Reported by: banking|Updated: October 25, 2016
Staying ahead of global fraud is a daunting task. As the marketplace for electronic payments is becoming bigger with the advent of new generation companies and start-ups, the risk of fraud or cyber-crime on e-commerce sites, internet banking, mobile wallets, payment gateways etc. is getting even larger. Access to the internet has almost become universal; consequently, institutional data networks have become the targets of frequent intruder attacks, who want to steal customer records. Every day, businesses across sizes are working overtime to protect their customers, organizational reputation, and bottom-line from frauds.
Today, however, an increasing number of unknown, zero-day threats are successfully evading traditional defenses. Stealthy, well-camouflaged, intelligently adaptive, and often carefully targeted, these sophisticated attacks constitute a small but disproportionately dangerous and expensive part of the changing threat landscape.
Financial Institutions (FIs) always look forward to securing their payment systems but in pieces and not comprehensively. To avoid compromise, banks have to seriously establish network access controls, which should be either hardware or software based, and should be implemented in a hierarchical structure to reflect the network organization. These network controls detect any unauthorized access, prevent network security from being breached, and finally respond to any breach.
It is important for FIs to note that there should be utmost precaution taken while handing over mission critical infrastructure to third parties as compromise in the network and payment infrastructure not only leads to cash loss but also damages the reputation of the organization and gets customers insecure and moving away. The selection criteria should include organizations with extensive experience around the world, robust and comprehensive security solutions and agility to be a step ahead of criminals. Having said that, the role of the key members within the organization remains equally important as the third party to ensure that regular audits, periodical reviews and tests are conducted to safeguard the network from all potential points of compromise.
The risk for an organization could range from natural disaster to an attack by a hacker. It’s imperative to assess risks to the network and should not be compromised, because the cost of recovery from attacks could be substantial. Mission critical network resources and components of respective enterprise system need to be prioritized as it carries sensitive corporate data.
Fractals from NCR is an intelligent, PA-DSS compliant fraud detection and prevention solution for issuers, acquirers, PSPs, ISOs and merchants to protect your customers and businesses with a single solution.
It is imperative for financial institutions to use innovative technologies that offer multi-organization, multi-hierarchy, multi-channel, and multi-currency fraud prevention and detection. When integrated with the payment engine, it provides accurate, real-time, in-flight, blocking of fraud early in the payment cycle to stop fraud in its tracks, minimize losses, and give their customers a seamless experience.
Having a robust solution to detect and prevent enterprise fraud remains critical now more than ever as it helps to protect transactions across any channel: from ATMs and POS devices, to online, mobile and tablet-based payments. It tackles any type of transactional fraud, giving the organization protection against established, developing and emerging fraud types. Adoption of innovative Enterprise Security Software that combines the power of intelligent, machine-learning analytics, a highly configurable profiling, and a rules engine will help FIs in India to put them in charge of fraud prevention and detection operations.
We also recommend that organizations should mandate regular audits through internal teams and external professional agencies. It is crucial to apply stringent credential checks for those accessing the switches including biometric authentication, iris scan, camera etc. while servers should be completely protected both physically and through tight firewalls.
NCR has a multi-layered approach to securing the payments infrastructure, self-service channels and network infrastructure from potential points of compromise.
We as consumers need to be attentive, aware and contributing to fight this menace
Customers should continue to take preventive measures; one should never share card data or password with anyone, change the password once in six months. Never let debit or credit card out of sight while making payments, make sure of getting the card back before walking away. Remain alert while transacting so that any unusual activity or device can be identified. Carry cards separately from wallet, AS this can minimize losses if someone steals the wallet or the purse. And always sign new cards as soon as they arrive. All these measures will certainly help to diminish the risks associated with ATM card frauds.
– Navroze Dastur is Managing Director, NCR India