Speaking at Cebit’s Future of Payments conference in Sydney today, Ivan Zasarsky, partner in the financial advisory services group of Deloitte Touche Tohmatsu said; “Every one of the major payments networks has had significant breaches,” in recent years. He claimed that in the last three and a half years all the major players had made settlements to customers amounting to “hundreds of millions of dollars” after having their payments networks compromised.
“But no one has gone to court because no-one wants to burst the bubble of public trust,” he added.
Asked whether the mobile phone – which is increasingly being used as a payments platform - injected extra levels of risk into payments Mr Zasarsky said; “The device itself is neither inherently secure or not inherently secure.” He said that there were vulnerabilities associated with using mobile phones for payments but also pointed to the benefits of being able to lock down phones if there was a problem.
He said that the degree of risk was linked to the nature of payments made using mobiles – with the risk profile differing according to whether mobiles were used for micropayments, open transfers or as a mobile wallet.
He also explained that it was becoming increasingly difficult to protect payment networks from cyber-attacks.
Mr Zasarsky said that while there was little to be feared from “script-kiddies” who bought and downloaded malware over the internet to attack payments networks; “The really dangerous folks are those who have exited cyber intelligence organisations and are now guns for hire.”
Mr Zasarsky noted that payments systems were particular targets for cyber-criminals who knew that they were “hard to catch, prosecute and incarcerate.”