Cyber criminals and payments fraudsters are shifting their attention from the US to Europe, and financial players in the region need to prepare for a large-scale data breach, according to Visa’s global security chief.
Ellen Richey, who is chief risk officer at the payment-card giant, has observed a “dramatic increase” in the number of data breaches in Europe in the past 18 months.
“So far they are small, but that signifies they [criminals] are testing,” she said. “When there might be a big one, I don’t know, but I think it’s likely to happen.”
Richey was speaking at this week’s MoneyConf event in Dublin, a gathering of around 5,000 fintech and financial professionals. In a discussion session with FN’s Francesco Guerrera, the Visa executive warned delegates they should be building reliable security into their fintech innovations from the ground up.
Financial security is a “baseline requirement”, she said: “You can’t be in this business without gaining people’s trust.”
Firms involved with the European payments system needed to be especially alert, said Richey, as cyber criminals are transferring their attention here after many years focusing their efforts mainly on the US.
She said: “The storyline in the payments business has been that the US has been the honeypot for thieves because we didn’t have chips [integrated circuits in credit and debit cards that store account data].
“The US was the last major magnetic strip card environment, and a magnetic strip can be counterfeited quite easily. So all the data breaches were happening in the US, 80% to 90% of them. Whereas Europe, with this chip environment, was less of an attractive target.
“Now, the US is going to chip very rapidly, more rapidly than any country has ever done before, and what’s happening is we are seeing a pattern where the data thieves are starting to attack here in Europe.”
Asked what European banks, merchants and payments firms can do to protect themselves, Richey said that the standards and how-to guidance issued by the Payment Cards Industry Standards Association was a good place to start.
She said: “These are fairly basic standards, but the truth is, we have never seen a large compromise of any entity that had actually complied with these standards. You can protect yourself — the standards are out there to tell you what to do.”
Guerrera also quizzed Richey on whether there would, or could, ever be a large-scale blackout or crash of the payment systems, across all providers, leaving consumers unable to buy things.
Visa suffered a hardware failure on Friday June 1 that led to an outage of its systems across Europe for several hours. The company said it had “no reason to believe” the failure had been caused by crime or other malicious actors.
Richey replied: “It’s a realistic to fear that things like this could happen, but the payments systems have been built with large investments in resilience, both from an operational perspective and a security perspective.” These include multiple failsafes and redundancies, she said.
“It’s likely that something could happen, something will go down – but it’s very unlikely this could have any significant impact,” she concluded.
To contact the author of this story with feedback or news, email Mark Cobley