Bad guys are very good at sharing technology and systems that work with other criminal networks — and payments companies can suffer if they embrace the same technology without realizing how it is being exploited.

"It's been fascinating to observe how this multi-billion dollar cyber underground has taken shape," says Byron Acohido, a cybersecurity reporter for USA Today. "The bad guys recognized and leveraged cloud-based computing and shared information to be a step ahead of the times ever since."

By contrast, payments companies that store card data in the cloud may think they are putting that data out of fraudsters' reach, but cloud computing is "not a flawless process and brings on a new set of challenges," says Kurt Baumgartner, Kaspersky Lab's principal security researcher.

"Cloud [computing] aggregates a lot of information, but in doing so, makes it easier for hackers [to get a lot of data in one place at one time]," Baumgartner says.

Fraudsters that hit a wall when they try to break into a target company find they may have more success targeting that company's partners, such as data brokers or aggregators, he says.

Baumgartner, Acohido and others examined the concept of cybercrime as it relates to financial data Oct. 2 during Visa's annual Global Security Summit in Washington, D.C.

While cloud computing presents new problems, older technology still creates the most trouble, says Donald J. Good, FBI section chief, cyber operations and outreach section.

"E-mail is the most common threat factor," he says. "That's how malware gets into a system."

Unfortunately, the FBI can't punish cyber criminals because they tend to operate overseas and our outside of U.S. jurisdiction, Good says. "That would be the role of another three-letter agency."

The U.S. and other governments could solve many of their cybercrime problems by improving collaboration, says U.S. Sen. Kirsten Gillibrand (D-New York).

"We are attacked every single day. We know that," Gillibrand says. "The security experts in the payments industry can help us create the needed security norms."

Other countries have no incentive to stop cybercrime that occurs outside of their borders, Gillibrand says.

"Cyber attacks are increasingly going after businesses and industries, seeking consumer data and using it to finance terrorist efforts," Gillibrand says.

Sen. Gillibrand says she is working on legislation that would get the country's allies to cooperate to thwart cybercrime. China and other countries "have shown a great deal of interest" in such collaboration, she adds.

"We need to create cyber teams and networks at all State Department locations globally," Gillibrand says. "And we need security technology experts sharing their expertise with us."

The Visa event's discussion echoed similar calls for collaboration in fighting cybercrime expressed in last week's Chicago Payments Symposium at the Federal Reserve Bank of Chicago. 

Subscribe Now

Authoritative analysis and perspective for every segment of the payments industry

14-Day Free Trial

Authoritative analysis and perspective for every segment of the industry