The second day of EBAday 2023 focused on the prominent topic of Payments as a Service (PaaS) and highlighted essential preventative measures to safeguard PaaS against cyber-attacks and fraud.
The session was led by Deepa Sinha, VP of payments and financial crime at BAFT, and featured a panel that included Enrico Canna, head of antifraud at Intesa Sanpaolo; Thomas Egner, secretary general of the Euro Banking Association; Aravind Narayan, global director of sales strategy and execution at Refinitiv, a business of LSEG; and Jenny Winther, head of payment schemes at Svenska Handelsbanken.
In discussing the fraud risks associated with PaaS, Winther pointed out that sharing technology and solutions within the industry can enhance preparedness for these risks. However, she cautioned that this approach might lead to similar behaviors among providers, ultimately exposing them all to the same vulnerabilities.
Canna addressed the measures being implemented to mitigate fraud risks for their customers but noted an increase in the sophistication of attacks, resulting in a rise in scams.
Narayan echoed these concerns, stating, “if you don’t have the right guardrails in place, then fraudsters are basically waiting for an opportunity to get in. PaaS has likely provided that opportunity. While PaaS has controls in place, the attack vectors have escalated. This is something we need to be vigilant about.”
Sinha inquired about cybersecurity measures that could help defend against these attacks. Winther emphasized the importance of “collaboration,” advocating for stronger partnerships between the private and public sectors, as well as cooperation among authorities and financial market participants.
On the topic of collaboration, Egner highlighted the need for standardized terminology regarding fraud and cybersecurity issues. He cited the examples of phishing and smishing, noting the varying definitions used by different companies. The goal is to establish a unified approach to identifying and addressing attack vectors.