It’s not unusual for EU Directives to arrive with a whole host of acronyms and terminology, and PSD2 is no exception. From AISP to XS2A there are some new terms, some terms that have a new meaning in this context, and some established payment terms it’s always worth having a reminder about. When I couldn’t find a glossary to help me understand the terminology, I decided to create one. Or the 50 PSD2 terms, here are my 3 favorites: ASPSP – Account Servicing Payment Service Provider — a tongue-twister to rival Sister Suzie and her shirt-sewing shenanigans! An ASPSP is a Payment Service Provider (PSP) such as a bank or card issuer that provides authorised access to bank account information. For PSD2 they are allowing API access to bank account data for Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs). This makes my top three as I can’t... [Read More]
PSD2 is on its way but in many respects it feels like it will never happen. So much is still undefined; it’s not yet transposed into national law, the complete Regulatory Technical Standards are not issued and much is still open to interpretation. Given this uncertainty, it is not unreasonable to take a wait and see attitude to preparation – after all it’s likely to be more than a year before you will be expected to apply PSD2 to your payment operations. A laissez faire attitude to preparing your fraud operations for PSD2 may however be a bad move. NOW is the right time to get ready. Read our executive brief Getting Your Fraud Operations Ready for PSD2 so that you can understand the three reasons why you should act now: You will want to secure payments with Transaction Risk Analysis – but that will bring fraud challenges. You will... [Read More]
Data breaches are in the news on an almost daily basis and telecom companies are not immune to attack – indeed, cyber-attacks have led to the loss of almost 50 million customer records in the past 10 years. For telecom businesses it’s not only the frequency and number of records that are breached that is of concern, it’s also the type of data that can be lost. Telecom companies are guardians of a rich set of customer data, including financial information. They also hold a valuable set of behavioural data about their customers based on how they use their services. This rich data set is a honey pot for cybercriminals – particularly those using data to fuel identity theft. We included telecommunications providers in the cybersecurity survey carried out on our behalf by independent research company Ovum. What did we find? A full assessment of our findings for the Telco industry... [Read More]
When it comes to cybersecurity, crooks need a way into our businesses and often someone gives it to them – mostly unintentionally. An understanding of who the unwitting accomplices are will help IT security to protect the organization. In a recent survey conducted for us by research company Ovum, we asked senior security executives which employees or third parties posed the highest cybersecurity risk to their firm. Although 77% of respondents said that their employees have sufficient information on how they can contribute to prevent breaches, internal staff were still perceived to present the biggest threat to cybersecurity. Interestingly, most respondents saw the highest risk as coming from their internal IT function – they highlighted their own departments as the weak link. While most do think they have educated employees well, we had many comments regarding the need for further education programmes. The need to secure employees devices, particularly in... [Read More]
We recently commissioned a study from independent research company Ovum on how organizations are tackling cybersecurity and what they plan to do next. Losses because of a data breach or other cyberattack can be severe, particularly when factors such as customer and shareholder confidence are taken into account. We therefore expected that cyber risk insurance would be an increasingly important way in which organizations are mitigating their risk. The results were far from uniform: The UK was the most insured country we surveyed, with 69% of respondents holding some kind of insurance, and the USA was the least insured – only 51% of US respondents had any kind of cyber risk insurance. Across the industries surveyed, financial services firms were the most likely to be insured (71%), and healthcare the least likely (26 percent). Even when businesses have invested in cyber risk insurance, it’s unlikely to cover them for all... [Read More]
A recent survey carried out on our behalf by research company Ovum found that 48% of organizations think that in a year’s time, an assessment of their cybersecurity will show improvement. Only 3% think that their cybersecurity position will have worsened. Most companies also think they are doing well compared to their competitors; a mere 6% think their cybersecurity is below average and 54% think they’re above average or a top performer. This is statistically unlikely. It seems that many are taking an optimistic view of their cybersecurity. Could a lack of objective measurement be to blame? Here’s what our survey participants said: It is encouraging to see that 94% carry out some form of assessment. However, consideration must be given as to how objective the methods used are. 38% of respondents say they self-assess based on their own criteria, this is the largest and possibly the most worrying category.... [Read More]
Many of you reading the headline will be thinking – yes we do! We are even getting bored of talking about PSD2. But I’m not talking about us in our payments bubble. I’m talking about the general public. Small business owners and people in love with their Amazon 1-Click don’t know that PSD2 is about to rock their world, or at least change how they take and make payments. Last night I went to a local pub and while sipping my Merlot noticed a sign behind the bar “50p surcharge on card payments below £10”. It’s not unusual to see variations of this sign in small businesses, and no one has told them that from January they won’t be able to surcharge. I spoke to the barman, who turned out to be quite savvy about card payments, but he hadn’t heard of PSD2 and didn’t know that this would happen.... [Read More]
Given the significant consequences that face board members in breached organizations, you might expect that they are giving cybersecurity their full attention – but are they? Our recent survey with research and consulting firm Ovum sheds a revealing light on this. Do they think the problem will go away? No one is expecting cyber-attacks and breach attempts to stop, and only 1% of respondents think that levels of attack will go down in the coming year, while 62% expect the rates of attack to increase. This reflects recent experience in their own organizations, 60% have experienced an increase in attempted data breaches in the past year, 24% of those polled have seen attempts increase in volume by more than 25%. Verdict: Not complacent – they recognize that cyber threat is on the increase. Are they investing enough to fight cybercrime? Although 62% of organizations expect cybercrime attack rates to go... [Read More]
Last week alone, a New York hospital, a US car washing business and a UK online retailer all suffered headline-making data breaches. There is no fool-proof cybersecurity defence, so businesses of all sizes need to consider not only how they can prevent breaches but also determine what they will do should the worst happen. Additional losses are heaped on companies that fail to manage the fallout from a breach well. Poor customer communication, disastrous PR and a slow or ineffective response all damage reputation, lose customers and worry shareholders. Despite this, a new, independent cybersecurity survey we commissioned with independent research and consultancy firm Ovum shows that only 51% of companies surveyed have a tested data breach response plan. Looking across the six countries we surveyed, it’s clear that some are doing better than others, though none had excellent coverage on this question. The Norwegians are top of the class... [Read More]
Cybercrime against businesses and other organizations is undoubtedly a hot topic, with regular news headlines and cautionary tales of those who have been breached. We wanted to understand the changing views from the C-suite about cybercrime, what they have been doing to tackle it and what they plan to do next. To find the answers we engaged research analysts Ovum to carry out an independent research project for us across 6 countries – and the answers are on the way! We want you to join the conversation so we’ll be releasing key statistics from the research in a Tweet Chat on 1st June at 4pm BST / 8 am PDT – please tweet along #cybertrends and join us to find out: The types of organization that are looking to invest in cybersecurity in the coming year. The industries that have been experiencing the biggest increase in attacks. The country where only 41% of... [Read More]
