SlideShare a Scribd company logo

The paypers Vol 5.

EastNets
EastNets
1 of 7
Download to read offline
Update on developments in online payments Vol. 5 Issue 20, 14 Dec 2012 News Verizon, Criterion Systems to develop e-identity solu- tions for online security 1 Expert Opinion by Phoenix Managed Networks 2 Expert Opinion by Voltage Security 5 Expert Opinion by EastNets 6 The Guardian supplement tackles innovation in pay- ments 6 Key Trends in financial crime, risk and compliance for IN THE NEWS 2013 Visa, banks tap India's biometric ID system for new Investment in handling financial crime and compliance will remain a high priority in 2013, account a recent survey on key security trends for 2013 unveils. According to research by Detica Visa has teamed up with a group of five Indian banks to tap into the government's Adhaar NetReveal, a business division of BAE Systems Detica, fraud management is a key area with national identity system, which uses fingerprint and iris biometric information to verify 86 percent of respondents forecasting budget growth (as compared to 45 percent in 2012 users and authorise payments. Read more and 47 percent in 2011) and highlighting the application process, payments, the online channel and insider fraud as priority areas of focus. Read more miiCard releases DirectID Check for SMBs ControlScan, Foregenix to enter EMEA alliance UK-based online identity verification service miiCard has released the DirectID Check, a US-based PCI compliance services provider ControlScan and Foregenix, a UK-based digital hosted identity service for small and medium-sized businesses (SMBs) that require identity forensics company, have entered a strategic alliance to deliver technology solutions to proofing of clients. Read more acquiring banks and merchant service providers working with small and mid-sized businesses (SMBs) across Europe, the Middle East and Africa. Read more Verizon, Criterion Systems to develop e-identity ReD, TeleSign to deliver authentication solutions to Red solutions for online security Shield customers Verizon Wireless, a US mobile telecommunications network and wireless phone provider, UK payment fraud prevention company ReD has entered a partnership with TeleSign, a and Criterion Systems, an IT services company, have joined forces to develop a pilot provider of internet fraud prevention and intelligent authentication. As part of the program to test new solutions that will create a new online identity system. Read more agreement, TeleSign's data and authentication products will be integrated and made available to customers of the ReD Shield fraud prevention service. Read more 1|7 www.thepaypers.com Copyright © The Paypers
Update on developments in online payments Vol. 5 Issue 20, 14 Dec 2012 The Paypers introduces the Web Fraud Prevention & E-Identity Expert Opinion Market Guide 2012 Who cares about protecting small merchants from a security breach By Alan Stephenson-Brown, Phoenix Managed Networks The Paypers has made available the first edition of the Web Fraud Prevention & E-Identity With over 25 years of experience in the global payments industry, Alan has Market Guide 2012, a complete insight into the e-identity and web fraud ecosystem, a wealth of knowledge on the payments industry gained through high mapping out ongoing initiatives, success stories and main industry players in this market. level roles within internationally recognised companies including TNS, HSBC and Tuxedo. In 1997, Alan joined Transaction Networks Services The Web Fraud Prevention & E-Identity Market Guide 2012 is aimed at online merchants, (TNS) where he was one of the founders of the UK business and ultimately banks, payment service providers, regulators, MNOs, technology companies, payments became Global VP Business Development, with responsibility for processors and suppliers, who are keen on keeping up to date with latest security trends expanding the business internationally and researching new initiatives. and innovative fraud prevention techniques. Phoenix Managed Networks is a global provider of payments communication, payment The first edition of the guide comprises valuable input from industry stakeholders and gateway and payment support services, delivering a state-of-the-art, reliable and cost associations, expert views, customer cases and exposés from industry experts and thought effective solution connecting retailers with the world's banks, acquirers and processors. leaders as well as detailed company profiles of the web fraud/e-identity services Founded in January 2010 with its global headquarters located in Reston, Va., Phoenix has providers. Additionally, all service providers will be listed in a new, enhanced online been highly successful in advocating a combination of quality, innovation and company profiles database, complete with keywords, company logo and advanced search uncompromising customer care. functionality. Alan Stephenson-Brown, UK Managing Director for Phoenix Managed Networks believes The Web Fraud Prevention & E-identity Market Guide 2012 was developed as a response that a multi layered approach to security is required across the board to improve current to the increasing number of fraudulent activities which can affect all businesses and practices. Segregating card data at a merchant’s site is best practice but it’s only one of a consumers that use the internet and mobile channel to interact, engage in online large number of security issues that need to be addressed. Merchants need to know how transactions activities, access and manage their finances and online identities. Thus, online to be secure and the education process required in order to be able to implement this merchants and payment professionals all over the world will gain access to a valuable level of security needs to start with acquirers, the PCI council and government bodies resource which provides a complete insight into the e-identity and web fraud landscape. getting more involved. The 2012 Guide is endorsed by The Merchant Risk Council (MRC), a merchant-led trade Security is not just for merchants and card users to take care of; central governments at association focused on electronic commerce risk and payment strategies. both the national and European level as well as the payments industry should step up. 2|7 www.thepaypers.com Copyright © The Paypers
Update on developments in online payments Vol. 5 Issue 20, 14 Dec 2012 A 2011 report by Trustwave showed that 90% of incidents where card data is legislation globally makes the process fragmented - legislation for breach announcements compromised have occurred in level 4 merchant environments, typically small to medium as a deterrent should be universal as fraud is global and fraud rings see no boundaries. sized businesses. Large organisations are better educated, funded and resourced so it is This fragmentation when reporting breaches globally presents a false perception of where increasingly harder for criminals to target them, although they are not immune as the problems are occurring. demonstrated by high profile data breaches. It is smaller merchants that are being targeted and the payments industry needs to help these vulnerable merchants now. In the rest of the world breaches can be brushed under the carpet… Currently in the UK and Europe there is no legal requirement for the greater majority of Regularly speaking to retailers has enabled Mr. Stephenson-Brown to get a better businesses to declare breaches; that does not mean they don’t happen. According to UK understanding of the traumas that PCI compliance causes them. At a recent Association of Fraud Statistics in 2010 more than EUR 417.5 million in the UK card fraud was detected. Convenience Store (ACS) conference one retailer has declared that the prospect of not The problem the industry currently faces is the fact that smaller retailers do not being compliant, suffering a breach and the potential reputational damage that would understand the need of increased security. follow, causes him sleepless nights. The fact that customers may find out about security breaches could be crippling to his reputation – even though there is no legal obligation to The new European Data Protection Regulation due in 2014 will give the card schemes report them. additional back up to enforce the fines which are presently seen as hollow threats; this is a step in the right direction but there needs to be another message alongside it. Others are overwhelmed by the complexities of achieving compliance. Another retailer recently asked Mr. Stephenson-Brown about a letter he had received from his bank It needs to be clear that best practice security measures for the payments environment is informing him that he wasn’t PCI compliant and should he not rectify this he would be good business and will go a long way to protect a business holistically. It shouldn’t be penalised – they had no idea of the full implications of PCI compliance, how important it is treated as a task where a merchant does as much as they are obliged to and nothing more. and the severe financial impact to their business, should they suffer a data breach. The Too many merchants are unaware of their obligations to PCI DSS or demonstrate apathy reality is they are not alone, far too many businesses take far too few steps towards towards the risk they are susceptible to by not adhering to these measures. adequately securing their payment and non-payment systems. Merchants found in breach of PCI can be fined GBP1000 per card breached – it takes A key problem facing the payments security industry in Europe is the lack of publicity minutes to steal thousands of card details electronically; the ramifications for a small when compared to other countries such as the US business can be crippling. This is not necessarily the fault of the small merchants who were One of the key differences is the relationship between merchants, banks, government and not the initial focus for the PCI council following the inception in 2004 of the Payments the requirements imposed upon merchants and payment service providers to publicise Card Industry Data Security Standards (PCI DSS). such breaches. Merchants think that there isn’t a problem in the UK as they never hear about it – this In the US, California was the first state to legislate for publicising data breaches in 2003, an couldn’t be further from the truth. Fraudsters are now targeting small, local, independent example now replicated by 38 of the 50 states. This is encouraging but the differences in businesses and the PCI council, banks, acquirers and security vendors have a duty to 3|7 www.thepaypers.com Copyright © The Paypers
Update on developments in online payments Vol. 5 Issue 20, 14 Dec 2012 educate and provide cost effective quality solutions to these smaller merchants to equip created using digital identity can reach EUR 1 trillion in Europe by 2020, which is 8 percent them in the fight to maintain security and ultimately their business. of the combined GDP of the EU-27. For European businesses and governments, the use of personal data will deliver an annual benefit of EUR 330 billion by 2020. For individuals, the value is expected to reach EUR 670 billion. That is why organisations need to take into “We have started off with the big retailers and we’ve gone down to the next account the growth opportunity and make the benefits of digital identity applications very level and now we’re getting down to the smaller merchants. The brands don’t clear to consumers. Moreover, they need to adopt the new digital identity paradigm of differentiate between the big and small merchants when there’s a data breach, responsibility, transparency and user control and promote a reliable flow of data. they just come in and hit you. For smaller merchants it’s end of game.” Jeremy King, European Director of the PCI Council On the other hand, the report mentions that, currently, most consumers are not aware of what happens to their online data. Results show that only 30 percent have a relatively The Verizon 2012 Data Breach Investigations Report found that 96% of the breach victims comprehensive understanding of which sectors are collecting and using their information. investigated were not PCI DSS compliant when they were last assessed. Perhaps this is Individuals with higher-than-average awareness of data uses require 26 percent more because compliance measures are complicated for the average retailer, especially the benefit in return for sharing their data. Additionally, few individuals are in control of their technical network specifications referred to in self-assessment questionnaires. digital identity. Only 10 percent of respondents have admitted doing six or more out of eight common privacy-protecting activities such as private browsing, disabling cookies, opt Security can’t be achieved through regulation and enforcement alone, it needs to be -in/out and other. Yet, consumers who are able to manage and protect their privacy are up adopted as a culture in business with all parties including banks, acquirers or merchants to 52 percent more willing to share information than those who aren’t in control of their adopting a collaborative approach to help themselves and their customers. Only when this digital data. This is mostly because they can adapt their data sharing to their individual is achieved will we be in a position to be truly secure. preferences. Digital identity: valuable resource for organisations, major concern Consumer’s trust in sharing personal data also varies per sectors. Thus, consumers are on for consumers? average 30 percent more willing to share data when it comes to e-commerce companies, cable operators and automobile manufacturers than Web 2.0 communities. Findings In a digital society where people all over the world need to process, exchange and check unveil that control is important to consumers (82 percent) and convenience as well (63 data at a faster pace, electronic identity has become commonplace. However, this is percent). Overall, given proper privacy controls and sufficient benefits, most consumers undoubtedly associated with a series of risks and companies as well as individuals are are willing to share their personal data with public and private- sector organisations. often concerned about having their privacy invaded or losing control over their own The BCG report aims to define what digital identity is, quantifies the current and potential electronic data. economic value of digital identity for organisations and consumers, identifies important trends and offers a set of guiding principles that could help responsible organisations According to “The Value of our digital identity” report by Boston Consulting Group (BCG) benefit from the value of digital identity. digital data is already a driving force for the entire economy. Data reveals that the value 4|7 www.thepaypers.com Copyright © The Paypers
Update on developments in online payments Vol. 5 Issue 20, 14 Dec 2012 card data theft risks. In the last couple of years the PCI Council has also supported the Expert Opinion approach and called it Point to Point Encryption (P2PE) or end to end encryption. Stopping "Dexter" malware stealing credit card data from the POS Merchants, need to addresses this risk by encrypting the payment card data before it even By Mark Bower, Voltage Security gets to the POS. This might be in the card reader, a reading pin pad, or even inside a reading "sled" or "wedge" attached to the POS. If POS is breached, the data will be useless Mark Bower is a data protection expert and VP of product to the attacker. On the other hand, the secure card readers are very, very difficult to attack management for data-centric security leader Voltage Security. He and do not store live data to steal: they encrypt it and pass it up the payment process to has more than two decades of experience in data protection area. the POS. If tampered with they are designed to destroy their contents. His expertise spans electronic banking, smartcard payment systems, Public Key Infrastructure, identity management systems The trick is getting it right so that even though the data is protected and secure, it's still and cloud security for the commercial and government sectors. compatible to the payment applications in the merchants systems and applications in the POS itself to permit regular POS functions to continue without change. That's where Voltage Security is the world leader in data-centric security and simplified key format preserving encryption (FPE) comes in - NIST recognized FFX mode AES in particular. management for combating new and emerging security threats. With innovative, powerful With FPE, the data stays protected from the moment it is captured as its read or entered. and easy-to-use solutions for protecting sensitive data (including end-to-end encryption, tokenization, data-masking, email, file, cloud and mobile), Voltage customers can The magnetic stripe data and track information (Track 1, Track 2 or even EMV data) or effectively address global privacy regulations and best practices. Customers include a third manually entered credit card numbers are all protected while retaining the track structure, of the world’s 20 largest organizations and a wide variety of industries including payments, PAN format and integrity. To the POS, it still looks and feels like cardholder data, so low financial, retail, insurance, healthcare, e-commerce. impact to the way customer payments are handled. To the merchant the PCI DSS scope is dramatically reduced, the whole POS is potentially out of scope. To an attacker, there's There is new malware on the loose targeting merchant point of sale systems (POS), often nothing of value to steal. called checkouts, electronic cash registers (ECR) or tills. Apparently, the impact of this new "Dexter" virus is perceived worldwide. POS systems are often the weak link in the chain "Dexter" would get nothing but useless encrypted data. Only the other "end" of the and the choice of malware. They should be isolated from other networks, but they are payment process, usually an acquirer after the payment data has passed through switches, often connected. And, as a checkout in constant use, they are less frequently patched and gateways, networks and applications, can decrypt the data. For post authorization updated and thus vulnerable to all types of malware. The good news is that savvy processes, a token might be returned to the merchant for storage and re-use in merchants are already tackling this risk and giving the malware nothing to steal through applications and databases without needing live PAN data again. Some larger merchants solutions that also have a dramatic cost reducing benefit to PCI compliance. may also want to decrypt and tokenize in house so they are independent of acquirers. This new kind of attack requires a service which allows merchants to brush off such credit 5|7 www.thepaypers.com Copyright © The Paypers
Update on developments in online payments Vol. 5 Issue 20, 14 Dec 2012 The Guardian recognizes latest opportunities & challenges in the Expert Opinion evolving payments environment Metamorphosis in the fraud world By Deya Innab, EastNets Guardian supplement tackles innovation in payments Deya Innab is Product Development Manager for EastNets. She has worked for KPMG as UK daily news provider The Guardian has released its latest Innovation in Payments report, Advisory Services Senior Manager and has over 16 years of experience in software a multi-page overview mapping out the changes, trends and opportunities in the global development and design, IT and project management, and business development. payments industry. EastNets, a provider of global compliance and payment solutions and services with over The Innovations in Payments report draws on the comment of leading industry experts to 1,000 customers in 120 countries, provides compliance solutions including anti-money examine what developments are on the horizon and how these are likely to affect the laundering and anti-fraud, Resilient SWIFT Solutions for SWIFT FIN/XML reporting, payments landscape. Distributed both as an insert and in electronic format, the report duplicate detection management, disaster recovery and outsourced SWIFT connectivity provides an overview of the constantly evolving payments industry and the way it with its SWIFT Service Bureau and Mobile Remittances Solutions enabling secure, influences and changing the way consumers buy. compliant mobile remittances. The Guardian has been a top provider of daily news since 1821 and has recently exceeded Fraud is an evolving world. Creativity in inventing fraud trends has no limits and it keeps 11.8 million unique visitors in the US alone, overtaking even the BBC. Its Innovation in developing. Creating fraud preventive procedures, controls, regulations and systems is Payments supplement has a circulation of over 214,000 copies and has been distributed very challenging. It is like creating a viral vaccine to a virus that metamorphoses and keeps both as an insert in The Guardian and in electronic format, made available to the transforming to create new immunity lines. Guardian’s readership of 1.1 million and beyond. Even the term fraud has come to encompass many forms of misconduct. Although the You can download a copy of the report here legal definition of fraud is very specific for most people, the common usage is much broader and generally covers any attempt to deceive another party to gain a benefit. Financial institution fraud, mobile fraud, health care fraud, identity theft, padded expense reports, mortgage fraud, theft of inventory by employees, manipulated financial statements, insider trading. The range of possible fraud schemes is large, but at their core, all of these acts involve a violation of trust. It is this violation, perhaps even more than the resulting financial loss that makes such crimes so harmful. One of the most critical and challenging fraud 6|7 www.thepaypers.com Copyright © The Paypers
Update on developments in online payments Vol. 5 Issue 20, 14 Dec 2012 schema is the internal fraud, also known as occupational fraud; “The use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of When we talk about establishing healthy anti-fraud framework the Prevention should take the employing organization’s resources or assets." Different studies showed that more precedence over detection. What we mean by fraud prevention is creating a work than 50% of fraud attempts are committed by people already working within an environment that values honesty. This includes hiring honest people, paying them organization and usually act alone. These fraud attempts account for more than a half of competitively, treating them fairyland providing a safe and secure workplace with strong the total fraud losses and only 1/3 of internal fraud attempts is actually detected. It is internal controls. For us to be able to have a preventive mechanism to minimize internal known that the finance and insurance sector remains particularly vulnerable to fraud fraud, it is needed to understand the behaviours and the circumstances around the committed by external parties, typically involved credit cards, lending fraud and fake internal fraud cases and try to eliminate the leakage points. insurance claims. Nevertheless, the largest fraud attempts where “inside jobs”; theft of Fraud Preventive Solutions cash, diversion of sales and cheque tampering were the main employee frauds by value. The fact that the regulations related to different schemas of fraud are very limited makes Why do people commit fraud? the exercise of creating an effective and healthy anti-fraud platform very challenging. There is no single reason behind fraud and any explanation of it needs to take into account When we look at anti-fraud solutions for financial institutions and corporates in the 80 various factors and that is what makes it very difficult to prevent and/or detect. A common countries that we serve, we look to build a solution that can be configured by building model that brings together a number of different aspects is the fraud triangle. This model customized scenarios around the internal systems and processes for each organization to is built on the premise that fraud is likely to result from a combination of three factors: give strong internal control. In addition, an integrated framework enables financial motivation, opportunity and rationalization. institutions to aggregate data and processes across fraud and AML silos to improve business insight and streamline operational efficiencies. Motivation is typically based on either greed or need. In terms of opportunity, fraud is more likely to happen in companies where there is a weak internal control system, poor security over company property, little fear of exposure and likelihood of detection, or About: Online Paypers is a bi-weekly update on developments in online payments by The Paypers, the portal for unclear policies with regard to acceptable behaviour. As for rationalization, some people payment professionals. may be able to rationalize fraudulent actions as: Necessary especially when done for Editors: Adriana Screpnic, Mihaela Mihaila, Ionela Barbuta and Melisande Mual. business, Harmless because the victim is large enough to absorb the impact or Justified Website: For more information, please visit our websites: www.thepaypers.com ‘because the victim deserved it’ or ‘because I was misused.’ Contact: For more information, you can contact us at: info@thepaypers.com Organizations have realized that internal fraud is a main driver in overall financial Subscription info: Online Paypers is a product of The Paypers and is published 24 times per year. Year subscription price: €495 institution losses, it is emerging almost daily, it has a significant financial consequences and it is a driver for reputational damage. Because of all of this and more, organizations Copyright: 2011 © The Paypers. All rights reserved. Reproduction or redistribution in any form without explicit prior written permission of The Paypers is prohibited. invest heavily in adopting anti-fraud framework that provides a healthy environment. This framework has to be continuously developing to compete with the daily emerging frauds Disclaimer: The Paypers sees to the utmost reliability of all its news products. Nevertheless we do not accept any responsibility for any possible inaccuracies. world. 7|7 www.thepaypers.com Copyright © The Paypers

Recommended

Neira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira Jones
 
Wk White Paper
Wk White PaperWk White Paper
Wk White PaperCreus Moreira Carlos
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity EssayMichael Solomon
 
Dr K Subramanian
Dr K SubramanianDr K Subramanian
Dr K Subramanianeletseditorial
 
טכנולוגיות אבטחת מערכות מידע
טכנולוגיות אבטחת מערכות מידעטכנולוגיות אבטחת מערכות מידע
טכנולוגיות אבטחת מערכות מידעIsrael Export Institute_מכון היצוא
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...DFLABS SRL
 
Under Lock And Key
Under Lock And KeyUnder Lock And Key
Under Lock And KeyYarko Petriw
 
White Paper: Mobile Security
White Paper: Mobile SecurityWhite Paper: Mobile Security
White Paper: Mobile SecurityRogers Communications
 

Recommended

Neira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira Jones
 
Wk White Paper
Wk White PaperWk White Paper
Wk White PaperCreus Moreira Carlos
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity EssayMichael Solomon
 
Dr K Subramanian
Dr K SubramanianDr K Subramanian
Dr K Subramanianeletseditorial
 
טכנולוגיות אבטחת מערכות מידע
טכנולוגיות אבטחת מערכות מידעטכנולוגיות אבטחת מערכות מידע
טכנולוגיות אבטחת מערכות מידעIsrael Export Institute_מכון היצוא
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...DFLABS SRL
 
Under Lock And Key
Under Lock And KeyUnder Lock And Key
Under Lock And KeyYarko Petriw
 
White Paper: Mobile Security
White Paper: Mobile SecurityWhite Paper: Mobile Security
White Paper: Mobile SecurityRogers Communications
 
Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilityDFickett
 
Calculating the Real ROI of Implementing a Biometridc Authentic Solution
Calculating the Real ROI of Implementing a Biometridc Authentic SolutionCalculating the Real ROI of Implementing a Biometridc Authentic Solution
Calculating the Real ROI of Implementing a Biometridc Authentic SolutionSamsung SDS America
 
SAS Forum India: Big Data, Big Analytics & Bad Behaviour - Fighting Financial...
SAS Forum India: Big Data, Big Analytics & Bad Behaviour - Fighting Financial...SAS Forum India: Big Data, Big Analytics & Bad Behaviour - Fighting Financial...
SAS Forum India: Big Data, Big Analytics & Bad Behaviour - Fighting Financial...SAS Institute India Pvt. Ltd
 
SAS Fraud Framework for Insurance
SAS Fraud Framework for InsuranceSAS Fraud Framework for Insurance
SAS Fraud Framework for Insurancestuartdrose
 
DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFLABS SRL
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for InsuranceAccenture Insurance
 
IRJET - BI: Blockchain in Insurance
IRJET - BI: Blockchain in InsuranceIRJET - BI: Blockchain in Insurance
IRJET - BI: Blockchain in InsuranceIRJET Journal
 
Asset 1 security-in-the-cloud
Asset 1 security-in-the-cloudAsset 1 security-in-the-cloud
Asset 1 security-in-the-clouddrewz lin
 
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsWhitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsJason Dover
 
The 10 most trusted authentication solution providers 2018
The 10 most trusted authentication solution providers 2018The 10 most trusted authentication solution providers 2018
The 10 most trusted authentication solution providers 2018Insights success media and technology pvt ltd
 
The 10 most innovative compliance assessment service provider 2021(1) compressed
The 10 most innovative compliance assessment service provider 2021(1) compressedThe 10 most innovative compliance assessment service provider 2021(1) compressed
The 10 most innovative compliance assessment service provider 2021(1) compressedinsightssuccess2
 
