At the Mobile World Congress 2016 in Barcelona, Eugene Kaspersky and Sandra Alzetta of VISA held a roundtable conversation devoted to the financial security and other related questions.
Of course, VISA is working hard on securing every transaction, because — citing Alzetta — if one doesn’t feel their payments are secure one simply won’t pay no matter how convenient it may feel for them. Alzetta also pointed out that VISA has to constantly emphasize the security of each piece of new technology. The reason for this is that if they cannot assure their customers of security, the customers can become quite anxious about adoption.VISA is developing it’s own security technologies and is also consulting with security companies like Kaspersky Lab to ensure that customers’ money stays safe. That requires continuous improvement because cybercriminals are getting smarter and are constantly seeking for security flaws to exploit them and get their hands on the thing they are hunting for — your hard earned money.
Sandra Alzetta on Kaspersky "Internet of Threats" panel, discussing how #tokenisation can keep card data safe #MWC16 pic.twitter.com/yT1AnxJ6CZ
— Visa Europe News (@VisaEuropeNews) February 22, 2016
As Kaspersky points out, financial cybercrime has significantly changed during the past several years. In the early days of financial cybercrime, cybercriminals primarily targeted personal computers in order to compromise someone’s banking accounts and simply steal someone’s money, now they’ve moved to targeting the corporate sector.
Of course, there are still loads of criminals hunting for some individual’s money, but last year showed that there’s also heavy artillery such as Metel or GCMan groups that have successfully stole millions from the banks directly. Not to mention the Carbanak group that has even targeted not only the banks and financial companies but almost every organization they were able to breach.
Full report on the #Carbanak APT is now live http://t.co/KRmjD1GhyL via @Securelist pic.twitter.com/5OMzJE0DgS
— Kaspersky Lab (@kaspersky) February 16, 2015
These attacks are significantly more complex and smart than the plain and simple phishing used for targeting individuals, because they involve a lot of social engineering, stealthy lateral movement through the banks’ networks and compromising the back-end computers using specially crafted malware.
Mr. Kaspersky thinks that the secure world lies on the three wales: security solutions, law enforcement and awareness. There already are good security solutions for critical infrastructure, personal computers and mobile devices. For example, VISA is working on tokens that would be used on the Internet instead of the sensitive data such as the user credentials or the credit card data.
If a cybercriminal would successfully hack a website, the only things they’ll get would be the tokens working only on that particular site, while the users’ credit card data would remain safe and sound. As Ms. Alzetta says, the only way for VISA to ensure the security of online payments is to be at least one step ahead of the cybercriminals, and that can be achieved only by improving the technology.
We at Kaspersky Lab have our own security solutions for online banking such as, for example, the Safe Money feature in Kaspersky Internet Security. On the corporate side we are cooperating with the financial companies to advise them and develop solutions such as anti-fraud systems and technologies for secure transactions.
Kaspersky Lab also works closely with the law enforcement agencies in order to — as Mr. Kaspersky says – control the number of cybercriminals. And, of course, to make sure they go to jail.
As for the awareness, Kaspersky thinks that people are already aware that there are serious threats for their PC security and consider a good security solution for their computers as a must have. The Chernobyl malware outbreak has played a huge part in that: when hundreds of thousands of computers have been physically damaged back in 1998, it was a shock for the society. And that shock made people realise that a computers must be secured.
There still was no shock for the mobile industry, which is why mobile security is generally neglected by individuals. Readers of our blog are ahead of the curve and know that there are serious mobile threats such as Asacub, and even during the Mobile World Congress 2016 Kaspersky Lab has revealed the research on Acecard — the mobile banking trojan capable of overlaying more than 30 banking apps with phishing screens. And once there certainly will be a mobile threat that would infect millions of devices — and that, Kaspersky believes, would be the time when people realise that mobile security is as crucial as PC security.
#Android trump card: Acecard https://t.co/yHxyACMslU #banking pic.twitter.com/DmnUAOJvSM
— Kaspersky Lab (@kaspersky) February 22, 2016
Interestingly enough, Alzetta and Kaspersky have different personal approaches to mobile payment security. While Ms. Alzetta uses NFC payments 6-7 times a day, Mr. Kaspersky NEVER uses them at all. Ok, partly because his main phone is a good old Sony Ericsson (yet he has a modern smartphone too).
How safe can Apple Pay really be? http://t.co/1y1TG0Tlsw pic.twitter.com/S9GP0E6rmZ via @gizmodo
— Kaspersky Lab (@kaspersky) September 11, 2014
Meanwhile MWC 2016 has just started and we sure will have more interesting content for you that you would be able to find using this tag. Stay tuned!