By Ben Jackson, IPA COO

​Individual considerations lie at the heart of many of the large trends shaping the payments industry.

That was the underlying theme of the presentations at the Travel Tags Educational Forum held in Minnesota this May.
I was asked to present on the big picture of payments and discussed many of the standard subjects, including artificial intelligence, open banking, fraud, and faster payments. Since the audience included closed-loop issuers, I also discussed how these topics intersected with gift cards.

My fellow presenters included both payments experts and people outside the industry, which provided a wide view of factors shaping the industry.

For instance, spending on gift cards provides insights into the larger economy. Gabriel Resendez, Darden Restaurants, and Steve Bradbery of Savvy, a stored value processing and analytics company, presented the trends in gift cards, and noted the U.S. retail gift card market was $226 billion in 2023, according to Javelin. Of those purchases, many are skewing toward basic categories like gas and grocery stores. This could be a sign that people are buying gift cards to help others or buying the cards to help themselves budget.

The forum also covered the ever-troubling topic of fraud. Homeland Security and the FBI both presented cases they have investigated, which showed some of the progress that has been made in fighting crime.  

In addition, the forum went a deeper into fraud with an interesting presentation on the psychology of people who commit fraud by Eric Grube, a professor at Concordia University, and Marcia Hagen, a professor at Metro State University. Many fraudsters are motivated by outside pressure like financial hardships, but others are motivated by a desire to learn how to manipulate the world around them. The professors noted that arrogance is common among fraudsters but is less predictive than correlative.

When it comes to preventing fraud, oversight is the most effective tool. Another effective tool is paying employees well and offering them opportunities for development. This way, employees won’t rationalize stealing from the company because they feel underappreciated.

A third big trend from the forum is that companies must pay attention to environmental concerns. Jack Peck of Blackhawk discussed how investors and business partners are increasingly factoring environmental considerations into their criteria for choosing which companies to invest in or hire.  Addressing those concerns will likely become part of every company’s strategy going forward. He shared the stage with Kim Shannon of Neenah Paper to show how it worked in practice with one of Blackhawk’s suppliers.

Looking forward, strategists will need to consider the ways that personal and global factors play into the big trends shaping the industry. Understanding that confluence will be key to building successful products and business models in a rapidly changing world.
 
 
 

When companies think about cybersecurity, their first instinct is to think about what technology they have in place to stop hackers.

But technology is only half the picture, and it may not even be the most important half.

I have been attending the FBI Citizens Academy at the Bureau’s Cleveland Field Office. It is a program the FBI runs every year to explain its mission to the public. At a recent session, we heard from a cyber-squad leader who shared some of his experiences with responding to crimes.

He said that the companies that respond the best to attacks by hackers are those that have developed a good security culture within their organization. The reason is that will all of the devices, systems, and software that companies and their partners use, there is likely a technical exploit in the system. Additionally, cybercriminals have gotten increasingly sophisticated with their approaches to employees. While no one likes to think they can be tricked, the reality is everyone is susceptible.

So, what should companies do? Here are some high-level takeaways from the presentation that deal with both technical and cultural aspects.  While they are not a panacea, they can help companies think about how to improve their defenses.

Technical Defenses

• Identify your most important digital assets and wrap them in layers of security. This offers the possibility of detecting an attack before it does severe damage.
• Keep software up to date. Apply patches as soon as possible. (If you can’t update software immediately or need to run tests, then increase monitoring of the exposed areas.)
• You are a risk to everyone you deal with, and they are a risk to you, so make security standards part of your contracting process with vendors.

Cultural Defenses

• Train Your Employees – Let them know what phishing e-mails look like and create ways for them to verify requests that don’t rely on a potentially hacked system.
• Eliminate Blame and Shame – Time is of the essence when a cyber attack occurs, you want to encourage people to report problems early, even if they were the one who clicked on a link they shouldn’t have.
• Have a Plan – Know what you are going to do and who is responsible for what part of the response. Hacks are not just an IT problem, you will need to communicate and take action with customers, vendors, law enforcement, and internally. Are you ready for all the implications of the attack.
  • Practice – Run tabletop exercises so that people are ready when and if something happens. This can also help you find things you may have missed in initial planning.
  • Build Resiliency – Learn from your plan and practices and make adjustments.
• Share Knowledge in Your Industry – Sharing knowledge and intelligence helps everyone defend themselves. We know that criminals work together, so the industry needs to as well. Sometimes this means working with your competitors, but it is better to help a legitimate competitor by talking than a cybercriminal by staying quiet. The IPA hosts regular calls with fraud prevention teams to encourage intelligence sharing.
  
  

Work with Law Enforcement

• Report Attacks – If you have been hacked, let the FBI know. In some cases, they can help companies mitigate attacks and recover stolen funds.
• Preserve Evidence – If you have intrusion and access logs or other data, use that. It can help identify and catch criminals.
• Understand the FBI’s Role – They will not share data, publicize the breach, or seize your servers.

 
The only thing that can eliminate all cyber threats is going completely off the grid. Since that is not an option in our modern society, we all need to develop best practices to increase our security. Following the above steps can give any company a good state.

More resources can be found at:

• Cybersecurity and Infrastructure Security Agency: Resources and Tools
  
• FBI Cyber Crime 
• Internet Crime Complaint Center