Countering Cross-Channel Fraud Threats
Countering Cross-Channel Fraud ThreatsCountering Cross-Channel Fraud Threats
Countering Cross-Channel Fraud ThreatsVivastream
 
SYMCAnnual
SYMCAnnualSYMCAnnual
SYMCAnnualfinance40
 
Kpmgsam Maturity Survey Oct08 123675516403 Phpapp01
Kpmgsam Maturity Survey Oct08 123675516403 Phpapp01Kpmgsam Maturity Survey Oct08 123675516403 Phpapp01
Kpmgsam Maturity Survey Oct08 123675516403 Phpapp01Vicky Makhija
 
SAS for Claims Fraud
SAS for Claims FraudSAS for Claims Fraud
SAS for Claims Fraudstuartdrose
 
Mobile Banking Security Risks and Consequences iovation2015
Mobile Banking Security Risks and Consequences iovation2015Mobile Banking Security Risks and Consequences iovation2015
Mobile Banking Security Risks and Consequences iovation2015TransUnion
 
Debunking Myths for Cyber-Insurance
Debunking Myths for Cyber-InsuranceDebunking Myths for Cyber-Insurance
Debunking Myths for Cyber-InsurancePriyanka Aash
 
Biometrics: A New Wrinkle Changes the Authentication Landscape
Biometrics: A New Wrinkle Changes the Authentication Landscape Biometrics: A New Wrinkle Changes the Authentication Landscape
Biometrics: A New Wrinkle Changes the Authentication Landscape mercatoradvisory
 
Entrust Physical & Logical Access Solutions
Entrust Physical & Logical Access SolutionsEntrust Physical & Logical Access Solutions
Entrust Physical & Logical Access SolutionsEntrust Datacard
 
Cyber
Cyber Cyber
Cyber Alberto Peñaranda Echevarría
 
The Smart Approach To Pci DSS Compliance – Braintree White Paper
The Smart Approach To Pci DSS Compliance – Braintree White PaperThe Smart Approach To Pci DSS Compliance – Braintree White Paper
The Smart Approach To Pci DSS Compliance – Braintree White PaperBen Rothke
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Ahmed Al Enizi
 

More Related Content

What's hot

Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilityDFickett
 
Calculating the Real ROI of Implementing a Biometridc Authentic Solution
Calculating the Real ROI of Implementing a Biometridc Authentic SolutionCalculating the Real ROI of Implementing a Biometridc Authentic Solution
Calculating the Real ROI of Implementing a Biometridc Authentic SolutionSamsung SDS America
 
SAS Forum India: Big Data, Big Analytics & Bad Behaviour - Fighting Financial...
SAS Forum India: Big Data, Big Analytics & Bad Behaviour - Fighting Financial...SAS Forum India: Big Data, Big Analytics & Bad Behaviour - Fighting Financial...
SAS Forum India: Big Data, Big Analytics & Bad Behaviour - Fighting Financial...SAS Institute India Pvt. Ltd
 
SAS Fraud Framework for Insurance
SAS Fraud Framework for InsuranceSAS Fraud Framework for Insurance
SAS Fraud Framework for Insurancestuartdrose
 
DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFLABS SRL
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for InsuranceAccenture Insurance
 
IRJET - BI: Blockchain in Insurance
IRJET - BI: Blockchain in InsuranceIRJET - BI: Blockchain in Insurance
IRJET - BI: Blockchain in InsuranceIRJET Journal
 
Asset 1 security-in-the-cloud
Asset 1 security-in-the-cloudAsset 1 security-in-the-cloud
Asset 1 security-in-the-clouddrewz lin
 
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsWhitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsJason Dover
 
The 10 most innovative compliance assessment service provider 2021(1) compressed
The 10 most innovative compliance assessment service provider 2021(1) compressedThe 10 most innovative compliance assessment service provider 2021(1) compressed
The 10 most innovative compliance assessment service provider 2021(1) compressedinsightssuccess2
 
Countering Cross-Channel Fraud Threats
Countering Cross-Channel Fraud ThreatsCountering Cross-Channel Fraud Threats
Countering Cross-Channel Fraud ThreatsVivastream
 
Kpmgsam Maturity Survey Oct08 123675516403 Phpapp01
Kpmgsam Maturity Survey Oct08 123675516403 Phpapp01Kpmgsam Maturity Survey Oct08 123675516403 Phpapp01
Kpmgsam Maturity Survey Oct08 123675516403 Phpapp01Vicky Makhija
 
SAS for Claims Fraud
SAS for Claims FraudSAS for Claims Fraud
SAS for Claims Fraudstuartdrose
 
Mobile Banking Security Risks and Consequences iovation2015
Mobile Banking Security Risks and Consequences iovation2015Mobile Banking Security Risks and Consequences iovation2015
Mobile Banking Security Risks and Consequences iovation2015TransUnion
 
Debunking Myths for Cyber-Insurance
Debunking Myths for Cyber-InsuranceDebunking Myths for Cyber-Insurance
Debunking Myths for Cyber-InsurancePriyanka Aash
 
Biometrics: A New Wrinkle Changes the Authentication Landscape
Biometrics: A New Wrinkle Changes the Authentication Landscape Biometrics: A New Wrinkle Changes the Authentication Landscape
Biometrics: A New Wrinkle Changes the Authentication Landscape mercatoradvisory
 
Entrust Physical & Logical Access Solutions
Entrust Physical & Logical Access SolutionsEntrust Physical & Logical Access Solutions
Entrust Physical & Logical Access SolutionsEntrust Datacard
 

What's hot (20)

Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liability
 
Calculating the Real ROI of Implementing a Biometridc Authentic Solution
Calculating the Real ROI of Implementing a Biometridc Authentic SolutionCalculating the Real ROI of Implementing a Biometridc Authentic Solution
Calculating the Real ROI of Implementing a Biometridc Authentic Solution
 
SAS Forum India: Big Data, Big Analytics & Bad Behaviour - Fighting Financial...
SAS Forum India: Big Data, Big Analytics & Bad Behaviour - Fighting Financial...SAS Forum India: Big Data, Big Analytics & Bad Behaviour - Fighting Financial...
SAS Forum India: Big Data, Big Analytics & Bad Behaviour - Fighting Financial...
 
SAS Fraud Framework for Insurance
SAS Fraud Framework for InsuranceSAS Fraud Framework for Insurance
SAS Fraud Framework for Insurance
 
DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance
 
IRJET - BI: Blockchain in Insurance
IRJET - BI: Blockchain in InsuranceIRJET - BI: Blockchain in Insurance
IRJET - BI: Blockchain in Insurance
 
Asset 1 security-in-the-cloud
Asset 1 security-in-the-cloudAsset 1 security-in-the-cloud
Asset 1 security-in-the-cloud
 
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsWhitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant Environments
 
The 10 most trusted authentication solution providers 2018
The 10 most trusted authentication solution providers 2018The 10 most trusted authentication solution providers 2018
The 10 most trusted authentication solution providers 2018
 
The 10 most innovative compliance assessment service provider 2021(1) compressed
The 10 most innovative compliance assessment service provider 2021(1) compressedThe 10 most innovative compliance assessment service provider 2021(1) compressed
The 10 most innovative compliance assessment service provider 2021(1) compressed
 
Countering Cross-Channel Fraud Threats
Countering Cross-Channel Fraud ThreatsCountering Cross-Channel Fraud Threats
Countering Cross-Channel Fraud Threats
 
SYMCAnnual
SYMCAnnualSYMCAnnual
SYMCAnnual
 
Kpmgsam Maturity Survey Oct08 123675516403 Phpapp01
Kpmgsam Maturity Survey Oct08 123675516403 Phpapp01Kpmgsam Maturity Survey Oct08 123675516403 Phpapp01
Kpmgsam Maturity Survey Oct08 123675516403 Phpapp01
 
SAS for Claims Fraud
SAS for Claims FraudSAS for Claims Fraud
SAS for Claims Fraud
 
Mobile Banking Security Risks and Consequences iovation2015
Mobile Banking Security Risks and Consequences iovation2015Mobile Banking Security Risks and Consequences iovation2015
Mobile Banking Security Risks and Consequences iovation2015
 
Debunking Myths for Cyber-Insurance
Debunking Myths for Cyber-InsuranceDebunking Myths for Cyber-Insurance
Debunking Myths for Cyber-Insurance
 
Biometrics: A New Wrinkle Changes the Authentication Landscape
Biometrics: A New Wrinkle Changes the Authentication Landscape Biometrics: A New Wrinkle Changes the Authentication Landscape
Biometrics: A New Wrinkle Changes the Authentication Landscape
 
Entrust Physical & Logical Access Solutions
Entrust Physical & Logical Access SolutionsEntrust Physical & Logical Access Solutions
Entrust Physical & Logical Access Solutions
 
Cyber
Cyber Cyber
Cyber
 

Similar to The paypers Vol 5.

