Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

8/12/2019
02:15 PM
50%
50%

More Focus on Security as Payment Technologies Proliferate

Banks and merchants are expanding their payment offerings but continue to be wary of the potential fraud risk.

More than three-quarters of companies are investing in new payment technologies, despite concerns about the security of specific implementations and the potential for transaction fraud, according to a Forrester Research report released on August 12. 

The report, "Understanding the Evolving Payments Landscape," says that retail merchants and online businesses expect the way that consumers pay for goods to change relatively quickly, with about half expecting to face increasing choices in payment offerings. At the same time, 61% of financial institutions and merchants believe that fraud will also increase.

This bifurcated outlook on the financial future is not all that surprising because many consumers are quick to adopt the latest technology, while companies often distrust new technologies until they prove themselves, says R.L. Prasad, senior vice president of payment system risk at Visa, which commissioned the Forrester report.

"Consumers are becoming more and more comfortable with carrying money on their phone, so mobile wallet expansion is an area that will see a lot of growth," he says. "Peer-to-peer payments are also here to stay. The convenience is unparalleled right now."

As merchants and credit-card issuers continue to suffer significant breaches, Visa and other payment technology companies are looking to improving analytics and deploy machine learning that can detect and prevent fraud. The Forrester report says that while digital payments have lower fraud rates, the impact of fraud in card-not-present transactions — the most common type of digital transaction —is much worse. Card-not-present fraud affected 28% of companies surveyed but accounted for 40% of fraud volume.

The continued concerns of merchants and business comes as they adopt more payment technologies. Fifty-eight percent of those surveyed support digital wallets, and 60% support peer-to-peer payments, according to the Forrester report. Almost three-quarters of respondents support paying bills through mobile banking.

"Consumers' usage of new payment technologies is expected to increase substantially over the next five years," according to the report. "Banks, merchants, and fintechs are working hard to ensure they offer these capabilities to their customers."

Yet many merchants and banks do not have the security maturity to guard against fraudulent transactions. Most are still using usernames and passwords to protection accounts, without two-factor authentication. Half of merchants use some device data to identify the user, and 43% use some form of biometrics. Ways of countering fraud generally add friction to any transaction, potentially resulting in a lost sale. For that reason, many companies do not like their options to combat fraud.

"There are a lot of merchants and stakeholders in the payment ecosystem who are immature in their processes," Prasad says. "Increasingly, those smaller and less-mature clients are seeking ways of improving their security."

Most companies are hiring staff specifically tasked with security and anti-fraud roles, while more than three-quarters are spending on new tools to help secure transactions. 

Merchants and banks need to improve their anti-fraud defenses because cybercriminals are already doing so, Visa's Prasad says. In the past three years, the company has seen fraudsters adopt a new technique, using machine learning to attempt to find valid credit card numbers by generating account numbers and then distributing the testing of those numbers across a large number of sites to evade detection.

"Fraudsters are using artificial intelligence to advance their techniques," he says. "We see large-scale attacks happening, [where] they don't have to steal a card from a wallet, but they can actually enumerate the numbers."

The best approach to combating fraud is to improve security holistically, investing in people, products, and collaboration with service providers, Prasad says. About two-thirds of companies with mature security processes say that partners are critical to the effort, the report states.

Related Content

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
GitHub Named in Capital One Breach Lawsuit
Dark Reading Staff 8/14/2019
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
The Flaw in Vulnerability Management: It's Time to Get Real
Jim Souders, Chief Executive Officer at Adaptiva,  8/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5034
PUBLISHED: 2019-08-20
An exploitable information disclosure vulnerability exists in the Weave Legacy Pairing functionality of Nest Cam IQ Indoor version 4620002. A set of specially crafted weave packets can cause an out of bounds read, resulting in information disclosure. An attacker can send packets to trigger this vuln...
CVE-2019-5035
PUBLISHED: 2019-08-20
An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An attacker c...
CVE-2019-5036
PUBLISHED: 2019-08-20
An exploitable denial-of-service vulnerability exists in the Weave error reporting functionality of the Nest Cam IQ Indoor, version 4620002. A specially crafted weave packets can cause an arbitrary Weave Exchange Session to close, resulting in a denial of service. An attacker can send a specially cr...
CVE-2019-8103
PUBLISHED: 2019-08-20
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation ...
CVE-2019-8104
PUBLISHED: 2019-08-20
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation ...