Combatting cybercrime, a necessary evil

24 NOV 2020

Combatting cybercrime, a necessary evil

Every day is a new day for cybercriminals with its load of new breaches and new cyber victims. International Card Processing Services (ICPS), with its secure payment ecosystem, is constantly on the battlefield. And so should you.

In this world, nothing can be said to be certain, except death and taxes. Or so the saying goes. Well, that’s just so pre-COVID! In this new world order- undoubtedly the “new normal”, there’s another certainty: cyber criminals will try to find new ways and devices to attack your business, breach your firewalls, install malwares, hack your network. All with one goal: steal your customers’ data and defraud them, and thus put your business at risk.

Online traffic has grown exponentially since confinement and with it, the risks of cyber-attacks. According to Deenesh Somrah, ICPS’s Manager of IT Risk and Compliance, reports say that in just two months, from January 2020 to March 2020, there have been over 700 new vulnerabilities aimed at collecting personal data, credentials or having unauthorised access to systems.

Numerous e-commerce platforms, including new mobile applications emerged during the confinement in response to a real need to supply goods and services to people who suddenly found themselves under lockdown. “But about 80% of these platforms are not safe because they have not been developed based on security best practices”, Deenesh says, adding, “confinement has seen the rapid rise of new digital players. But scratch the surface and a host of security hazards emerge.”

At the end of the day, there are no two ways about it – if you can’t offer your clients a secure payment ecosystem, your security will be breached. As MCB’s Head of Cards, Stephanie Ng Tseung points out, “you can develop your business as much as you want but internet frauds and security breaches will wipe out your whole P&L”.

Although there is no risk zero – as Deenesh likes to say, there is no confinement for hackers -, if anything, confinement has given hackers more time and opportunity to develop new threats. And that’s where companies such as ICPS come in. ICPS has a team that’s dedicated to the risk and compliance aspects of business. “We take a risk-based approach to identify threats and we come up with controls and we do that by aligning ourselves with best practices,” Deenesh clarifies.

A vulnerability assessment to identify threats is necessary. This includes regularly checking for new threats and trying to anticipate what cybercriminals will do. “We need to think ahead and be prepared to think on our toes, as the behaviour and the pattern of customers change. Hackers know this very well and that’s why we always need to be a step ahead in terms of enforcement and control”, our expert says.

ICPS does this by working with strategic partners, especially when developing new software because “we have to ensure that we keep pace with best practices in terms of security”. Continuous security awareness campaigns are also part of the strategy. “It is essential that users know when they are dealing with a normal situation and when to be suspicious and they will, in time. Meanwhile, we monitor our users by testing how they respond to phishing attempts”, ICPS’s Manager of IT Risk and Compliance explains.

ICPS offers solutions in five areas, namely in terms of Gap Assessment and Implementation of Information Security best practices (PCI DSS & ISO 27001), identifying threats and proposing controls with Vulnerability & Penetration tests activities, Information Security as a service, and training to ensure continuous monitoring of threats as well as in terms of strategic partnerships.