Navroze Dastur: Dealing with frauds in a connected world

Compromise in network and payment infrastructure leads to cash loss and hurts an organisation's reputation

As the marketplace for electronic payments is becoming bigger with the advent of new generation companies and start-ups, the risk of fraud or cybercrime on e-commerce sites, internet banking, mobile wallets, payment gateway etc. is getting even larger. But staying ahead of global fraud is a daunting task.

Access to the internet has almost become universal; consequently, institutional data networks have become the targets of frequent intruder attacks, who want to steal customer records. Every day, businesses across sizes are working overtime to protect their customers, organisational reputation, and bottom line from frauds. Today, however, an increasing number of unknown, zero-day threats are successfully evading traditional defences. Stealthy, well-camouflaged, intelligently adaptive, and often carefully targeted, these sophisticated attacks constitute a small but disproportionately dangerous and expensive part of the changing threat landscape.

What can we do as concerned organisations?

Financial institutions (FIs) always look forward to securing their payment systems but in pieces and not comprehensively. To avoid compromise, banks have to seriously establish network access controls, which should be either hardware or software based, and should be implemented in a hierarchical structure to reflect the network organisation. These network controls detect unauthorised access, prevent network security from being breached, and finally respond to any breach. It is imperative for financial institutions to use innovative technologies that offer multi-organisation, multi-hierarchy, multi-channel and multi-currency fraud prevention and detection.

Utmost precaution should be taken while handing over mission critical infrastructure to third parties as compromise in the network and payment infrastructure not only leads to cash loss but also damages the reputation of the organisation and get customers insecure and moving away. The selection criteria should include organisations with extensive experience around the world with agility to be a step ahead of criminals. Having said that, the role of the key members within the organisation remains equally important as the third party; to ensure that regular audits, periodical reviews and tests are conducted to safeguard the network from all potential points of compromise.

The risk for an organisation could range from natural disaster to an attack by a hacker. It’s imperative to assess risks to the network and should not be compromised, because the cost of recovery from attacks could be substantial. Mission critical network resources and components of respective enterprise systems need to be prioritised as they carry sensitive corporate data.

Having a robust solution to detect and prevent enterprise fraud is more critical now than ever as it helps to protect transactions across channels: from ATMs and point-of-sale devices, to online, mobile and tablet-based payments. Adoption of innovative enterprise security software that combines the power of intelligent, machine-learning analytics, a highly configurable profiling, and a rules engine will help FIs in India to put them in charge of fraud prevention and detection operations.

We also recommend that organisations mandate regular audits through internal teams and external professional agencies. It’s crucial to apply stringent credential checks for those accessing the switches including biometric authentication, iris scan, camera etc. while servers should be completely protected both physically and through tight firewalls.

Again, as consumers we need to be attentive, aware and contributing to fight this menace. Customers should continue to take preventive measures; one should never share card data or password with anyone, change the password once in six months. Never let debit or credit card out of sight while making payments, make sure of getting the card back before walking away. Remain alert while transacting so that any unusual activity or device can be identified. Carry cards separately from wallet, this can minimise losses if someone steals the wallet. And always sign new cards as soon as they arrive. All these measures will help to diminish the risks associated with ATM card frauds.

The author is managing director, NCR India