LLOYDS BANK CARDNET VIEW WEBINAR€¦ · LLOYDS BANK CARDNET VIEW WEBINAR Cyber Security: Safeguarding Online Sales 10am, Tuesday 14th July, 2015. I" 2 PRESENTATION BY Phil Thomas
Post on 17-Jun-2020
1 Views
Preview:
Transcript
LLOYDS BANK CARDNET VIEW WEBINAR
Cyber Security: Safeguarding Online Sales 10am, Tuesday 14th July, 2015
I
2
PRESENTATION BY Phil Thomas Head of Product, Lloyds Bank Cardnet
LLOYDS BANK CARDNET VIEW Cyber Security: Safeguarding Online Sales
INTRODUCTION BY Aidene Walsh Managing Director, Lloyds Bank Cardnet
FACILITATED BY Juliet Mann Journalist and Presenter
SPECIAL GUEST Dr. Branden R. Williams CTO, Cyber Security Solutions, First Data
SPECIAL GUEST Paul Young Director, Cyber Risk Services, Deloitte
CONTEXT CURRENT TRENDS IN CYBER CRIME
3
6% Rise in total fraud losses on
UK cards in 2014
CARD FRAUD
4
35m Card payments made every day in
UK in 2014
14% Rise in e-commerce fraud in 2014
Sources: UK Card Associa2on, Financial Fraud UK
I
5
Organised Criminals
• Organised networks of criminals, increasingly capable • ‘Foot-soldiers’ non-violent but technically capable • Motives: financial and sometimes political
• Typically young, socially isolated, intelligent, and still growing their knowledge and skills • Motives: fun / challenge, moving to financial
• Highly capable teams with large amounts of funding • Some highly advanced monitoring and attack methods • Motives: geo-political
Hacktivists
Nation State / Spies
• Individuals or groups engaging in disruptive or damaging attacks • Motives: political or ‘ethical’ in their view
Script-kiddies
WHO ARE THE ATTACKERS?
VICTIMS OF CYBER ATTACKS
6
USA Target
Staples
The Home Depot
Neiman Marcus
MULTINATIONAL EA Games
JP Morgan
Sony Pictures
Mandarin Oriental Hotel Group
Ebay
YouTube
7m UK cards compromised by data breaches over last three years
SIZE & SCOPE OF CYBER CRIME
7
93% of large UK businesses have
suffered information security breach
£1.46m Average cost of security breach for companies with more than 500 employees
£27bn Cost of cyber crime to UK economy each year
Sources: Na2onal Security Strategy, UK Department of Business, Innova2on & Skills, Worldpay
8
19 Dec 2013 – 10 Jan 2014. Target make multiple public announcements. Intense and prolific media coverage exposed the data breach
Financial costs of managing breach $248m. Further legal
costs and fines
May 2014. CEO resigns. Brand damaged, reduced
operating margin and devalued assets
98m customers impacted
40m payment card details stolen 12 Dec 2013.
DoJ notifies Target of suspicious activity on payment cards
12 Nov 2013. Fazio system used to gain access to Target billing and invoicing system
‘RAM scraping malware’ deployed on Target Systems, including POS systems that record payment card transactions
Internal security warnings about malware were ignored
Internal security warnings about data loss were ignored
Malware installed on Fazio Mechanical Services system
(HVAC supplier to Target)
Stolen customer card and personal data extracted and transmitted to external servers
CASE STUDY TARGET BREACH
UK CASE STUDIES
9
10
COMMON THREATS
Infected malware Hacking into networks over WiFi Hacking into servers
POINT-OF-SALE ATTACKS
11
PCI DSS Requirements:
• maintaining firewalls • protecting stored data • encrypting transmission of data • updating anti-virus software • secure systems and applications • need-to-know restrictions on data access • unique IDs • regular monitoring and testing • maintaining information security policy
REGULATIONS
12
NEW PAYMENT METHODS IMPLICATIONS
14
Contactless
Mobile
Cloud computing
Internet of Things
Apple Pay
Virtual currencies
NEW PAYMENT METHODS & TECHNOLOGIES
15
• Near Field Communication – NFC and in-app purchase • Hold iPhone near contactless reader with finger on Touch ID • Credit card data stored in “Passbook” • “Tokenisation” – Apple doesn’t save transaction information or actual
card numbers
APPLE PAY
16
• Banks will be charged, not merchants or customers
• Current UK regulations
will apply
• Lloyds Bank cards to be included later in 2015
APPLE PAY IN UK o Apple o KFC o Marks & Spencer o Pret a Manger o Boots o Liberty o McDonald’s o Spar o BP o Lidl o Costa Coffee o Post Office o Subway o Transport for London
17
• Expanding Visa Token Service
beyond Apple
PROTECTING NEW PAYMENT METHODS
• Spending $20m on authentication through combined biometrics
18
• Facial recognition • Voice recognition • Fingerprint recognition • Heartbeat monitoring
BIOMETRICS
19
REGULATION • PSD2
Ø Tackling fragmentation Ø Ironing out cross-border
inconsistencies Ø Strong customer
authentication
REGULATION AND LIABILITY
LIABILITY • Liability for counterfeit
transactions shifts from issuer to merchant
• Visa says doesn’t apply to lost/stolen cards
COMBATTING CYBER ATTACKS
21
Aware of the latest risks
Prepare to be robust
Respond quickly & effectively
The chances are that most organisations will suffer a cyber attack at some point
Organisations should seek to reduce the net impact and the time it takes to
recover
It may not be possible to be completely cyber attack-proof, but organisations can build the
next best thing: cyber resilience
Does your organisation know what information is most valuable?
In case of suspicious events, do you have a clear procedure to follow?
Do you know who is monitoring your security, and do they give you threat information?
What impacts would you fear most if this happened to your organisation?
Is staff cyber security awareness and training being taken seriously?
?
WHAT CAN YOU DO ABOUT THE THREAT?
????
22
Attack & Response Preparedness • Attack simulation and security testing • Crisis management and incident response exercises
• Cyber risk governance, cyber resilience • Cyber impact and risk appetite
• Infrastructure and application security • Identity & access management
People and Behaviour
Technology
• Security culture & awareness • Security organisation design
Board-Level Recognition
Transformation & Change • Security architecture • Security programmes
Managed Services • Managed operation • Cyber threat intelligence
INDUSTRY RESPONSE
CHANGING CAPITAL…
LLOYDS BANK CARDNET VIEW Cyber Security: Safeguarding Online Sales
Q&A Submit your questions via
the webinar player site now
PRESENTATION BY Phil Thomas Head of Product, Lloyds Bank Cardnet
FACILITATED BY Juliet Mann Journalist and Presenter
SPECIAL GUEST Paul Young Director, Cyber Risk Services, Deloitte
23
top related