Protecting Financial Services from the Risks of Mobile Payments

The financial services sector is a high-value target for hackers, and therefore faces daily attacks that attempt to bypass defences protecting a growing number of attack vectors. A staggering 36 per cent of these attacks result in data loss.

This growing risk comes at a time when financial services firms are turning their focus to innovating new technologies and features to meet evolving consumer demands. Providing regular updates and new online products is a necessary key differentiator in the competitive financial market. However, rolling out new features at such a fast pace also increases the attack surface and potential vulnerabilities.

The growing risk of mobile payments

Mobile payments are one of the key innovations in this space. The latest statistics show there are 4.9 billion unique mobile device users worldwide. With the rise in mobile usage, financial institutions are focusing on developing digital wallets and innovative P2P solutions.  As mobile payments grow in popularity, financial services and fintech firms have to be increasingly wary of related cyber risks, as vulnerabilities lurking in payment applications, mobile phones and POS systems can become entryways into customer accounts and even broader financial networks.

Many consumers have been concerned with putting sensitive information on devices that can be easily lost or stolen. In addition to risks to the physical device, there are countless cyber risks that extend across the entire mobile payment process, extending across the mobile device, the merchant, the POS system, the financial institutions that process those payments for merchants, and the organisations that issue payment cards to the consumer. Inadequate security measures at any of these stages can put cardholder data at risk.

Should a cybercriminal gain access to a financial network through exploiting a vulnerability or using social engineering to compromise any of the stages in the payment process, the result is not only the loss of private personal data but also payment fraud as criminals circumvent fraud detection systems. In fact, 14 per cent of respondents to the Threat Landscape Report Q4 2017 reported the presence of mobile malware in their systems.

Using machine learning to protect to mobile payments

Cybercriminals will increasingly target mobile payments as they grow in popularity, and will use increasingly sophisticated attacks. To protect against these attacks, financial services firms must adopt integrated and automated defences and threat intelligence which operate at the same accelerated machine speed of financial transactions.

An automated threat detection system, for instance, would use machine learning to analyse threats at machine speed. This ensures that as new threats are developed to target mobile payments, security defences are aware of them and can work in real time to detect and mitigate them. Another recent entrant into the security armoury is behaviour analytics, which leverages machine learning to recognise regular user habits and behaviour, such as common times of use and location. We'll next see the marriage of artificial intelligence, machine learning with security fabrics that facilitate deep visibility and control at speed and scale.

Given the hyper-connected ecosystem of devices, applications and data in which financial services now exist, it is important that they also deploy and use interconnected security features and solutions, as point solutions will no longer be a sustainable approach to today's threats. This tactic provides and extends the power and functionality of an integrated security fabric. It incorporates scalable and adaptive security features that allow defences to seamlessly stretch from endpoints, to the cloud, to applications – all of which play a key role in the mobile payments process. Each component of the security fabric communicates with other parts to stop attacks across hyper-connected, distributed environments.

Enhanced security is especially necessary as consumers become more comfortable with mobile payments and increasingly rely on their banks for security. The use of automation and high-performance security resources will enable financial organisations to protect distributed environments and keep pace with modern, automated cyberattacks.