‘Targeted hacker attacks are no more a trend; these are the reality of our time. I fell prey to phishers myself; in my case, I got reimbursed, but a well-known German bank lost 5000 dollars,’ says the German consultant Lars Hilse to Bilderlings Pay during the DSSITSEC conference that took place in Riga.
Lars Hilse is the co-author of the E-Business Sales Funnel theory, which is used as a basis of electronic commerce by online vendors in over 25 countries, along 20 different vertical business lines. This sales management scheme is focused on the process of transferring a buyer’s status from a potential buyer to a buyer who has already paid the money, and the application of this theory in practice resulted in over a billion dollars of profit for online vendors.
This article however, is not about the sales funnel, but about the risks and challenges of electronic commerce envisioned by Hilse.
His customers range from start-ups to Top 500 global brands, such as AXA, BNP Paribas, DHL, Ferrari, Gamigo, Microsoft, Nokia, Siemens, Singapore Airlines, etc. Lars has published a number of books on cyber security – the subject of his research over the recent time.
As could well be expected, his scientific report presented at the DSSITSEC conference in Riga covered the issues of cybercrime, which includes terrorism, illegal financial transactions and money laundering and other criminal activities, also involving digital currency, and the ways to counter this phenomenon.
The subject is broad indeed, perhaps even too broad; quite secluded and scantily studied as well. In Hilse’s opinion, however, crimes in the domain of financial technologies are harder to conceal than clandestine agreements at the level of governments and geopolitical alliances, where political motives and interests come into play.
– Fraud statistics for 2016 are as follows. Direct, unconcealed losses of private enterprises worldwide resulting from cyber penetrations have amounted to 3.5 billion U.S. dollars, which is a 1300% annual increase as compared 2015. Fraudulent activities impacted 60% of large corporations; in 70% of these cases, the victims chose to pay a ransom. The number of bankruptcy cases has increased manifold, and the technical complexity of cybercrimes in general has grown considerably more sophisticated.
By 2022, losses from cybercrimes are expected to amount to a trillion dollars. Risks can be minimised through the use of technically advanced software, such as Fortinet and Check Point firewalls, yet these threats are impossible to eliminate completely. Be ready for that. The aggregate profits of computer scammers received as ransom from the victims of cryptoware, phishing and DDOS attacks alone amounted to 1 billion Euros – apparently, this amount is going to show a considerable increase in 2017.
– Which cyber security risks would you deem most essential as of today?
– One should definitely pay attention to the fact that hacker attacks have become more targeted lately; a virus is developed under a specific order, to target a specific bank, for example. Non-targeted attacks also take place, but these are less efficient in terms of potential success for the criminals. Risks are growing globally.
On January 1, 2018, the European Union is going to enact the new edition of the EC Payment Services Directive 2, which provides for direct quick settlements between banks to be carried out by payment services, omitting the banks’ own payment systems. We can see that banks are the primary targets for attacks as of today, and I suppose that non-bank financial transaction providers are going to be of less interest for cyber criminals than banks.
– Card payments are protected by PCI DSS, the Master Card and certification standard; which risks are most relevant to the banks certified under this program?
– At the payment card user level, two-factor authentication is of great importance, and the PCI DSS standard ensures protection of the entire money transfer chain – this is a reliable standard. The problem here is with your, or my personal experience. What happens when your bank – in fact, this is a phisher, of course – sends you an e-mail with a link that you are supposed to follow? Targeted hacker attacks on banks are no more a trend; these are the reality of our time.
I fell victim to phishing myself; in my case, I got reimbursed, but a certain well-known German bank has lost 5000. I was redirected to a phishing site, and I committed a payment. Yes, I did get my money back, I was reimbursed for my own losses from phishing, but the problem is, the bank has actually lost this money – banks do not print money themselves. Thus, banks lose more and more money due to targeted attacks, the loss is very high.
– What do you think about targeted attacks on other financial institutions, such as online payment service providers?
– Yes, of course, all financial institutions face these risks; criminals are interested in any profits they could get their hands on. What can we do to minimise these risks? This depends on the technologies used by your bank or organisation, your systems, your backup policies.
– Can we identify any territory-specific risks, a territory where most attacks originate from?
– The Internet was not developed in observance of any security measures; initially, it was an enclosed non-public system. Therefore, all security measures required for commercial use of the global network are based on an exceptionally vulnerable infrastructure.
There are two factors in the Western culture that could be classified as the main factors contributing to the increase of vulnerability in network infrastructure: commercialisation of the online space and consumer access to software and operating systems that mostly represent a mere interface between an employee and a machine. When consumer-grade software is used to protect and control sensitive, critically important infrastructure, security breaches are simply inevitable.
Subscribe to our Facebook profile to stay aware of the latest news in the world of electronic commerce, and feel free to contact the experts of Bilderlings Pay if you need to set up a payment receipt service; we will gladly pick the best offer for you.