Have online payment systems fallen behind the times in 2017?

We’ve entered 2017; driverless cars are on the horizon, VR and AI are expected to go from strength to strength and black market criminals continue to use tighter security than global payment systems. The latter may come as some surprise on the surface. Yet, whilst many banks require just a password to authorise transactions, two-factor authentication (2FA) is now a standard practice on the ‘dark web.’

This is a worrying enough premise, especially when we consider the fact that, despite decades of discouragement, “123456”, “password” and “12345678” are still the most popular consumer passwords in use (according to SplashData’s annual list).

[easy-tweet tweet=”even if you set a complex password, and regularly change this, hackers can still intercept them using malware.” hashtags=”#Security #Password”]

But here’s what consumers don’t realise: even if you set a complex password, and regularly change this, hackers can still intercept them using malware. These passwords are then instantly made available on massive online databases. For determined criminals, passwords are no more a barrier than a padlock on suitcase.

What can be done? For a start, 2FA of any kind will markedly improve upon having just a password, because it requires users to provide twice the information (factors) for verification. Typically, the two factors are a password and a one-time code sent by SMS or email. Sometimes, a push notification, key fob, or fingerprint scan serve as the second factor.

Anything to do with payment transactions would logically be the last place where you would hope to find that a username and password alone are enough to facilitate a transaction. Sadly, that’s not the case.

Payment systems without two-factor authentication allow for hackers to easily change the notification settings and transfer controls before filling their pockets. When the account holder finally detects the fraudulent activity days, or even, weeks may have passed. 2FA solutions would help to deflect more attacks, and properly implemented cloud based solutions would even be able to alert the account holder of any suspicious activity.

As has proven to be true for consumer payment systems, many business payment systems also remain equally unprotected. Payroll systems often permit wire transfers with no more than a password. In a large enterprise, a hacker could easily add a fake payee to the payroll or accounts payable with little trouble and could then direct this money into an illicit account. 2FA would make this kind of action much more difficult, if not altogether impossible.

As we head into 2017, there are positive signs. Interbank payment systems are continuing to become more secure and 2FA continues to become a more common practice for a broad spectrum of companies. But there is still a long way to go before the threat of online cybercrime subsides. In fact, as recent security breaches at the likes of Tesco and Three Mobile have highlighted, cybercrime continues to evolve and dominate headlines.

SWIFT, the international payment network, relies on public key infrastructure (PKI) and hardware 2FA to start a terminal session. In 2017, this represents the absolute minimum level of security that a bank payment system should look to implement. As in the case with SWIFT, this level of security means that individual transactions merely require the equivalent of a password, leaving active sessions vulnerable to remote access or abuse, which we witnessed in the 2016 Bangladesh Bank Heist.

Now compare SWIFT to the cryptocurrency space. Bitcoin is not regulated or protected by traditional fraud insurance and yet Coinbase, the global market leader in buying and selling Bitcoin, mandates 2FA for its nearly 3 million users to protect their accounts.

In 2017 companies involved in online payments need to ensure that they are sufficiently protecting their customers. Without two-factor authentication, it’s not a question of if, but when hackers will break through.

Featured image credit to Lobster.media

+ posts


Related articles

Need to reduce software TCO? Focus on people

Investing in software is undoubtedly important for enterprises to stay ahead. However, the process is rarely a simple task for CIOs and IT leaders.

The future of cloud and edge optimisation

As more enterprises use multi-cloud and hybrid infrastructures, the danger of cost overruns and loss of control increases.

Here is how to stage a public cloud migration

As the relationships between CSPs and cloud providers are deepening, CSPs need to develop a clear strategy on how they add value to customer relationships.

The future of work is collaborative

As hybrid work models continue to gain traction, businesses will need to start implementing collaborative tools and processes to meet the needs and expectations of the upcoming workforce, seamlessly integrating them into existing workflows to enhance productivity and performance. Innovations in technology, including AI and machine learning, mean that organisations are in a better position than ever to shape the collaborative future of work – and with the right support in place, they can ensure that these digital tools continue to bring out the best in their workforce for years to come.

How Business Data Can Be Protected, Even with Remote Workers

According to a study conducted by OwlLabs, approximately 69% of survey respondents worked remotely during the pandemic or are now working from home since.


Please enter your comment!
Please enter your name here

Subscribe to our Newsletter