Securing the payments ecosystem
Why cybersecurity should be your top priority.
Donna Brennan
Director, Visa Business Solutions, Global Public Sector
Donna Brennan
Director, Visa Business Solutions, Global Public Sector
New market participants, technology advances, and progressively interconnected networks have transformed how payments are processed today. But with that growth comes an ever-pressing threat: the acceleration of cybercrimes. Since the pandemic, both the public and private sectors have seen large-scale cyberattacks, putting their security, reputation, operations, and sensitive data at risk. At the beginning of 2022, a total of 48 government organizations from 21 countries were affected by 13 ransomware gangs.
"75% of security failures by 2023 will result from inadequate management of identities, access, and privileges." EY
While malware and ransomware attacks are not a new phenomenon, their threat and scale has grown in light of the interconnected functionality of the payments ecosystem today. High-profile breaches have underscored how institutions can be targeted and highlighted what is at stake for governments and the public sector. For tech company SolarWinds, their security breach was undetected within the firm for months, and 18,000 of their customers became vulnerable to hackers. Last year’s attack on Colonial Pipeline led to a state of emergency being declared, with 100 gigabytes of data stolen within a two-hour timeframe.
of data stolen within a two-hour timeframe
Cyberattacks are becoming more frequent, targeted, and complex. And yet many endpoints within the public sector and governments remain unprepared to adequately defend themselves. In a recent EY study outlining the top pressing cyber trends, it was noted that 75% of security failures by 2023 will be due to inadequate management of identities, access, and privileges. The overall cyber planning and strategy could be stronger too, with EY research highlighting that federal, state, and local agencies are all at differing stages of cloud adoption – with most yet to implement data-protective cloud security controls.
With the payments ecosystem evolving to span public and private networks, there’s urgency for governments to secure and protect with a proper national cyber defense. But what is most at risk – and which areas need increased support?
The scale and vulnerabilities of payments networks today
Payment volumes are accelerating as payment types continue to evolve – and the networks facilitating them are increasingly collaborative and interconnected. The results of these advancements show what’s at play, but also spotlight what’s most at risk. Cloud-based and Open Banking technologies have led to an increased demand for vigilant security measures, as IT departments work to balance wide implementation of innovative solutions with customer data security across multiple systems.
Visa’s annual report highlights the scale at which payment volumes have increased in the past fiscal year alone. The numbers speak for themselves: a 10.4 trillion payments volume (an increase of 18% from the year prior), along with 164.7 billion processed transactions (17% increase), and 3.7 billion Visa credentials used worldwide.
With so many payments being made, the threat of a cyberattack is colossal to governments and public networks. To counteract a security breach, public sector and government IT teams must defend three key areas:
ACCELERATING GROWTH
Powering small and medium-sized businesses (SMBs) in the digital-first world ➔
Download: Growth Corporates Working Capital Index ➔
White paper: Facilitating a new era in spend management ➔
High-spending SMEs - an opportunity uncovered ➔
Fulfilling the potential of commercial cards in Central Europe, the Middle East, and Africa ➔
Are small businesses weathering the storm? ➔
Security and operations
A myriad of interconnected automated endpoints are at risk both internally and externally, and public networks and governments now must consider attacks from foreign governments, the general hacking community, and careless internal insiders. There’s a crucial need to continuously monitor transactions and promptly identify fraud patterns and trends before security is compromised.
Intelligence and intellectual property
Though the payments ecosystem is more advanced than ever, security still needs to catch up. To do this effectively, greater coordination and transparency is needed between the public and private sectors. Without the end-to-end technology supporting the payments ecosystem working at the highest efficacy level, every player remains vulnerable.
Financial security
Looking at the costs around cybercrime underscores the scale at which it is growing. Costs are predicted to reach more than $10 trillion by 2025, which is more than triple the figure for 2015. Last year’s figure of $6 trillion would mean that the proceeds from cybercrime make it the third largest economy on the planet after the US and China. To significantly reduce overall risk, shifting investment from maintenance and operations to intelligence and technology that protect vulnerable endpoints from ongoing threats is paramount.
Last year’s figure of $6 trillion would mean that the proceeds from cybercrime make it the third largest economy on the planet after the US and China.
The role that the government can play
In today’s payment ecosystems, a threat to one is a threat to all. And while the idea of collaboration in cybersecurity might not be a new concept, it is one that is growing in importance with every major attack. To thrive amidst today’s climate, a sufficient government cyber defense will need to be unified, involve public-private partnerships and require cooperation through equal investments in technology.
Leadership and proactive measures made in the government and public sector to secure the ecosystem will reduce the threat of impact to constituents. Public and private collaboration, alongside security experts, will enable the public sector and governments to establish a consistent standard; with the upfront investment far outweighing the expense of falling victim to future attacks and downstream implications.
The trademarks and copyrights not attributed to Visa are the property of their respective owners.
This blog contains forward-looking statements within the meaning of the U.S. Private Securities Litigation Reform Act of 1995 that relate to, among other things, [our future operations, prospects, developments, strategies, business growth and financial outlook]. Forward-looking statements generally are identified by words such as "believes," "estimates," "expects," "intends," "may," "projects," “could," "should," "will," "continue" and other similar expressions. All statements other than statements of historical fact could be forward-looking statements, which speak only as of the date they are made, are not guarantees of future performance and are subject to certain risks, uncertainties and other factors, many of which are beyond our control and are difficult to predict. We describe risks and uncertainties that could cause actual results to differ materially from those expressed in, or implied by, any of these forward-looking statements in our filings with the SEC. Except as required by law, we do not intend to update or revise any forward-looking statements as a result of new information, future events or otherwise.
Sources
Cyble — Cyberattacks on Government Machinery
What Is the SolarWinds Hack and Why Is It a Big Deal? (businessinsider.com)
Colonial Pipeline Cyber Attack: Hackers Used Compromised Password - Bloomberg
Top government and public sector cyber trends | EY - US
2022 Key Trends in Public Security | Capgemini
Cybersecurity and the government | Deloitte Insights