Friday, April 7, 2017

Security Threats Facing Online Payment Gateways


[Guest Post by Arthur Jones]
Most experts agree: it is a brave new world for payment gateway providers, which presents both opportunities and challenges. For nearly a decade, cyber security professionals have been warning about the ongoing rise of cybercrime. Agencies like the FBI regularly put out reports detailing the threats to the financial services industry, in particular. As outlets like TechRepublic have reported, this trend is only going to continue, and we may see record levels of cybercrime activity this year.
What kind of threats can we expect to face for online payment gateways? Let’s look at some major security challenges and how they may be addressed payment gateway providers as they continue to innovate and remain competitive in the marketplace.
Information Attacks
It is safe to say that a data breach is one of the most serious threats for payment gateways. Attacks like these can come in many different forms, and because they are smaller and require fewer resources, they are easier to carry out and occur much more frequently. If an attacker gets their hands on sensitive financial information, the losses can be catastrophic, putting companies at the risk of irreparable damage to customer trust.
There are many ways for attackers to breach a system. Phishing attacks consist of fake emails that can trick users into opening harmful links and installing malware or giving up sensitive information. Such attacks can open up system vulnerabilities, giving attackers access to valuable information.
Untrustworthy insiders can also get access to sensitive information and compromise security systems from within the business. Or hackers can gain access to sensitive systems through security breaches in compromised hardware and software.
Credit Card Fraud
Payment gateway providers may be concerned about threats to their internal data systems, but there are external threats to take into account as well. Attackers use skimming devices and other technologies all of the time, which can steal credit card information wherever a credit card is used. After this sensitive information is acquired, attackers can commit credit card fraud wherever they please, which can go undetected until banks or card holders notice suspicious activity related to any compromised accounts.
This is a sort of “death by a thousand cuts” threat for payment providers, as constant small attacks on credit card holders’ information can result in the gradual erosion of customer trust.
DDoS Attacks
Distributed denial of service (DDoS) attacks are a little trickier to deal with, as they can be very powerful and destructive on a systematic level. DDoS attacks are becoming more sophisticated, in that the attackers are finding specific structural weaknesses in internet infrastructure, and then exploiting those weaknesses to bring down large and powerful institutions. Additionally, the expanding internet of things (IoT) makes it much easier for attackers to use internet-connected devices like appliances, TVs, security cameras, and other machines to flood servers with requests, which crashes them.
Typically, only the largest financial institutions are targeted by these attacks. However, hackers are increasingly attacking broader internet structures like the DNS system, which can crash a wide range of businesses’ websites that are using the infrastructure. Fortunately, large attacks such as these have been less frequent, and most payment gateway companies will not have to deal with attacks like these as much. Nevertheless, a downed server poses a threat for payment gateway providers if they’re not able to process transactions in a timely manner.
Safer Transactions
It is important for cyber security professionals, payment gateway providers, and other financial services businesses to continue to develop secure technologies to protect their systems and data. The most promising avenues include advanced encryption, tokenization, and authentication methods, which go a long way towards cutting down on common cyber-attacks. The Payment Card Industry Data Security Standard (PCI DSS) is a powerful industry-wide tool to increase security with, and innovation in this field is welcome as well. Further, proper employee training can go a long way to reduce risk exposure. Ultimately, payment gateway providers and other tech and financial services businesses who innovate in these areas will come out stronger in the future.


Author Bio: Arthur Jones is a consultant for Allied Wallet. He is an innovator in eCommerce services and everything a company needs for success including a global payment gateway system, a prepaid affiliate debit card program, and much more. Arthur has extensive experience in the eCommerce and merchant services industry, and regularly writes about it for interested readers.


IMAGES: