Fighting online cyberpayment – ​​Manila Bulletin

By AJ Dumanhug, CEO, Secuna

Online payments have grown alongside growing public purchases of digital content such as online games, Netflix and Spotify, the demand for cash transfers and the need for financial assistance. At the same time, payment scams have become more acute, along with other cybersecurity incidents, as we adapt to the pandemic.

Complaints are mounting on social media about thousands of unsolicited text messages containing links that redirect to dubious websites. Some texts tout obvious bait like non-existent jobs, while others are more subtle, posing as COVID test results, shipping notifications and alerts for failed online payments. Inadvertently click on it and you could be manipulating valuable information that cyber thieves can use to steal your identity and clean up your bank account.

Smishing, as defined by the Oxford Languages ​​Dictionary, is “the fraudulent practice of sending text messages claiming to be from reputable companies in order to trick individuals into revealing personal information, such as passwords or credit card numbers”. The word is a contraction of SMS (short message service) and phishing.

According to a 2021 report from Kaspersky, three out of four people in Southeast Asia have encountered at least one type of threat associated with digital payment technology.

In this study titled “Mapping a Secure Pathway for the Future of Digital Payments in APAC,” 72% of their respondents in SEA experienced cyber threats. Of those with experience, 37% said they encountered them in the form of social engineering scams via text messages or calls, making them the top threat in the region.

It will not be enough to constantly remind users to be extremely vigilant against spam, let alone professionally organized and highly innovative mass cybercrimes. No matter how vigilant, every institution is likely to be targeted by threat actors at some point. Therefore, it is vital to be prepared for such an attack.

A pro tip that has gained attention more recently is to understand the cyber risk embedded in the supply chain. Cyber ​​threats must be addressed throughout the supply chain to ensure the security of the entire payment network. Additionally, organizations should hire cybersecurity experts who would help them identify threats, develop a response plan, and test it regularly through tabletop exercises.

Hidden in the payment ecosystem are third-party payment processors. These are intermediaries known to banks and who sometimes carry out transactions for online merchants for remuneration.

Take Dragonpay, the pioneer of alternative online payments in the Philippines, for example. Acting as a mediator between buyers and sellers since 2010, Dragonpay enables customers to purchase goods or services online and pay for them in cash at physical, brick-and-mortar payment booths, ATMs, mobile wallets or debit. online banking.

The rapid growth of the online payment business has pushed its search for a high-impact cybersecurity solution capable of securing the growing number of transactions it processes – currently 130 million and counting.

To maintain safe and secure payments, Dragonpay engaged Secuna, a DICT-certified cybersecurity assessment company, to thoroughly assess the security of its website application.

Seventeen unique security vulnerabilities were reported, validated, and resolved after web application penetration testing. Three of them were found to have a severity score of 7.0 and above using CVSS, an industry standard scoring system.

The added cybersecurity protection and threat intelligence has helped Dragonpay identify hidden vulnerabilities that scammers and fraudsters can use to launch phishing attacks and take proactive steps to mitigate the risks.

There is no endgame in cybersecurity, as the threat landscape is constantly evolving. Information will be key in this fight against scammers and fraudsters. Cybersecurity must be understood, accepted and managed to stop these cybercriminals.

It is crucial that all stakeholders, including government, digital payment providers, consumers and even cybersecurity companies, work together to ensure the cyber resilience of the wider payments ecosystem.

# # #

About the Author

AJ Dumanhug is the co-founder and CEO of Secuna, the first and only outsourced cybersecurity testing platform in the Philippines with a community of hundreds of the most advanced and trusted cybersecurity professionals and ethical hackers. in the world. The company has been at the forefront of cybersecurity in the Philippines, helping businesses and government agencies establish their ISO-compliant Security Vulnerability Disclosure Program and Bug Bounty Program to receive and act on vulnerabilities discovered by cybersecurity professionals, and strengthen their cybersecurity posture with a comprehensive ISO-compliant Vulnerability Assessment and Penetration Testing (VAPT).

SUBSCRIBE TO THE DAILY NEWSLETTER

CLICK HERE TO JOIN

Leave a Reply