Payments Professionals Are Worried About Cybersecurity Yet Mistrustful of Experts: Survey

Professionals in the payments industry are very concerned about cybersecurity, but are at least a little mistrustful of third party solutions providers, suggest the results of TD Bank’s 2019 NACHA PAYMENTS survey.

Conducted at the 2019 NACHA PAYMENTS Conference in Orlando this past May, the survey polled just under 500 of the payments industry professionals in attendance. The majority named cybersecurity as their second greatest challenge for the year, ranking it somewhat behind the struggle to update legacy payment systems, and well ahead of other concerns such as potential FinTech regulations and cross-border transactions.

What’s more, 85 percent of respondents said that they expect fraud and cybersecurity to become an event bigger threat over the next one to two years – a marginal uptick from the 84 percent who answered that way in the 2018 NACHA PAYMENTS survey.

As for how to address that issue, 88 percent of respondents said their organization should use in-house security solutions, compared to the 12 percent who said security should be outsourced to an expert. And only 12 percent said that this kind of in-house security should include testing employees’ understanding of fraud through fake spear-phishing emails, versus the 53 percent who pointed to improved security technology for internal networks and the 23 percent who wanted special training for employees dealing with sensitive data and transactions.

The results suggest a somewhat muddy understanding of the contemporary security landscape, in which social engineering and phishing attacks are highly common approaches for fraudsters, and the most cutting-edge security solutions – things like behavioral biometrics and AI-driven analytics – are being offered by third party security experts, rather than developed in-house. But it also points to an opportunity for such experts to pitch their security products and services as solutions that payments organizations can deploy and administrate themselves, emphasizing that it’s the clients who are ultimately in charge of security – and responsible for any lack thereof, so far as consumers are concerned.