I recently had the pleasure of attending the Cybersecurity Conference and Roundtable in Bridgeport, CT. I’m always thrilled to be invited to industry events focusing on payments and found this event particularly fascinating as the attendees were primarily municipalities, towns and state government employees, all focusing on cybersecurity.
When looking at risks related to processing payments, there is sometimes a habit of focusing on risk solely by the payment or type of payment – especially if you’re comfortable with pushing out credits and less comfortable with debits. This discussion at the event, however, looked at payments risk by vertical market to determine what is unique about these different environments and how these differences may increase risk. As an example, this vertical (state and local government) is a high target simply because they “check a lot of the bad guy boxes”. Looking at this vertical, you can see very specific risk areas because they: have personal data, send and receive a lot of payments, and use processes and systems that have been in place for a long time. When you look at payments risk by verticals it may actually make your risk management program more efficient. Debits and credits will always matter in payments but this approach identifies who and what is behind the debits and credits – all worth exploring as a pillar of your risk management program.
What part can you play? Timeframes for returns and disputes under payment system rules and regulations are often more like road blocks than solutions when helping consumers and corporates who have been targets and victims of payments fraud. The speakers, two law enforcement members, were discussing how an FBI Taskforce they participate in, investigates cybercrime and how they are having unprecedented success in retrieving funds for victims. The team treats cybersecurity like a management project and rely heavily on a collaborative site – www.ic3.gov. The site accepts online Internet crime complaints from either victims or third parties.
I have heard from a number of members how frustrating it can be to tell account holders you cannot help but sometimes your hands are tied due to rules and regulations. Getting creative and not being averse to collaboration, you may now have a very helpful tool. In terms of cybersecurity, the law enforcement speakers felt that sharing this tool with your account holder might be giving them all the help they need.