The Smart Approach To Pci DSS Compliance – Braintree White Paper
The Smart Approach To Pci DSS Compliance – Braintree White PaperThe Smart Approach To Pci DSS Compliance – Braintree White Paper
The Smart Approach To Pci DSS Compliance – Braintree White PaperBen Rothke
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Ahmed Al Enizi
 
The Essence of Online ID Verification for Enhanced User Authentication.pdf
The Essence of Online ID Verification for Enhanced User Authentication.pdfThe Essence of Online ID Verification for Enhanced User Authentication.pdf
The Essence of Online ID Verification for Enhanced User Authentication.pdfIDMERIT IDMERIT
 
Cyber Threat Management Services
Cyber Threat Management ServicesCyber Threat Management Services
Cyber Threat Management ServicesMarlabs
 
Payment card industry data security standard
Payment card industry data security standardPayment card industry data security standard
Payment card industry data security standardsallychiu
 
A Case Study on Payment Card Industry Data Security Standards
A Case Study on Payment Card Industry Data Security StandardsA Case Study on Payment Card Industry Data Security Standards
A Case Study on Payment Card Industry Data Security StandardsVictor Oluwajuwon Badejo
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
Third party risk management with cyber threat intelligence
Third party risk management with cyber threat intelligenceThird party risk management with cyber threat intelligence
Third party risk management with cyber threat intelligenceCharles Steve
 
Data Breaches Preparedness (Credit Union Conference Session)
Data Breaches Preparedness (Credit Union Conference Session)Data Breaches Preparedness (Credit Union Conference Session)
Data Breaches Preparedness (Credit Union Conference Session)NAFCU Services Corporation
 
The 10 most trusted authentication solution providers of 2021
The 10 most trusted authentication solution providers of 2021The 10 most trusted authentication solution providers of 2021
The 10 most trusted authentication solution providers of 2021CIO Look Magazine
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
 
IDC - Security : From Pain To Empowerment
IDC - Security : From Pain To EmpowermentIDC - Security : From Pain To Empowerment
IDC - Security : From Pain To EmpowermentBee_Ware
 
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...Entrust Datacard
 
PCI DSS Slidecast
PCI DSS SlidecastPCI DSS Slidecast
PCI DSS SlidecastRobertXia
 
The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services OfferedRachel Anne Carter
 
Fraud Prevention - Experian
Fraud Prevention - ExperianFraud Prevention - Experian
Fraud Prevention - ExperianAlex Robbins
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaIBM Danmark
 
Enhancing Authentication to Secure the Open Enterprise
Enhancing Authentication to Secure the Open EnterpriseEnhancing Authentication to Secure the Open Enterprise
Enhancing Authentication to Secure the Open EnterpriseSymantec
 
8 Reasons You Should Switch to Biometrics Authentication for Digital Onboarding
8 Reasons You Should Switch to Biometrics Authentication for Digital Onboarding8 Reasons You Should Switch to Biometrics Authentication for Digital Onboarding
8 Reasons You Should Switch to Biometrics Authentication for Digital OnboardingPanamax, Inc
 
Big Data Analytics Solutions
Big Data Analytics SolutionsBig Data Analytics Solutions
Big Data Analytics Solutionsharman041
 

Similar to The paypers Vol 5. (20)

The Smart Approach To Pci DSS Compliance – Braintree White Paper
The Smart Approach To Pci DSS Compliance – Braintree White PaperThe Smart Approach To Pci DSS Compliance – Braintree White Paper
The Smart Approach To Pci DSS Compliance – Braintree White Paper
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
 
The Essence of Online ID Verification for Enhanced User Authentication.pdf
The Essence of Online ID Verification for Enhanced User Authentication.pdfThe Essence of Online ID Verification for Enhanced User Authentication.pdf
The Essence of Online ID Verification for Enhanced User Authentication.pdf
 
Cyber Threat Management Services
Cyber Threat Management ServicesCyber Threat Management Services
Cyber Threat Management Services
 
Payment card industry data security standard
Payment card industry data security standardPayment card industry data security standard
Payment card industry data security standard
 
A Case Study on Payment Card Industry Data Security Standards
A Case Study on Payment Card Industry Data Security StandardsA Case Study on Payment Card Industry Data Security Standards
A Case Study on Payment Card Industry Data Security Standards
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
 
Third party risk management with cyber threat intelligence
Third party risk management with cyber threat intelligenceThird party risk management with cyber threat intelligence
Third party risk management with cyber threat intelligence
 
Data Breaches Preparedness (Credit Union Conference Session)
Data Breaches Preparedness (Credit Union Conference Session)Data Breaches Preparedness (Credit Union Conference Session)
Data Breaches Preparedness (Credit Union Conference Session)
 
The 10 most trusted authentication solution providers of 2021
The 10 most trusted authentication solution providers of 2021The 10 most trusted authentication solution providers of 2021
The 10 most trusted authentication solution providers of 2021
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
IDC - Security : From Pain To Empowerment
IDC - Security : From Pain To EmpowermentIDC - Security : From Pain To Empowerment
IDC - Security : From Pain To Empowerment
 
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
 
PCI DSS Slidecast
PCI DSS SlidecastPCI DSS Slidecast
PCI DSS Slidecast
 
The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services Offered
 
Fraud Prevention - Experian
Fraud Prevention - ExperianFraud Prevention - Experian
Fraud Prevention - Experian
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio Panada
 
Enhancing Authentication to Secure the Open Enterprise
Enhancing Authentication to Secure the Open EnterpriseEnhancing Authentication to Secure the Open Enterprise
Enhancing Authentication to Secure the Open Enterprise
 
8 Reasons You Should Switch to Biometrics Authentication for Digital Onboarding
8 Reasons You Should Switch to Biometrics Authentication for Digital Onboarding8 Reasons You Should Switch to Biometrics Authentication for Digital Onboarding
8 Reasons You Should Switch to Biometrics Authentication for Digital Onboarding
 
Big Data Analytics Solutions
Big Data Analytics SolutionsBig Data Analytics Solutions
Big Data Analytics Solutions
 

More from EastNets

EastNets Company Profile 2014
EastNets Company Profile 2014EastNets Company Profile 2014
EastNets Company Profile 2014EastNets
 
EastNets Team in Jordan. Token of appreciation
EastNets Team in Jordan. Token of appreciationEastNets Team in Jordan. Token of appreciation
EastNets Team in Jordan. Token of appreciationEastNets
 
EastNets Company Profile 2012
EastNets Company Profile 2012EastNets Company Profile 2012
EastNets Company Profile 2012EastNets
 
At EastNets: Employees are also Partners in growth - Retention initiatives pr...
At EastNets: Employees are also Partners in growth - Retention initiatives pr...At EastNets: Employees are also Partners in growth - Retention initiatives pr...
At EastNets: Employees are also Partners in growth - Retention initiatives pr...EastNets
 
EastNets Key Milestones
EastNets Key MilestonesEastNets Key Milestones
EastNets Key MilestonesEastNets
 
EastNets filtering brochure in Spanish
EastNets filtering brochure in SpanishEastNets filtering brochure in Spanish
EastNets filtering brochure in SpanishEastNets
 
