First Data on Preventing FraudLeading Processor Addresses Malware, DDoS, Other Threats
"We are really working with our retailers and financial institutions to provide a layered security approach," says Horton, vice president of global security and Payment Card Industry services for First Data. "If a card number is encrypted during the time of the swipe, then there really is no data for that hacker to steal."
Threats ranging from card skimming to retail point-of-sale and network malware attacks, such as those that recently hit the MAPCO Express convenience-store chain, Schnucks Markets Inc. and Bashas' Family of Stores, have made ongoing POS security an even greater priority, Horton says.
"There are new technologies that we are implementing into the software and hardware of the POS," he says during an interview with Information Security Media Group. "There are a number of secure technologies that make sure transactions are secure from point to point."
For banking institutions that are merchant acquirers and card issuers, cyber-attacks often result in significant financial losses, Horton acknowledges. When cards are compromised at the merchant level, cards have to be reissued, and customer accounts are often affected by fraudulent transactions - points of pain with which banking institutions must deal, he says.
To help institutions minimize risk, First Data is working to ensure card data is never stored on POS systems - and that requires more merchant education, Horton says.
Beyond Card Security
First Data also is helping institutions ensure online-banking authentication techniques are strong and that ACH and wire transactions are secure, Horton says.
The processor is addressing distributed-denial-of-service attack risks by, for example, partnering with DDoS mitigation providers and others to monitor Internet traffic, Horton says.
"The financial industry is experiencing the majority of those DDoS attacks," he says. "Online banking is the channel where those attacks are focused, so First Data is taking action to ensure globally that a redundant control base is in place."
During this interview, Horton discusses:
- Products and services available to reduce card risks within networks and at the POS;
- Regulatory requirements and compliance issues processors must address for banks and merchants;
- How emerging fraud risks are blurring the lines that once divided merchants, processors and banks.
Horton joined First Data in 1995 and has held a variety of leadership roles of increasing responsibility. He formerly worked in First Data's corporate strategy department, where he focused on large company initiatives and worked with third parties regarding potential partnerships. He also formerly served as vice president of product and business development for the DDA Payment Services Organization, now known as CONNECTPAY.