Voice of the Industry

Cloud data breaches - what lessons should be learned?

Thursday 26 September 2019 07:13 CET | Editor: Melisande Mual | Voice of the industry

Mark Collins, EMEA Managing Director of TNS, shares his insights into cloud technology following the recent large-scale data breach at one of the world’s largest banks

Cloud based systems are still relatively new to the payments industry and recent figures suggest that of the nearly 500 billion non-cash transactions around the world, more than 95% leverage legacy payment schemes which rely on point-to-point interconnectivity. That said, leveraging cloud technology is key to advancing any distributed business which relies on big data; therefore, it is a strategic consideration which cannot be ignored.

Prevention is better than cure

In 2018, The Paypers featured my article on migrating to the cloud, which highlighted that cloud computing now plays a vital role in the payments industry. The virtual nature of the cloud enables speed, scale, and efficiency; however, not all cloud services are suited for every company.

Like all technologies, the use of cloud services is only as good and effective as the people deploying them. Simplicity is a requirement but doing it simply without an extensive risk assurance methodology will lead to errors and compromises, which is what happened in this latest data breach example, where a hacker gained access to more than 100 million credit applications and accounts. In a close examination, this event reveals a flaw in the process and procedure, not in the function or value of cloud services.

For instance, it is disappointing to see that machine learning techniques used for payment fraud were not leveraged. Utilising machine learning would have identified access control weaknesses related to employee misuse. What is surprising is that the bank involved is a tech savvy business, this alone is a warning bell for the industry to be more proactive. As previously mentioned, while adding cloud services can introduce a weakness to your infrastructure, it is only a risk if the appropriate high-level security measures are not in place.

Leveraging secure, resilient cloud services

The pace of leveraging the cloud will continue despite this latest event because centralised computing services offer benefits that address scale and cost. Deciding to leverage the cloud and storage should be considered a strategic, cross-functional activity for any company.

Any organisation that is going to store its customer’s data in some other companies’ systems must be diligent in its evaluation or they run the risk of ruining brand reputation. Lessons can and will be learned from this breach, and organisations need to sit up and take notice.

The migration towards Internet of Things (IoT) offers the potential for improving many aspects of daily life, but more ports of entry mean more risk of bad actors. Any industry that is embracing mobile access but not hardening its defences through monitoring and detection puts itself at greater risk.

Focusing on protecting machine-to-machine activity used for payments is different than deploying other business systems. Payment security is vital and requires constant collaboration to be effective. This is a capability that TNS excels and has the proper expertise in protecting machine-to-machine activity.

For example, in the case of potential employee sabotage, it is strategically important to implement machine learning to quickly identify patterns of misuse. Again, this is about methods and procedures, the obligation to protect sensitive data is the role of both the service provider and the technology partner they select to help them.

Cloud solutions like TNS’ Payment Application Managed Services are protected with robust security. The result is a full range of secure and resilient cloud services without the complexity of hosting and managing a payment application internally.

Future proofing your cloud-based solutions

Despite this latest breach, I still expect that the payments industry will continue to embrace cloud services. As noted previously, the cloud will enable the industry to shift its focus on stronger verification and authentication models, and leave the infrastructure to trusted partners like TNS.

Small and medium businesses (SMB’s) are vulnerable to data breaches and can lack the resources to implement the proper solutions. But the cloud is an ideal solution for SMBs as they require little upfront cost and investment. With cyber-attacks on the rise, SMB’s must be prepared for security risks and, therefore, it is imperative that they find the right cloud service provider with experience and solutions that are highly scalable to meet growing business needs.

It is estimated that electronic payments still only account for 15-20% of global payments. But as this category expands, its essential that the risk controls in place are upgraded and payment data is handled with extreme care.

As electronic payments morph into digital commerce, both merchants and financial institutions, the enablers of modern-day sellers and buyers, must protect that trust unwaveringly. Disgruntled employees should never be the reason for a security breach.

Risk aversion is likely the biggest hurdle for growth of payment data in the cloud unless you have a partner who has led the way. At TNS, we have spent the last 30 years offering mission critical, managed data protection by offering real-time network awareness and monitoring 24x7x365. For consumer companies focused on the end-user experience, a big hurdle is limited expertise or appreciation for data security. The value of a private cloud like TNS is a balance of time, money, and risk mitigation. In short, a managed private network remains the safest option in your cloud payments strategy.

Click here to download TNS’ free Tip Sheet which provides further information on the steps you should take when considering migrating to the cloud and choosing a cloud provider.

About Mark Collins

vspace=2Mark Collins is Managing Director of TNS’ FinTech Solutions business in Europe, which includes offices in the UK, Ireland, France, Spain, Italy, and Germany. Mark drives all sales and business activity in his region, and is part of TNS’ leadership team, which is responsible for setting TNS’ strategic direction and implementing its vision.

 About Transaction Network Services

vspace=2Transaction Network Services (TNS) has been a trusted provider to the payments industry for over 25 years. TNS’ broad portfolio of solutions includes secure and resilient transaction delivery services, used by many of the top banks, transaction processors, and ATM deployers around the world.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: Mark Collins, TNS, Transaction Network Services, cloud data breach, data breach, payment security, IOT, machine learning, risk mitigation, merchant, bank, Payment Application Managed Services, cloud solutions, cloud computing, payments , digital commerce
Categories: Fraud & Financial Crime
Countries: World
This article is part of category

Fraud & Financial Crime

Industry Events