MasterCard launches ‘cyber protection software’ as banks warned of ‘sophisticated threats’

Out-Law News | 06 Oct 2014 | 4:13 pm | 2 min. read

MasterCard has launched software that it said will reduce the risk to banking systems and processors from cyber hacking attacks.

The move followed warnings of increased cyber threats to financial institutions worldwide and came as New York’s banking regulator prepares to discuss the status of cyber security measures with firms in the US.

MasterCard said its ‘SafetyNet’ software is designed to use the power of the corporation’s global network “to identify potential attacks before they start and in some cases before the bank or processor is even aware”.

According to MasterCard, cyber attackers are using “increasingly sophisticated ways to compromise account data and security defences”.

MasterCard’s president of enterprise security solutions Ajay Bhalla said that the software operates “as intelligent technology which can identify fraud in real time and decline a transaction before any exposure takes place”.

The new software can be deployed as a complementary measure to banks’ own security tools, MasterCard said. However, the software “adds a new level of protection into the payment system, monitors different channels and geographies and provides the most appropriate level of support for each market and partner business by using sophisticated algorithms”.

MasterCard said the move aimed to reinforce other security initiatives including recent trials for biometric authentication in voice and facial recognition.

The head of New York’s Department of Financial Services (DFS) has said he will meet the chief executive officers of several financial institutions to discuss their ability to withstand and prepare for cyber threats, following a data breach earlier this month at banking giant JPMorgan Chase.

DFS superintendent Benjamin Lawsky told the Financial Times: “We’re reaching out to our regulated entities and trying to have high-level conversations not about this hack quite frankly because it’s one of many. This is a chance to re-emphasise and remind everyone that this isn’t just an issue that should be on a list of problems and things to worry about and work on.”

Chase has told clients that, following an “extensive review” in the wake of the attack, there was “no evidence” that customers’ account numbers, passwords, user IDs, date of birth or Social Security numbers were compromised. However, the bank said contact information, such as names, addresses, phone numbers and email addresses, had been “compromised”.

“Unlike recent attacks on retailers, we have seen no unusual fraud activity related to this incident,” Chase said. “Attacks like these are frustrating. There are always lessons to be learned, and we will learn from this one and use that knowledge to make our defences even stronger.”

A DFS report on cyber security in the banking sector published in May 2014 (13-page / 480 KB PDF) said cyber attacks against financial services institutions were “becoming more frequent, more sophisticated, and more widespread”.

According to the report, around 79% of institutions surveyed said that information security budgets were expected to increase in the next three years. “Notably, small and medium institutions were more likely than large institutions to report that their information security budgets would remain the same over the next three years, with nearly 16% to 21% of small and medium institutions, respectively, anticipating no change to their budgets as compared to only 10% of large institutions,” the report said.

Professional services firm PwC said in a review of global economic crime trends published last March that financial services firms are more likely than non-financial companies to have been the victim of economic crimes such as fraud or theft.