments to a “world-class payment system in 2020 where Americans can safely and securely pay anyone, anywhere, at any time and with immediate funds availability.”
# # #
Get insight into the business of fraud and how it is impacting the payments industry in the white paper, “2018 Current State of Cybercrime.”
For more information on how to engage in the Federal Reserve’s future secure payments efforts, follow them on @FedPayImprove or go to SecurePaymentsTaskForce.org.
Author: Angel Grant, CISSP
Category: RSA Point of View, Blog Post
Keywords: Confidentiality, Cyber Crime, Fraud, GDPR, Payments, Privacy, Security