Mitigating Security Risks in Payments Industry: Challenges and Way Forward

Rinku Sharma, Executive Vice President & Chief Compliance Officer, GE Capital | Thursday, 28 December 2017, 06:33 IST

The advancement of technology in recent times has brought the world closer together and helped solve some of our greatest challenges. While doing so, it has also evoked a series of risks for the payment industry.

The path to profitability for card issuers has not been an easy one with a growing number of roadblocks and barriers.

Credit card data privacy breaches continue to be a significant and dynamic risk to financial institutions. Emerging privacy threats and the solutions required to mitigate them are increasingly complex and demand continuous monitoring. To secure and maintain customers’ trust, financial institutions must prevent, detect and respond to data risk in an agile manner through risk management technologies and predictive analytics.

In addition to the active prevention and monitoring of fraudulent activity, issuers must deploy strong, comprehensive data security and robust governance models to protect the sensitive data of their customers. The number of customer data breaches has outpaced the current information security models intended to ensure safety of information.

IT department of any financial institution must ensure that the organization follows various industry regulations designed to keep sensitive customer data safe - an increasingly difficult task in today's digital, mobile, app-filled world.

So, what are some of the biggest challenges that the organizations face today in the digitally advanced world?

Employees: Employees play a key role in protecting a company's sensitive data. It's important to educate all employees on different ways information can be misused through various methods and how they can prevent this by exercising caution like protecting company data displayed on a laptop with a privacy filter or how to recognize phishing attacks, to help mitigate any risk.

Having updated security policies that are understandable to employees is crucial. Information security policies should cover the creation, transmission, transport and retention of information; when and how information can be disposed of or removed from company servers/ storage; remote, wireless, electronic and physical access to the corporate network; and security precautions to use while traveling.

Laptops: To avoid the potential theft of data, provide travel laptops to employees and create specific information security policies to protect the network from cyber infiltration. Travel laptops fully capable of executing vital business functions but stripped of proprietary, sensitive or secure information can mitigate risk of infiltration.

Mobile Devices: Mobile devices also pose serious security and compliance risks. Regulated data isn't subject to a lower standard of protection just because it ends up on a mobile device.

Therefore, it is critical that preventive measures should be taken to restrict unauthorized access to company data should a mobile device be lost or stolen. It is best for security purposes to have a company mobile standard.

Third-Party Apps: The biggest compliance-related issue facing companies today is the threat caused by the use of unseen third-party solutions including devices and apps. Often these apps or solutions are out of the organization's control, causing the IT department a major headache. The best medicine to cure the headache? Educate end users

Hence, information security and governance framework have to evolve to meet today’s sophisticated threats. The current solutions need to be re-assessed, relative to their current value proposition so that they are aligned with and strengthen the company’s governance and compliance frameworks. With that in mind, organizations need to adopt a forward looking plan taking the above challenges into account. They need to prepare to manage and mitigate the escalating security, compliance and operational risks.

They need to broaden the scope of security and risk mitigation programs so they encompass the entirety of their environment. Arealistic, proactive approach to cyber security and compliance will go a long in ensuring sustainable growth and profitability in a secure and risk- free manner.

Last but not the least, in addition to the security and risk mitigation programs, ensuring ethical practices, strong governance mechanisms and compliance with all regulatory and legal requirements is increasingly becoming crucial to an industry that’s evolving at a rapid pace. High ethical standards and good governance have come to be recognized as an asset to the company, and conversely, unethical behavior, a liability.

Don't Miss ( 1-5 of 25 )