All posts by Mohammed Junaid

ArticlesCash ManagementFX and PaymentLegalStock Markets

Keeping your Payment options open, by Anderson Zaks

EPOS, MobilePOS, Pin on Glass, Pin on Mobile – there’s a lot to choose from for today’s merchant. Adina Ahmed, Chief Technology Officer at Anderson Zaks explains some of the latest options.

“In many emerging economies, people are by-passing traditional bank and card accounts altogether and adopting mobile payments”

Mobile phones have revolutionalised the way we live today. The way we communicate, watch TV and other online entertainment, and, the way we shop. The next obvious step, is the way that we manage our money and pay for goods and services. But these days, it isn’t just settling the bill in a restaurant, or buying something enticing in the sales, with contactless people are paying for their morning coffee, and with PSD2 and the associated deregulation, they will soon be able to make direct payments to each other. In many emerging economies, people are by-passing traditional bank and card accounts altogether and adopting mobile payments in much the same way that they have missed out broadband landlines – it’s a whole layer of infrastructure that they simply don’t need. 

The payment market in China is a prime example where most people don’t have a credit or debit card, or plastic of any kind. They have leapfrogged straight to mobile apps and user friendly ecosystems that seamlessly blend social media, ecommerce, payment and other finance functions. Consumers in China now rarely carry a wallet or cash, and even buskers display a QR code so that people can leave tips. 

Consumers in the UK, particularly younger people that are now coming into the workplace (millennials) expect to pay for everything contactless, many don’t carry cash. This presents a problem for the smaller retailer or merchant. How do they take payments without a full blown EPOS system? There are a whole range of options now opening up to merchants in the UK, and as evidenced in China, they don’t need a heavy IT implementation with all its associated costs, nor are they tied into long contracts with banks or card providers. 

PIN on Glass (POG) solutions are already available in the UK. As the name suggests, PIN on Glass has evolved from the traditional PIN pad so that merchants can now use a touchscreen device to capture the PIN. There are a range of versatile devices, referred to as SmartPOS, that have been designed for this very purpose. Typically run on Android, they have additional security features baked in, a scanner for bar codes and QR codes, and can print receipts. The beauty of these devices is that they can run with a user-friendly app, enabling smaller merchants to operate using the device as a standalone solution, without the need to have a full blown EPOS solution.

These purpose built POG terminals connect directly to a bank, to accept payment. They are sleek and modern, and the apps that run on them are intuitive and easy to use for both staff and the consumer. The devices run with all current card technologies including swipe and contactless, providing an all in one solution so that the merchant doesn’t need a computer in the shop or at whatever location they need to take payments. 

For independent software vendors (ISV), POG devices enable them to migrate their existing POS solutions to a smaller, portable device, opening up the market to much smaller merchants than they might have otherwise targeted. 

At Anderson Zaks we are already working with several ISVs to incorporate our payment platform into their PIN on Glass solution. 

High Net-worth IndividualsWealth Management

Under the radar cyber attacks costing financial services companies $924,390 and getting worse

EfficientIP’s DNS Threat Report reveals alarming 57% attack cost rise in last 12 months

Global DNS Threat Report, shared by EfficientIP, leading specialists in network protection, revealed the financial services industry is the worst affected sector by DNS attacks, the type cyber attackers increasingly use to stealthily break into bank systems. 

Last year, a single financial sector attack cost each organization $588,200. This year the research shows organizations spent $924,390, to restore services after each DNS attack, the most out of any sector and an annual increase of 57%.

The report also highlights financial organizations suffered an average of seven DNS attacks last year, with 19% attacked ten times or more in the last twelve months. 

Rising costs are not the only consequences of DNS attacks. The most common impacts of DNS attacks are cloud service downtime, experienced by 43% of financial organizations, a compromised website (36%), and in-house application downtime (32%). 

DNS attacks also cost financial institutions time. Second to the public sector, financial services take the longest to mitigate an attack, spending an average of seven hours. In the worst cases, some 5% of financial sector respondents spent 41 days just resolving impacts of their DNS attacks in 2017.

While 94% of financial organizations understand the criticality of having a secure DNS network for their business, overwhelming evidence from the survey shows they need to take more action. Failure to apply security patches in a timely manner is a major issue for organizations. EfficientIP’s 2018 Global DNS Threat Report reveals 72% of finance companies took three days or more to install a security patch on their systems, leaving them open to attacks. 

David Williamson, CEO, EfficientIP, comments on the reasons behind the attacks. “The DNS threat landscape is continually evolving, impacting the financial sector in particular. This is because many financial organizations rely on security solutions which fail to combat specific DNS threats. Financial services increasingly operate online and rely on internet availability and the capacity to securely communicate information in real time. Therefore, network service continuity and security is a business imperative and a necessity.”

Recommendations
Working with some of the world’s largest global banks and stock exchanges to protect their networks, EfficientIP recommends five best practices:

Enhance threat intelligence on domain reputation with data feeds which provide menace insight from global traffic analysis. This will protect users from internal/external attacks by blocking malware activity and mitigating data exfiltration attempts.

Augment your threat visibility using real-time, context-aware DNS transaction analytics for behavioral threat detection. Businesses can detect all threat types, and prevent data theft to help meet regulatory compliance such as GDPR and US CLOUD Act.

Apply adaptive countermeasures relevant to threats. The result is ensured business continuity, even when the attack source is unidentifiable, and practically eliminates risks of blocking legitimate users.

Harden security for cloud/next-gen datacenters with a purpose-built DNS security solution, overcoming limitations of solutions from cloud providers. This ensures continued access to cloud services and apps, and protects against exfiltration of cloud-stored data.

Incorporate DNS into a global network security solution to recognize unusual or malicious activity and inform the broader security ecosystem. This allows holistic network security to address growing network risks and protect against the lateral movement of threats.