EastNets en.SafeWatch Profiling in Spanish - Brochure
EastNets en.SafeWatch Profiling in Spanish - BrochureEastNets en.SafeWatch Profiling in Spanish - Brochure
EastNets en.SafeWatch Profiling in Spanish - BrochureEastNets
 
EastNets Resilient SWIFT Solutions
EastNets Resilient SWIFT SolutionsEastNets Resilient SWIFT Solutions
EastNets Resilient SWIFT SolutionsEastNets
 
en.Recovery
en.Recoveryen.Recovery
en.RecoveryEastNets
 
EastNets Compliance Solutions
EastNets Compliance SolutionsEastNets Compliance Solutions
EastNets Compliance SolutionsEastNets
 
EastNets Academy
EastNets AcademyEastNets Academy
EastNets AcademyEastNets
 
EastNets en.MoRe - Mobile Remittance Solution
EastNets en.MoRe - Mobile Remittance SolutionEastNets en.MoRe - Mobile Remittance Solution
EastNets en.MoRe - Mobile Remittance SolutionEastNets
 
EastNets at Sibos 2011
EastNets at Sibos 2011EastNets at Sibos 2011
EastNets at Sibos 2011EastNets
 
East Nets Overview 2011
East Nets Overview 2011East Nets Overview 2011
East Nets Overview 2011EastNets
 

More from EastNets (14)

EastNets Company Profile 2014
EastNets Company Profile 2014EastNets Company Profile 2014
EastNets Company Profile 2014
 
EastNets Team in Jordan. Token of appreciation
EastNets Team in Jordan. Token of appreciationEastNets Team in Jordan. Token of appreciation
EastNets Team in Jordan. Token of appreciation
 
EastNets Company Profile 2012
EastNets Company Profile 2012EastNets Company Profile 2012
EastNets Company Profile 2012
 
At EastNets: Employees are also Partners in growth - Retention initiatives pr...
At EastNets: Employees are also Partners in growth - Retention initiatives pr...At EastNets: Employees are also Partners in growth - Retention initiatives pr...
At EastNets: Employees are also Partners in growth - Retention initiatives pr...
 
EastNets Key Milestones
EastNets Key MilestonesEastNets Key Milestones
EastNets Key Milestones
 
EastNets filtering brochure in Spanish
EastNets filtering brochure in SpanishEastNets filtering brochure in Spanish
EastNets filtering brochure in Spanish
 
EastNets en.SafeWatch Profiling in Spanish - Brochure
EastNets en.SafeWatch Profiling in Spanish - BrochureEastNets en.SafeWatch Profiling in Spanish - Brochure
EastNets en.SafeWatch Profiling in Spanish - Brochure
 
EastNets Resilient SWIFT Solutions
EastNets Resilient SWIFT SolutionsEastNets Resilient SWIFT Solutions
EastNets Resilient SWIFT Solutions
 
en.Recovery
en.Recoveryen.Recovery
en.Recovery
 
EastNets Compliance Solutions
EastNets Compliance SolutionsEastNets Compliance Solutions
EastNets Compliance Solutions
 
EastNets Academy
EastNets AcademyEastNets Academy
EastNets Academy
 
EastNets en.MoRe - Mobile Remittance Solution
EastNets en.MoRe - Mobile Remittance SolutionEastNets en.MoRe - Mobile Remittance Solution
EastNets en.MoRe - Mobile Remittance Solution
 
EastNets at Sibos 2011
EastNets at Sibos 2011EastNets at Sibos 2011
EastNets at Sibos 2011
 
East Nets Overview 2011
East Nets Overview 2011East Nets Overview 2011
East Nets Overview 2011
 

The paypers Vol 5.

