Helping Merchants Protect Themselves: Cybersecurity Tips from a Former White House CIO
In a world full of open technology, the devices that make our lives easier also leave us vulnerable to being hacked, according to Theresa Payton, former White House CIO and star of the CBS series Hunted. Payton recently joined me for an exclusive ACI cybersecurity webinar, sharing expert insights into how merchants can enable growth, enhance the customer experience and prevent greater instances of fraud.
Protecting the most vulnerable
Oftentimes, humans are considered the weakest link in the cybersecurity chain, but for Payton, today’s hyper-connected world is placing us in a vulnerable position.
“All technology by design today is designed to be open,” explained Payton. “It has Bluetooth, it has WiFi. It’s technology we all know and love. It’s part of our daily lives, but because it’s designed to be open, it is always at risk of being hacked.”
For Payton, this means that organizations must design security strategies that create a safety net around the user, helping to limit the impact of a potential hack.
Cybersecurity with humans in mind
Payton’s first piece of advice is to acknowledge that statistically, it’s likely that an employee will click a malicious link. In one survey, almost 70 percent of participants were fooled by emails that appeared to be sent from co-workers. As Payton points out, simply asking people to not click links is a battle that has been ongoing for more than 15 years. It’s safe to assume that someone will click a malicious link at some point.
Operating under this pretense, Payton suggests that retailers (and all organizations) do three things:
1. Create a safety net around users – By limiting permissions and segmenting systems, retailers can limit the impact of any phishing intrusions. As Payton points out; “Segmentation doesn’t have to just be ‘my network is segmented,’ or ‘my data is segmented.’ It could be the humans and their user access controls are segmented.”
2. Employ a virus scanner – Employees should be required to use a virus scanner before clicking any links. Virus scanners allow employees to copy and paste links, which are then cross-checked against dozens of databases to see if they are malicious.
3. Use a virtual machine – Set up rules so that all links and attachments open on a sandbox or virtual machine that operates outside of your corporate network. If a malicious link is then clicked, it won’t be able to reach your critical systems.
Want more great insights into how you can merge seamlessness and security while still enabling growth? Watch the full cybersecurity webinar on demand, or download our eBook; "Delivering Multi-Dimensional Fraud Prevention" to find out how ACI ReD Shield keeps fraudsters at bay with multiple layers of control.
About Theresa Payton
Theresa Payton is one of America’s most respected authorities on internet security, data breaches and fraud mitigation. She was the first female to serve as White House chief information officer and was the star of the CBS series Hunted. In 2017, Theresa was named #4 on IFSEC Global’s list of the world’s top 50 cybersecurity influencers in security and fire.
Related Blog Posts
Strong Customer Authentication in Australia: Reducing CNP Fraud and Streamlining eCommerce Payments
Minimizing fraud without harming the customer experience can be done – using the right tools
In 2017-18, card-not-present (CNP) fraud cost Australian eCommerce AUD $478 million and accounted for some 85 percent of all fraud on Australian-issued cards1. In 2016, CNP fraud in Europe represented 70% of all card fraud2. Seriously uncomfortable numbers.
2020 Fraud Predictions: What to Expect Across the Globe as Cybercrime Evolves
As we near the end of 2019, our payment experts have begun to take stock of the trends over the last year, and make their predictions for where they see the industry heading in 2020.
I sat down with our own fraud experts, Marc Trepanier, principal fraud consultant for North America, and Giselle Lindley, principal fraud consultant for APAC, to get their thoughts on what we can expect in the year ahead around payments fraud.
Real-Time Payments Hits its Stride in the U.S.
The recent announcement of FedNow in the U.S., the launch of cross-border services like SWIFT gpi, and multiple real-time payment systems including The Clearing House’s (TCH) RTP system and Zelle underline the fact that real-time payments are here to stay. The need to deliver real-time payment services to customers has never been more pressing for banks, credit unions, processors, acquirers and fintechs. However, the U.S. payments ecosystem – and its infrastructure – must keep pace with global markets to remain competitive, and interoperability between real-time payment systems will be key.
Strong Customer Authentication under PSD2: Consumer Education Will Be Crucial to Success
The European Banking Authority (EBA) has finally provided the promised update on SCA supervisory flexibility timelines – with a new hard deadline for migration completion of December 31, 2020. According to the new guidelines, migration plans of PSPs – including the implementation and testing by merchants – should be completed by that date, otherwise all players could face serious penalties for non-compliance.
Deep Dive: Latin American Fintech Market (Part 2)
To support fintechs’ development and create a more inclusive financial system, governments across the Latin American region should adopt different regulations. Some good practices implemented in other countries, like the U.K. or Singapore, could also be adopted in Latin America, such as temporary exemptions on fintech authorizations on behalf of regulating entities, or the creation of temporary regulation sandboxes in which fintechs can operate, evaluate their business models and offer their innovative products in supervised environments.
Women in Payments: “Make Failure Your Fuel”
ACI’s Darcy Locke, new business development principal, was recently appointed Chair of the American Financial Services Association (AFSA), Business Partner Board. During her two-year term, Darcy will preside over the AFSA Business Partner Board meetings, and concurrently serve as a member of the AFSA Board of Directors and Chair of the AFSA Business Partner Task Force.
Deep Dive: Latin American Fintech Market (Part 1)
There is a gap between what financial institutions currently offer versus what today´s customers want in Latin America, and this is where fintechs are earning a reputation for customer-centricity, personalization, quick response and seamless delivery. The relationship between fintechs and traditional financial institutions in Latin America has evolved from competition to collaboration, with the aim of efficiently working together and effectively scaling innovation, while also driving financial inclusion for the underbanked.
From API to AI to I: Banking Tech Gets Personal
Tired feet. Running out of business cards. Countless LinkedIn connections – sound familiar? This time of the year is conference season; the annual SIBOS (SWIFT) and Money20/20 USA gatherings spanning the autumn give attendees plenty of hot topics and talking points. My American colleagues refer to this season as “the fall.” I trust this to be an observation on leaves and fruit rather than a sequitur on the state of the fintech industry. Either way, it’s a good time to harvest, to take stock and to work out what we should be doing with the apparent abundance of innovative produce.
India’s Unified Payments Interface: Breaking the Billion Barrier
September brought about quite a stir in the Indian payments ecosystem, with three years passing since the launch of UPI (Unified Payments Interface), and the realization that UPI is closing in on a significant milestone: one billion transactions per month. In September 2019, UPI clocked 955 million transactions, amounting to 1.61 trillion rupees (INR), demonstrating the extent to which Indian consumers have exuberantly welcomed real-time payments.
The Need for Financial Inclusion in Developing Countries
The payments ecosystem globally is changing – and the idea of financial inclusion is increasingly featuring as part of long-term strategy. At a glance, financial inclusion means that people and businesses have access to important financial products, services and data, such as transactions, credit cards, payments, savings and insurance, and that these are delivered in a sustainable way. The challenge for banks lies in being more inclusive and meeting social needs, while remaining profitable and increasing market share.