Sujay Vasudevan, Vice-President of Cyber & Intelligence Solutions (South Asia) at Mastercard gives his views on the trends and main factors driving fraud in this interview.  Click the link below to watch the short interview video. 

Several vital issues are raised that should be considered including the need to look at the entire eco-system for e-commerce, and broader aspects of cyber-security.

We are seeing a major shift by fraudsters towards attacking other systems to find personally identifiable information, which can then be harnessed to perpetrate a fraud. For example stealing dates of birth, address data, phone numbers and other common data points used in security routines by banks, credit card companies and others.

In addition, it is well known that organisations now operate with a range of partners, and often have extended supply chains for many processes. This creates a significant expansion in the attack surface (places where a cyber attack or fraudster can target) for an organisation. The eco-system will only be as secure as it's weakest link.

Sujay explains this with a couple of examples.  When thinking about simple payment card transactions, these are served by a broader eco-system - often 2, 3 or 4 systems will interact with transaction data being handled. This results in larger attack surfaces.

One of the largest recent data breach involved a major retailer - the attackers got into a vendors system, stole ID credentials and then went into retailer systems. 

The clear lesson here is the need to ensure supply chain security to provide better levels of protection. It is and will always remain the responsibility of an organisation to ensure third party suppliers are secure. Some of the simplest steps to take are:

  1. Review what information is shared with third parties
  2. Get vendors to comply with security standards and verify that they have done so
  3. Potentially establish a monitoring program to review supplier security on an ongoing basis - especially those closer to any sensitive data flows and control systems.

If you would like assistance with either ensuring compliance with PCI DSS or with monitoring your supply chain, don't hesitate to get in touch.