Page 163 - Cyber Defense eMagazine October 2023
P. 163
With that in mind, here are a few of the key factors that are making the payments sector one of the most
interesting areas to watch in terms of cybersecurity.
An evolving digital payments marketplace
For years, apps like Venmo and other digital channels have become a more and more popular avenue
for purchases and payments among consumers. However, like with so many industries, the COVID-19
pandemic completely changed the payments landscape, with consumers now demanding – rather than
preferring – that banks and non-bank fintechs make it easy, cheap, and fast to execute online
transactions, especially payments. Thus, mobile banking and digital wallets are now virtually ubiquitous.
So much so, that even the government is getting in on the payments game through the US Federal
Reserve’s FedNow. Additionally, digital payments and cryptocurrency are also becoming more
intertwined – see payments leader PayPal's recent move to make digital assets available for their users
through their digital wallet. This surge in payments tech adoption, and the growing diversity in the types
of payments offerings has made the space ripe for innovation but also for cybersecurity threats.
Regulatory complexity in digital payments
Due to the surge in ransomware attacks and other high-profile breaches impacting the financial services
industry, policymakers, industry groups and regulators have all stepped up oversight efforts as well. In
March, for example, the White House released it comprehensive National Cybersecurity Strategy, which
included placing more responsibility on those within the digital ecosystem, the tech providers and
payments providers, “to reduce risk and shift the consequences of poor cybersecurity away from the most
vulnerable.” In addition, an onerous patchwork of data privacy laws has been unfurled in the past few
years in several states, and in July the Securities and Exchange Commission (SEC) finalized its new
cybersecurity risk management and governance rules, requiring public companies to report incidents and
describe their processes for assessing, identifying, and managing material risks from cybersecurity
threats. Meanwhile, the payments card industry is working overtime to meet the standards of PCI Data
Security Standard (DSS) v4.0 which goes into effect March 2025. This confluence of overlapping
oversight is making it increasingly challenging not just for payments stakeholders to remain compliant
but to formulate effective cybersecurity strategies moving forward.
Cybercriminals have more surfaces to attack
Cybercriminals have become adept at seizing on gaps in the cybersecurity posture of companies caused
by a rapidly expanding attack surface created by the adoption of new technologies like blockchain,
generative AI, and cloud computing. Ransomware, once a minimal threat in cloud environments, is
growing rapidly in line with increasing cloud adoption. Sophisticated AI tools are making cybercriminals
better at their jobs through automation. At the same time, the explosion of fintech companies partnering
with other fintechs and banks has opened the door wider to cyber threats. For example, in 2021, 62% of
system intrusion incidents in the payments delivery chain stemmed from vendors, partners, and third-
Cyber Defense eMagazine – October 2023 Edition 163
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.