Home » Fraud Prevention » ID Systems & Services in Fraud Prevention

Payments industry learns from coordinated cyber ‘war games’

Some of the biggest UK and US payment companies, including American Express, Mastercard, JPMorgan Chase and WorldPay, have taken part in a simulated cybersecurity attack to prepare a coordinated response to such a crisis and uncover the weaknesses in their response plans.

Bloomberg News reported that this is the first 'joint cybersecurity war games' held by the group of 18 payment processors – although it notes that “banks and brokerage firms have been holding cyber war games regularly since 2011, testing the US capital markets’ readiness for attacks”. The aim of this exercise is to uncover differences in the defences of payment processing companies and to agree on a definition of a cyberattack crisis.

The simulation exercise was held on Friday at IBM’s test centre in Cambridge, Massachusetts, and some of the findings are due to be shared at the P20 payments industry conference in Atlanta later today (10 October 2018) in a presentation given on Wednesday morning by IBM's Gary Meshell, a financial services security expert.

One of the organisers of the exercise, Rob Johnston, chief information security officer for FIS, told Bloomberg: “We put competitors in the same room together, which initially they were hesitant to do. But they realised pretty fast how valuable such a gathering is. When there are multiple breaches in an organised attack, it’s better to coordinate the response.”

According to the report, the payment companies found that their definitions of a data breach crisis were different, as were their processes for reporting a breach to authorities. The goals of the simulation were to agree on a common definition and to streamline cooperation between government agencies and the payments industry, as well as discussing how to formally share intelligence about cyberthreats.

This item appears in the following sections:
Fraud Prevention
ID Systems & Services in Fraud Prevention
Minimizing Fraud Procedures
Minimizing Payment Fraud

Also see


No comment yet, why not be the first?

Add a comment