  • 1. Update on developments in online payments Vol. 5 Issue 20, 14 Dec 2012 News Verizon, Criterion Systems to develop e-identity solu- tions for online security 1 Expert Opinion by Phoenix Managed Networks 2 Expert Opinion by Voltage Security 5 Expert Opinion by EastNets 6 The Guardian supplement tackles innovation in pay- ments 6 Key Trends in financial crime, risk and compliance for IN THE NEWS 2013 Visa, banks tap India's biometric ID system for new Investment in handling financial crime and compliance will remain a high priority in 2013, account a recent survey on key security trends for 2013 unveils. According to research by Detica Visa has teamed up with a group of five Indian banks to tap into the government's Adhaar NetReveal, a business division of BAE Systems Detica, fraud management is a key area with national identity system, which uses fingerprint and iris biometric information to verify 86 percent of respondents forecasting budget growth (as compared to 45 percent in 2012 users and authorise payments. Read more and 47 percent in 2011) and highlighting the application process, payments, the online channel and insider fraud as priority areas of focus. Read more miiCard releases DirectID Check for SMBs ControlScan, Foregenix to enter EMEA alliance UK-based online identity verification service miiCard has released the DirectID Check, a US-based PCI compliance services provider ControlScan and Foregenix, a UK-based digital hosted identity service for small and medium-sized businesses (SMBs) that require identity forensics company, have entered a strategic alliance to deliver technology solutions to proofing of clients. Read more acquiring banks and merchant service providers working with small and mid-sized businesses (SMBs) across Europe, the Middle East and Africa. Read more Verizon, Criterion Systems to develop e-identity ReD, TeleSign to deliver authentication solutions to Red solutions for online security Shield customers Verizon Wireless, a US mobile telecommunications network and wireless phone provider, UK payment fraud prevention company ReD has entered a partnership with TeleSign, a and Criterion Systems, an IT services company, have joined forces to develop a pilot provider of internet fraud prevention and intelligent authentication. As part of the program to test new solutions that will create a new online identity system. Read more agreement, TeleSign's data and authentication products will be integrated and made available to customers of the ReD Shield fraud prevention service. Read more 1|7 www.thepaypers.com Copyright © The Paypers
  • 2. Update on developments in online payments Vol. 5 Issue 20, 14 Dec 2012 The Paypers introduces the Web Fraud Prevention & E-Identity Expert Opinion Market Guide 2012 Who cares about protecting small merchants from a security breach By Alan Stephenson-Brown, Phoenix Managed Networks The Paypers has made available the first edition of the Web Fraud Prevention & E-Identity With over 25 years of experience in the global payments industry, Alan has Market Guide 2012, a complete insight into the e-identity and web fraud ecosystem, a wealth of knowledge on the payments industry gained through high mapping out ongoing initiatives, success stories and main industry players in this market. level roles within internationally recognised companies including TNS, HSBC and Tuxedo. In 1997, Alan joined Transaction Networks Services The Web Fraud Prevention & E-Identity Market Guide 2012 is aimed at online merchants, (TNS) where he was one of the founders of the UK business and ultimately banks, payment service providers, regulators, MNOs, technology companies, payments became Global VP Business Development, with responsibility for processors and suppliers, who are keen on keeping up to date with latest security trends expanding the business internationally and researching new initiatives. and innovative fraud prevention techniques. Phoenix Managed Networks is a global provider of payments communication, payment The first edition of the guide comprises valuable input from industry stakeholders and gateway and payment support services, delivering a state-of-the-art, reliable and cost associations, expert views, customer cases and exposés from industry experts and thought effective solution connecting retailers with the world's banks, acquirers and processors. leaders as well as detailed company profiles of the web fraud/e-identity services Founded in January 2010 with its global headquarters located in Reston, Va., Phoenix has providers. Additionally, all service providers will be listed in a new, enhanced online been highly successful in advocating a combination of quality, innovation and company profiles database, complete with keywords, company logo and advanced search uncompromising customer care. functionality. Alan Stephenson-Brown, UK Managing Director for Phoenix Managed Networks believes The Web Fraud Prevention & E-identity Market Guide 2012 was developed as a response that a multi layered approach to security is required across the board to improve current to the increasing number of fraudulent activities which can affect all businesses and practices. Segregating card data at a merchant’s site is best practice but it’s only one of a consumers that use the internet and mobile channel to interact, engage in online large number of security issues that need to be addressed. Merchants need to know how transactions activities, access and manage their finances and online identities. Thus, online to be secure and the education process required in order to be able to implement this merchants and payment professionals all over the world will gain access to a valuable level of security needs to start with acquirers, the PCI council and government bodies resource which provides a complete insight into the e-identity and web fraud landscape. getting more involved. The 2012 Guide is endorsed by The Merchant Risk Council (MRC), a merchant-led trade Security is not just for merchants and card users to take care of; central governments at association focused on electronic commerce risk and payment strategies. both the national and European level as well as the payments industry should step up. 2|7 www.thepaypers.com Copyright © The Paypers
  • 3. Update on developments in online payments Vol. 5 Issue 20, 14 Dec 2012 A 2011 report by Trustwave showed that 90% of incidents where card data is legislation globally makes the process fragmented - legislation for breach announcements compromised have occurred in level 4 merchant environments, typically small to medium as a deterrent should be universal as fraud is global and fraud rings see no boundaries. sized businesses. Large organisations are better educated, funded and resourced so it is This fragmentation when reporting breaches globally presents a false perception of where increasingly harder for criminals to target them, although they are not immune as the problems are occurring. demonstrated by high profile data breaches. It is smaller merchants that are being targeted and the payments industry needs to help these vulnerable merchants now. In the rest of the world breaches can be brushed under the carpet… Currently in the UK and Europe there is no legal requirement for the greater majority of Regularly speaking to retailers has enabled Mr. Stephenson-Brown to get a better businesses to declare breaches; that does not mean they don’t happen. According to UK understanding of the traumas that PCI compliance causes them. At a recent Association of Fraud Statistics in 2010 more than EUR 417.5 million in the UK card fraud was detected. Convenience Store (ACS) conference one retailer has declared that the prospect of not The problem the industry currently faces is the fact that smaller retailers do not being compliant, suffering a breach and the potential reputational damage that would understand the need of increased security. follow, causes him sleepless nights. The fact that customers may find out about security breaches could be crippling to his reputation – even though there is no legal obligation to The new European Data Protection Regulation due in 2014 will give the card schemes report them. additional back up to enforce the fines which are presently seen as hollow threats; this is a step in the right direction but there needs to be another message alongside it. Others are overwhelmed by the complexities of achieving compliance. Another retailer recently asked Mr. Stephenson-Brown about a letter he had received from his bank It needs to be clear that best practice security measures for the payments environment is informing him that he wasn’t PCI compliant and should he not rectify this he would be good business and will go a long way to protect a business holistically. It shouldn’t be penalised – they had no idea of the full implications of PCI compliance, how important it is treated as a task where a merchant does as much as they are obliged to and nothing more. and the severe financial impact to their business, should they suffer a data breach. The Too many merchants are unaware of their obligations to PCI DSS or demonstrate apathy reality is they are not alone, far too many businesses take far too few steps towards towards the risk they are susceptible to by not adhering to these measures. adequately securing their payment and non-payment systems. Merchants found in breach of PCI can be fined GBP1000 per card breached – it takes A key problem facing the payments security industry in Europe is the lack of publicity minutes to steal thousands of card details electronically; the ramifications for a small when compared to other countries such as the US business can be crippling. This is not necessarily the fault of the small merchants who were One of the key differences is the relationship between merchants, banks, government and not the initial focus for the PCI council following the inception in 2004 of the Payments the requirements imposed upon merchants and payment service providers to publicise Card Industry Data Security Standards (PCI DSS). such breaches. Merchants think that there isn’t a problem in the UK as they never hear about it – this In the US, California was the first state to legislate for publicising data breaches in 2003, an couldn’t be further from the truth. Fraudsters are now targeting small, local, independent example now replicated by 38 of the 50 states. This is encouraging but the differences in businesses and the PCI council, banks, acquirers and security vendors have a duty to 3|7 www.thepaypers.com Copyright © The Paypers
  • 4. Update on developments in online payments Vol. 5 Issue 20, 14 Dec 2012 educate and provide cost effective quality solutions to these smaller merchants to equip created using digital identity can reach EUR 1 trillion in Europe by 2020, which is 8 percent them in the fight to maintain security and ultimately their business. of the combined GDP of the EU-27. For European businesses and governments, the use of personal data will deliver an annual benefit of EUR 330 billion by 2020. For individuals, the value is expected to reach EUR 670 billion. That is why organisations need to take into “We have started off with the big retailers and we’ve gone down to the next account the growth opportunity and make the benefits of digital identity applications very level and now we’re getting down to the smaller merchants. The brands don’t clear to consumers. Moreover, they need to adopt the new digital identity paradigm of differentiate between the big and small merchants when there’s a data breach, responsibility, transparency and user control and promote a reliable flow of data. they just come in and hit you. For smaller merchants it’s end of game.” Jeremy King, European Director of the PCI Council On the other hand, the report mentions that, currently, most consumers are not aware of what happens to their online data. Results show that only 30 percent have a relatively The Verizon 2012 Data Breach Investigations Report found that 96% of the breach victims comprehensive understanding of which sectors are collecting and using their information. investigated were not PCI DSS compliant when they were last assessed. Perhaps this is Individuals with higher-than-average awareness of data uses require 26 percent more because compliance measures are complicated for the average retailer, especially the benefit in return for sharing their data. Additionally, few individuals are in control of their technical network specifications referred to in self-assessment questionnaires. digital identity. Only 10 percent of respondents have admitted doing six or more out of eight common privacy-protecting activities such as private browsing, disabling cookies, opt Security can’t be achieved through regulation and enforcement alone, it needs to be -in/out and other. Yet, consumers who are able to manage and protect their privacy are up adopted as a culture in business with all parties including banks, acquirers or merchants to 52 percent more willing to share information than those who aren’t in control of their adopting a collaborative approach to help themselves and their customers. Only when this digital data. This is mostly because they can adapt their data sharing to their individual is achieved will we be in a position to be truly secure. preferences. Digital identity: valuable resource for organisations, major concern Consumer’s trust in sharing personal data also varies per sectors. Thus, consumers are on for consumers? average 30 percent more willing to share data when it comes to e-commerce companies, cable operators and automobile manufacturers than Web 2.0 communities. Findings In a digital society where people all over the world need to process, exchange and check unveil that control is important to consumers (82 percent) and convenience as well (63 data at a faster pace, electronic identity has become commonplace. However, this is percent). Overall, given proper privacy controls and sufficient benefits, most consumers undoubtedly associated with a series of risks and companies as well as individuals are are willing to share their personal data with public and private- sector organisations. often concerned about having their privacy invaded or losing control over their own The BCG report aims to define what digital identity is, quantifies the current and potential electronic data. economic value of digital identity for organisations and consumers, identifies important trends and offers a set of guiding principles that could help responsible organisations According to “The Value of our digital identity” report by Boston Consulting Group (BCG) benefit from the value of digital identity. digital data is already a driving force for the entire economy. Data reveals that the value 4|7 www.thepaypers.com Copyright © The Paypers
