Like hackers, we must innovate to fight cybercrime

By Ellen Richey, Vice Chairman - Risk & Public Policy • Visa Inc.

January 23, 2017

Klaus Schwab, World Economic Forum Founder and Executive Chairman, has aptly described the digital transformation of commerce as a new industrial revolution. As stakeholders in the future of the global economy, business leaders, government officials and citizens are asking if this digital revolution requires new regulatory approaches to identity and security. In many countries, policy-makers are questioning whether the private sector can be trusted to safeguard consumer data. To answer that question, it is important to first consider the role of public policy in fostering the innovations that power the digital economy.

When it comes to innovation, the impact of government is difficult to measure. The popular history of the technology industry abounds with tales of rival entrepreneurs battling for market share and of disruptors challenging incumbents. In these “Clash of the Titans” or “David and Goliath” narratives, the role of the public sector in providing an enabling policy environment is scarcely mentioned, giving rise to the inaccurate perception that public policy is a non-factor. But if the government had intervened early on in favour of one technology rather than allowing competition to play out in the marketplace, many innovations might never have occurred.

Public-private partnership and continuous innovation in security technology are society’s best defence against cybercrime. Governments play an indispensable role. Vigorous enforcement of the laws that protect public and private networks from cybercriminals can deter most would-be hackers from attacking email accounts, financial institutions, payment systems and retailers.

Recent history makes clear, however, that some bad actors cannot be deterred by criminal penalties. This is where innovation plays a vital role in keeping our defensive capabilities ahead of the cybercriminals.

One area where well-intentioned public policies can have unintended consequences for innovation in cybersecurity is by signing up to technologies that may become obsolete over time. Restraining the best of our innovators with overly restrictive policies and regulations will only hamper our ability to compete in the arms race against hackers. Rather than focusing on mandating new approaches to security, policy-makers, academics and business leaders should work together to improve cybersecurity education and support a robust pipeline of technology and professionals that can help the entire ecosystem stay ahead of cybercriminals.

Data localization is another policy area where attempts by governments to protect their citizens can backfire. Limiting cross-border data flows makes it more difficult to connect the dots to identify fraud in real time. Rather than enhancing data security, these regulations stifle innovation and prevent new security innovations from being developed or implemented.

How technological change can aid cybersecurity

The digital ecosystem is expanding at an exponential rate. It took decades for the number of mobile devices to surpass the world’s population of 7.4 billion and now the Internet of Things is expected to reach another 20 billion connected devices in the next three years. The rapid growth of digital devices may seem like a mounting security challenge that needs to be restrained, but in many ways this growth provides an opportunity to make commerce better, easier and more secure.

In the payments industry, for example, we harness the power of data to protect consumers. Every transaction that flows through the Visa network is analysed against up to 500 data elements to determine the risk for fraud and help the card issuer decide whether to approve or decline a purchase. But as commerce becomes increasingly digital across mobile, tablet, electronics, wearables, cars and other connected devices, we need to upgrade the data pipes to be able to analyse information more complex than simple passwords. Contextual data, such as device identification, biometrics, geolocation, browsing behavior, has been made possible by the growth of connected devices. This data can be powerfully predictive of fraudulent or legitimate transactions – even more so than passwords, which can be forgotten or stolen by hackers.

Building on a foundation of security and privacy requires that we recognize this problem and correct our approach. It’s equally important to embrace innovation and invest in ways to harness the power of connected devices and intelligent data to help prevent more fraud. We must resist the pull toward overly prescriptive technologies and solutions that will be difficult to adjust and evolve as conditions quickly change. Hackers certainly aren’t limiting their options.

Share this post

Like this post

Related Articles

The digital economy demands a new approach to fraud management

January 04, 2017

To capitalise on new sales opportunities and meet customer expectations, almost every business today is building out its digital channels.

Andrew Naumann Read More

Europe’s online shoppers faced with inconvenience and disruption

November 22, 2016

A set of new European proposals threatens to seriously disrupt the way we all shop online today.

Peter Bayley Read More

Ecommerce authentication gets a major makeover

October 21, 2016

New industry specification sets the stage for smarter products and services

Mark Nelsen Read More

Has the time arrived for biometrics?

July 14, 2016

Recent Visa research shows that 73% of people would like to use biometrics as a form of two-factor authentication. So how are we responding to the exciting opportunities offered by biometrics?

Jonathan Vaux Read More

Making Consumers Lives Easier

March 04, 2016

PSD2 and Access to the Account.

Chris Jones Read More

Is it time to say goodbye to cash?

August 06, 2014

If I asked you to design a payments system from scratch today, it’s unlikely you would suggest pieces of paper and bits of metal as the medium of exchange.

Nick Mackie Read More

Tokenisation – in the cloud and around the world

May 18, 2016

With the launch of Android Pay in the UK, Sandra Alzetta looks at the enabling payment technologies – the token service. And, its most recent innovation – device-based cloud.

Sandra Alzetta Read More

Look! No PIN!

June 08, 2016

This week, Visa Europe presents a three-part series on a subject that is dominating the headlines: biometrics. We have invited Safran, the leading supplier of technology for security as well as aerospace and defence, to give us its perspective on why biometrics is such a hot topic today and where they see the industry heading.

Philippe Le Pape Read More