Skip to main content

SECURITY OF DIGITAL PAYMENTS

ARCHANGEL from PT SYDECO

LexisNexis Risk Solutions has just published its study on cybercrime in the year 2022 pointing to a 20% annual increase in the rate of digital attacks worldwide with significant peaks in Asia-Pacific, Latin America and North America at the end of the year.

The study, which is based on the analysis of 79.8 billion transactions, highlights that alternative payment methods, such as digital wallets, QR code payments and person-to-person transfers, continue to grow in popularity, particularly in the Asia-Pacific region with a 50% year-on-year increase in the region's payment attack rate.

The implication, according to Stephen Topliss, Vice President of Fraud and Identity Strategy, is that "multi-factor authentication alone as a defence is inadequate in today's digital world. Organisations, industries and countries need to collaborate and identify the interconnected signals of complex fraud attacks, as criminal networks working in a structured manner are here to stay. To combat the latest scams, targeted machine learning models that can exploit the latest digital intelligence, behavioural biometric signals and mule account indicators are needed."

While Stephen Topliss' recommendations make sense for institutional and professional players in the sector who need to protect their servers and the tools they make available to their customers, they do not make sense for users of digital payment tools, most of whom are just ordinary people.

Take for example the case of the QR Code, whose content, which cannot be read by any human, can only be revealed after scanning the image.

The information encoded in the QR Code may contain a link to a malicious file, a suspicious application or a disreputable App Store, or information leading to questionable wireless access points (WLAN).

And if the QR code is dynamic, it is no longer possible to predict which pages it links to.

Stephen Topliss' recommendations will not allow a user of the QR Code as a means of payment to avoid becoming a victim of fraud by using a malicious QR Code.

Stephen Topliss' recommendations will not allow a user of the QR Code, as a means of payment, to avoid becoming a victim of a fraud that would use a malicious QR Code.

Aucun texte alternatif pour cette image
SSP's Servers are protected by ARCHANGEL©, Firewall of Next Generation


On the other hand, a two-factor authentication will be the best protection of the user provided that the two factors are decoupled, i.e. they do not use the same material support or that they do not use the same path as it is the case in SSP©, (Secure System of Payment) created by PT SYDECO, a secure mobile payment system using NFC or QR Code as a means of connection and which connects the user's mobile phone or card to the server using two different communication channels and two different supports.

Two-factor authentication therefore still has a definite future, at least as long as digital payments do not evolve to become quantum payments or give way to barter.

#cybersecurity #payment #Authentication #Banks #Finances #firewall #Indonesia #AsiaPacific #QRCode #NFC

Comments

Post a Comment

Popular posts from this blog

QUIZZ

The 3 first ones who will give the right answers to the 10 following questions will win a Personal Firewall ARCHANGEL© PICCOLO   1.       What is the relation between the 3 background photos that are on the profile page of Mr. Patrick HOUYOUX President-Director of PT SYDECO? 2.        How many devices does the Firewall of Next Generation ARCHANGEL© 2.0 series SA1470 protect and how many secure tunnels does it create? 3.       What is the price of a one-year licence that a user of ARCHANGEL© PICCOLO will have to pay to continue protecting his or her IT installations from the second year onwards? 4.       What are the three programs which are housed in a single server that enable PT SYDECO's Integrated Protection System, to protect data at all times? 5.       Can PICCOLO protect a Smartphone? 6.       When (D/M/Y) did PT SYDECO signed a MOU with the Faculty of Engineering of University Gadjah Mada Yogyakarta? 7.    What are the three main features that make SydeCloud©, PT SYDECO'
Post a Comment
Read more

A lesson in cyber safety

In an article published on 19 June 2023 in globalsecuritymag.fr/, Benoit Grunemwald, cybersecurity expert at ESET France, recounts the cyberattack suffered by REDDIT, an American social news aggregation, content rating, and discussion website, in February of the same year, and draws some lessons from it. This article follows the hackers' attempts, last repeated on 16 June, to obtain a ransom of 4.5 million dollars in order to delete the 80 GB of data stolen from the company, to which the company did not respond. The data was not encrypted, so the company did not lose it. However, the same cannot be said for its reputation.  Benoit Grunemwald explains that " It all started with a phishing email to harvest employee account data. All it takes is for a single employee to be trapped for cyber criminals to gain access to internal documents, software code, employee data , etc." He goes on to stress the " need to integrate in-depth security methods and resources, such as zer
Post a Comment
Read more

BOT attacks: a growing threat on the Internet

Bot attacks , the malicious and damaging use of automated computer programs known as bots (or BOTS), have become a growing concern and a pervasive reality in the modern digital landscape. BOTS, or software robots, are automated programs originally designed to perform tasks on the Internet without human intervention. Unfortunately, hackers have also managed to turn them into a hacking technique, created with malicious intent, to manipulate, defraud or disrupt a site, application, API or users, potentially causing enormous damage to businesses and users, compromising the security of systems and data. To carry out their BOTS attacks, the majority of hackers use software called botkits, which are freely available online and sold on the Dark Web. Vendors of this type of software also offer paid services to carry out BOT attacks, including software to power DDoS attacks. BOT attacks include, but are not limited to,  Email Spam , which is used to send spam emails containing malicious software
Post a Comment
Read more