WASHINGTON The payments industry can thwart hackers only by creating a system that can adapt quickly to unanticipated threats.
We need a very intelligent system, a model that evolves and learns from changes in data, says Arthur W. Coviello Jr., executive vice president and executive chairman at RSA Security, a Bedford, Mass.-based division of EMC Corp.
Big data from payment accounts and transactions could serve as the basis for such a system, Coviello says. The system has to extract meaning for security purposes from the data and find the hidden patterns or a faint signal that an attack is in progress, Coviello said recently at Visas annual Global Security Summit.
However, many security companies find it costly to earn certification for EMV smart cards and compy with the Payment Card Industry data security standards, says Stafford Masie, CEO of South Africa-based security vendor Thumbzup.
Masies company has already spent millions of dollars in certification costs, but many couldnt afford such an investment, he says.
The payments industry should create a fund that would give innovators an opportunity to present technology that could help solve data security problems, Masie says. In this new world of data security, you have to introduce flexibility, he says.
In the past six years, payments systems have connected to new technologies such as cloud computing and social networks, Coviello says. That means billions of people are now hooked into systems in which they can share card data, he says.
When consumers eventually get online or mobile access to TVs, vending machines, ATMs, parking meters and other devices, that expands the hackers path-of-attack surface, he notes.
As data security moves into a virtual world, the usual perimeter of defense for data will no longer exist, Coviello says. By the year 2020 it will be almost impossible to protect physical infrastructure because perimeter defense will become so difficult to establish, he maintains.
Change has been remarkable and consistent, whether it is faster payments or loyalty programs on steroids, he says. But all of that technology dramatically increases the attacks on our systems.
Even if payments companies can adapt, many merchants still wont have the ability to defend themselves, Coviello says. However, they benefit from the recent agreement between Visa, MasterCard and American Express to establish a new standard for online account identities, he says.