Protecting Your Corporate Cash from Cyber-Attacks

From money laundering to cyber-attacks and ecommerce payment fraud, banks and corporates face growing risks from attacks that can slow or even paralyze their business operations. While the people perpetrating the attacks have become increasingly skilful, innovative solutions are giving companies the tools they need to protect their businesses and their money.

Cyber-Attacks Cause Tremendous Damage
In Japan last year, criminals used data stolen from South Africa's Standard Bank to steal more than US$13 million in just three hours, taking the cash from ATMs at 7-Eleven stores using fraudulent debit cards. This year, criminals used malware to steal credit card and debit card data from more than 1,000 properties run by the InterContinental Hotels Group. And in a sign that travel-related fraud is an increasing target, Sabre Corp. confirmed that attackers breached its hospitality unit’s hotel reservation system, which handles reservations for more than 32,000 properties. 

While the scale of these cyber-attacks may be smaller than the theft of 56 million cards from Target and 100 million card numbers from South Korean banks in 2014, they show how cyber-attacks are relentlessly continuing and companies are losing real money quickly.

 A potentially bigger threat comes from new ransomware attacks such as WannaCry, which attacked more than 200,000 victims in 150 countries and shut down computers until the victims paid a ransom.

The criminals have even set up schools to teach people how to perpetrate the attacks. Russian gangs have established remote learning schools that offer six-week courses, according to digital risk management firm Digital Shadows, with the 20 lectures covering everything from cyber-theft to the psychology of convincing targets to expose information. Students are told that their potential income of US$12,000 per month will more than cover the US$945 course fee.

From simple thefts of data and usage of fraudulent card numbers for online shopping to complex installations of malware to siphon off data and massive ransomware attacks, then, financial institutions and corporates are under attack from increasingly sophisticated criminals just waiting to steal their money.

Technology Protects
The fundamental issue that causes losses such as these, according to security firm Check Point Software, is that 93 percent of companies have failed to deploy technology that can protect them. Cyber-experts have indeed developed a slew of tools to protect companies against the threats, and using them is essential to managing risk well.

The first and fundamental step is for companies to install the security patches that protect against the vulnerabilities, whether it’s malware or ransomware or other attacks, and to continue applying new patches as soon as they become available. Companies can also use staff education and next-generation threat prevention to block and filter out suspicious files before they penetrate the company’s network.

Beyond these-basic-yet essential improvements, banks and corporates can use specialized software, data analytics and other tools to manage risk effectively.

One of corporates’ biggest vulnerabilities is ecommerce fraud, driven by catalysts such as issuance of EMV credit cards causing fraud to shift to online payments. Increasingly sophisticated software developed by companies ranging from startups to technology giants can help to block these fraudulent transactions. CashShield, for instance, uses machine learning and unique decisioning algorithms to detect fraudulent customer behaviour within milliseconds and send optimized decisions for card issuers to accept or reject a transaction. It even gives 100 percent chargeback protection against the transactions it recommends approving.

While companies have long been able to take advantage of sophisticated algorithms and neural logic in fraud detection software, new technology is enabling even more effective solutions. Featurespace, for instances, uses adaptive behavioural analytics to build profiles of normal behaviour real-time so that it can spot changes and detect fraudulent transactions more accurately. In Singapore, OCBC Bank is using artificial intelligence from two startups to search for information on individual profiles and map how suspicious transactions may be linked to one another to see if they are fraudulent, as part of their anti-money-laundering (AML) initiatives.

Companies are also enabling consumers and corporate staff alike to use biometrics to protect against fraud, going beyond increasingly-vulnerable fingerprints to exploit a vast range of biometrics. MasterCard has rolled out Selfie Pay so that banks can use customers’ selfies for identification, for instance, and LG has started offering facial recognition technology for unlocking its smartphone. Samsung has gone further and, along with using fingerprints as well as selfies, enables consumers to protect their phones with iris scans, which use unique patterns in the irises that are virtually impossible to replicate.

Implementation is Essential
Although the sophistication and reach of cyber-attacks and data theft are growing, companies have a multitude of tools such as these that can counter the attacks successfully. The key is actually installing and using the solutions, as the WannaCry attack demonstrated only too well. Companies will need to make sure that they install the tools available so that they don’t become the “weakest link” that criminals want to attack and so that they can keep their data safe.

PayCommerce’s offers a full suite of enhanced security tools ranging from dual-authentication and workflow authorization to customized alerting and account-to-device verification.

For a complementary review of your security sytems and processes, please contact [email protected] or +1-800-4PAYCOM.