Delivering a presentation on cybersecurity Wednesday morning at the SIA Expo 2014 in Milan, Voormeulen, who is also division director of cash and payment systems at De Nederlandsche Bank, noted that teams in the Netherlands have achieved success against fraudsters by implementing a geoblocking system on cards issued in the country. This system means that payments and cash withdrawals cannot be made outside of Europe on a payment card issued in the Netherlands unless the user has specifically allowed this via their online banking portal.
While many market infrastructures may view cybersecurity as part of an overall operational risk management prism, cyber should be viewed differently as it can move much faster, Voormeulen said. He noted that specific prescriptions can become out-of-date very quickly due to this pace of change, and that more general principles and frameworks are required. Specifically, he focussed on principles of governance, scope and range.
Starting with the principle of governance, Voormeulen stressed that cybersecurity is much more than an IT issue, and that all staff need to be engaged with the programme. Having a good cyberculture within an organisation requires training, awareness and an open environment where staff feel comfortable bringing forward any concerns they have. Voormeulen commented that when an organisation is designing new processes, it is vital to ask whether the process makes your company more or less cyber secure. If the answer is less, you have time to work on a fix before the process goes live.
Voormeulen also made the point that communication is vital in the digital payments space. He stressed that cybersecurity should not be a competitive issue, and that it is important for all stakeholders in the industry to work together for common solutions.
Cybersecurity threats have a considerable scope. Voormeulen listed some of the following issues:
- Confidentiality – where files are stolen
- Availability – if your service suffers a DDoS attack
- Integrity – where outside elements are able to manipulate your internal data.
Voormeulen said that, while all of these issues could be classified as cybersecurity issues, each are quite distinct for the others and may well require different approaches to tackle the problems that they raise.
Voormeulen was clear that organisations need a range of measures to cover prevention, detection and recovery issues in the wake of cybersecurity threats. While he acknowledged that a clear prevention strategy is crucial, organisations also need to be prepared to implement proactive detection processes and also have a clear recovery plan in place.
Adhering to the principles of governance, scope and range should form part of an integrated approach to tackling cybersecurity threats. Voormeulen commented that even if every market infrastructure had a clear cybersecurity strategy, that would not be enough, and rather a sector-wide approach is required, bringing onboard other market infrastructures, regulators, critical service providers and customers. In addition, he closed by saying that the issues of cybersecurity need to be on the desk of top management within organisations, again highlighting that this is not purely an IT issue.
There has been an uptick of treasurers inquiring about interest rate risk management in recent months as interest rates in the US and UK have started to show a rise in momentum, said Chatham Financial at the annual Bellin treasury conference.
A series of governments are now very worried about the idea of bitcoin and these currencies because customers would be able to make sustainable ongoing transactions and payments without having to ever introduce the use of a typical financial model or banking system. To combat this potential threat, several countries including major central banks like the Bank of England and the Bank of Israel will be launching their own version of a cryptocurrency. This could bring big advantages to customers.
PSD2 is set to remake the EU payments marketplace. This deliberate public policy exercise is going to regulate and demonstrate what next generation financial crime competencies must be and cement the standard going forward.
Inthe UK’s recent Autumn Budget, Chancellor Phillip Hammond vouched for a plan to build a British economy that is “fit for the ... read more