Do you know the eight types of cybercrime that could affect your payments and financial operations? A report by the European Payments Council (EPC) gives some detailed analysis on how to mitigate cyber fraud risks. The 2016 Payment Threats Trends Report was published yesterday, giving some insight into the latest developments in cybercrime affecting companies and financial services.

Some of the key observations on payment risks in the report include:

• Cyber criminals are becoming more organised and sophisticated and the financial sector is increasingly targeted with distributed denial of service (DDoS), social engineering and phishing attempts.
• Company executives, employees (through CEO fraud), financial institutions and payment infrastructures are now becoming the preferred targets of cyber criminals.
• One of the challenges in tackling cyber fraud is the sharing of fraud intelligence and information on incidents among payment service providers (PSPs), which is often limited by data protection regulations.
• The huge increase in the amount of data generated, processed and stored by companies is creating new financial and payment risks.
• There is growing pressure for user-friendly, simply interfaces but this is putting increased pressure on security resources.
• Multi-vector attacks are on the rise and have been targeting a number of financial institutions over the past year.
• New technologies, including Cloud-based services, the Internet of Things and virtual currencies are giving rise to new types of risk from cybercrime.

The eight cyber risks for corporates

The report analyses the threat of online payments fraud faced by companies and looks at the impact and context of each type of attack. It also suggested controls and mitigation strategies for each of the following eight risks:

1. distributed denial of service (DDoS);
2. social engineering and phishing;
3. malware;
4. mobile-related attacks;
5. botnets;
6. card-related fraud;
7. ATM attacks;
8. multi-vector attacks.

---

CTMfile take: There's a lot of detail in this report and it would be useful reading for all financial professionals who want to stay on top of the developments in cybercrime affecting payments.