PayPal Stories Archive

Strengthening against cybersecurity attacks in digital payments
Singapore has entered a period of unprecedented disruption in payments and financial services, driven by high smartphone adoption rate and in turn, the increased adoption of mobile technology and digitalisation of cash. The launch of PayNow earlier this year is a key milestone in the country’s digital transformation, as users can now send money instantly with the mobile number or the NRIC/FIN of any recipient across seven banks in Singapore. This also coincides with the government’s push towards innovation in payments as part of its Smart Nation drive.
 
As the country continues to place emphasis on digitalised payment, it is imperative to ensure that payments are not only made seamlessly and efficiently, but also securely.
 
Still safe in Singapore, but prevention (and preparedness) is always better than cure
Recent spate of cyber attacks such as WannaCry and Petya/NotPetya have driven the issue of cyber security into the public spotlight. A survey by the UN International Telecommunication Union (ITU)[1] rated Singapore as the best in the world in terms of cybersecurity approach for its overall comprehensive strategy. In recent years, the government has also been investing significantly to protect online users, with the already enacted Personal Data Protection Act and the recently proposed Cyber Security Bill being the perfect examples of that.
 
So far, Singapore have largely dodged the bullet. However, like terrorism, this is not a case of if, but when the country will be swept into the cyber security war. When that happens, companies need to work hand-in-hand with the government to deal with the multi-faceted cybersecurity threats.
 
The key here, specifically for payment companies, is to drive continuous cutting-edge innovations to ensure faster, easier and more reliable transactions while delivering the strongest security and protection for consumers and merchants.
 
Some of the key things to consider include:
 
Investing in fraud prevention engines
Creating a sophisticated anti-fraud strategy is key to instilling confidence in consumers when they make purchasing decisions. This is especially important for merchants operating internationally, as a recent global survey from PayPal and Ipsos cited security as the most important factor that would influence consumers’ choice of payment method for cross-border shopping.[2]
 
From the get-go, risk management needs to be at the heart of the company’s security strategy. At PayPal, we invest in predictive data analysis to learn from every single transaction that is made through our system, which enables us to detect fraudulent activity quickly  This has allowed us to successfully maintain one of the lowest fraud rates in the industry.
 
Industry Partnerships
To establish a secure online environment, it is important for industry players to work together, as the process of knowledge sharing and partnerships could ensure a more secure ecosystem for all.
 
As a founding member of the non-profit Fast IDentity Online (FIDO) Alliance, we strongly believe that industry collaboration is required to raise the bar of online security and create a future where passwords are no longer needed. The consortium seeks to address the lack of interoperability among strong authentication devices, as well as the problems users face with creating and remembering multiple usernames and passwords.
 
Customer Education
While businesses play a key role in combating cyber security threats, customers also need to be aware of how to operate securely online to protect themselves against cybercrime.
 
Here are some tips for a more secure online experience:
1.Use trusted online payment systems and secure websites: Ensure that the website you visit is secure before making purchase decisions. Look out for the padlock icon on sites and ensure that they start with “https” before entering your account information and password. 
 
2.Use passwords, PINs, and biometrics on all of your devices. Only about half of mobile phone users use a PIN on their device. If any of your devices (laptops, tablets, mobiles) fall into the hands of a criminal and there is no access protection, your account and other personal information is at risk for theft. Malware can be installed, banking and health information can be viewed, and embarrassing messages can be sent on your behalf. Turning on these features can save you a lot of time and headache. Additionally, most devices now have a screen autolock feature after a few minutes of inactivity. Switch it on for additional protection. It only takes a few moments for information to be stolen.
 
3.Beware of Phishing Emails:PayPal shuts down more than 500 phishing sites every day and investigates approximately 1000 incidents every week. Fraudsters would often try and trick online users into handing over their personal information, typically using email. Therefore, look out for potential red flags, such as poor grammar or spelling, and URLs and domains that don't match the sender before clicking through the links.
 
4.Install the latest updates: Installing the latest updates to all your software applications is a must for staying in front of cybercriminals.New bugs are discovered in even the best software, installing malicious software (malware) that can obtain your account information and send it to the criminals for use. When updates are made available by PayPal, Apple, Google, and others, the problems that have been fixed are usually listed. This means that even if cybercriminals didn’t know about the vulnerability before the fix, they'll know where to look afterward and can exploit systems that don’t have current security patches.
 
5.Always use licensed anti-virus software and update regularly: Using a quality anti-virus software on all your devices can help prevent the installation of new malware and detect most malware if it does get installed. Anti-virus software can run scheduled checks, and will check incoming email for malware that’s snuck onto your system.
 
Payment companies need to be prepared and strengthen its systems against cyber security attacks. As long as we work together to create a secure online environment, the industry is heading in the right direction as we spearhead Singapore towards a cashless society.   
 
 

Phoram Mehta, Head of Infosec, APAC