Security Sessions Podcast
More Digital, More Cybercrime Podcast
Episode 2: More digital, more risk: where is the trust?
More digital, means more ecommerce, more digital payments, more financial fraud and cybercrime and ultimately more risk. Many organisations within the payment sector are being pushed into digitisation more quickly as they move to operate online to keep cash flow – without doing necessary due diligence on the best solution or vendor and with security not really on their agenda. These are some of the issues we are exploring with guests Arthur van der Merwe and Simon Keates.
Our Host
Neira advises organisations of all sizes on payments, fintech, regtech, cybercrime, information security, regulations (e.g. PSD2, GDPR, AML) & digital innovation. With more than 20 years in financial services & technology, she believes in change through innovation & partnerships and always strives to demystify the hype surrounding current issues. She enjoys her work as a strategic board advisor and non-executive director. She also provides coaching, training/e-learning, speaking, payment security expert witness services, and helps with M&As cybersecurity due diligence. She likes engaging on social media & regularly addresses global audiences in person or virtually.
She is the 1st Advisory Committee member for PCI-Pal, a global leader in secure payments & chairs the Advisory Board for mobile innovator Ensygnia. She is proud to be an Ambassador for the Emerging Payments Association and a friend of the Global Cyber Alliance. You'll find her on the Refinitiv list of Top 100 Influencers in Financial Services, the Planet Compliance Top 50 RegTech Influencers, the SC Magazine list of the UK's 50 Most Influential Women in Cyber-Security 2019, the Cybersecurity Ventures Women Know Cyber 2019 (100 Fascinating Women Fighting Cybercrime), the Jax Finance Top 20 Social Influencers in Fintech 2017, the City AM Powerful Women in the City List, the Richtopia Top 100 Most Influential People in Fintech. Tripwire nominated her "Top Influencer in Security To Follow on Twitter" in January 2015, CEOWorld Magazine nominated her Top Chief Security Officer to Follow on Twitter in April 2014, she is the Merchant Payments Ecosystem Acquiring Personality of the Year 2013, the SC Magazine Information Security Person of the Year 2012 and is an InfoSecurity Europe Hall of Fame alumni. She was voted to the Top 10 Most Influential People in Information Security by SC Magazine & ISC2 in 2010 & has served on the PCI SSC Board of Advisors for 4 years. She is a British Computer Society Fellow.
Neira has previously worked for Barclaycard, Santander, Abbey National, Oracle Corp. and Unisys. Her clients span industry sectors, including financial services, fintech, retail, legal, consulting, information security & technology.
She loves technology and cars...
twitter.com/neirajones
www.linkedin.com/in/neirajones
Our Guest Speakers
Arthur van der Merwe is the Information Security and Industry Compliance Manager at the Australian payments self-regulator, Australian Payments Network (previously APCA). He is also a member of the International Association for Cryptologic Research (IACR), AsiaCrypt, IEEE and Australian Information Security Association (AISA) while conducting active doctoral research on authenticated encryption, leakage resilience and mathematical modelling.
He is also an active member of ISO, serving on the technical committees for Financial Services, security, and cryptography (TC68/SC2/WG13 and TC68/SC2/WG11).
He serves on Standards Australia, Technical committee IT-005, Financial Transaction Systems, editor of the AS2805 suite of Standards.
And Technical Advisory Board member of the Payment Card Industry Security Standards Council (PCI-SSC), participating in industry standards development for the PCI-PIN Standard, S3 Framework, Mobile Security (SPoC and CPoC), as well as the PCI-PTS Standard, PCI-HSM Standard.
Simon is responsible for developing Thales’ strategy for its payment security suite of products, utilising 20 years of experience to provide unique insights from engineering all the way through to board level.
Simon was born and educated in Zimbabwe and moved to England in 2000 and started his early career at the Lloyds Bank call centre following the dotcom crash when there were a general lack of IT positions.
Simon quickly proved that he had a knack for problem solving and moved into the User Acceptance Testing team. This is where he had his first taste of information security and cryptography having worked on projects to enable Chip & PIN across multiple card portfolios and validate the migration of back-end systems from DES to Triple DES. His experience at Lloyds Bank provided him with first- hand knowledge of the day to day operations as well implementing change within a large financial institution.
During 2007, Simon joined Thales, initially working in Engineering as a System Tester, but soon moved from engineering to Sales Engineering to focus on Mobile Payments, working on multiple Mobile Point of Sale and Host Card Emulation projects.
Business Development was the next stop in Simon’s career path at Thales where he worked on alliances, partnerships and Go-To-Market strategies where he gained a new appreciation for the rule of relationships, the greater sales process as well as some valuable commercial insights. During this time Simon also attended the Royal Holloway University of London to achieve a Master of Sciences degree in Information Security.
Today, Simon is the Strategy Manager for Thales’ Payment Security solutions.
In his free time, Simon likes fiddling with the multiple Raspberry PIs under his desk to run his home network, dabbling in home automation, as well as running. He has more than a few half marathons and a couple of marathons under his belt, and is now focused on the London 2021 marathon.
