It goes without saying that the world of online shopping and banking, for the most part, has made our lives so much easier. With everything being readily available at the click of a button, perhaps the most significant advantage of the e-commerce world has been the convenience that it offers to consumers. Online shopping and banking platforms nowadays offer such an extensive range of products, shoppers can access almost anything from the comfort of their own home.
Consumers can browse and purchase products anytime, anywhere, eliminating the need to travel to physical stores. This convenience is particularly valuable for people with mobility and health issues, those who live in remote areas or simply those with exceptionally busy schedules.
According to the Census Bureau's Annual Retail Trade Survey (ARTS), due to the pandemic e-commerce sales increased by US$244.2bn or 42% in 2020, rising from US$571.2bn in 2019 to US$815.4bn in 2020. The substantial increase in online users has also increased the possibility of fraud, which is an inevitable risk of online shopping for anyone.
Additionally, research recently published by the specialised payments platform Paysafe, 49% of consumers in the UK are now more apprehensive about falling prey to fraud, compared to their level of concern in 2021. This suggests that UK consumers are placing a higher emphasis on security rather than convenience when conducting online transactions.
Cyber criminals’ key targets
“Payment security has always been a key target for cyber criminals,” says Ed Williams, Regional VP, Penetration Testing, EMEA, Trustwave. “This isn’t likely to change anytime soon, in fact, it is likely that the current threat around ageing infrastructure, technology and the need for faster and more stable technology is only going to increase.”
As it stands, the payment technology currently available is keeping up with the threats that it faces, however if this were to change, threat levels would undoubtedly rise. For example, through the increased development of AI, it seems highly likely that new threats will arise in the future.
“The recent major developments around AI from an attackers' perspective, cannot and should not be underestimated,” explains Williams. “AI will increase the sophistication and accuracy of attacks, which in turn would require more stringent mitigation tactics. This will also make the importance of a behavioural-science lead cybersecurity plan going forward that counteracts the thought processes of cyber criminals.”
How traditional authentication is becoming outdated
Traditional authentication, such as usernames and passwords, are quickly becoming outdated due to their corruptibility. Some of the ways in which both passwords and usernames are being intercepted or stolen, is due to passwords being static, meaning that they aren’t usually changed unless manually done so by the user. This therefore makes them vulnerable to replay attacks if intercepted. Additionally, keylogging and spyware can record passwords secretly on compromised devices, and once stolen, passwords can be used until changed.
Another major issue surrounding passwords is users tending to choose weak and easy-to-remember combinations of words and numbers that can be cracked through dictionary attacks. Nowadays, enforcing password complexity policies helps towards eradicating this problem, but is not foolproof.
In addition, there are many phishing schemes that trick users into revealing usernames and passwords, with social engineering attacks exploiting human vulnerabilities rather than technical weaknesses. And lastly, database breaches which expose password hashes can be cracked through brute force attacks with modern computing power.
“It is clear that more secure and efficient methods of authentication are required. An example of this is Multifactor Authentication (MFA) as it increases the complexity for attackers, which mitigates many of the weaknesses of standalone passwords or Bio-security which utilises the users fingerprint or face ID,” explains Williams.
Hackers are becoming more sophisticated
Today, hackers have grown increasingly more sophisticated, with the ability to launch attacks from a number of different countries. Employing multiple attack methods, hackers threaten the victim's security strengths, exploiting their vulnerabilities. In these types of attacks, cyber criminals enjoy an unfair advantage and can remain undetected for extended periods of time, often proving impossible to identify. Furthermore, it's usually not a single attacker orchestrating the assault; but rather a collective effort involving multiple individuals targeting an infrastructure through numerous entry points.
“While new payment apps and online-only banks offer huge convenience to customers, they also introduce major vulnerabilities if not properly secured. This is especially true as hackers are becoming more sophisticated by the day in targeting payment systems to access funds or manipulate individuals into revealing passwords or payment credentials.” Andrew Doyle, CEO of NorthRow comments.
Jon Horddal, Group Chief Product Officer, emerchantpay explains: “Two of the most impactful cybersecurity threats facing businesses today are card data breaches and phishing attacks, where sensitive data is obtained through increasingly sophisticated fraudulent emails or websites. Also, with the advent of AI, we’re seeing tools that are being exploited by criminals, such as technology that can mimic people’s voices, so people think they are speaking to a trusted source and hand over their details.”
So, with the world continuing to become increasingly digital and the development of AI, what sort of measures can we expect to see in the future regarding the payment security landscape?
Doyle believes: “We’ll see the widespread adoption of biometrics – whether it’s fingerprints, face scans or voice recognition, biometrics will be used as proof of identity and an added layer of security when accessing financial products and services.
“Technologies such as MFA and biometric authentication provide enhanced security compared to traditional methods. As these new technologies become more accessible and accepted among consumers, security will improve.”
How MFA will benefit organisations
One of the major benefits of MFA is how it will enhance an organisation's security, requiring users to identify themselves by more than just a username and password. Whilst of course an important aspect to security, usernames and passwords are vulnerable to brute force attacks, and can be easily obtained by third parties. Through the enforcement of thumbprints or voice recognition, organisations can help remain safe from cyber criminals.
“Technology is evolving faster than adoption. We live in an increasingly connected world where technology and consumer behaviours evolve at lightning speed; at the same time, consumers may not realise that more of their private information can be accessible to fraudsters and bad actors trying to gain unauthorised access. There needs to be a shift toward more advanced and secure authentication methods, such as MFA,” comments Horddal.
“By requiring multiple factors for authentication, MFA makes it significantly more challenging for cyber criminals to gain unauthorised access to accounts.”
When we look to the future, although MFA cannot guarantee entirely foolproof security or prevent all cyberattacks from happening, it will add additional layers of authentication to protect systems and combat many types of attacks.