  • 5. Update on developments in online payments Vol. 5 Issue 20, 14 Dec 2012 card data theft risks. In the last couple of years the PCI Council has also supported the Expert Opinion approach and called it Point to Point Encryption (P2PE) or end to end encryption. Stopping "Dexter" malware stealing credit card data from the POS Merchants, need to addresses this risk by encrypting the payment card data before it even By Mark Bower, Voltage Security gets to the POS. This might be in the card reader, a reading pin pad, or even inside a reading "sled" or "wedge" attached to the POS. If POS is breached, the data will be useless Mark Bower is a data protection expert and VP of product to the attacker. On the other hand, the secure card readers are very, very difficult to attack management for data-centric security leader Voltage Security. He and do not store live data to steal: they encrypt it and pass it up the payment process to has more than two decades of experience in data protection area. the POS. If tampered with they are designed to destroy their contents. His expertise spans electronic banking, smartcard payment systems, Public Key Infrastructure, identity management systems The trick is getting it right so that even though the data is protected and secure, it's still and cloud security for the commercial and government sectors. compatible to the payment applications in the merchants systems and applications in the POS itself to permit regular POS functions to continue without change. That's where Voltage Security is the world leader in data-centric security and simplified key format preserving encryption (FPE) comes in - NIST recognized FFX mode AES in particular. management for combating new and emerging security threats. With innovative, powerful With FPE, the data stays protected from the moment it is captured as its read or entered. and easy-to-use solutions for protecting sensitive data (including end-to-end encryption, tokenization, data-masking, email, file, cloud and mobile), Voltage customers can The magnetic stripe data and track information (Track 1, Track 2 or even EMV data) or effectively address global privacy regulations and best practices. Customers include a third manually entered credit card numbers are all protected while retaining the track structure, of the world’s 20 largest organizations and a wide variety of industries including payments, PAN format and integrity. To the POS, it still looks and feels like cardholder data, so low financial, retail, insurance, healthcare, e-commerce. impact to the way customer payments are handled. To the merchant the PCI DSS scope is dramatically reduced, the whole POS is potentially out of scope. To an attacker, there's There is new malware on the loose targeting merchant point of sale systems (POS), often nothing of value to steal. called checkouts, electronic cash registers (ECR) or tills. Apparently, the impact of this new "Dexter" virus is perceived worldwide. POS systems are often the weak link in the chain "Dexter" would get nothing but useless encrypted data. Only the other "end" of the and the choice of malware. They should be isolated from other networks, but they are payment process, usually an acquirer after the payment data has passed through switches, often connected. And, as a checkout in constant use, they are less frequently patched and gateways, networks and applications, can decrypt the data. For post authorization updated and thus vulnerable to all types of malware. The good news is that savvy processes, a token might be returned to the merchant for storage and re-use in merchants are already tackling this risk and giving the malware nothing to steal through applications and databases without needing live PAN data again. Some larger merchants solutions that also have a dramatic cost reducing benefit to PCI compliance. may also want to decrypt and tokenize in house so they are independent of acquirers. This new kind of attack requires a service which allows merchants to brush off such credit 5|7 www.thepaypers.com Copyright © The Paypers
  • 6. Update on developments in online payments Vol. 5 Issue 20, 14 Dec 2012 The Guardian recognizes latest opportunities & challenges in the Expert Opinion evolving payments environment Metamorphosis in the fraud world By Deya Innab, EastNets Guardian supplement tackles innovation in payments Deya Innab is Product Development Manager for EastNets. She has worked for KPMG as UK daily news provider The Guardian has released its latest Innovation in Payments report, Advisory Services Senior Manager and has over 16 years of experience in software a multi-page overview mapping out the changes, trends and opportunities in the global development and design, IT and project management, and business development. payments industry. EastNets, a provider of global compliance and payment solutions and services with over The Innovations in Payments report draws on the comment of leading industry experts to 1,000 customers in 120 countries, provides compliance solutions including anti-money examine what developments are on the horizon and how these are likely to affect the laundering and anti-fraud, Resilient SWIFT Solutions for SWIFT FIN/XML reporting, payments landscape. Distributed both as an insert and in electronic format, the report duplicate detection management, disaster recovery and outsourced SWIFT connectivity provides an overview of the constantly evolving payments industry and the way it with its SWIFT Service Bureau and Mobile Remittances Solutions enabling secure, influences and changing the way consumers buy. compliant mobile remittances. The Guardian has been a top provider of daily news since 1821 and has recently exceeded Fraud is an evolving world. Creativity in inventing fraud trends has no limits and it keeps 11.8 million unique visitors in the US alone, overtaking even the BBC. Its Innovation in developing. Creating fraud preventive procedures, controls, regulations and systems is Payments supplement has a circulation of over 214,000 copies and has been distributed very challenging. It is like creating a viral vaccine to a virus that metamorphoses and keeps both as an insert in The Guardian and in electronic format, made available to the transforming to create new immunity lines. Guardian’s readership of 1.1 million and beyond. Even the term fraud has come to encompass many forms of misconduct. Although the You can download a copy of the report here legal definition of fraud is very specific for most people, the common usage is much broader and generally covers any attempt to deceive another party to gain a benefit. Financial institution fraud, mobile fraud, health care fraud, identity theft, padded expense reports, mortgage fraud, theft of inventory by employees, manipulated financial statements, insider trading. The range of possible fraud schemes is large, but at their core, all of these acts involve a violation of trust. It is this violation, perhaps even more than the resulting financial loss that makes such crimes so harmful. One of the most critical and challenging fraud 6|7 www.thepaypers.com Copyright © The Paypers
  • 7. Update on developments in online payments Vol. 5 Issue 20, 14 Dec 2012 schema is the internal fraud, also known as occupational fraud; “The use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of When we talk about establishing healthy anti-fraud framework the Prevention should take the employing organization’s resources or assets." Different studies showed that more precedence over detection. What we mean by fraud prevention is creating a work than 50% of fraud attempts are committed by people already working within an environment that values honesty. This includes hiring honest people, paying them organization and usually act alone. These fraud attempts account for more than a half of competitively, treating them fairyland providing a safe and secure workplace with strong the total fraud losses and only 1/3 of internal fraud attempts is actually detected. It is internal controls. For us to be able to have a preventive mechanism to minimize internal known that the finance and insurance sector remains particularly vulnerable to fraud fraud, it is needed to understand the behaviours and the circumstances around the committed by external parties, typically involved credit cards, lending fraud and fake internal fraud cases and try to eliminate the leakage points. insurance claims. Nevertheless, the largest fraud attempts where “inside jobs”; theft of Fraud Preventive Solutions cash, diversion of sales and cheque tampering were the main employee frauds by value. The fact that the regulations related to different schemas of fraud are very limited makes Why do people commit fraud? the exercise of creating an effective and healthy anti-fraud platform very challenging. There is no single reason behind fraud and any explanation of it needs to take into account When we look at anti-fraud solutions for financial institutions and corporates in the 80 various factors and that is what makes it very difficult to prevent and/or detect. A common countries that we serve, we look to build a solution that can be configured by building model that brings together a number of different aspects is the fraud triangle. This model customized scenarios around the internal systems and processes for each organization to is built on the premise that fraud is likely to result from a combination of three factors: give strong internal control. In addition, an integrated framework enables financial motivation, opportunity and rationalization. institutions to aggregate data and processes across fraud and AML silos to improve business insight and streamline operational efficiencies. Motivation is typically based on either greed or need. In terms of opportunity, fraud is more likely to happen in companies where there is a weak internal control system, poor security over company property, little fear of exposure and likelihood of detection, or About: Online Paypers is a bi-weekly update on developments in online payments by The Paypers, the portal for unclear policies with regard to acceptable behaviour. As for rationalization, some people payment professionals. may be able to rationalize fraudulent actions as: Necessary especially when done for Editors: Adriana Screpnic, Mihaela Mihaila, Ionela Barbuta and Melisande Mual. business, Harmless because the victim is large enough to absorb the impact or Justified Website: For more information, please visit our websites: www.thepaypers.com ‘because the victim deserved it’ or ‘because I was misused.’ Contact: For more information, you can contact us at: info@thepaypers.com Organizations have realized that internal fraud is a main driver in overall financial Subscription info: Online Paypers is a product of The Paypers and is published 24 times per year. Year subscription price: €495 institution losses, it is emerging almost daily, it has a significant financial consequences and it is a driver for reputational damage. Because of all of this and more, organizations Copyright: 2011 © The Paypers. All rights reserved. Reproduction or redistribution in any form without explicit prior written permission of The Paypers is prohibited. invest heavily in adopting anti-fraud framework that provides a healthy environment. This framework has to be continuously developing to compete with the daily emerging frauds Disclaimer: The Paypers sees to the utmost reliability of all its news products. Nevertheless we do not accept any responsibility for any possible inaccuracies. world. 7|7 www.thepaypers.com Copyright © The Paypers