About this Episode
Consider the following: It is undeniable that more digitization means more risks. It is also undeniable that we are not going back to the way things were before the pandemic.
With that in mind, how would you answer the following question?
As we go forward with faster payments, and one-click engagements, what are the risks to both consumers and corporations?
In episode 2 of the Thales Security Sessions Podcast, Neira Jones poses that exact question to myself and payment security industry expert Arthur Van der Merwe, the Security and Industry Compliance Manager at Australian Payments Network, as we both joined Neira in a discussion of this broad and difficult topic.
The speed of changes to transaction methods is unfamiliar to many consumers, and that newness exposes them to unknown scenarios that can be used for phishing and other attack vectors. For example, the acceleration of contactless transactions, brought about by the pandemic, are still a source of mystery and fascination to people, leading to speculation and doubt about the security. Similarly, restaurants and shops that use QR codes to display a menu on a person’s phone, or facilitate payments, are a great response to changing behavior healthcare professionals asked of us during the pandemic. But they do introduce a new threat vector, providing criminals with new methods to manipulate consumers due to the lack of familiarity of QR codes.
Many small businesses operating in the new pandemic model may not be equipped to securely transact web-based payments, which opens up another avenue of attack. What is the best, most attainable advice for these businesses?
Arthur and I offer some solid advice towards achieving security, both for a consumer, as well as a small business. We also expand into the area of how larger organizations can better operate in this new environment.
In these confusing, and often anxious times, the guidance offered in this podcast is a welcome and calming session of security therapy. I hope you enjoy listening to our Security Sessions podcast, Episode 2: More digital, more risk: where is the trust?
Security Sessions Podcast
For the latest on cloud & data security
This podcast series explores the technologies, people, and processes behind information security. We’ll delve into topics like data security, remote access and digital transformation, as well as the people and technology that make it all work behind the scenes. We’ll speak to Thales and industry experts to bring you fresh perspectives on how to navigate the world of cloud security.
We invite you to subscribe to Security Sessions, a podcast bringing you insights from industry experts on the latest cloud & data security news and trends.
Listen to Previous Podcasts
Episode 1: Real Threats for Real People – What has the pandemic taught us?
Are businesses being forced into digital transformation too quickly and therefore cutting corners? How to businesses adapt to the changing threat vectors as more valuable data gets pushed further out into the infrastructure due to remote working? These are some of the questions we are exploring with guests Rick Robinson and Todd Moore.
Learn More About Remote Access Challenges and Insider Threat Security
Episode 2: More digital, more risk: where is the trust?
More digital, means more ecommerce, more digital payments, more financial fraud and cybercrime and ultimately more risk. Many organisations within the payment sector are being pushed into digitisation more quickly as they move to operate online to keep cash flow – without doing necessary due diligence on the best solution or vendor and with security not really on their agenda. These are some of the issues we are exploring with guests Arthur van der Merwe and Simon Keates.
Episode 3: Do you know who I am? The digital identity challenge
More digital also means more interactions where the various parties are interacting without knowing each other. This is linked to the much needed focus on digital identity, IAM, CIAM, authentication, behavioural analytics. Has the pandemic forced people’s perception of digital identity to change as they have been forced to accept the digital transformation in their own lives? Our host Neira Jones discussed this topic with guests Sundaram Lakshmanan and Francois Lasnier.
Episode 4: Time for the crystal ball – What to expect in 2021
In this episode we are looking ahead at what we can expect in 2021 and reviewing how 2020’s remote working, separation from family and teams have changed us. Have a listen to some of the interesting insights from Neira’s guests, Troels Oerting, Chairman of the Board of the World Economic Forum’s Centre for Cybersecurity (C4C) and Ashvin Kamaraju, CTO and Vice President Engineering at Thales Cloud Protection & Licensing.
Episode 5: The Challenges of Digital Transformation
Many businesses have been forced to accelerate their digital transformation strategies due to the pandemic and doing it successfully has become a major challenge. What do organisations do to transform their infrastructure to where it needs to be from a technology standpoint? The new threats are here to stay – so what is the best DX practice from a technology point of view? How do you focus on the technology process and preservation of your infrastructure?
Episode 6: Data Beyond Borders: The Schrems II Aftermath
Are the current rules and regulations for securing information and maintaining privacy fit for purpose when you think about the future? Do you think work and lifestyle changes brought about by Covid-19 will have a regulatory impact that we need to plan for? Neira discusses these questions with Enza Iannopollo, Senior Analyst at Forrester and Thales’ own Mukesh Chandak, Business Development Director.
Episode 7: More digital, more cloud: To trust or not to trust
More digital will mean more cloud. Now in the second year, the Covid-19 coronavirus pandemic has prompted an acceleration in the adoption of cloud technologies by IT leaders worldwide, which looks set to continue for the foreseeable future. Previously organizations have primarily looked at new application development and deployment for cloud, taking a ‘cloud first’ approach. However many have now pivoted towards a ‘cloud now’ approach. In this two-part episode Neira talks to Chris Harris, EMEA Technical Director at Thales and Vaughn Stewart, VP of Technology Alliance Partners, Pure Storage.