1 Executive Summary

2 Are Banks too Slow to Overcome Threats?

• 2.1 Increasing Threat for Payment Systems
• 2.2 Why are Banks Lagging Behind?
• 2.3 Banks’ Approaches to Tackling Threats

3 Outsourcing and Security Concerns

4 The Role of Biometrics and Tokenizaton in Payment Security

• 4.1 Biometrics in Banking and Payments
• 4.2 Securing Card Payments with Tokens

5 Balancing Security and Usability

• 5.1 Is Context-Aware or Progressive Security the Way Forward for Banks?

6 Defeating Cybercriminals: A Collaborative Approach

7 Appendix

• 7.1 Methodology
• 7.2 Definitions
• 7.3 Contact GlobalData
• 7.4 About GlobalData
• 7.5 GlobalData’s Services

Threats to the payment ecosystem have evolved due to the increased digitization of banking. Fraud mechanisms have moved from forging checks to stealing consumers’ digital identities or penetrating retail banks’ networks. Cyber criminals are organized and innovative, and carry out targeted attacks to exploit the vulnerabilities of digital networks. While banks’ inter-connectivity improves service delivery, it can also leave them exposed to cyber criminals. Instead of attacking banks directly, however, cyber criminals tend to exploit banks’ relationships with merchants, third-party vendors and customers, whose platforms tend to have lower levels of security than banks. During 2010–2015, the number of indirect and systematic attacks has accelerated, raising questions as to whether banks can keep security systems one step ahead of perpetrators.

Banks and cyber criminals operate differently. Cyber criminals use creativity to cheaply and effectively penetrate and breach banking networks. Banks, however, tend to use reactive approaches, limited by their size and operating costs. In addition to external threats, security breaches can result from insider events. Employees are considered trusted entities with access to privileged information, and while some banks spend millions on securing their networks from external threats, very few include insider events in their threat assessments. The tendency to keep failings in-house makes banks vulnerable. In order to counter cyber criminals, retail banks need to shun the perimeter-defense approach and devise strategies for the smarter implementation of risk-management tools.

Scope

Analyzes of the methods cyber criminals employ in major attacks on retail bank payment systems

The key challenges faced by retail banks globally in defending consumer payments

Analysis of the initiatives taken by retail banks to secure their payment infrastructures

An exploration of whether context-aware security can help banks balance the demands of consumer convenience and security

Detail of major instances of cyber-attacks on payment systems between 2012 and February 2015

An analysis of the various security measures and tools adopted by retail banks to lower instances of fraud, along with a consideration of their impact and any weaknesses exposed

The key security concerns relating to outsourcing processes

A snapshot of vendor management best practice

An examination of the increasing role of biometrics and tokenisation in securing payments in the global retail banking industry

Analysis of the future options in payment security

Key Highlights

What combined factors enable cyber criminals to mount their attacks more rapidly than retail banks can anticipate them? Why do banks tend to lag behind in their response?

Where do banks focus most of their efforts to stop cyber threats? What does the report consider a more effective method of protection?

What should retail banks implement to attempt to defeat systematic attacks? What are the three key factors currently hindering the successful adoption of this approach? Which current tactic is unlikely to be sufficient in this ongoing confrontation and why is this so?

What else is identified as a major threat to data security? Why is this threat consistently underestimated in the retail banking industry? Which traditional characteristic of industry dealings reinforces this situation? Why is the response to this threat significantly under-resourced?

What is the internal operational balance that confounds retail bank responses to cyber threats? How can this be changed in the context of competition in customer experience and ultimately alter market perceptions of bank processes?

Reasons to buy

Assess your organization’s ability to combat cyber crime through an understanding of current cyber-threats in the global payments market

Investigate how banks across the world are trying to limit instances of cyber-attacks and fraud

Identify how successfully these tactics have been adopted to evaluate whether your system of defense is as equally robust as those of your competitors

Analyze insights into the impact of current security tools on various cyber threats whilst assessing their innate strengths and weaknesses

Identify the key factors contributing to the current perception of retail banks lagging behind cyber criminals. Utilize this information to initiate a comprehensive review of your systems and processes

Gain insights into the difficulties of controlling targeted cyber attacks and position your levels of risk in a global industry context

Analyze new approaches intended to limit instances of cyber-threats and fraud

Evaluate how context-aware security can help you improve security without compromising your customer relationships through any associated negative impact on consumer convenience

Companies mentioned

JPMorgan Chase

Bank of America

Wells Fargo

Citibank

Target Corporation

TalkTalk

NCR

Signature Systems

Home Depot

KB Kookmin Card

Lotte Card

NH Nonghyup Card

Kaspersky ...