Timur AITOV,
PhD, Vice President of NPC
SECURITY - KEY FACTOR FOR SUCCESSFUL DEVELOPMENT OF REMOTE
PAYMENTS IN RUSSIA
International Forum of the Bank of Russia and the World Bank on
“Trends in the development of retail payments in
Russia and Baltic and Balkan regions” October, 2013
Kaliningrad
SECURE PAYMENTS
CUSTOMER LOYALTY
ORGANIZATIONAL SECURITY PRACTICES
SECURITY AND SAFETY TECHNOLOGIES
SECURITY of CLIENTS IN LAW
CUSTOMER KNOWLEDGE and CORRECT INFORMATION
THE CONVENIENCE AND EASE OF USE, ACCESSIBILITY AND AVAILABILITY OF THE INFRASTRUCTURE - ALL THIS
IS IMPORTANT, BUT FROM THE CLIENT POINT OF VIEW THE LACK OF SECURITY, NEGATES ALL OTHER ARGUMENTS AND ATTRACTIVE PROPERTIES
CRIMINALS CREATE ANY NEW FRAUD SCHEMES
THE MOST RELIABLE WAY TO FIGHT - TO BLOCK ACCESS TO EXTERNAL PUBLIC NETWORKS FOR BANK EMPLOYEES
NEW TREND - TARGETED ATTACK
EXAMPLE. EMPLOYEES USING OFFICE COMPUTER TO COMMUNICATE IN SOCIAL NETWORKS CAN BECOME VICTIMS AND ACCOMPLICES OF THE
CRIMINALS WHO ORGANIZED A TARGETED ATTACK
THEIR GROWTH OVER THE PAST YEAR WAS 42%
2012
AUTUMN ATTACKS ON RUSSIA MEDIA
RECENT NEWS: WITH THE SUBMISSION OF A TWITTER-CHANNEL "RIA NOVOSTI"
BOGUS MESSAGE ABOUT THE DEATH OF FORMER PRESIDENT OF THE USSR MIKHAIL GORBACHEV WAS REPRINTED BY ALL THE WORLD'S
NEWS FEEDS IN THE BEGINING OF SEPTEMBER 2013
FROM SEPTEMBER, 4 WAS DDOS-ATTACK ON THE "PRIME-AGENCY" PERFORMANCE 100,0 THOUSAND CALLS PER MINUTE
THERE ARE MANY NEW STRIKE POINTS… WHEN SECONDS COUNT, THE ACTIONS FOR THE PROTECTION SHOULD BE
BROUGHT TO THE AUTOMATISM…
THE MINISTRY OF DEFENCE?
THE MINISTRY OF INTERNAL AFFAIRS?
ROSCOMNADZOR?
THE FEDERAL SECURITY SERVICE?
WE NEED TO CLEARLY COORDINATE ACTIVITY
DDOS ATTACK AGAINST BANK: WHO WILL DEFEND?
NEW TECHNOLOGIES, NEW METHODS OF ATTACK AND NEW METHODS OF PROTECTION
ATTACKERS WITH SPECIAL EQUIPMENT -INVISIBLY TO THE CARD HOLDER AT A
DISTANCE OF NO MORE THAN 40-50 CM CAN INITIATE AND EXECUTE THE PAYMENT
TRANSACTION ON HIS CARD (SO CALLED «RELAY-ATTACK»);
EFFECTIVE PROTECTION MECHANISM. EVERY CONTACTLESS TRANSACTION WILL
REQUIRE CONFIRMATION BY THE CLIENT AS BUTTON PUSHING AND/OR MOBILE PIN
ENTRY ON THE PHONE
MEDIA: IT IS IMPORTANT TO INFORM CLIENTS CORRECTLY
UNIFIED TRIADA
DO NOT FORCE THE SITUATION AND
DO NOT SCARE CLIENTS BY NEW THREATS!
BANKS WILL BE FORCED TO USE AND DEVELOP A VARIETY OF SYSTEMS WITH DIFFERENT DEGREES OF PROTECTION FROM CYBER
THREATS
POORLY PROTECTED, BUT SIMPLE - SMALL PAYMENTS, AND WELL-PROTECTED - FOR BIG CORPORATE PAYMENTS
DO NOT COMPLICATE THE PROCEDURE OF PAYMENT – BECAUSE THIS IS PUSH AWAY CONSUMERS!
PROMOTION AND TRAINING WE NEED LAWS TO PROTECT THE CONSUMER
ARTICLE 9 OF THE FEDERAL LAW 161-FZ
GIVING CUSTOMERS THE ABILITY TO EASILY CHALLENGE THE
TRANSACTION, EXPERTS: WE MAY GET A NEW WAVE
OF SCAMS FROM JANUARY 2014
Click on the picture!
VICTIMS NEED ADVICE
WE HAVE GENERAL ADVICE
BY THE
ARB, NPC, CENTRAL BANK
AND
MINISTRY OF INTERNAL AFFAIRS
View a copy of the recommendations by this link
SUMMARY
NEW TECHNOLOGIES MUST ALWAYS TAKE INTO ACCOUNT THE EMERGENCE OF NEW THREATS
THE DEVELOPMENT OF TECHNOLOGY AND
INFRASTRUCTURE PAYMENTS IS NECESSARILY TAKING INTO ACCOUNT THE REQUIREMENTS OF SECURITY OF
PAYMENT
RELIABLE PROTECTION NPS - A PLEDGE OF TRUST AND THE GROWTH OF THE CUSTOMER BASE
Timur AITOV
PhD, V.P.,
National Payments Council
www.platsovetrf.ru [email protected]
+7 499 6782560 Russia, Moscow,
109028, Solyanka ½
Top Related